>Synopsis: Kernel panic on heavy nmap scan
>Category: kernel amd64
>Environment:
System : OpenBSD 7.2
Details : OpenBSD 7.2 (GENERIC) #728: Tue Sep 27 11:49:18 MDT 2022
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
Kernel panic occured when diverting a full nmap port scan to spamd.
I used pf to divert all TCP traffic to the local spamd daemon, in
blacklist mode.
A kernel panic occured immediately
Kernel panic debug logs:
ddb> show panic
*cpu0: kernel diagnostic assertion "inp->inp_laddr.s_addr == INADDR_ANY
|| inp->inp_lport" failed: file "/usr/src/sys/netinet/in_pcb.c", line 510
ddb> trace
db_enter() at db_enter+0x10
panic(ffffffff81f17331) at panic+0xb8
__assert(ffffffff81f89f28,ffffffff81f8fa88,1fe,ffffffff81f3f06a) at
__assert+0x25
in_pcbconnect(fffffd806a71fe70,fffffd804078ec00) at in_pcbconnect+0x128
syn_cache_get(ffff800020bac0b8,ffff800020bac078,fffffd8047be802e,6,fffffd8047be801a,fffffd806520d970,1e6eb50e7d232e01,ffff800007f6000)
at syn_cache_get+0x3a3
tcp_input(ffff800020bac278,ffff800020bac274,6,2) at tcp_input+0x8ce
ip_deliver(ffff800020bac278,ffff800020bac284,6,2) at ip_deliver+0xe3
ipintr() at ipintr+0x69
if_netisr(0) at if_netisr+0xd0
taskq_thread(ffff800000037080) at taskq_thread+0xdc
end trace frame: 0x0, count -10
>How-To-Repeat:
Enable spamd in blacklist mode:
rcctl set spamd flags "-b -h srv.domain.tld -n "SPAMD responder"
rcctl start spamd
Divert all tcp trafic to spamd via /etc/pf.conf:
pass in on egress proto tcp divert-to 127.0.0.1 port spamd
Perform a full scan of the host from a distant machine:
nmap -p0- -v -A -T4 src.domain.tld
>Fix:
N/A
dmesg:
OpenBSD 7.2 (GENERIC) #728: Tue Sep 27 11:49:18 MDT 2022
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 2080227328 (1983MB)
avail mem = 1999962112 (1907MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5b00 (9 entries)
bios0: vendor Hetzner version "20171111" date 11/11/2017
bios0: Hetzner vServer
acpi0 at bios0: ACPI 1.0
acpi0: sleep states S5
acpi0: tables DSDT FACP APIC HPET
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel Xeon Processor (Skylake, IBRS), 2295.41 MHz, 06-55-04
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLWB,AVX512CD,AVX512BW,AVX512VL,PKU,MD_CLEAR,IBRS,IBPB,SSBD,ARAT,XSAVEOPT,XSAVEC,XGETBV1,MELTDOWN
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 4MB 64b/line
16-way L2 cache, 16MB 64b/line 16-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 1000MHz
ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 11, 24 pins
acpihpet0 at acpi0: 100000000 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
"ACPI0006" at acpi0 not configured
acpipci0 at acpi0 PCI0
acpicmos0 at acpi0
com0 at acpi0 COM1 addr 0x3f8/0x8 irq 4: ns16550a, 16 byte fifo
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"QEMU0002" at acpi0 not configured
"ACPI0010" at acpi0 not configured
acpicpu0 at acpi0: C1(@1 halt!)
cpu0: using VERW MDS workaround
pvbus0 at mainbus0: KVM
pvclock0 at pvbus0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0: <QEMU, QEMU DVD-ROM, 2.5+> removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9
iic0 at piixpm0
vga1 at pci0 dev 2 function 0 "Bochs VGA" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00
vio0 at virtio0: address 96:00:00:23:5d:a7
virtio0: msix shared
virtio1 at pci0 dev 4 function 0 "Qumranet Virtio SCSI" rev 0x00
vioscsi0 at virtio1: qsize 128
scsibus2 at vioscsi0: 255 targets
sd0 at scsibus2 targ 0 lun 0: <QEMU, QEMU HARDDISK, 2.5+>
sd0: 19532MB, 512 bytes/sector, 40001536 sectors, thin
virtio1: msix shared
virtio2 at pci0 dev 5 function 0 "Qumranet Virtio Memory Balloon" rev 0x00
viomb0 at virtio2
virtio2: apic 0 int 10
virtio3 at pci0 dev 6 function 0 "Qumranet Virtio Console" rev 0x00
virtio3: no matching child driver; not configured
xhci0 at pci0 dev 7 function 0 vendor "Red Hat", unknown product 0x000d rev
0x01: apic 0 int 11, xHCI 0.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Red Hat xHCI root hub" rev 3.00/1.00
addr 1
isa0 at pcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
uhidev0 at uhub0 port 5 configuration 1 interface 0 "QEMU QEMU USB Tablet" rev
2.00/0.00 addr 2
uhidev0: iclass 3/0
ums0 at uhidev0: 3 buttons, Z dir
wsmouse1 at ums0 mux 0
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (1e8f84f26aeb73cb.a) swap on sd0b dump on sd0b
WARNING: / was not properly unmounted
fd0 at fdc0 drive 1: density unknown
usbdevs:
Controller /dev/usb0:
addr 01: 1b36:0000 Red Hat, xHCI root hub
super speed, self powered, config 1, rev 1.00
driver: uhub0
addr 02: 0627:0001 QEMU, QEMU USB Tablet
high speed, power 100 mA, config 1, rev 0.00, iSerial
28754-0000:00:07.0-1
driver: uhidev0
