On Tue, May 04, 2021 at 07:07:03PM +0000, kyo wrote:
> Background - I was trying to troubleshoot a networking problem. I had put my
> wg(4) interface on rdomain 2 and was NAT-ing certain packets from iwm(4) to
> it.
> When the crash happened, I was running a ping and a tcpdump on the wireguard
> interface.
It is an endless recursion through tcp_output+0x1a10.
/usr/src/sys/netinet/tcp_output.c:1088
1aef: 48 8b b8 d8 01 00 00 mov 0x1d8(%rax),%rdi
1af6: be ff ff ff ff mov $0xffffffff,%esi
1afb: e8 00 00 00 00 callq 1b00 <tcp_output+0x1a10>
* 1b00: e9 d5 e6 ff ff jmpq 1da <tcp_output+0xea>
1081 if (error == EMSGSIZE) {
1082 /*
1083 * ip_output() will have already fixed the route
1084 * for us. tcp_mtudisc() will, as its last action,
1085 * initiate retransmission, so it is important to
1086 * not do so here.
1087 */
* 1088 tcp_mtudisc(tp->t_inpcb, -1);
1089 return (0);
1090 }
Looks similar to
https://marc.info/?l=openbsd-bugs&m=161253566513764&w=2
which was fixed here
https://marc.info/?l=openbsd-cvs&m=161298170610605&w=2
The fixed bug was about path MTU discovery, IPsec and routing
doamins. I guess you have found a similar problem with wireguard.
bluhm
