Project

General

Profile

Bug #7123

Kernel panic when setting TCP MD5 Password in OpenBGP

Added by Rolf Sommerhalder 4 months ago. Updated 4 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Routing
Target version:
Start date:
01/14/2017
Due date:
% Done:

100%

Affected version:
2.4
Affected Architecture:
amd64

Description

Setting a TCP6 MD5 password in OpenBGP package triggers a panic in pfSense-2.4 amd64 snapshot from yesterday (Fri 13. Jan 17), see below.

Likely, upstream fixed this in FreeBSD-11.0-RELEASE back in November:
https://groups.google.com/forum/#!msg/mpc.lists.freebsd.bugs/O2kKD6hqU68/EShQ7nJrBAAJ
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214727

Output from serial console upon pressing Save button in Web UI of OpenBGP package:
...
Message from syslogd@fwA at Jan 13 16:04:44 ...
fwA php-fpm69279: /pkg.php: Successful login for user 'admin' from:
172.19.70.99

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x8
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff80ed85ea
stack pointer = 0x28:0xfffffe046f8225d0
frame pointer = 0x28:0xfffffe046f8226b0
code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 77641 (bgpd)
[ thread pid 77641 tid 100406 ]
Stopped at tcp_signature_do_compute+0xca: movq 0x8,%rax
db:0:kdb.enter.default> textdump set
textdump set
db:0:kdb.enter.default> capture on
db:0:kdb.enter.default> run lockinfo
db:1:lockinfo> show locks
No such command
db:1:locks> show alllocks
No such command
db:1:alllocks> show lockedvnods
Locked vnodes
db:0:kdb.enter.default> show pcpu
cpuid = 2
dynamic pcpu = 0xfffffe045752cf00
curthread = 0xfffff8017feea000: pid 77641 "bgpd"
curpcb = 0xfffffe046f822b80
fpcurthread = none
idlethread = 0xfffff80009398500: tid 100005 "idle: cpu2"
curpmap = 0xfffff8010df72138
tssp = 0xffffffff82a1dee0
commontssp = 0xffffffff82a1dee0
rsp0 = 0xfffffe046f822b80
gs32p = 0xffffffff82a24738
ldt = 0xffffffff82a24778
tss = 0xffffffff82a24768
db:0:kdb.enter.default> bt
Tracing pid 77641 tid 100406 td 0xfffff8017feea000
tcp_signature_do_compute() at tcp_signature_do_compute+0xca/frame
0xfffffe046f8226b0
tcp_output() at tcp_output+0x169b/frame 0xfffffe046f822860
tcp6_usr_connect() at tcp6_usr_connect+0x271/frame 0xfffffe046f8228d0
kern_connectat() at kern_connectat+0x109/frame 0xfffffe046f822950
sys_connect() at sys_connect+0x77/frame 0xfffffe046f822990
amd64_syscall() at amd64_syscall+0x4ce/frame 0xfffffe046f822ab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe046f822ab0
--- syscall (98, FreeBSD ELF64, sys_connect), rip = 0x80098fb2a, rsp =
0x7fffffffea38, rbp = 0x7fffffffea70 ---
db:0:kdb.enter.default> ps
pid ppid pgrp uid state wmesg wchan cmd
77641 77460 77460 130 R CPU 2 bgpd
77628 77460 77460 130 S select 0xfffff8010d434e40 bgpd
77460 1 77460 0 Ss select 0xfffff800128e7340 bgpd
72576 49837 26 0 S nanslp 0xffffffff82865e22 sleep
40141 319 319 0 S accept 0xfffff8004409b06c php-fpm
18337 1 18337 53 Ss (threaded) named
100383 S sigwait 0xfffff8017fc97000 named
100392 S uwait 0xfffff8017f3d1400 named
100393 S uwait 0xfffff8017f427a00 named
100394 S uwait 0xfffff8017f002680 named
100395 S uwait 0xfffff8017f39d400 named
100396 S uwait 0xfffff8017f07ca80 named
100397 S uwait 0xfffff8017f43dc80 named
100398 S uwait 0xfffff8017f40cd00 named
100399 S uwait 0xfffff8010d0bb400 named
100400 S uwait 0xfffff8017f40ce80 named
100401 S kqread 0xfffff8017f14ae00 named
18084 1 18084 65534 Ss select 0xfffff8017f3b6240 softflowd
17698 1 17698 65534 Ss select 0xfffff8017f3b59c0 softflowd
17396 1 17396 65534 Ss select 0xfffff8017f4cddc0 softflowd
16559 1 16559 65534 Ss select 0xfffff8017f3cf9c0 softflowd
16163 1 16163 65534 Ss select 0xfffff8010ab157c0 softflowd
10706 10411 10411 142 S kqread 0xfffff8010d43b100 ladvd
10411 1 10411 0 Ss kqread 0xfffff8017f2fe100 ladvd
37470 37362 37470 0 S+ ttyin 0xfffff8000f081ca8 sh
37362 37281 37362 0 S+ wait 0xfffff80012947a50 sh
37281 1 37281 0 Ss+ wait 0xfffff8010dfab000 login
