Re: Kernel Panic on OpenBSD 4.9-current (GENERIC.MP) #24: Sun Jul 17 01:10:16 WIT 2011

Could you send your pf.conf so I can see which pf features you use? bluhm

Re: 5.0 beta: rtsol wrong message

On Thu, Jul 21, 2011 at 04:22:55PM +0200, Rene Maroufi wrote: Yes, true, sorry. But: Why this message? It's confusing. I configured Router solicitation/Router Advertisements. Why a message about router redirects? When you accept router advertisements, you get the default route from a router in

Re: kernel panic soaccept: !NOFDREF

On Tue, Aug 14, 2012 at 11:58:50AM +0300, bw wrote: First, here's the pictures. Panic, trace, ps, last one is dmesg http://bayimg.com/DABOgaaeb http://bayimg.com/DabOeaaeB This bug should be fixed by the following commit: CVSROOT:/cvs Module name:src

Re: hang of 5.1

On Thu, Oct 25, 2012 at 09:01:44PM +0100, Stuart Henderson wrote: On 2012/10/25 20:17, Han Boetes wrote: all processes wanting disk i/o stuck with waitchan inode - I've seen that before as have a few others I think - I haven't hit it myself on -current for months now though. I know this bug,

Re: My Firewall crashed.

On Thu, Mar 14, 2013 at 03:20:06PM +, Keith wrote: uvm_fault(0x80d44ea0, 0x0x 0x 2) - e kernel: page fault trap, code=0 Stopped at sounsplice+0x44:andw $0xfeff,0x1a8(%r12) ddb{0} During OpenBSD 5.3 development I fixed a bug in this area. Can you upgrade your firewall to

Re: X server crash with intel kms

On Sat, Mar 30, 2013 at 04:00:39PM +1100, Jonathan Gray wrote: Thanks for tracking this down, I've backed out the parts that were calling i915_gem_execbuffer_reserve_object but kept the (now uncalled) functions there. Can you cvs up and check that everything is fine still? new kernel, new X,

Re: VU#243620 - IP fragment bug in OpenBSD

/pf_norm.c.diff?r1=1.159;r2=1.160 http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pfvar.h.diff?r1=1.388;r2=1.389 The problematic code was in pf, the packet filter firewall of OpenBSD. It is enabled by default, so its behavior was seen. Best Regards, Alexander Bluhm

Re: KASSERT in tcp_input

On Sun, Jun 01, 2014 at 07:34:56PM +0200, Peter Haag wrote: May 30 07:11:29 savecore: reboot after panic: tcp_input:650: 0xfe852c102790 != 0xfe851758a050 inp_ipsec_remotecred = 0x0, inp_ipsec_remoteauth = 0x0, inp_cksum6 = -1, inp_icmp6filt = 0x0, inp_pf_sk = 0xfe852c092c48,

Re: Missing checksum calculation for redirected fragmented IPv6 packets

On Thu, May 22, 2014 at 04:20:32PM +0200, Matthias Pitzl wrote: If fragmented IPv6 packets are redirected by pf, the code in pf_refragment6() of pf_norm.c lacks a call to in6_proto_cksum_out() to calculate the checksum for the packet before it is broken into fragments again. The attached diff

Re: udp checksum zero with inet6 rdr-to

On Wed, Jul 16, 2014 at 03:38:36PM -0400, Michael Stone wrote: When using a pf rule to redirect incoming udp traffic to one ipv6 address to a different address, the packet that is sent to originating host has a 0 udp checksum. I'd guess some sort of offload problem, but the

Re: udp checksum zero with inet6 rdr-to

On Mon, Jul 21, 2014 at 04:25:46PM -0400, Michael Stone wrote: Problem persists on 5.6. Further testing suggests that this may only be happening if the packets exit the firewall via an ip6 tunnel (tun(4) interface). I am not seeing the problem between vlans on the same physical network using

Re: Thinkpad X230 resets at pckbd0 attach

On Tue, Nov 11, 2014 at 04:45:50PM +0100, Christian Weisgerber wrote: Occasionally, when I power on my Thinkpad X230, it resets during kernel autoconf: white-on-blue kernel messages - boom! Thinkpad logo. It subsequently boots fine. Today I finally thought to save the dmesg, and it shows

Re: Thinkpad X230 resets at pckbd0 attach

On Tue, Dec 09, 2014 at 09:30:55PM +0100, Alexander Bluhm wrote: On Tue, Nov 11, 2014 at 04:45:50PM +0100, Christian Weisgerber wrote: Occasionally, when I power on my Thinkpad X230, it resets during kernel autoconf: white-on-blue kernel messages - boom! Thinkpad logo. It subsequently

