Lucas <[email protected]> wrote:
> Hello,
>
> I got the following panic while trying out an iked(8) responder in a VPS
> on Hetzner, type CX11. There is no dmesg yet because I left the ddb
> console on in case I'm asked to run more commands there. It has 2 vCPUs
> and it's running 7.0-stable with errata up to 004. Transcription
> follows. Lemme know if I can provide with more information.
>
> -Lucas
>
> panic: kernel diagnostic assertion "!ISSET(rt->rt_flags, RTF_UP)" failed:
> file "/usr/src/sys/net/route.c", line 506
> Stopped at db_enter+0x10: popq %rbp
> TID PID UID PRFLAGS PFLAGS CPU COMMAND
> *258078 81837 0 0x14000 0x200 0 softnet
> db_enter() at db_enter+0x10
> panic(ffffffff81e54727) at panic+0xbf
> __assert(ffffffff81ec28fe,ffffffff81e5fb1a,1fa,ffffffff81ecf5fa) at
> __assert+0x25
> rtfree(fffffd806d13a540) at rtfree+0x298
> ip6_forward(fffffd8047383c00,fffffd806d13a540,1) at ip6_forward+0x118
> ip6_input_if(ffff800020b130b8,ffff800020b130c4,29,0,ffff8000000c52a8) at
> ip6_input_if+0x80d
> ipv6_input(ffff8000000c62a8,fffffd8047383c00) at ipv6_input+0x39
> ether_input(ffff8000000c62a8,ffff800020b131a8) at ether_input+0x39f
> if_input_process(ffff8000000c62a8,ffff800020b131a8) at if_input_process+0x6f
> ifiq_process(ffff8000000c66b8) at ifiq_process+0x69
> taskq_thread(ffff80000002b080) at taskq_thread+0x81
> end trace frame: 0x0, count: 4
> https://www.openbsd.org/ddb.html describes the minimum info required in bug
> reports. Insufficient info makes it difficult to find and fix bugs.
>
> ddb{0}> show panic
> *cpu0: kernel diagnostic assertion "!ISSET(rt->rt_flags, RTF_UP)" failed:
> file "/usr/src/sys/net/route.c", line 506
> ddb{0}> trace
> db_enter() at db_enter+0x10
> panic(ffffffff81e54727) at panic+0xbf
> __assert(ffffffff81ec28fe,ffffffff81e5fb1a,1fa,ffffffff81ecf5fa) at
> __assert+0x25
> rtfree(fffffd806d13a540) at rtfree+0x298
> ip6_forward(fffffd8047383c00,fffffd806d13a540,1) at ip6_forward+0x118
> ip6_input_if(ffff800020b130b8,ffff800020b130c4,29,0,ffff8000000c52a8) at
> ip6_input_if+0x80d
> ipv6_input(ffff8000000c62a8,fffffd8047383c00) at ipv6_input+0x39
> ether_input(ffff8000000c62a8,ffff800020b131a8) at ether_input+0x39f
> if_input_process(ffff8000000c62a8,ffff800020b131a8) at if_input_process+0x6f
> ifiq_process(ffff8000000c66b8) at ifiq_process+0x69
> taskq_thread(ffff80000002b080) at taskq_thread+0x81
> end trace frame: 0x0, count: -11
> ddb{0}> show reg
> rdi 0
> rsi 0x14
> rbp 0xffff800020b12d20
> rbx 0xfffffd807d13a540
> rdx 0xfe000000003f1e12
> rcx 0x286
> rax 0x74
> r8 0xffff800020b12b48
> r9 0
> r10 0
> r11 0x4ff427155739d864
> r12 0xffffffff8217aa00 cpu_info_full_primary+0x2a00
> r13 0x1
> r14 0
> r15 0xffffffff81e54727 cmd0646_9_tim_udma+0x2b2a1
> rip 0xffffffff818713b0 db_enter+0x10
> cs 0x8
> rflags 0x202
> rsp 0xffff800020b12d20
> ss 0x10
> db_enter+0x10: popq %rbp
>
> ddb{0}> mach ddbcpu 1
> Stopped at x86_ipi_db+0x12: leave
> x86_ipi_db(ffff8000209c8ff0) at x86_ipi_db+0x12
> x86_ipi_handler() at x86_ipi_handler+0x80
> Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
> acpicpu_idle() at acpicpu_idle+0x281
> sched_idle(ffff8000209c8ff0) at sched_idle+0x27e
> end trace frame: 0x0, count: 10
> ddb{1}> show panic
> *cpu0: kernel diagnostic assertion "!ISSET(rt->rt_flags, RTF_UP)" failed:
> file "/usr/src/sys/net/route.c", line 506
> ddb{1}> trace
> x86_ipi_db(ffff8000209c8ff0) at x86_ipi_db+0x12
> x86_ipi_handler() at x86_ipi_handler+0x80
> Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