95058 94780 95058 0 S+ ttyin 0xfffff800126184a8 sh
94780 93392 94780 0 S+ wait 0xfffff80012ec7528 sh
94370 67442 94370 0 Ss (threaded) sshlockout_pf
100255 S piperd 0xfffff80012a0d2f8 sshlockout_pf
100348 S nanslp 0xffffffff82865e27 sshlockout_pf
94289 1 94289 0 Ss+ ttyin 0xfffff8001265a8a8 getty
94116 1 94116 0 Ss+ ttyin 0xfffff8001265aca8 getty
94103 1 94103 0 Ss+ ttyin 0xfffff8001265b0a8 getty
93822 1 93822 0 Ss+ ttyin 0xfffff8001265b4a8 getty
93721 1 93721 0 Ss+ ttyin 0xfffff8001265b8a8 getty
93519 1 93519 0 Ss+ ttyin 0xfffff8001265bca8 getty
93501 1 93501 0 Ss+ ttyin 0xfffff8001265c0a8 getty
93392 1 93392 0 Ss+ wait 0xfffff8001283ea50 login
78820 78604 78604 0 S nanslp 0xffffffff82865e27 minicron
78604 1 78604 0 Ss wait 0xfffff8010df83a50 minicron
78236 77901 77901 0 S nanslp 0xffffffff82865e20 minicron
77901 1 77901 0 Ss wait 0xfffff8017fb05a50 minicron
77366 77303 77303 0 S nanslp 0xffffffff82865e22 minicron
77303 1 77303 0 Ss wait 0xfffff8017f9fca50 minicron
71436 1 71436 0 Ss (threaded) filterdns
100321 S uwait 0xfffff800127a0500 crosscom.ch
100322 S uwait 0xfffff8010d391080 signal-thread
67442 1 67442 0 Ss select 0xfffff800127ddd40 syslogd
49837 1 26 0 S+ wait 0xfffff80012e89a50 sh
43598 1 43598 0 Ss select 0xfffff800440c2ec0 bsnmpd
40805 1 40805 136 Ss select 0xfffff800440c28c0 dhcpd
34307 1 34307 0 Ss (threaded) ntpd
100244 S select 0xfffff8010d421340 ntpd
33586 1 33586 0 Ss nanslp 0xffffffff82865e25 cron
33016 32931 32931 0 S kqread 0xfffff8010d43c900 nginx
33014 32931 32931 0 S kqread 0xfffff80012a1d900 nginx
32931 1 32931 0 Ss pause 0xfffff80012b1b0a8 nginx
25904 1 25904 59 Ss (threaded) unbound
100282 S kqread 0xfffff80044546d00 unbound
100283 S kqread 0xfffff800730a5500 unbound
100284 S kqread 0xfffff800127ae300 unbound
100285 S kqread 0xfffff800127ae200 unbound
100286 S kqread 0xfffff800441ade00 unbound
100287 S kqread 0xfffff800730a5600 unbound
100288 S kqread 0xfffff8001278cb00 unbound
100289 S kqread 0xfffff80044546c00 unbound
18927 1 18927 0 Ss (threaded) dpinger
100243 S uwait 0xfffff800128e9200 dpinger
100274 S sbwait 0xfffff8010d315b64 dpinger
100275 S nanslp 0xffffffff82865e23 dpinger
100276 S nanslp 0xffffffff82865e24 dpinger
100277 S accept 0xfffff8010d31506c dpinger
18832 1 18832 0 Ss (threaded) sshlockout_pf
100253 S uwait 0xfffff800128e9700 sshlockout_pf
100273 S nanslp 0xffffffff82865e26 sshlockout_pf
18615 1 18615 0 Ss select 0xfffff800128eacc0 sshd
17019 1 17019 0 Ss (threaded) dpinger
100249 S uwait 0xfffff800128e9500 dpinger
100266 S sbwait 0xfffff80109813144 dpinger
100267 S nanslp 0xffffffff82865e26 dpinger
100268 S nanslp 0xffffffff82865e24 dpinger
100269 S accept 0xfffff80109812a8c dpinger
15254 1 15254 0 Ss bpf 0xfffff800127e8000 filterlog
346 1 346 0 Ss select 0xfffff800127de8c0 devd
335 333 333 0 S kqread 0xfffff800441d9d00 check_reload_status
333 1 333 0 Ss kqread 0xfffff800127a9900 check_reload_status
319 1 319 0 Ss kqread 0xfffff80012704a00 php-fpm
63 0 0 0 DL mdwait 0xfffff8001265e800 [md1]
58 0 0 0 DL mdwait 0xfffff80012654800 [md0]
25 0 0 0 DL syncer 0xffffffff8295f980 [syncer]
24 0 0 0 DL vlruwt 0xfffff80012695000 [vnlru]
23 0 0 0 DL (threaded) [bufdaemon]
100204 D psleep 0xffffffff8295e204 [bufdaemon]
100229 D sdflush 0xfffff800127e96e8 [/ worker]
22 0 0 0 DL - 0xffffffff8295eeb4 [bufspacedaemon]
21 0 0 0 DL pgzero 0xffffffff829735e4 [pagezero]
20 0 0 0 DL psleep 0xffffffff8296fa8c [vmdaemon]
19 0 0 0 DL (threaded) [pagedaemon]
100200 D psleep 0xffffffff82a1d205 [pagedaemon]
100207 D umarcl 0xffffffff8296f3b8 [uma]
18 0 0 0 DL idle 0xfffff8000984e000 [enc_daemon0]
17 0 0 0 DL - 0xffffffff8295da14 [soaiod4]
16 0 0 0 DL - 0xffffffff8295da14 [soaiod3]
9 0 0 0 DL - 0xffffffff8295da14 [soaiod2]
8 0 0 0 DL - 0xffffffff8295da14 [soaiod1]
7 0 0 0 DL - 0xffffffff8273a5f0 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff80f4b210 [pf purge]
5 0 0 0 DL waiting_ 0xffffffff82a0c840 [sctp_iterator]
15 0 0 0 DL (threaded) [usb]
