oh, let's cc Matt on this too.
On 2021/03/20 11:17, Martin Pieuchot wrote:
> On 19/03/21(Fri) 20:15, Stuart Henderson wrote:
> > Not a great report but I don't have much more to go on, machine had
> > ddb.panic=0 and ddb hanged while printing the stack trace. Retyped by
> > hand, may contain typos. Happened a few hours after setting up wg on it.
> >
> > uvm_fault(0xffffffff82204e38, 0x20, 0, 1) -> e
> > fatal page fault in supervisor mode
> > trap type 6 code 0 rip ffffffff81752116 cs 8 rflags 10246 cr2 20 cpl 0 rsp
> > 00023b35eb0
> > gsbase 0xffffffff820eaff0 kgsbase 0x0
> > panic: trap type 6, code=0, pc=ffffffff81752116
> > Starting stack trace...
> > panic(ffffffff81ddc97a) at panic+0x11d
> > kerntrap(ffff800023b35e00) at kerntrap+0x114
> > alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
> > wg_index_drop(ffff8000012ae000,0) at wg_index_drop+0x96
> > noise_create_initiation(
>
> This is a NULL dereference at line 1981 of net/if_wg.c:
>
> wg_index_drop(void *_sc, uint32_t key0)
> {
> ...
> /* We expect a peer */
> peer = CONTAINER_OF(iter->i_value, struct wg_peer, p_remote);
> ...
> }
>
> Does that mean that `iter' is NULL and i_value' is at ofset 0x20 in that
> struct?
>
Oh, I am an idiot, I had debug set and there is something other than just
standard messages around that time. Both sides are OpenBSD wg(4). I did not
have debug on the other side.
[...]
18:51:08.041Z wg2: Sending handshake initiation to peer 3
18:51:08.091Z wg2: Receiving handshake initiation from peer 3
18:51:08.091Z wg2: Sending handshake response to peer 3
18:51:08.091Z wg2: Unknown handshake response
18:51:13.141Z wg2: Receiving handshake initiation from peer 3
18:51:13.141Z wg2: Sending handshake response to peer 3
18:51:13.191Z wg2: Handshake for peer 3 did not complete after 5 seconds,
retrying (try 2)
18:51:13.191Z wg2: Receiving keepalive packet from peer 3
18:51:13.191Z wg2: Sending keepalive packe
18:51:13.191Z t to peer 3
18:52:28.242Z wg2: Sending keepalive packet to peer 3
18:52:28.342Z wg2: Receiving keepalive packet from peer 3
18:53:43.343Z wg2: Sending keepalive packet to peer 3
18:54:58.345Z wg2: Sending handshake initiation to peer 3
18:54:58.395Z wg2: Receiving handshake initiation from peer 3
18:54:58.395Z wg2: Sending handshake response to peer 3
18:54:58.395Z wg2: Unknown handshake response
<syslog stops here, rest retyped>
wg2: Handshake for peer 3 did not complete after 5 seconds, retrying (try 2)
wg2: Sending handshake initiation to peer 3
wg2: Sending handshake response to peer 3
<null deref here>