Re: Thinkpad X230 resets at pckbd0 attach

On Tue, Dec 30, 2014 at 10:06:09PM +0100, Martin Pieuchot wrote: Is it your console keyboard? I have only the keyboard that is build into the thinkpad. That is my console. No additional keyboard or serial connected. I have placed printf into all functions you mentiond. Normal output is now:

Re: Thinkpad X230 resets at pckbd0 attach

On Tue, Dec 30, 2014 at 11:01:34PM +0100, Alexander Bluhm wrote: I have placed printf into all functions you mentiond. Normal output is now: func pckbc_attach_slot, line 269: start func pckbc_attach_slot, line 272: call config_found_sm pckbd0 at pckbc0 (kbd slot)func pckbdattach, line 370

Re: "panic: ipintr no HDR" when attempting to connect OpenBSD running l2tp/IPsec

On Thu, Dec 03, 2015 at 04:40:07PM +, Sevan / Venture37 wrote: > Confirmed, with the amended you suggested, OpenBSD no longer panics when > I establish a connection. I have commited the fix. Thanks for testing. bluhm

Re: "panic: ipintr no HDR" when attempting to connect OpenBSD running l2tp/IPsec

On Thu, Dec 03, 2015 at 04:14:08PM +, Sevan / Venture37 wrote: > > > On 03/12/2015 16:08, Mike Belopuhov wrote: > > this looks correct. > > I applied Alexander's patch on top of yours. > Still crashed. That's because Mike's patch got the same bug by copy@pase. So we could see what is going

Re: "panic: ipintr no HDR" when attempting to connect OpenBSD running l2tp/IPsec

On Thu, Dec 03, 2015 at 03:09:37PM +, Sevan / Venture37 wrote: > panic: no HDR: pppxwrite Please try this (untested) bluhm Index: net/if_pppx.c === RCS file: /data/mirror/openbsd/cvs/src/sys/net/if_pppx.c,v retrieving revision

Re: syslogd: no --MARK-- when started with -m and mark.info enabled in syslog.conf

On Fri, Dec 11, 2015 at 12:37:40AM +0100, Einfach Jemand wrote: > Below is a patch against the -current version of syslogd.c that makes > syslogd -m functional again. Thanks for the fix, I have commited it. > I ran the regression tests for syslogd with the patch and found no > differences so

Re: kernel panic rtadvd (maybe aiccu?) on sparc64 with latest snapshot

On Wed, Dec 23, 2015 at 05:27:58PM +0100, Stefan Kempf wrote: > Same panic here, but with a different trace (see below). > It looks like the pf_state_key reference count is not always > updated. When the packet header of an mbuf is duplicated, the > reference count is not being increased. But

Re: Upgrade generates extra "dmesg: sysctl: KERN_MSGBUF: Cannot allocate memory"

On Fri, Jun 24, 2016 at 07:16:27AM -0400, RD Thrush wrote: > OpenBSD 6.0-beta (RAMDISK_CD) #1996: Thu Jun 23 07:29:40 MDT 2016 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD > dmesg: sysctl: KERN_MSGBUF: Cannot allocate memory amd64 snapshot with this kernel was broken

Re: ACPI thinkpad brightness regression

On Tue, Feb 09, 2016 at 11:03:59AM +0100, Martin Pieuchot wrote: > Since brightness support has been added to acpithinkpad(4) I can easily > trigger a regression on my x220: > > - Switching to the first virtual console just after xdm starts using the > Ctrl+Alt+F1 key combination turns my

Re: Mar 23 snapshot and ipv6 problem

On Wed, Mar 30, 2016 at 09:17:52PM +0200, Vincent Gross wrote: > Hi, can you apply this diff and check if the problem persists ? It does not help my syslogd regression test. cd /usr/src/regress/usr.sbin/syslogd && SUDO=sudo make run-regress-args-server-udp6.pl I have also tried memset(, 0,

Re: OpenBSD -current panic under heavy load on a squid proxy

On Thu, Mar 24, 2016 at 05:21:00PM +0100, Frederic URBAN wrote: > panic: kernel diagnostic assertion "sotoinpcb(inp->inp_socket) == inp" > failed: file "../../../../netinet/tcp_input.c", line 632 > Stopped at? ? ? ? ? Debugger+0x9:? ? leave > ? ? TID? ? ? PID? ? ? UID? ? ? ? PRFLAGS? ? ? ?