100083 D - 0xfffffe0001592460 [usbus0]
100084 D - 0xfffffe00015924b8 [usbus0]
100085 D - 0xfffffe0001592510 [usbus0]
100086 D - 0xfffffe0001592568 [usbus0]
100087 D - 0xfffffe00015925c0 [usbus0]
100089 D - 0xfffffe0001404d10 [usbus1]
100090 D - 0xfffffe0001404d68 [usbus1]
100091 D - 0xfffffe0001404dc0 [usbus1]
100092 D - 0xfffffe0001404e18 [usbus1]
100093 D - 0xfffffe0001404e70 [usbus1]
100180 D - 0xfffffe000159ad10 [usbus2]
100181 D - 0xfffffe000159ad68 [usbus2]
100182 D - 0xfffffe000159adc0 [usbus2]
100183 D - 0xfffffe000159ae18 [usbus2]
100184 D - 0xfffffe000159ae70 [usbus2]
4 0 0 0 DL (threaded) [cam]
100041 D - 0xffffffff8260d480 [doneq0]
100042 D - 0xffffffff8260d580 [doneq1]
100194 D - 0xffffffff8260d2c8 [scanner]
3 0 0 0 DL crypto_r 0xffffffff8296df70 [crypto returns]
2 0 0 0 DL crypto_w 0xffffffff8296de18 [crypto]
14 0 0 0 DL (threaded) [geom]
100035 D - 0xffffffff829e4a40 [g_event]
100036 D - 0xffffffff829e4a48 [g_up]
100037 D - 0xffffffff829e4a50 [g_down]
13 0 0 0 DL (threaded) [ng_queue]
100027 D sleep 0xffffffff825cb230 [ng_queue0]
100028 D sleep 0xffffffff825cb230 [ng_queue1]
100029 D sleep 0xffffffff825cb230 [ng_queue2]
100030 D sleep 0xffffffff825cb230 [ng_queue3]
100031 D sleep 0xffffffff825cb230 [ng_queue4]
100032 D sleep 0xffffffff825cb230 [ng_queue5]
100033 D sleep 0xffffffff825cb230 [ng_queue6]
100034 D sleep 0xffffffff825cb230 [ng_queue7]
12 0 0 0 WL (threaded) [intr]
100011 I [swi3: vm]
100012 I [swi4: clock (0)]
100013 I [swi4: clock (1)]
100014 I [swi4: clock (2)]
100015 I [swi4: clock (3)]
100016 I [swi4: clock (4)]
100017 I [swi4: clock (5)]
100018 I [swi4: clock (6)]
100019 I [swi4: clock (7)]
100020 I [swi1: netisr 0]
100021 I [swi6: task queue]
100022 I [swi6: Giant taskq]
100025 I [swi5: fast taskq]
100046 I [irq264: ix0:q0]
100048 I [irq265: ix0:q1]
100050 I [irq266: ix0:q2]
100052 I [irq267: ix0:q3]
100054 I [irq268: ix0:q4]
100056 I [irq269: ix0:q5]
100058 I [irq270: ix0:q6]
100060 I [irq271: ix0:q7]
100062 I [irq272: ix0:link]
100064 I [irq273: ix1:q0]
100066 I [irq274: ix1:q1]
100068 I [irq275: ix1:q2]
100070 I [irq276: ix1:q3]
100072 I [irq277: ix1:q4]
100074 I [irq278: ix1:q5]
100076 I [irq279: ix1:q6]
100078 I [irq280: ix1:q7]
100080 I [irq281: ix1:link]
100082 I [irq282: xhci0]
100088 I [irq18:
ehci0 ehci1]
100094 I [irq283:
igb0:que 0]
100096 I [irq284:
igb0:que 1]
100098 I [irq285:
igb0:que 2]
100100 I [irq286:
igb0:que 3]
100102 I [irq287: igb0:link]
100103 I [irq288:
igb1:que 0]
100105 I [irq289:
igb1:que 1]
100107 I [irq290:
igb1:que 2]
100109 I [irq291:
igb1:que 3]
100111 I [irq292: igb1:link]
100112 I [irq293:
igb2:que 0]
100114 I [irq294:
igb2:que 1]
100116 I [irq295:
igb2:que 2]
100118 I [irq296:
igb2:que 3]
100120 I [irq297:
igb2:que 4]
100122 I [irq298:
igb2:que 5]
100124 I [irq299:
igb2:que 6]
100126 I [irq300:
igb2:que 7]
100128 I [irq301: igb2:link]
100129 I [irq302:
igb3:que 0]
100131 I [irq303:
igb3:que 1]
100133 I [irq304:
igb3:que 2]
100135 I [irq305:
igb3:que 3]
100137 I [irq306:
igb3:que 4]
100139 I [irq307:
igb3:que 5]
100141 I [irq308:
igb3:que 6]
100143 I [irq309:
igb3:que 7]
100145 I [irq310: igb3:link]
100146 I [irq311:
igb4:que 0]
100148 I [irq312:
igb4:que 1]
100150 I [irq313:
igb4:que 2]
100152 I [irq314:
igb4:que 3]
100154 I [irq315:
igb4:que 4]
100156 I [irq316:
igb4:que 5]
100158 I [irq317:
igb4:que 6]
100160 I [irq318:
igb4:que 7]
100162 I [irq319: igb4:link]
100163 I [irq320:
igb5:que 0]
100165 I [irq321:
igb5:que 1]
100167 I [irq322:
igb5:que 2]
100169 I [irq323:
igb5:que 3]
100171 I [irq324:
igb5:que 4]
100173 I [irq325:
igb5:que 5]
100175 I [irq326:
igb5:que 6]
100177 I [irq327:
igb5:que 7]
100179 I [irq328: igb5:link]
100185 I [irq329: ahci0]
100186 I [swi0: uart uart]
100190 I [swi1: pf send]
100191 I [swi1: pfsync]
100208 I [swi1: netisr 1]
100209 I [swi1: netisr 2]
100210 I [swi1: netisr 3]
100211 I [swi1: netisr 4]
100212 I [swi1: netisr 5]
100213 I [swi1: netisr 6]
100214 I [swi1: netisr 7]
