From nobody Sat Mar 19 11:03:41 2022 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 9EB581A112BB for ; Sat, 19 Mar 2022 11:03:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KLJ0G2Nj8z4nqw for ; Sat, 19 Mar 2022 11:03:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 334881239E for ; Sat, 19 Mar 2022 11:03:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 22JB3goF035793 for ; Sat, 19 Mar 2022 11:03:42 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 22JB3gvA035792 for bugs@FreeBSD.org; Sat, 19 Mar 2022 11:03:42 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 262663] panic in ipv6 jail ipv6 prison_ip_check() in6_pcblookup_hash_locked() - corrupt stack? Date: Sat, 19 Mar 2022 11:03:41 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: dch@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1647687822; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yVea23zrIll9n0qN5DiwZzXeFXyOwL6LSAVoDXB9f1w=; b=WAR+mQlLAIvQ6mhmUB6hoPiOLGvAW3WjvDnUA2R0inzKMWJzMzSQYSxE3qwEeY5QV8PnWh /7AwLO3GlRlPy6wZfwQobeAEH9ax1mxgWIduK/folQbmK/puOCNBC2oI+vyw83hJpXc6IG Gg+0yWBzy5HoWPwqJ438BVNzzyr8NwJi9uuZ4qiXdnDzrWfPeO8g25HOKV0f/4+n8yUufN BC9RnGIz35Tm+3nUrCcvjtrc+PEhTIbeUN2wR3bJyqL8cpZ1xiWrVB8BR7a22jHzGKMIRw hv0XA/pus8VNWCmWOKQ8PAC/zLFWdBxMuN6i9LmgmnJJUUe3TFn1LyJaY5OLuw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1647687822; a=rsa-sha256; cv=none; b=JkX7GeDmP4decbADBaaO76T50NqGIT24MwRKt3LbJvkWqD9YNYaZ8xp4CeoQID/4ZQEpZ3 I9zk5Z52vUop4OaRvYGovmOzgmL7YUseMtbYSXzyob0DfsU3NlbD2TwGOuoxbISLbilEgT lM5fAtO/MSEu8zCtaJymIz+TnCtrHXLvE06FqyeE7A3XuLNeVEyaaDkfosQj4VVhav25tM acxRLZr6GW4Y7/PTm5+C0i3iO59sCU9xrNfAaetj91VDs7LB+cYzGj771eDi1rf0g/Y0Vy aYuRzMYu0D+KsbOI3Xl3H34t5mE6ITKPrncPkPxYEYFDw3en5a0xg6QD2up1oQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D262663 Bug ID: 262663 Summary: panic in ipv6 jail ipv6 prison_ip_check() in6_pcblookup_hash_locked() - corrupt stack? Product: Base System Version: CURRENT Hardware: arm64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: dch@freebsd.org Created attachment 232571 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D232571&action= =3Dedit savecore extracted reboot after panic: Assertion mtx_owned(&pr->pr_mtx) || in_epoch(net_epoch_preempt) || sx_xlocked(&allprison_lock) failed at /usr/src/sys/kern/kern_jail.c:874 tree: https://git.sr.ht/~dch/src/log/feature/boot-from-iscsi last in-source commit: 8b1f5965d9a55a93517c4366f3e1f22166c1aff6 build: 14.0-CURRENT@8b1f5965d9a55a93517c4366f3e1f22166c1aff6 + 2 iscsi patc= hes arch: arm64 ampere altra (in kvm) db> bt Tracing pid 61353 tid 100314 td 0xffffa00022328600 db_trace_self() at db_trace_self db_stack_trace() at db_stack_trace+0x11c db_command() at db_command+0x368 db_command_loop() at db_command_loop+0x54 db_trap() at db_trap+0xf8 kdb_trap() at kdb_trap+0x1cc handle_el1h_sync() at handle_el1h_sync+0x10 --- exception, esr 0xf2000000 kdb_enter() at kdb_enter+0x44 vpanic() at vpanic+0x1b0 panic() at panic+0x44 