Re: Mar 23 snapshot and ipv6 problem

On Tue, Mar 29, 2016 at 11:46:20AM +0100, Stuart Henderson wrote: > On 2016/03/24 20:27, Sebastien Marie wrote: > > Hi, > > > > I encountered a problem with IPv6 connectivity after upgrade to snapshot > > Mar 23 on my amd64 router. > > > > The router use a pppoe session to get IPv4 and IPv6. I

Re: Mar 23 snapshot and ipv6 problem

On Thu, Mar 31, 2016 at 10:42:19AM +0200, Sebastien Marie wrote: > On Wed, Mar 30, 2016 at 09:17:52PM +0200, Vincent Gross wrote: > > > > Hi, can you apply this diff and check if the problem persists ? > > > > diff --git a/sys/netinet6/udp6_output.c b/sys/netinet6/udp6_output.c > > index

Re: dmesg -s produces no output in -current

On Fri, May 13, 2016 at 11:43:43AM +0100, Dimitris Papastamos wrote: > After I rebuilt and booted the kernel today I noticed dmesg -s > produces no output. I suspect this is to do with the recent change: Here is alternative way to fix sendsyslog(2) with LOG_CONS. I also works when /dev/console

bpfilter_create kassert panic

Hi, When running some scapy regression tests, a current i386 machine triggered this panic. bluhm panic: kernel diagnostic assertion "bpfilter_lookup(unit) == NULL" failed: file "../../../../net/bpf.c", line 1645 Stopped at Debugger+0x7: leave TIDPIDUID PRFLAGS PFLAGS

Re: fd_getfile with 0xdeadbeef in rax

On Mon, Jan 23, 2017 at 08:42:07PM +1000, Martin Pieuchot wrote: > On 17/01/17(Tue) 00:24, Alexander Bluhm wrote: > > On Mon, Jan 16, 2017 at 08:36:46PM +0100, cheek...@gmx.com wrote: > > > kernel: protection fault trap, code=0 > > > Stopped at fd_getfile+0x20: testb $

Re: fd_getfile with 0xdeadbeef in rax

On Mon, Jan 16, 2017 at 08:36:46PM +0100, cheek...@gmx.com wrote: > kernel: protection fault trap, code=0 > Stopped at fd_getfile+0x20: testb $0x2,mptramp_gdt32_desc+0x1e(%r > ax) > ddb{3}> fd_getfile() at fd_getfile+0x20 > sys_fstat() at sys_fstat+0x43 > syscall() at syscall+0x27b It crashes in

Re: very slow ssh / sshd performance on current

On Fri, Sep 02, 2016 at 09:43:13AM +0200, Andreas Bartelt wrote: > I'm observing very slow ssh / sshd performance on current (tested on amd64). > Throughput is less than 1/50th of what I'm typically seeing on my boxes. > This drop in performance seems to be independent of the used ciphers (tested

Re: very slow ssh / sshd performance on current

On Fri, Sep 02, 2016 at 10:33:19AM +0200, Andreas Bartelt wrote: > On 09/02/16 10:24, Alexander Bluhm wrote: > > I see a performance drop to 10 Mbit/sec on some old i386 machines > > with em(4). Can you try this kernel diff to see wether it is the > > same problem? > &

Re: panic during alias configuration

On Mon, Oct 03, 2016 at 12:23:08PM +0200, Martin Pieuchot wrote: > Index: netinet/in.c > === > RCS file: /cvs/src/sys/netinet/in.c,v > retrieving revision 1.129 > diff -u -p -r1.129 in.c > --- netinet/in.c 4 Sep 2016 10:32:01

Re: panic during alias configuration

On Wed, Sep 28, 2016 at 12:09:35PM +0200, Paul de Weerd wrote: > I ran into this issue while manually configuring a set of aliases on I can reproduce it on -current: while ifconfig vio0 inet delete; do :; done while ifconfig vio1 inet delete; do :; done netstat -rn -f inet Destination

Re: IPv6/NDP/IPsec breakage in -current

On Thu, Oct 06, 2016 at 11:12:18PM +0200, Christian Weisgerber wrote: > Something is very broken at the intersection of IPv6, NDP, and IPsec > in -current. I also see issues with IPv6 and NDP, but no IPsec involved. There are several other threads on bugs@ about broken IPv6. It seems that

Re: ping6(8): link local source IP

On Mon, Oct 24, 2016 at 02:06:43PM +, Florian Obser wrote: > Note that we can remove all the checks since in6_pcbaddrisavail() does > all of this for us. I support using in6_pcbaddrisavail() for raw sockets. Code reuse is good. > - if (ifa && ifatoia6(ifa)->ia6_flags & > -

Re: route label of cloned routes

On Tue, Nov 15, 2016 at 04:33:13PM +, Rivo Nurges wrote: > PF allows to filter based on route labels. Cloned routes created by PMTU > don't inherit route labels and PF filtering fails. We inherit the label for cloned routes, it makes sense to inherit it also for dynamic routes. > This patch

Re: IPv6/NDP/IPsec breakage in -current

On Mon, Nov 21, 2016 at 03:15:39PM +0100, Martin Pieuchot wrote: > naddy@ confirmed this diff fixes his tunnel mode setup, ok? IPv6 neighbor discovery over IPsec does not work reliably. It uses link-local, global and multicast addresses and depending on your flows and SA it either works or not.