11 0 0 0 RL (threaded) [idle]
100003 Run CPU 0 [idle: cpu0]
100004 Run CPU 1 [idle: cpu1]
100005 CanRun [idle: cpu2]
100006 Run CPU 3 [idle: cpu3]
100007 Run CPU 4 [idle: cpu4]
100008 Run CPU 5 [idle: cpu5]
100009 Run CPU 6 [idle: cpu6]
100010 Run CPU 7 [idle: cpu7]
1 0 1 0 SLs wait 0xfffff80009396528 [init]
10 0 0 0 DL audit_wo 0xffffffff82a139c0 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff829e4a78 [swapper]
100023 D - 0xfffff800093bac00 [aiod_kick taskq]
100024 D - 0xfffff800093baa00 [thread taskq]
100026 D - 0xfffff800093ba500 [kqueue_ctx taskq]
100038 D - 0xfffff8000937c200 [firmware taskq]
100043 D - 0xfffff800093d8700 [acpi_task_0]
100044 D - 0xfffff800093d8700 [acpi_task_1]
100045 D - 0xfffff800093d8700 [acpi_task_2]
100047 D - 0xfffff800097e3a00 [ix0:q0]
100049 D - 0xfffff800097e3700 [ix0:q1]
100051 D - 0xfffff800097e3400 [ix0:q2]
100053 D - 0xfffff800097e3100 [ix0:q3]
100055 D - 0xfffff800097bed00 [ix0:q4]
100057 D - 0xfffff800097bea00 [ix0:q5]
100059 D - 0xfffff800097fe900 [ix0:q6]
100061 D - 0xfffff800097fe600 [ix0:q7]
100063 D - 0xfffff800097fe300 [ix0 linkq]
100065 D - 0xfffff800097fb100 [ix1:q0]
100067 D - 0xfffff800097e6d00 [ix1:q1]
100069 D - 0xfffff800097e6a00 [ix1:q2]
100071 D - 0xfffff80009820900 [ix1:q3]
100073 D - 0xfffff80009820600 [ix1:q4]
100075 D - 0xfffff80009820300 [ix1:q5]
100077 D - 0xfffff80009820000 [ix1:q6]
100079 D - 0xfffff8000981fc00 [ix1:q7]
100081 D - 0xfffff8000981f900 [ix1 linkq]
100095 D - 0xfffff80009867000 [igb0 que (qid 0)]
100097 D - 0xfffff80009866c00 [igb0 que (qid 1)]
100099 D - 0xfffff80009866900 [igb0 que (qid 2)]
100101 D - 0xfffff80009866600 [igb0 que (qid 3)]
100104 D - 0xfffff80009864400 [igb1 que (qid 4)]
100106 D - 0xfffff80009864100 [igb1 que (qid 5)]
100108 D - 0xfffff80009820d00 [igb1 que (qid 6)]
100110 D - 0xfffff80009892c00 [igb1 que (qid 7)]
100113 D - 0xfffff800098a7800 [igb2 que (qid 0)]
100115 D - 0xfffff800098a7500 [igb2 que (qid 1)]
100117 D - 0xfffff800098a7200 [igb2 que (qid 2)]
100119 D - 0xfffff800098a6e00 [igb2 que (qid 3)]
100121 D - 0xfffff800098a6b00 [igb2 que (qid 4)]
100123 D - 0xfffff800098a6800 [igb2 que (qid 5)]
100125 D - 0xfffff800098a6500 [igb2 que (qid 6)]
100127 D - 0xfffff800098a6200 [igb2 que (qid 7)]
100130 D - 0xfffff800098cb900 [igb3 que (qid 0)]
100132 D - 0xfffff800098cb600 [igb3 que (qid 1)]
100134 D - 0xfffff800098cb300 [igb3 que (qid 2)]
100136 D - 0xfffff800098cb000 [igb3 que (qid 3)]
100138 D - 0xfffff800098cac00 [igb3 que (qid 4)]
100140 D - 0xfffff800098ca900 [igb3 que (qid 5)]
100142 D - 0xfffff800098ca600 [igb3 que (qid 6)]
100144 D - 0xfffff800098ca300 [igb3 que (qid 7)]
100147 D - 0xfffff800098eaa00 [igb4 que (qid 0)]
100149 D - 0xfffff800098ea700 [igb4 que (qid 1)]
100151 D - 0xfffff800098ea400 [igb4 que (qid 2)]
100153 D - 0xfffff800098ea100 [igb4 que (qid 3)]
100155 D - 0xfffff800098e9d00 [igb4 que (qid 4)]
100157 D - 0xfffff800098e9a00 [igb4 que (qid 5)]
100159 D - 0xfffff800098e9700 [igb4 que (qid 6)]
100161 D - 0xfffff800098e9400 [igb4 que (qid 7)]
100164 D - 0xfffff800098edb00 [igb5 que (qid 0)]
100166 D - 0xfffff800098ed800 [igb5 que (qid 1)]
100168 D - 0xfffff800098ed500 [igb5 que (qid 2)]
100170 D - 0xfffff800098ed200 [igb5 que (qid 3)]
100172 D - 0xfffff8000991f100 [igb5 que (qid 4)]
100174 D - 0xfffff8000991ed00 [igb5 que (qid 5)]
100176 D - 0xfffff8000991ea00 [igb5 que (qid 6)]
100178 D - 0xfffff8000991e700 [igb5 que (qid 7)]
100187 D - 0xfffff8000991f400 [mca taskq]
100193 D - 0xfffff800093d8c00 [CAM taskq]
100215 D - 0xfffff800093d9000 [if_config_tqg_0]
100216 D - 0xfffff800093d9200 [if_io_tqg_0]
100217 D - 0xfffff800093d9900 [if_io_tqg_1]
100218 D - 0xfffff800127b1d00 [if_io_tqg_2]
100219 D - 0xfffff800127b1b00 [if_io_tqg_3]
100220 D - 0xfffff800127b1900 [if_io_tqg_4]
100221 D - 0xfffff800127b1700 [if_io_tqg_5]
100222 D - 0xfffff800127b1500 [if_io_tqg_6]
100223 D - 0xfffff800127b1300 [if_io_tqg_7]
db:0:kdb.enter.default> alltrace

