Re: kern/51767: reproducable kernel stack overflow(?!)

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,martin%NetBSD.org@localhost
Subject: Re: kern/51767: reproducable kernel stack overflow(?!)
From: Jaromír Doleček <jaromir.dolecek%gmail.com@localhost>
Date: Tue, 3 Jan 2017 15:15:00 +0000 (UTC)

The following reply was made to PR kern/51767; it has been noted by GNATS.

From: =?UTF-8?B?SmFyb23DrXIgRG9sZcSNZWs=?= <jaromir.dolecek%gmail.com@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: kern/51767: reproducable kernel stack overflow(?!)
Date: Tue, 3 Jan 2017 16:13:39 +0100

 Christos just fixed some off-by-one error in the general area, can you
 check if that fixed this?
 
 Jaromir
 
 2017-01-03 16:10 GMT+01:00  <martin%netbsd.org@localhost>:
 >>Number:         51767
 >>Category:       kern
 >>Synopsis:       reproducable kernel stack overflow(?!)
 >>Confidential:   no
 >>Severity:       critical
 >>Priority:       high
 >>Responsible:    kern-bug-people
 >>State:          open
 >>Class:          sw-bug
 >>Submitter-Id:   net
 >>Arrival-Date:   Tue Jan 03 15:10:00 +0000 2017
 >>Originator:     Martin Husemann
 >>Release:        NetBSD 7.99.54
 >>Organization:
 > The NetBSD Foundation, Inc.
 >>Environment:
 > System: NetBSD night-owl.duskware.de 7.99.53 NetBSD 7.99.53 (NIGHT-OWL) #450: Wed Dec 28 12:18:50 CET 2016 martin%night-owl.duskware.de@localhost:/usr/src/sys/arch/amd64/compile/NIGHT-OWL amd64
 > Architecture: x86_64
 > Machine: amd64
 >
 > ... but the crash happens with a newer .54 kernel!
 >
 >>Description:
 >
 > ssh'ing to a machine that still has the SACK bug which recently got fixed
 > (not sure if this is relevant) and doing a cvs update there crashes
 > my machine ~instantly.
 >
 > stack overflow detected; terminated
 > ...
 > vpanic()
 > snprintf()
 > ssp_init()
 > tcp_output()+0x231e
 > tcp_input()+0x10b2
 > ipintr()
 >
 > and the source lines are:
 > 0xffffffff804f11d8 is in tcp_output (../../../../netinet/tcp_output.c:592).
 > 587     #endif
 > 588             uint64_t *tcps;
 > 589
 > 590     #ifdef DIAGNOSTIC
 > 591             if (tp->t_inpcb && tp->t_in6pcb)
 > 592                     panic("tcp_output: both t_inpcb and t_in6pcb are set");
 > 593     #endif
 > 594             so = NULL;
 > 595             ro = NULL;
 > 596             if (tp->t_inpcb) {
 >
 > 0xffffffff804ecabc is in tcp_input (../../../../netinet/tcp_input.c:3027).
 > 3022             * Return any desired output.
 > 3023             */
 > 3024            if (needoutput || (tp->t_flags & TF_ACKNOW)) {
 > 3025                    KERNEL_LOCK(1, NULL);
 > 3026                    (void) tcp_output(tp);
 > 3027                    KERNEL_UNLOCK_ONE(NULL);
 > 3028            }
 > 3029            if (tcp_saveti)
 > 3030                    m_freem(tcp_saveti);
 > 3031
 >
 >
 >>How-To-Repeat:
 > s/a
 >
 >>Fix:
 > n/a
 >

Prev by Date: kern/51767: reproducable kernel stack overflow(?!)
Next by Date: Re: kern/51767: reproducable kernel stack overflow(?!)
Previous by Thread: kern/51767: reproducable kernel stack overflow(?!)
Next by Thread: Re: kern/51767: reproducable kernel stack overflow(?!)
Indexes:

Home | Main Index | Thread Index | Old Index