> acpicpu_idle() at acpicpu_idle+0x281
> sched_idle(ffff8000209c8ff0) at sched_idle+0x27e
> end trace frame: 0x0, count: -5
> ddb{1}> show reg
> rdi 0xffff8000209c8ff0
> rsi 0
> rbp 0xffff800020b19240
> rbx 0xffffffff82170ea8 ipifunc+0x38
> rdx 0
> rcx 0x7
> rax 0xffffff7f
> r8 0
> r9 0
> r10 0
> r11 0x676da17a104f1a97
> r12 0x7
> r13 0
> r14 0xffff8000209c8ff0
> r15 0
> rip 0xffffffff81871382 x86_ipi_db+0x12
> cs 0x8
> rflags 0x202
> rsp 0xffff800020b19230
> ss 0x10
> x86_ipi_db+0x12: leave
dmesg, /etc/iked.conf and /etc/pf.conf below. /etc/hostname.enc1 is an
empty file.
-- dmesg ----------------------------------------------------------------------
OpenBSD 7.0 (GENERIC.MP) #1: Fri Oct 29 12:04:07 MDT 2021
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2080227328 (1983MB)
avail mem = 2001223680 (1908MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5b10 (9 entries)
bios0: vendor Hetzner version "20171111" date 11/11/2017
bios0: Hetzner vServer
acpi0 at bios0: ACPI 3.0
acpi0: sleep states S5
acpi0: tables DSDT FACP APIC HPET MCFG
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD EPYC Processor, 2445.83 MHz, 17-31-00
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,TOPEXT,CPCTR,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line
8-way L2 cache
cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 999MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD EPYC Processor, 2445.49 MHz, 17-31-00
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,TOPEXT,CPCTR,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line
8-way L2 cache
cpu1: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu1: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu1: smt 0, core 0, package 1
ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 11, 24 pins
acpihpet0 at acpi0: 100000000 Hz
acpimcfg0 at acpi0
acpimcfg0: addr 0xb0000000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
"ACPI0006" at acpi0 not configured
acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001
acpicmos0 at acpi0
"APP0005" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"QEMU0002" at acpi0 not configured
"ACPI0010" at acpi0 not configured
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
pvbus0 at mainbus0: KVM
pvclock0 at pvbus0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82G33 Host" rev 0x00
vga1 at pci0 dev 1 function 0 "Qumranet Virtio 1.x GPU" rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb0 at pci0 dev 2 function 0 vendor "Red Hat", unknown product 0x000c rev
0x00: apic 0 int 22
pci1 at ppb0 bus 1
virtio0 at pci1 dev 0 function 0 "Qumranet Virtio 1.x Network" rev 0x01
vio0 at virtio0: address 96:00:00:f2:68:af
virtio0: msix shared
ppb1 at pci0 dev 2 function 1 vendor "Red Hat", unknown product 0x000c rev
0x00: apic 0 int 22
pci2 at ppb1 bus 2
xhci0 at pci2 dev 0 function 0 vendor "Red Hat", unknown product 0x000d rev
0x01: apic 0 int 22, xHCI 0.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Red Hat xHCI root hub" rev 3.00/1.00
addr 1
ppb2 at pci0 dev 2 function 2 vendor "Red Hat", unknown product 0x000c rev
0x00: apic 0 int 22
pci3 at ppb2 bus 3
virtio1 at pci3 dev 0 function 0 "Qumranet Virtio 1.x Console" rev 0x01
virtio1: no matching child driver; not configured
ppb3 at pci0 dev 2 function 3 vendor "Red Hat", unknown product 0x000c rev
0x00: apic 0 int 22
pci4 at ppb3 bus 4
virtio2 at pci4 dev 0 function 0 vendor "Qumranet", unknown product 0x1045 rev
0x01
viomb0 at virtio2
virtio2: apic 0 int 22