Tracing command bgpd pid 77641 tid 100406 td 0xfffff8017feea000
tcp_signature_do_compute() at tcp_signature_do_compute+0xca/frame
0xfffffe046f8226b0
tcp_output() at tcp_output+0x169b/frame 0xfffffe046f822860
tcp6_usr_connect() at tcp6_usr_connect+0x271/frame 0xfffffe046f8228d0
kern_connectat() at kern_connectat+0x109/frame 0xfffffe046f822950
sys_connect() at sys_connect+0x77/frame 0xfffffe046f822990
amd64_syscall() at amd64_syscall+0x4ce/frame 0xfffffe046f822ab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe046f822ab0
--- syscall (98, FreeBSD ELF64, sys_connect), rip = 0x80098fb2a, rsp =
0x7fffffffea38, rbp = 0x7fffffffea70 ---

Tracing command bgpd pid 77628 tid 100381 td 0xfffff8017fd9ea00
sched_switch() at sched_switch+0x6cb/frame 0xfffffe046f72d650
mi_switch() at mi_switch+0xd2/frame 0xfffffe046f72d680
sleepq_catch_signals() at sleepq_catch_signals+0xb7/frame 0xfffffe046f72d700
sleepq_wait_sig() at sleepq_wait_sig+0xf/frame 0xfffffe046f72d730
_cv_wait_sig() at _cv_wait_sig+0x1b2/frame 0xfffffe046f72d780
seltdwait() at seltdwait+0x10f/frame 0xfffffe046f72d7d0
kern_poll() at kern_poll+0x296/frame 0xfffffe046f72d970
sys_poll() at sys_poll+0x61/frame 0xfffffe046f72d990
amd64_syscall() at amd64_syscall+0x4ce/frame 0xfffffe046f72dab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe046f72dab0
--- syscall (209, FreeBSD ELF64, sys_poll), rip = 0x800957d9a, rsp =
0x7fffffffeb18, rbp = 0x7fffffffeb60 ---