Re: ipv6 problem on 6.1-beta

On Fri, Mar 24, 2017 at 03:29:28PM +0100, Martin Pieuchot wrote: > It's wrong to call nd6_invalidate() at the beginning of nd6_free() since > the default router selection logic check for the ND state of the entry. Make sense. We did not intend to change default router selection. It was

Re: losing ipv6 connectivity after some uptime

On Mon, Mar 06, 2017 at 01:12:12PM +0100, Martin Pieuchot wrote: > Diff below should solve that by resetting the 'asked' counter and allow > our NDP code to generate a new NS. Just like the delete command does. arptfree() calls arpinvalidate() unconditionally. So I think we should always call

Re: losing ipv6 connectivity after some uptime

On Tue, Mar 07, 2017 at 02:07:02PM +0100, Martin Pieuchot wrote: > On 06/03/17(Mon) 23:26, Alexander Bluhm wrote: > > On Mon, Mar 06, 2017 at 01:12:12PM +0100, Martin Pieuchot wrote: > > > Diff below should solve that by resetting the 'asked' counter and allow > > > our

Re: System hang when connecting sockets+setsockopt on same port in a loop

On Wed, May 31, 2017 at 10:11:45AM +0200, oanto...@ethnao.no-ip.biz wrote: > s = socket(res->ai_family, > res->ai_socktype,res->ai_protocol); > if (s == -1) > errx(1,"socket"); > int enable = 1; >

Re: canaries can cause malloc with a size of 0 to hang

On Fri, Jul 07, 2017 at 08:52:42AM +0200, Otto Moerbeek wrote: > I think I found it: requested size is not recorded for malloc(0), > bp->offset is not initialized in that case. Other code is carefull not to > use ->offset for size == 0. This also fixes

panic in pf purge thread

Hi, One of the regression tests triggers this panic in the pf purge thread. I am not sure which test it is as the panic may be delayed. It happens on a remote machine, the test machine connects to it in a multi machine setup. bluhm login: panic: kernel diagnostic assertion

Re: CVS: cvs.openbsd.org: src

On Mon, Jul 03, 2017 at 09:20:51PM +0200, Gregor Best wrote: > With this commit in, I get a panic like the one below. That's a > transcription from a photo of the screen, the photo itself is at [0]. I can reproduce it with regress /usr/src/regress/lib/libtls on i386. root@ot1:.../libtls# make

Re: CVS: cvs.openbsd.org: src

On Mon, Jul 03, 2017 at 11:30:18PM +0200, Alexander Bluhm wrote: > On Mon, Jul 03, 2017 at 09:20:51PM +0200, Gregor Best wrote: > > With this commit in, I get a panic like the one below. That's a > > transcription from a photo of the screen, the photo itself is at [0]. >

Re: panic in pf purge thread

On Tue, Jul 04, 2017 at 12:22:23PM +0200, Martin Pieuchot wrote: > Using a pool for 'radix_node_head' should fix the problem. pf_table > seems to be the only place where such nodes are freed. I converted > rn_inithead() to be able to audit all consumers of this API. > > Diff below. New diff,

Re: ldapd(8) hangs when receiving large data

On Tue, Jul 04, 2017 at 12:55:33PM +0200, Robert Klein wrote: > I ran tests with a patched ldapd around the critical range (15950 to > 16000 byte "image" file) to fill up 7GB of disk space in /var/db/ldap > three times and had no issues. (Snapshot from June 25 "6.1 GENERIC.MP#48 > amd64"). > >

Re: panic in pf purge thread

On Tue, Jul 04, 2017 at 08:10:21PM +0200, Alexander Bluhm wrote: > Basically we have to remove all malloc(9) from pf or make it MP > safe. > > login: panic: kernel diagnostic assertion "_kernel_lock_held()" failed: file > "/usr/src/sys/kern/kern_malloc.c", line

Re: panic in pf purge thread

Hi, Here is another one panic tag_unref(). Note that the change in pf_purge_thread() has been backouted, but I test and report anyway as we want to fix this stuff. Basically we have to remove all malloc(9) from pf or make it MP safe. bluhm login: panic: kernel diagnostic assertion