ppb4 at pci0 dev 2 function 4 vendor "Red Hat", unknown product 0x000c rev
0x00: apic 0 int 22
pci5 at ppb4 bus 5
virtio3 at pci5 dev 0 function 0 "Qumranet Virtio 1.x RNG" rev 0x01
viornd0 at virtio3
virtio3: apic 0 int 22
ppb5 at pci0 dev 2 function 5 vendor "Red Hat", unknown product 0x000c rev
0x00: apic 0 int 22
pci6 at ppb5 bus 6
virtio4 at pci6 dev 0 function 0 "Qumranet Virtio 1.x SCSI" rev 0x01
vioscsi0 at virtio4: qsize 128
scsibus1 at vioscsi0: 255 targets
sd0 at scsibus1 targ 0 lun 0: <QEMU, QEMU HARDDISK, 2.5+>
sd0: 39064MB, 512 bytes/sector, 80003072 sectors, thin
virtio4: msix shared
ppb6 at pci0 dev 2 function 6 vendor "Red Hat", unknown product 0x000c rev
0x00: apic 0 int 22
pci7 at ppb6 bus 7
ppb7 at pci0 dev 2 function 7 vendor "Red Hat", unknown product 0x000c rev
0x00: apic 0 int 22
pci8 at ppb7 bus 8
ppb8 at pci0 dev 3 function 0 vendor "Red Hat", unknown product 0x000c rev
0x00: apic 0 int 23
pci9 at ppb8 bus 9
ppb9 at pci0 dev 3 function 1 vendor "Red Hat", unknown product 0x000c rev
0x00: apic 0 int 23
pci10 at ppb9 bus 10
pcib0 at pci0 dev 31 function 0 "Intel 82801IB LPC" rev 0x02
ahci0 at pci0 dev 31 function 2 "Intel 82801I AHCI" rev 0x02: msi, AHCI 1.0
ahci0: port 0: 1.5Gb/s
scsibus2 at ahci0: 32 targets
cd0 at scsibus2 targ 0 lun 0: <QEMU, QEMU DVD-ROM, 2.5+> removable
ichiic0 at pci0 dev 31 function 3 "Intel 82801I SMBus" rev 0x02: apic 0 int 16
iic0 at ichiic0
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
dt: 445 probes
uhidev0 at uhub0 port 5 configuration 1 interface 0 "QEMU QEMU USB Tablet" rev
2.00/0.00 addr 2
uhidev0: iclass 3/0
ums0 at uhidev0: 3 buttons, Z dir
wsmouse1 at ums0 mux 0
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
softraid0: sd1 was not shutdown properly
sd1 at scsibus4 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006>
sd1: 39056MB, 512 bytes/sector, 79987043 sectors
root on sd1a (937ae9ebb96bce94.a) swap on sd1b dump on sd1b
WARNING: / was not properly unmounted
-- /etc/iked.conf -------------------------------------------------------------
ikev2 roadw passive esp \
from any to dynamic \
local 5.161.47.47 peer any \
ikesa enc aes-256-gcm prf hmac-sha2-256 group sntrup761x25519 \
childsa enc chacha20-poly1305 group sntrup761x25519 esn \
srcid nyu.vpn.home.arpa \
ecdsa384 \
config address 172.30.0.0/24 \
config address fd6b:1d7b:c493:fe00::/56 \
tag "ipsec-$name" \
tap enc1
-- /etc/pf.conf ---------------------------------------------------------------
ext_if = vio0
ext_if_inet4 = "5.161.47.47"
ext_if_inet6 = "2a01:4ff:f0:d9c::2"
roadw_enc_if = enc1
roadw_tag = "ipsec-roadw"
roadw_inet4 = "172.30.0.0/24"
roadw_inet6 = "fd6b:1d7b:c493:fe00::/56"
set block-policy drop
set loginterface egress
set skip on lo0
match out log on $ext_if inet tagged $roadw_tag nat-to $ext_if_inet4
match out log on $ext_if inet6 tagged $roadw_tag nat-to $ext_if_inet6
block log all
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010
# Port build user does not need network
block return out log proto {tcp udp} user _pbuild
pass out quick on egress
pass in quick on egress proto tcp to port ssh
pass in on egress inet proto icmp all
pass in on egress inet6 proto icmp6 all
# iked responder
pass in log on $ext_if proto udp from any to ($ext_if) port {isakmp ipsec-nat-t}
pass in log on $ext_if proto esp from any to ($ext_if) tag IKED
pass in log on $roadw_enc_if tagged $roadw_tag
pass out on $roadw_enc_if
#pass in log proto {tcp udp} to port domain tagged $roadw_tag rdr-to 127.0.0.1
port domain