prison_ip_check() at prison_ip_check+0x13c in6_pcblookup_hash_locked() at in6_pcblookup_hash_locked+0x3a0 in_pcb_lport_dest() at in_pcb_lport_dest+0x394 in6_pcbconnect_mbuf() at in6_pcbconnect_mbuf+0x380 tcp6_connect() at tcp6_connect+0x9c tcp6_usr_connect() at tcp6_usr_connect+0x168 soconnectat() at soconnectat+0xd0 kern_connectat() at kern_connectat+0xd0 sys_connect() at sys_connect+0xb0 do_el0_sync() at do_el0_sync+0x524 handle_el0_sync() at handle_el0_sync+0x40 --- exception, esr 0x56000000 Dump header from device: /dev/gpt/swap0 Architecture: aarch64 Architecture Version: 1 Dump Length: 1017606144 Blocksize: 512 Compression: none Dumptime: 2022-03-19 10:27:30 +0000 Hostname: a01.cabal5.net Magic: FreeBSD Kernel Dump Version String: FreeBSD 14.0-CURRENT main-n253851-0cc463134c4 GENERIC Panic String: Assertion mtx_owned(&pr->pr_mtx) || in_epoch(net_epoch_pree= mpt) || sx_xlocked(&allprison_lock) failed at /usr/src/sys/kern/kern_jail.c:874 Dump Parity: 126362968 Bounds: 1 Dump Status: good Unread portion of the kernel message buffer: [2117] panic: Assertion mtx_owned(&pr->pr_mtx) || in_epoch(net_epoch_preemp= t) || sx_xlocked(&allprison_lock) failed at /usr/src/sys/kern/kern_jail.c:874 [2117] cpuid =3D 1 [2117] time =3D 1647685650 [2117] KDB: stack backtrace: [2117] db_trace_self() at db_trace_self [2117] db_trace_self_wrapper() at db_trace_self_wrapper+0x30 [2117] vpanic() at vpanic+0x174 [2117] panic() at panic+0x44 [2117] prison_ip_check() at prison_ip_check+0x13c [2117] in6_pcblookup_hash_locked() at in6_pcblookup_hash_locked+0x3a0 [2117] in_pcb_lport_dest() at in_pcb_lport_dest+0x394 [2117] in6_pcbconnect_mbuf() at in6_pcbconnect_mbuf+0x380 [2117] tcp6_connect() at tcp6_connect+0x9c [2117] tcp6_usr_connect() at tcp6_usr_connect+0x168 [2117] soconnectat() at soconnectat+0xd0 [2117] kern_connectat() at kern_connectat+0xd0 [2117] sys_connect() at sys_connect+0xb0 [2117] do_el0_sync() at do_el0_sync+0x524 [2117] handle_el0_sync() at handle_el0_sync+0x40 [2117] --- exception, esr 0x56000000 [2117] KDB: enter: panic get_curthread () at /usr/src/sys/arm64/include/pcpu.h:75 75 __asm __volatile("ldr %0, [x18]" : "=3D&r"(td)); (kgdb) #0 get_curthread () at /usr/src/sys/arm64/include/pcpu.h:75 #1 doadump (textdump=3D0) at /usr/src/sys/kern/kern_shutdown.c:406 #2 0xffff00000010780c in db_dump (dummy=3D, dummy2=3Dfalse, dummy3=3D0, dummy4=3D0x0) at /usr/src/sys/ddb/db_command.c:575 #3 0xffff0000001076b8 in db_command (last_cmdp=3D, cmd_table=3D, dopager=3Ddopager@entry=3D1) at /usr/src/sys/ddb/db_command.c:482 #4 0xffff000000107320 in db_command_loop () at /usr/src/sys/ddb/db_command.c:535 #5 0xffff00000010aaac in db_trap (type=3D, code=3D) at /usr/src/sys/ddb/db_main.c:270 #6 0xffff0000004c2efc in kdb_trap (type=3D60, code=3D0, tf=3D0xffff0001575= ec130) at /usr/src/sys/kern/subr_kdb.c:733 #7 #8 kdb_enter (why=3D0xffff0000008ffd26 "panic", msg=3D) at /usr/src/sys/kern/subr_kdb.c:506 #9 0xffff0000004772cc in vpanic ( fmt=3D0xffff000000879e36 "Assertion %s failed at %s:%d", ap=3D...) at /usr/src/sys/kern/kern_shutdown.c:953 #10 0xffff000000477058 in panic ( fmt=3D0x12 ) at /usr/src/sys/kern/kern_shutdown.c:889 #11 0xffff000000434db4 in prison_ip_check (pr=3D0xffffa001f7208000, af=3DPR_INET6, addr=3D0xffff0001575ec568) at /usr/src/sys/kern/kern_jai= l.c:872 #12 0xffff000000633240 in prison_check_ip6_locked (pr=3D0x12, ia6=3D0xffff0000008dedb6, ia6@entry=3D0xffff0001575ec568) at /usr/src/sys/netinet6/in6_jail.c:302 #13 0xffff0000006390c0 in in6_pcblookup_hash_locked (pcbinfo=3D, pcbinfo@entry=3D0xffff000043167748, faddr=3D, fport_arg=3Dfport_arg@entry=3D40975, laddr=3D0xffff0001575ec568, lport_arg=3Dlport_arg@entry=3D53511, lookupflags=3D, lookupflags@entry=3D1, ifp=3D, numa_domain=3Dnuma_domain@entry=3D255 '\377') at /usr/src/sys/netinet6/in6_pcb.c:1081 #14 0xffff0000005e2c98 in in_pcb_lport_dest ( inp=3Dinp@entry=3D0xffffa00047de39f0, lsa=3Dlsa@entry=3D0xffff0001575ec= 560, lportp=3Dlportp@entry=3D0xffffa00047de3a9e, fsa=3Dfsa@entry=3D0xffffa00= 01f910be0, fport=3D, cred=3Dcred@entry=3D0xffffa00020be2500, lookupflags=3Dlookupflags@entry=3D1) at /usr/src/sys/netinet/in_pcb.c:8= 30 #15 0xffff000000638cfc in in6_pcbconnect_mbuf ( inp=3Dinp@entry=3D0xffffa00047de39f0, nam=3Dnam@entry=3D0xffffa0001f910= be0, cred=3D0xffffa00020be2500, m=3D, rehash=3Dfalse) at /usr/src/sys/netinet6/in6_pcb.c:502 #16 0xffff0000006391dc in in6_pcbconnect (inp=3D0x12, inp@entry=3D0xffffa00047de39f0, nam=3D0x80, nam@entry=3D0xffffa0001f910= be0, cred=3D0xffff0000008dedb6) at /usr/src/sys/netinet6/in6_pcb.c:532 #17 0xffff00000061d2e0 in tcp6_connect (tp=3Dtp@entry=3D0xffff00015da028a0, nam=3Dnam@entry=3D0xffffa0001f910be0, td=3Dtd@entry=3D0xffffa0002232860= 0) at /usr/src/sys/netinet/tcp_usrreq.c:1617 #18 0xffff00000061acf0 in tcp6_usr_connect (so=3D0xffff00015c6d8200, nam=3D0xffffa0001f910be0, td=3D0xffffa00022328600) at /usr/src/sys/netinet/tcp_usrreq.c:710 #19 0xffff00000051d8e0 in soconnectat (fd=3Dfd@entry=3D-100, so=3Dso@entry=3D0xffff00015c6d8200, nam=3Dnam@entry=3D0xffffa0001f910be= 0, td=3Dtd@entry=3D0xffffa00022328600) at /usr/src/sys/kern/uipc_socket.c:= 1399 #20 0xffff0000005248a8 in kern_connectat (td=3Dtd@entry=3D0xffffa0002232860= 0, dirfd=3D-100, fd=3D, sa=3Dsa@entry=3D0xffffa0001f910be0) at /usr/src/sys/kern/uipc_syscalls.c:510 #21 0xffff0000005247b8 in sys_connect (td=3D0xffffa00022328600, uap=3D0xffffa000223289f0) at /usr/src/sys/kern/uipc_syscalls.c:472 #22 0xffff000000788dac in syscallenter (td=3D0xffffa00022328600) at /usr/src/sys/arm64/arm64/../../kern/subr_syscall.c:189 #23 svc_handler (td=3D0xffffa00022328600, frame=3D) at /usr/src/sys/arm64/arm64/trap.c:199 #24 do_el0_sync (td=3D0xffffa00022328600, frame=3D) at /usr/src/sys/arm64/arm64/trap.c:560 #25 #26 0x00000000860f91bc in ?? () #27 0x00000000831acf8c in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) (kgdb) --=20 You are receiving this mail because: You are the assignee for the bug.=