Re: panic in pf purge thread

On Tue, Jul 04, 2017 at 05:19:46PM +0200, Alexander Bluhm wrote: > Panic happens during /usr/src/regress/sys/ffs/nfs setup. > > login: panic: free: non-malloced addr 0xd4b81630 type rtable > Stopped at db_enter+0x7: leave > TIDPIDUID PRFLAGS PFLAG

Re: uipc_socket.c int to short conversion

On Wed, Apr 26, 2017 at 10:16:22PM -0700, Dillon Jay Pena wrote: > In solisten, if somaxconn and backlog (both ints) are greater than > SHRT_MAX, then there is overflow when setting so->so_qlimit = backlog This can only happen if the admin sets silly sysctl values. backlog is already checked

Re: ldapd(8) hangs when receiving large data

On Fri, May 05, 2017 at 06:05:28PM +, Seiya Kawashima wrote: > I'm not quite sure if this is the right way to fix the issue but it looks > like that > this issue is related to how ldapd(8) buffers LDAP messages from the client. Thanks for the analysis. I have copied the code from libevent

Re: time runs at 50% inside a vmm host

On Fri, May 12, 2017 at 01:00:22PM +0200, Paul de Weerd wrote: > Is this a misconfiguration on my end or a bug? There is an easy way to detect this, run a loop in the guest system: root@q71:~# while sleep 1; do date; done Fri May 12 06:27:20 CEST 2017 Fri May 12

Re: spoofed icmp6 echo reply for link local address

On Sat, Jun 24, 2017 at 09:41:18PM +0200, Harald Dunkel wrote: > That was a lot of work. > > commit 270aa588bf833a21eacc7de79669da22a9ed8fa7 > Author: mpi > Date: Thu Mar 2 09:06:59 2017 + > > Use the routing table rather than the global list of IPv6 address. > >

Re: spoofed icmp6 echo reply for link local address

On Sat, Jun 24, 2017 at 09:41:18PM +0200, Harald Dunkel wrote: > commit 270aa588bf833a21eacc7de79669da22a9ed8fa7 > Author: mpi > Date: Thu Mar 2 09:06:59 2017 + > > Use the routing table rather than the global list of IPv6 address. > > ok bluhm@ The IPv6 routing

Re: OpenBSD 6.1: mbuf leak after receiving icmp/ip-Messages with IP-Options

On Mon, May 22, 2017 at 11:33:08AM +, Gerlach, Hendrik wrote: > A possible fix maybe would calling m_free(opts) (if opts != NULL) after > calling icmp_send() As the options are not allocated in icmp_send() I think it is better to free them in icmp_input_if() after a successful call to

Re: System hang when connecting sockets+setsockopt on same port in a loop

On Wed, May 31, 2017 at 10:11:45AM +0200, oanto...@ethnao.no-ip.biz wrote: > I've tested on slow i386, faster amd64, all bare metal, on a VMM. > Everytime the system freeze after a few iterations. > No log, no trace, no panic, no ping from outside. I don't know what > happen. I

Re: config in 6.1 reports /dev/mem: Operation not permitted

On Thu, May 04, 2017 at 09:43:07AM -0400, j...@cs.toronto.edu wrote: > However in OpenBSD 6.1, attempting to run config in this way fails, > with the message: > config: kvm_openfiles: /dev/mem: Operation not permitted Putting kern.allowkmem=1 into /etc/sysctl.conf and reboot

Re: SSL requests crashes relayd with empty "return error style"

On Mon, Sep 04, 2017 at 11:38:03PM +1000, Jonathan Gray wrote: > On Mon, Sep 04, 2017 at 02:39:17PM +0200, Alexander Bluhm wrote: > > On Wed, Aug 30, 2017 at 09:20:40PM +1000, Jonathan Gray wrote: > > > @@ -680,8 +680,9 @@ config_getproto(struct relayd *env, stru > &g

Re: SSL requests crashes relayd with empty "return error style"

On Wed, Aug 30, 2017 at 09:20:40PM +1000, Jonathan Gray wrote: > @@ -680,8 +680,9 @@ config_getproto(struct relayd *env, stru > s = sizeof(*proto); > > styl = IMSG_DATA_SIZE(imsg) - s; > + proto->style = NULL; > if (styl > 0) { I think this chunk is the important part of

Re: pf.conf/pf faq inconsistency about log (user) ?