Tracing command bgpd pid 77460 tid 100293 td 0xfffff8010d591a00
sched_switch() at sched_switch+0x6cb/frame 0xfffffe046f3ae630
mi_switch() at mi_switch+0xd2/frame 0xfffffe046f3ae660
sleepq_catch_signals() at sleepq_catch_signals+0xb7/frame 0xfffffe046f3ae6e0
sleepq_timedwait_sig() at sleepq_timedwait_sig+0x10/frame 0xfffffe046f3ae710
_cv_timedwait_sig_sbt() at _cv_timedwait_sig_sbt+0x1c4/frame 0xfffffe046f3ae780
seltdwait() at seltdwait+0xc7/frame 0xfffffe046f3ae7d0
kern_poll() at kern_poll+0x296/frame 0xfffffe046f3ae970
sys_poll() at sys_poll+0x61/frame 0xfffffe046f3ae990
amd64_syscall() at amd64_syscall+0x4ce/frame 0xfffffe046f3aeab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe046f3aeab0
--- syscall (209, FreeBSD ELF64, sys_poll), rip = 0x800957d9a, rsp =
0x7fffffffeb68, rbp = 0x7fffffffec70 ---

Tracing command sleep pid 72576 tid 100318 td 0xfffff8010dfd0500
sched_switch() at sched_switch+0x6cb/frame 0xfffffe046f42c780
mi_switch() at mi_switch+0xd2/frame 0xfffffe046f42c7b0
sleepq_catch_signals() at sleepq_catch_signals+0xb7/frame 0xfffffe046f42c830
sleepq_timedwait_sig() at sleepq_timedwait_sig+0x10/frame 0xfffffe046f42c860
_sleep() at _sleep+0x26f/frame 0xfffffe046f42c8f0
kern_nanosleep() at kern_nanosleep+0x10e/frame 0xfffffe046f42c950
sys_nanosleep() at sys_nanosleep+0x53/frame 0xfffffe046f42c990
amd64_syscall() at amd64_syscall+0x4ce/frame 0xfffffe046f42cab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe046f42cab0
--- syscall (240, FreeBSD ELF64, sys_nanosleep), rip = 0x80090071a,
rsp = 0x7fffffffec58, rbp = 0x7fffffffeca0 ---

Tracing command php-fpm pid 40141 tid 100319 td 0xfffff8010dfd0000
sched_switch() at sched_switch+0x6cb/frame 0xfffffe046f431710
mi_switch() at mi_switch+0xd2/frame 0xfffffe046f431740
sleepq_catch_signals() at sleepq_catch_signals+0xb7/frame 0xfffffe046f4317c0
sleepq_wait_sig() at sleepq_wait_sig+0xf/frame 0xfffffe046f4317f0
_sleep() at _sleep+0x294/frame 0xfffffe046f431880
kern_accept4() at kern_accept4+0x1f2/frame 0xfffffe046f431930
accept1() at accept1+0x60/frame 0xfffffe046f431990
amd64_syscall() at amd64_syscall+0x4ce/frame 0xfffffe046f431ab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe046f431ab0
--- syscall (30, FreeBSD ELF64, sys_accept), rip = 0x801d937da, rsp =
0x7ffffffec848, rbp = 0x7ffffffec880 ---

Tracing command named pid 18337 tid 100383 td 0xfffff8010d58f000
sched_switch() at sched_switch+0x6cb/frame 0xfffffe046f737670
mi_switch() at mi_switch+0xd2/frame 0xfffffe046f7376a0
sleepq_catch_signals() at sleepq_catch_signals+0xb7/frame 0xfffffe046f737720
sleepq_wait_sig() at sleepq_wait_sig+0xf/frame 0xfffffe046f737750
_sleep() at _sleep+0x294/frame 0xfffffe046f7377e0
kern_sigtimedwait() at kern_sigtimedwait+0x492/frame 0xfffffe046f7378f0
sys_sigwait() at sys_sigwait+0x49/frame 0xfffffe046f737990
amd64_syscall() at amd64_syscall+0x4ce/frame 0xfffffe046f737ab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe046f737ab0
--- syscall (429, FreeBSD ELF64, sys_sigwait), rip = 0x8023a24fa, rsp = 0x7fffffffea88, rbp = 0x7fffffffead0 ---

