Re: kern/52304: NetBSD 8.0_BETA diagnostic assertion in ipsec codepath

[christos%zoulas.com@localhost (Christos Zoulas)]

On Jun 16, 10:40pm, dmb%yenn.ulegend.net@localhost (dmb%yenn.ulegend.net@localhost) wrote:
-- Subject: kern/52304: NetBSD 8.0_BETA diagnostic assertion in ipsec codepat

| >Number:         52304
| >Category:       kern
| >Synopsis:       8.0_BETA panics on ipsec traffic
| >Confidential:   yes
| >Severity:       serious
| >Priority:       high
| >Responsible:    kern-bug-people
| >State:          open
| >Class:          sw-bug
| >Submitter-Id:   net
| >Arrival-Date:   Fri Jun 16 22:40:00 +0000 2017
| >Originator:     Dominik Bialy
| >Release:        NetBSD 8.0_BETA
| >Organization:
| Underlegend Networks
| >Environment:
| System: NetBSD yenn 8.0_BETA NetBSD 8.0_BETA (YENN) #2: Thu Jun 15 05:53:36 UTC 2017 builds@yenn:/var/obj/sys/arch/amd64/compile/YENN amd64
| Architecture: x86_64
| Machine: amd64
| >Description:
| 	The machine couldn't survive more than a few minutes of exposing on the internet.
| 	I found that the cause was the ipsec traffic.
| 
| 	Here's a picture of ddb running (forgot "bt", sorry):
| 
| https://www.dropbox.com/s/jxtktcs69ou7pxz/20170615_150358.jpg?dl=0
| 
| 	sys/netinet/tcp_input.c, line 1838
| 
| >How-To-Repeat:
| 	Use ipsec on 8 BETA?  Or maybe use NetBSD 6 configs for ipsec on NetBSD 8.
| >Fix:
| 	No idea.  Don't start ipsec to mitigate the bug.

inp is probably NULL; can you please amend the assert not to fire if
inp == NULL?

christos