[Bug 274536] panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274536 Gleb Smirnoff changed: What|Removed |Added Resolution|--- |FIXED Status|Open|Closed Assignee|b...@freebsd.org|gleb...@freebsd.org -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274536] panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274536 --- Comment #16 from commit-h...@freebsd.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=9d4a08d162d87ba120f418a1a71facd2c631b549 commit 9d4a08d162d87ba120f418a1a71facd2c631b549 Author: Gleb Smirnoff AuthorDate: 2024-03-29 20:35:37 + Commit: Gleb Smirnoff CommitDate: 2024-03-29 20:35:37 + linux: use sa_family_t for address family conversions Express "conversion failed" with maximum possible value. This allows to reduce number of size/signedness conversion in the code that utilizes the functions. PR: 274536 Reviewed by:melifaro Differential Revision: https://reviews.freebsd.org/D44375 sys/compat/linux/linux.c| 18 +- sys/compat/linux/linux_common.h | 5 +++-- sys/compat/linux/linux_socket.c | 9 + 3 files changed, 17 insertions(+), 15 deletions(-) -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274536] panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274536 --- Comment #15 from commit-h...@freebsd.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=b977dd1ea5fbc2df3f1279330be4d089322eb2cf commit b977dd1ea5fbc2df3f1279330be4d089322eb2cf Author: Gleb Smirnoff AuthorDate: 2024-03-29 20:35:51 + Commit: Gleb Smirnoff CommitDate: 2024-03-29 20:35:51 + linux: make linux_netlink_p->msg_from_linux be able to fail The KPI for this function was misleading. From the NetLink perspective it looked like a function that: a) allocates new hdr, b) can fail. Neither was true. Let the function return a error code instead of returning the same hdr it was passed to. In case if future Linux NetLink compatibility support calls for reallocating header, pass hdr as pointer to pointer. With KPI that returns a error, propagate domain conversion errors all the way up to NetLink module. This fixes panic when unknown domain is converted to 0xff and this invalid value is passed into NetLink processing. PR: 274536 Reviewed by:melifaro Differential Revision: https://reviews.freebsd.org/D44392 sys/compat/linux/linux_netlink.c | 58 ++-- sys/netlink/netlink_io.c | 22 +++ sys/netlink/netlink_linux.h | 2 +- 3 files changed, 48 insertions(+), 34 deletions(-) -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274536] panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274536 --- Comment #14 from Edward Tomasz Napierala --- Bingo! Those two fix my panic. Thank you :) -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274536] panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274536 --- Comment #13 from Gleb Smirnoff --- On Mon Mar 18 16:56:14 2024 UTC, tr...@freebsd.org wrote: > Sorry, no joy - with those two applied it still panics like before, with > similar > backtrace. I have just updated both revisions and correct a mistake. Can you please try again? -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274536] panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274536 --- Comment #12 from Edward Tomasz Napierala --- Sorry, no joy - with those two applied it still panics like before, with similar backtrace. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274536] panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274536 --- Comment #11 from Gleb Smirnoff --- Can you please apply both https://reviews.freebsd.org/D44375 https://reviews.freebsd.org/D44392 and check if that fixes the panic? -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274536] panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274536 --- Comment #10 from Edward Tomasz Napierala --- Negative; the s/254/255/ patch doesn't seem to fix the panic I'm having. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274536] panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274536 --- Comment #9 from Gleb Smirnoff --- See also https://reviews.freebsd.org/D44375 -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274536] panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274536 --- Comment #8 from Gleb Smirnoff --- Created attachment 249197 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=249197=edit check if it is just a typo Can you please try out this patch? Reverting any previous changes. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274536] panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274536 Gleb Smirnoff changed: What|Removed |Added CC||dcha...@freebsd.org --- Comment #7 from Gleb Smirnoff --- Adding Dmitry and Alexander here. TLDR version for them: An application (Firefox) sends NETLINK_ROUTE message with AF_PACKET in it. linux_to_bsd_domain() fails to find an analog in FreeBSD, and returns 0x. Later that truncates down to 0xff and rt_tables_get_rnh_ptr() panics. How should we fix that? At what level should we report EOPNOTSUPP (or maybe other) error? My guess that should live in NetLink, cause it is NetLink that doesn't check return value of linux_to_bsd_domain(). The latter honestly reports "I don't know". -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274536] panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274536 --- Comment #6 from Edward Tomasz Napierala --- Thank you! It's 17, which appears to be PF_PACKET. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274536] panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274536 --- Comment #5 from Gleb Smirnoff --- I guess the 255 is coming from sys/compat/linux/linux.c:linux_to_bsd_domain() return (-1). Can you please first modify your kernel so that it doesn't panic: e.g. in netlink_io.c after line 284 just return as if the msg_from_linux failed. Then please add print of the actual value of domain in linux_to_bsd_domain(). -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274536] panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274536 --- Comment #4 from Edward Tomasz Napierala --- This is still happening with yesterday's CURRENT. It looks like the bug is caused by rtnl_handle_getroute() being called with family=255, which then causes assertion in rt_tables_get_rnh_ptr(). I'm not sure where this value - which from I assume came from userspace - should be handled? I've pinged glebius@, he's done some Netlink work recently. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274536] panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274536 Edward Tomasz Napierala changed: What|Removed |Added Blocks||247219 Referenced Bugs: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=247219 [Bug 247219] [meta] Linux Emulation (Linuxulator) Tracking Issue -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274536] panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274536 John Baldwin changed: What|Removed |Added CC||j...@freebsd.org, ||melif...@freebsd.org --- Comment #3 from John Baldwin --- I've cc'd melifaro@ as this looks to be related to netlink reading the routing tables. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274536] panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274536 --- Comment #2 from Edward Tomasz Napierala --- Ah; sorry; I've just verified it's still happening with: FreeBSD pustak 15.0-CURRENT FreeBSD 15.0-CURRENT #69 main-n266018-d2abbfede534-dirty: Wed Oct 18 11:33:02 BST 2023 root@pustak:/usr/obj/usr/home/trasz/git/freebsd-src/amd64.amd64/sys/GENERIC amd64 -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274536] panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274536 Graham Perrin changed: What|Removed |Added CC||grahamper...@gmail.com Status|New |Open Keywords||crash, needs-qa --- Comment #1 from Graham Perrin --- (In reply to Edward Tomasz Napierala from comment #0) > amd64 FreeBSD 15: Which version, exactly? Reproducible with an updated OS? (Reading this alongside bug 274538 comment 1.) -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274536] panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274536 Bug ID: 274536 Summary: panic: rt_tables_get_rnh_ptr: fam out of bounds (255 < 45) Product: Base System Version: 15.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: b...@freebsd.org Reporter: tr...@freebsd.org Trying to run Linux Firefox binary from Ubuntu Focal seems to trigger panic on amd64 FreeBSD 15: __curthread () at /usr/home/trasz/git/freebsd-src/sys/amd64/include/pcpu_aux.h:57 57 __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct pcpu, (kgdb) #0 __curthread () at /usr/home/trasz/git/freebsd-src/sys/amd64/include/pcpu_aux.h:57 #1 doadump (textdump=textdump@entry=1) at /usr/home/trasz/git/freebsd-src/sys/kern/kern_shutdown.c:405 #2 0x80b4ee90 in kern_reboot (howto=260) at /usr/home/trasz/git/freebsd-src/sys/kern/kern_shutdown.c:526 #3 0x80b4f38f in vpanic ( fmt=0x811406d9 "%s: fam out of bounds (%d < %d)", ap=ap@entry=0xfe00fc3a2b30) at /usr/home/trasz/git/freebsd-src/sys/kern/kern_shutdown.c:970 #4 0x80b4f133 in panic (fmt=) at /usr/home/trasz/git/freebsd-src/sys/kern/kern_shutdown.c:894 #5 0x80cbbee3 in rt_tables_get_rnh_ptr (table=, family=) at /usr/home/trasz/git/freebsd-src/sys/net/route/route_tables.c:372 #6 rt_tables_get_rnh (table=, family=) at /usr/home/trasz/git/freebsd-src/sys/net/route/route_tables.c:387 #7 0x80dc626d in dump_rtable_fib (wa=0xfe00fc3a2bc8, fibnum=0, family=255) at /usr/home/trasz/git/freebsd-src/sys/netlink/route/rt.c:599 #8 handle_rtm_dump (nlp=0xf803cbde4700, fibnum=0, family=255, hdr=0xf8039edb6800, nw=) at /usr/home/trasz/git/freebsd-src/sys/netlink/route/rt.c:682 #9 rtnl_handle_getroute (hdr=0xf8039edb6800, nlp=0xf803cbde4700, npt=0xfe00fc3a2dc0) at /usr/home/trasz/git/freebsd-src/sys/netlink/route/rt.c:1028 #10 0x80dbe552 in rtnl_handle_message (hdr=0xf8039edb6800, npt=0xfe00fc3a2dc0) at /usr/home/trasz/git/freebsd-src/sys/netlink/netlink_route.c:104 #11 0x80dbbeaa in nl_receive_message (hdr=0xf8039edb6800, remaining_length=, nlp=0xf803cbde4700, npt=0xfe00fc3a2dc0) at /usr/home/trasz/git/freebsd-src/sys/netlink/netlink_io.c:506 #12 nl_process_mbuf (m=0xf800099fd000, nlp=0xf803cbde4700) at /usr/home/trasz/git/freebsd-src/sys/netlink/netlink_io.c:580 #13 nl_process_received_one (nlp=0xf803cbde4700) at /usr/home/trasz/git/freebsd-src/sys/netlink/netlink_io.c:293 #14 nl_process_received (nlp=0xf803cbde4700) at /usr/home/trasz/git/freebsd-src/sys/netlink/netlink_io.c:320 #15 nl_taskqueue_handler (_arg=0xf803cbde4700, pending=) at /usr/home/trasz/git/freebsd-src/sys/netlink/netlink_io.c:371 #16 0x80bb497b in taskqueue_run_locked ( queue=queue@entry=0xf8002400cc00) at /usr/home/trasz/git/freebsd-src/sys/kern/subr_taskqueue.c:512 #17 0x80bb5a33 in taskqueue_thread_loop ( arg=arg@entry=0xf803cbde4760) at /usr/home/trasz/git/freebsd-src/sys/kern/subr_taskqueue.c:824 #18 0x80b04f02 in fork_exit ( callout=0x80bb5960 , arg=0xf803cbde4760, frame=0xfe00fc3a2f40) at /usr/home/trasz/git/freebsd-src/sys/kern/kern_fork.c:1160 #19 #20 0x0008011306c6 in ?? () -- You are receiving this mail because: You are the assignee for the bug.