Tracing command named pid 18337 tid 100392 td 0xfffff8017fc74000
sched_switch() at sched_switch+0x6cb/frame 0xfffffe046f7da6f0
mi_switch() at mi_switch+0xd2/frame 0xfffffe046f7da720
sleepq_catch_signals() at sleepq_catch_signals+0xb7/frame 0xfffffe046f7da7a0
sleepq_wait_sig() at sleepq_wait_sig+0xf/frame 0xfffffe046f7da7d0
sleep() at _sleep+0x294/frame 0xfffffe046f7da860
umtxq_sleep() at umtxq_sleep+0x122/frame 0xfffffe046f7da8c0
do_wait() at do_wait+0x419/frame 0xfffffe046f7da950
_umtx_op_wait_uint_private() at
_umtx_op_wait_uint_private+0x7d/frame 0xfffffe046f7da990
amd64_syscall() at amd64_syscall+0x4ce/frame 0xfffffe046f7daab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe046f7daab0
--- syscall (454, FreeBSD ELF64, sys
_umtx_op), rip = 0x8020b367c, rsp = 0x7fffdfffdeb8, rbp = 0x7fffdfffdee0 ---

Tracing command named pid 18337 tid 100393 td 0xfffff8017ff74a00
sched_switch() at sched_switch+0x6cb/frame 0xfffffe046f7df6f0
mi_switch() at mi_switch+0xd2/frame 0xfffffe046f7df720
sleepq_catch_signals() at sleepq_catch_signals+0xb7/frame 0xfffffe046f7df7a0
sleepq_wait_sig() at sleepq_wait_sig+0xf/frame 0xfffffe046f7df7d0
sleep() at _sleep+0x294/frame 0xfffffe046f7df860
umtxq_sleep() at umtxq_sleep+0x122/frame 0xfffffe046f7df8c0
do_wait() at do_wait+0x419/frame 0xfffffe046f7df950
_umtx_op_wait_uint_private() at
_umtx_op_wait_uint_private+0x7d/frame 0xfffffe046f7df990
amd64_syscall() at amd64_syscall+0x4ce/frame 0xfffffe046f7dfab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe046f7dfab0
--- syscall (454, FreeBSD ELF64, sys
_umtx_op), rip = 0x8020b367c, rsp = 0x7fffdfdfceb8, rbp = 0x7fffdfdfcee0 ---

Tracing command named pid 18337 tid 100394 td 0xfffff8017ff74500
sched_switch() at sched_switch+0x6cb/frame 0xfffffe046f7e46f0
mi_switch() at mi_switch+0xd2/frame 0xfffffe046f7e4720
sleepq_catch_signals() at sleepq_catch_signals+0xb7/frame 0xfffffe046f7e47a0
sleepq_wait_sig() at sleepq_wait_sig+0xf/frame 0xfffffe046f7e47d0
sleep() at _sleep+0x294/frame 0xfffffe046f7e4860
umtxq_sleep() at umtxq_sleep+0x122/frame 0xfffffe046f7e48c0
do_wait() at do_wait+0x419/frame 0xfffffe046f7e4950
_umtx_op_wait_uint_private() at
_umtx_op_wait_uint_private+0x7d/frame 0xfffffe046f7e4990
amd64_syscall() at amd64_syscall+0x4ce/frame 0xfffffe046f7e4ab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe046f7e4ab0
--- syscall (454, FreeBSD ELF64, sys
_umtx_op), rip = 0x8020b367c, rsp = 0x7fffdfbfbeb8, rbp = 0x7fffdfbfbee0 ---

Tracing command named pid 18337 tid 100395 td 0xfffff8017ff74000
sched_switch() at sched_switch+0x6cb/frame 0xfffffe046f7e96f0
mi_switch() at mi_switch+0xd2/frame 0xfffffe046f7e9720
sleepq_catch_signals() at sleepq_catch_signals+0xb7/frame 0xfffffe046f7e97a0
sleepq_wait_sig() at sleepq_wait_sig+0xf/frame 0xfffffe046f7e97d0
sleep() at _sleep+0x294/frame 0xfffffe046f7e9860
umtxq_sleep() at umtxq_sleep+0x122/frame 0xfffffe046f7e98c0
do_wait() at do_wait+0x419/frame 0xfffffe046f7e9950
_umtx_op_wait_uint_private() at
_umtx_op_wait_uint_private+0x7d/frame 0xfffffe046f7e9990
amd64_syscall() at amd64_syscall+0x4ce/frame 0xfffffe046f7e9ab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe046f7e9ab0
--- syscall (454, FreeBSD ELF64, sys
_umtx_op), rip = 0x8020b367c, rsp = 0x7fffdf9faeb8, rbp = 0x7fffdf9faee0 ---