On Wed, Nov 29, 2017 at 06:31:31PM +0100, Landry Breuil wrote: > 18:25:21.580108 rule 1/(match) [uid 0, pid 33213] pass out on em0: [uid > 1000, pid 23403] > > interestingly i couldnt figure out what the info '[uid 0, pid 33213]' > was referring to since on the local system there's no such pid

Re: crash on 6.2 running on kvm with UDP query

On Sat, Dec 16, 2017 at 05:23:12PM -0200, x9p wrote: > to reproduce: This is a lousy bug report. No dmesg, no panic message, no trace. > route add -host 200.200.200.200 127.0.0.1 > dig +short www.immunityinc.com @200.200.200.200 Fortunately I have already fixed this in current. So I could

Re: missing "software" on dictionaries causes Perl module to fail tests

On Thu, Nov 16, 2017 at 12:06:45PM -0200, arfrei...@cpan.org wrote: > >Synopsis: missing "software" on dictionary files I have added "software" to our dictionary in -current which will be released as OpenBSD-6.3. Thanks for the bug report. bluhm

Re: grep accept -r parameter, but man grep(1) list -R only

On Mon, Nov 20, 2017 at 08:07:04PM +0100, Jiri Navratil wrote: > So there is difference between man page and command. You have to read further down: STANDARDS Historic versions of the grep utility also supported the flags [-ruy]. This implementation supports those options; however,

Re: uvm_fault while running X and quitting Firefox

On Fri, Nov 03, 2017 at 07:06:34PM +0100, Matthias Schmidt wrote: > my system dropped into ddb when running X11 and quitting Firefox (with > the intention to quit X and shutdown). pf_test_rule+0xa0b is when pf_send_tcp() calls ip_send(). This was fixed here:

Re: Soekris 6501 with -current panics

On Fri, Dec 08, 2017 at 07:28:06PM -0600, Chris Eidem wrote: > kernel diagnostic assertion "divert != NULL" failed: > file "/usr/src/sys/netinet/raw_ip.c", line 138 I added this assertion a few days ago. I will look into it tomorrow. bluhm

Re: crash in /usr/src/sys/netinet/raw_ip.c

On Sun, Dec 10, 2017 at 10:38:30AM +0100, vic...@gmail.com wrote: > icmp_input_if(1,2,800014a50a6c,800014a50a70,80067290) at > icmp_input_if+0x111 Could you try this diff? bluhm Index: netinet/ip_icmp.c === RCS

Re: Kernel panics - /usr/src/sys/netinet/raw ip.c - with ps

On Sun, Dec 10, 2017 at 10:51:49PM -0800, Scott Vanderbilt wrote: > I am getting kernel panics every 30 to 120 minutes with latest amd64 > snapshot. The same panic occurs on four different machines (all amd64) > running this snapshot: In icmp_input_if() all mbuf tags are deleted without

panic: vinvalbuf: dirty bufs

Hi, My amd64 regress machine paniced two times here. panic: vinvalbuf: dirty bufs Stopped at db_enter+0x5: popq%rbp TIDPIDUID PRFLAGS PFLAGS CPU COMMAND *518352 74317 0 0x2 00K umount ddb{0}> trace db_enter() at db_enter+0x5 panic() at

Re: i386 panic in uvm_addr_linsearch

On Mon, May 14, 2018 at 01:05:07PM +0200, Otto Moerbeek wrote: > This fixes the panic. All i386 regress tests pass with this. http://bluhm.genua.de/regress/results/latest.html > The error returned is not expected by the test > suite (ENOMEM vs EOVERFLOW), but that's another matter imo.

hang in i386 pmap_tlb_shootwait

Hi, While running my nightly regression tests, I compiled /ports/misc/posixtestsuite. It was the first time that I was running regress while having some other load on the machine. During regress/lib/libc/ieeefp/except the machine hang. It has 2 CPUs. The final output of the test: ===>

Re: hang in i386 pmap_tlb_shootwait

On Wed, May 09, 2018 at 06:21:54PM +0200, Hans-Joerg Hoexer wrote: > Hi, > > I think this fallout from using interrupt gates now. I did not properly > enable interrupts for dna, fpu and f00f_redirect: Thux npxintr() tries to > get the kernel lock with interrupts disabled. Meanwhile the IPI for

Re: 6.3 amd64 panic: kernel diagnostic assertion in nd6.c

On Tue, May 08, 2018 at 10:26:02PM +0100, Michael-John Turner wrote: > panic: kernel diagnostic assertion "!ISSET(rt->rt_flags, RTF_LOCAL)" failed: > file "/usr/src/sys/netinet6/nd6.c", line 725 I have added this diagnostic assertion during 6.3 developemnt. When an IPv6 neigbor discovery

i386 panic in uvm_addr_linsearch

Hi, When executing the posixtestsuite port, the i386 kernel crashes. It is this one: /usr/local/libexec/posixtestsuite/conformance/interfaces/mmap/31-1.test bluhm root@ot1:.../~# te/conformance/interfaces/mmap/31-1.test < off: f000, lpanic: kernel diagnostic assertion

Re: Panic in IPSEC

On Sat, May 19, 2018 at 12:57:19PM +0200, Peter J. Philipp wrote: > panic: kernel diagnostic assertion...(cut) This is an important line. panic: kernel diagnostic assertion "_kernel_lock_held()" failed in file "/us Then the photo is cut, but I can guess what is next. >

Re: Panic in IPSEC

On Sat, May 19, 2018 at 02:30:27PM +0200, Peter J. Philipp wrote: > I have applied it now, what it was > missing was a terminating semicolon on KERNEL_LOCK(), so far my C goes I was > able to correct that. Ah, I tested a GENERIC non MP kernel in qemu. There the define is a noop and the compiler

Re: Panic in IPSEC

On Sat, May 19, 2018 at 02:08:55PM +0200, Peter J. Philipp wrote: > > panic: kernel diagnostic assertion "_kernel_lock_held()" failed in file "/us It is /usr/src/sys/kern/uipc_socket2.c, line 314 302 void 303 soassertlocked(struct socket *so) 304 { 305 switch

Re: Panic in IPSEC

On Sat, May 19, 2018 at 08:45:01AM -0400, mabi wrote: > If that might help you guys, this seems quite similar to the issue I have > encountered and reported on this mailing list back in April: > https://marc.info/?l=openbsd-bugs=152417193124446=2 This is unrelated, the expire bug was introduced

Re: protection fault after fatfingering address

On Sun, May 20, 2018 at 07:24:05AM +0200, p...@centroid.eu wrote: > http://centroid.eu/private/p523.jpg ml_enqueue+0x11 /usr/src/sys/kern/uipc_mbuf.c:1498 * 33a1: 48 89 71 08 mov%rsi,0x8(%rcx) 33a5: eb 07 jmp33ae

Re: 6.3 just died (not for the first time)

On Wed, May 16, 2018 at 10:20:49AM +0200, Martin Pieuchot wrote: > That means that the TDB has already been freed. This is possible > because the timeout sleeps on the NET_LOCK(). Diff below should prevent > that by introducing a tdb_reaper() function like we do in other parts of > the stack.

Re: 6.3 just died (not for the first time)

On Tue, May 22, 2018 at 07:32:29AM +0200, Harald Dunkel wrote: > Do you think this is worth a syspatch? You are asking this question for three times. The answer is no. Errata and syspatch are for security issues that can be triggered remotely or by a local non-root user. If we would fix every

Re: protection fault trap with OpenBSD 6.3

On Mon, May 28, 2018 at 10:24:33PM +0200, Marc Peters wrote: > ddb{0}> bt > export_sa(10,80002240c0b0) at export_sa+0x5c > pfkeyv2_expire(8095c400,8095c400) at pfkeyv2_expire+0x14e > tdb_timeout(80002240c260) at tdb_timeout+0x39 >

panic witness_warn

Hi, On my amd64 regress machine I see a witness_warn panic now. OpenBSD 6.3-current (GENERIC.MP) #65: Fri Jun 1 17:44:06 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP acquiring duplicate lock of same type: ">mnt_lock" 1st vfslock @

Re: panic witness_warn

On Mon, Jun 04, 2018 at 01:23:53AM +0200, Alexander Bluhm wrote: > On my amd64 regress machine I see a witness_warn panic now. It is triggered by /usr/src/regress/sys/kern/mount. With visa@'s improved stack trace I see: run-regress-unmount-busy cp -r /usr /mnt/regress-mo

crash in nfs_timer

Hi, I have seen a crash in the regress/sys/nfs test. It was during run-regress-cleanup, the last command I see is: umount -f -t nfs -h 127.0.0.1 -a || true uvm_fault(0xd0d2f2a8, 0xefff, 0, 1) -> e kernel: page fault trap, code=0 Stopped at nfs_timer+0x30: cmpl$0,0xc(%ebx) ddb{0}>

Re: syslogd deletes any existing file if defined as value for -p [was: syslogd loghost only - without unix socket & /dev/klog]

On Fri, Feb 09, 2018 at 04:10:14AM -0500, Jiri B wrote: > I was speculating about another instance of syslogd, just as a log > host services while having base syslogd running on same box. I doubt that this makes much sense. You have one syslogd(8) process and control everything in

Re: Bug in pf-logging, logging wrong rule number

On Thu, Feb 15, 2018 at 10:25:07AM +0100, Illya Meyer wrote: > I discovered a strange behaviour since OpenBSD 6.2 with pf logging, when > an "anchor" is in the ruleset of /etc/pf.conf. It logs in some cases the > rule number of the anchor and not the matching rule, although the > correct rule

Re: panic: kernel diagnostic assertion "skrev->reverse == NULL"

On Sat, Feb 24, 2018 at 04:20:50PM -0500, Johan Huldtgren wrote: > trying to connect to my gateway today I found the following > panic. This is 100% reproducible anytime I connect via > openvpn and then generate traffic. This first happened on > the Feb 7th snap, I updated and it happens on the

Re: Kernel crash on i386 -current

On Wed, Jul 18, 2018 at 08:39:17PM +0200, Eivind Eide wrote: > Over several snapshots after 6.3 I get reliable system crash after a > few minutes uptime on this old i386 machine of mine. It would be helpful to know when this started. Does it happen with 6.3? Since 6.3 we have commited i386

Re: Kernel Panic 6.3 on HP DL360p Gen8

On Wed, Jul 18, 2018 at 07:13:15AM +, Daniel Stocker wrote: > ddb{0}> trace > export_sa(10,800022368520) at export_sa+0x5c > pfkeyv2_expire(81409800,81409800) at pfkeyv2_expire+0x14e > tdb_timeout(8000223686d0) at tdb_timeout+0x39 > softclock_thread(0) at

Re: Kernel crash on i386 -current

On Fri, Jul 20, 2018 at 05:22:20PM +0100, Stuart Henderson wrote: > For bluhm and bugs@ readers, Eivind narrowed it down to between these: > > OpenBSD 6.3-current (GENERIC) #567: Sun Apr 22 08:12:07 MDT 2018 > dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC > > OpenBSD

Re: Kernel crash on i386 -current

On Sat, Jul 21, 2018 at 09:30:36PM +0200, Eivind Eide wrote: > There are no crash with drm disabled. I'm attaching the dmesg to this > mail. So the update to radeondrm are the cause. So we know that "ATI Radeon Mobility M7" is broken with the new drm code. Unfortunately I have no experience with

Re: panic: vinvalbuf: dirty bufs

On Mon, May 07, 2018 at 05:21:19PM +0200, Alexander Bluhm wrote: > panic: vinvalbuf: dirty bufs At least I know what is going on here. vinvalbuf() calls ffs_fsync() to write all dirty buffers of the mount point to disk. if ((error = VOP_FSYNC(vp, cred, MNT_WAIT, p)) !

Re: panic witness_warn

On Mon, Jun 04, 2018 at 08:53:49PM +0200, Alexander Bluhm wrote: > userret: returning with the following locks held: > exclusive rrwlock inode r = 0 (0xff023d492b48) locked @ > /usr/src/sys/ufs/uf > s/ufs_vnops.c:1559 > #0 witness_lock+0x254 > #1 _rw_enter+0x29b > #2

Re: double fault trap at pf_test+0xc on 6.2-STABLE

On Sat, Jan 20, 2018 at 03:46:36PM +0100, Axel Rau wrote: > this is a IPsec client, which crashes on reboot of the IPsec master (same > hardware and software as client). > The IPsec tunnel connects some IP6 and IP4 public nets to the internet plus > some private nets. Looks like this bug,

panic i386 trapsignal kernel lock

Hi, When executing the libc ieeefp/except regression test, the i386 kernel panics. root@ot2:/usr/src/regress/lib/libc/ieeefp/except# make cc -O2 -pipe -MD -MP -c /usr/src/regress/lib/libc/ieeefp/except/except.c cc -o except except.o ./except fltdiv panic: kernel diagnostic assertion

NFS socket use after free during reboot

Hi, When rebooting the NFS client while the NFS file system is actively used, the kernel crashes. The socket at 0xd73c2d9c is filled with dead beef, so it is a use after free. It is an i386 kernel built today. bluhm root@ot2:.../~# find /mount >/dev/null & sleep 5; reboot -q [1] 9698 syncing

Re: cannot mount tmpfs on 6.3

On Thu, Apr 05, 2018 at 11:41:51AM +0200, Patrick Wildt wrote: > I have seen that issue as well. I think it's because we are now > being passed the data and we don't have to do the copyin ourselves. > When the conversion happened, someone forgot to remove the copyin. > > Does this help? OK

Re: socketpair(2) and getpeereid(3)

On Sun, Apr 08, 2018 at 07:10:27AM +0200, Sebastien Marie wrote: > I think it is the more simple way to achieve it. Moving the related code > from unp_connect() to unp_connect2() should be possible (only few direct > callers of {so,unp_}connect2() ), but unp_connid will not be copied on > the two

  1   2   3   4   >