Tracing command named pid 18337 tid 100396 td 0xfffff8004440fa00
sched_switch() at sched_switch+0x6cb/frame 0xfffffe046f7ee6f0
mi_switch() at mi_switch+0xd2/frame 0xfffffe046f7ee720
sleepq_catch_signals() at sleepq_catch_signals+0xb7/frame 0xfffffe046f7ee7a0
sleepq_wait_sig() at sleepq_wait_sig+0xf/frame 0xfffffe046f7ee7d0
sleep() at _sleep+0x294/frame 0xfffffe046f7ee860
umtxq_sleep() at umtxq_sleep+0x122/frame 0xfffffe046f7ee8c0
do_wait() at do_wait+0x419/frame 0xfffffe046f7ee950
_umtx_op_wait_uint_private() at
_umtx_op_wait_uint_private+0x7d/frame 0xfffffe046f7ee990
amd64_syscall() at amd64_syscall+0x4ce/frame 0xfffffe046f7eeab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe046f7eeab0
--- syscall (454, FreeBSD ELF64, sys
_umtx_op), rip = 0x8020b367c, rsp = 0x7fffdf7f9eb8, rbp = 0x7fffdf7f9ee0 ---

Tracing command named pid 18337 tid 100397 td 0xfffff8004440f500
sched_switch() at sched_switch+0x6cb/frame 0xfffffe046f7f36f0
mi_switch() at mi_switch+0xd2/frame 0xfffffe046f7f3720
sleepq_catch_signals() at sleepq_catch_signals+0xb7/frame 0xfffffe046f7f37a0
sleepq_wait_sig() at sleepq_wait_sig+0xf/frame 0xfffffe046f7f37d0
sleep() at _sleep+0x294/frame 0xfffffe046f7f3860
umtxq_sleep() at umtxq_sleep+0x122/frame 0xfffffe046f7f38c0
do_wait() at do_wait+0x419/frame 0xfffffe046f7f3950
_umtx_op_wait_uint_private() at
_umtx_op_wait_uint_private+0x7d/frame 0xfffffe046f7f3990
amd64_syscall() at amd64_syscall+0x4ce/frame 0xfffffe046f7f3ab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe046f7f3ab0
--- syscall (454, FreeBSD ELF64, sys
_umtx_op), rip = 0x8020b367c, rsp = 0x7fffdf5f8eb8, rbp = 0x7fffdf5f8ee0 ---

Tracing command named pid 18337 tid 100398 td 0xfffff8004440f000
sched_switch() at sched_switch+0x6cb/frame 0xfffffe046f7f86f0
mi_switch() at mi_switch+0xd2/frame 0xfffffe046f7f8720
sleepq_catch_signals() at sleepq_catch_signals+0xb7/frame 0xfffffe046f7f87a0
sleepq_wait_sig() at sleepq_wait_sig+0xf/frame 0xfffffe046f7f87d0
sleep() at _sleep+0x294/frame 0xfffffe046f7f8860
umtxq_sleep() at umtxq_sleep+0x122/frame 0xfffffe046f7f88c0
do_wait() at do_wait+0x419/frame 0xfffffe046f7f8950
_umtx_op_wait_uint_private() at
_umtx_op_wait_uint_private+0x7d/frame 0xfffffe046f7f8990
amd64_syscall() at amd64_syscall+0x4ce/frame 0xfffffe046f7f8ab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe046f7f8ab0
--- syscall (454, FreeBSD ELF64, sys
_umtx_op), rip = 0x8020b367c, rsp = 0x7fffdf3f7eb8, rbp = 0x7fffdf3f7ee0 ---
...

History

#1 Updated by Rolf Sommerhalder 4 months ago

Rolf Sommerhalder wrote:

Setting a TCP6 MD5 password in OpenBGP package triggers a panic in pfSense-2.4 amd64 snapshot from yesterday (Fri 13. Jan 17), see below.

Likely, upstream fixed this in FreeBSD-11.0-RELEASE back in November:
https://groups.google.com/forum/#!msg/mpc.lists.freebsd.bugs/O2kKD6hqU68/EShQ7nJrBAAJ
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214727

As mentioned in the links above, only setting a TCP6 / BGP6 MD5 password crashes the kernel. Setting a TCP4 / BGP4 MD5 password works fine with the latest amd64 snapshot.

#2 Updated by Renato Botelho 4 months ago

  • Status changed from New to Feedback
  • Target version set to 2.4.0
  • % Done changed from 0 to 100

Possible fix was cherry-picked to FreeBSD-src, please try again on next snapshot

#3 Updated by Rolf Sommerhalder 4 months ago

Renato Botelho wrote:

Possible fix was cherry-picked to FreeBSD-src, please try again on next snapshot

Great, that fixed it! Thank you.

Confirmed while talking BGP6 to a router from Cogent over IPv6 using a MD5 password :-)

#4 Updated by Renato Botelho 4 months ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF