From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTP id 893E05A0319 for ; Wed, 14 Aug 2024 08:40:31 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1723617630; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DljVLKPHvbGooY2yJndCNY4oyaQCw7J3fNXGbRcyM48=; b=HTE8DyFuzDC/7aqd88S+I9gV4RKJHdJtIA/jay9fY22Vh2RnFerE81p4BJATSt9e/v7L6q C8W4RD2v9WUy/lW4HCH4e/QAYWv123Pv8vfYfuJLKKH05Jyr8OJWbTN1V13ml/54lFjqvy +qjTGV3kRiYA04To3eUSFkQtN6o/CGQ= Received: from mail-pg1-f197.google.com (mail-pg1-f197.google.com [209.85.215.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-91-XgjAxoPYNuaJze7jaR2r3A-1; Wed, 14 Aug 2024 02:40:28 -0400 X-MC-Unique: XgjAxoPYNuaJze7jaR2r3A-1 Received: by mail-pg1-f197.google.com with SMTP id 41be03b00d2f7-72c1d0fafb3so4606015a12.2 for ; Tue, 13 Aug 2024 23:40:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723617627; x=1724222427; h=content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=ay6qA09xU8hY35c4MIWl/YQIaspWOyPahJv6iBvEu0c=; b=l65dyN3doNgePXiEYyzfbE8xXdEMWCnM8Il7oWNegozZq243fLX7rTtpaDnwlKJIXn M7Kig0Les7Dte4iB4rW9YoxILO87OSRqkPzMlQV18ULlcZMER7NlIBYtBM1jvhJZojrf Z/C6HXtALSeWzfFq4BaGjedL+W174U/7W3372ddKXxMxPnf+Z3INATrUtL1Isnl6nsSf RGmM1mZNz0iRzvoqVYi35XxEvuvyZotEAVi/oyVLxvfp7DB51IBK2omFTTsiYSfCUSUh OyNmAd9wmCH4+LniN94D/9jsRDd8Ec8MAm7OJsl0tLmPoFbWiJNV+KL79owSd+nLclJm kobw== X-Gm-Message-State: AOJu0Ywufzsy/UBLcNGqxXAbR79ImdbjbLRxbemXPIbJzh3EvGm8GWFg djVWOlXVFaoQ4YvacaXGekOShJFF2oMvpuqGGL7DW2doxL8W4CMV8zL/EOGwNg9brYWu/7aYzR0 VLMFypfCUYYbVh2x5CbDIgFuVusZQRNTsU/PK4w+nkq3zNczpufc= X-Received: by 2002:a17:902:ec90:b0:1fd:93d2:fba4 with SMTP id d9443c01a7336-201d64a5bd9mr22778215ad.48.1723617627112; Tue, 13 Aug 2024 23:40:27 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEM2D8bVJsj4nuYENm7XdGrPripdUOkMMytl+KPV4Q41t7TuTvzTOV+p6TKoficr8TBigG5CA== X-Received: by 2002:a17:902:ec90:b0:1fd:93d2:fba4 with SMTP id d9443c01a7336-201d64a5bd9mr22777995ad.48.1723617626584; Tue, 13 Aug 2024 23:40:26 -0700 (PDT) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [176.103.220.4]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-201cd14a394sm23184635ad.87.2024.08.13.23.40.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Aug 2024 23:40:26 -0700 (PDT) Date: Wed, 14 Aug 2024 08:40:22 +0200 From: Stefano Brivio To: Matt Hamilton , David Gibson Subject: Re: Pasta 20240726 and newer crash with ASSERTION FAILED in flow_hash Message-ID: <20240814084022.02e39e31@elisabeth> In-Reply-To: <1f7aefdc-11e8-4993-b647-7429da67b26c@thmail.io> References: <1f7aefdc-11e8-4993-b647-7429da67b26c@thmail.io> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.41; x86_64-pc-linux-gnu) MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: HW2BK6WC6T464HUZQ5BLIXORFKTE7YRS X-Message-ID-Hash: HW2BK6WC6T464HUZQ5BLIXORFKTE7YRS X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-user@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: "For passt users: support, questions and answers" Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Hi Matt, On Tue, 13 Aug 2024 22:58:42 -0700 Matt Hamilton wrote: > I am using Podman in Fedora 40, which uses pasta by default for rootless= =20 > container networking. >=20 > Fedora 40's base version of passt is `passt-0^20240326.g4988e2b-1.fc40`,= =20 > but recently two newer versions were released,=20 > `passt-0^20240726.g57a21d2-1.fc40` and `0^20240806.gee36266-1.fc40`. >=20 > After upgrading, one pod kept going offline after a few minutes. The=20 > containers remained running, but could not make outbound connections.=20 > Journalctl revealed that the pasta process for the pod had crashed with: >=20 > Aug 08 23:07:55 dev pasta[95859]: ASSERTION FAILED in flow_hash > (flow.c:566): pif !=3D PIF_NONE && !inany_is_unspecified(&side->eaddr= ) > && side->eport !=3D 0 && side->fport !=3D 0 > Aug 08 23:07:55 dev audit[95859]: SECCOMP auid=3D1000 uid=3D1000 > gid=3D1000 ses=3D1 > subj=3Dunconfined_u:unconfined_r:container_runtime_t:s0-s0:c0.c1023 > pid=3D95859 comm=3D"pasta.avx2" exe=3D"/usr/bin/pasta.avx2" sig=3D31 > arch=3Dc000003e syscall=3D186 compat=3D0 ip=3D0x7f8f8c23b64f code=3D0= x80000000 > Aug 08 23:07:55 dev audit[95859]: ANOM_ABEND auid=3D1000 uid=3D1000 > gid=3D1000 ses=3D1 > subj=3Dunconfined_u:unconfined_r:container_runtime_t:s0-s0:c0.c1023 > pid=3D95859 comm=3D"pasta.avx2" exe=3D"/usr/bin/pasta.avx2" sig=3D31 = res=3D1 >=20 > After much debugging, I isolated the trigger to a particular container=20 > making a peer-to-peer TCP connection to a remote address with port 0. Thanks for the analysis and for the report! > Reverting passt to version 20240326 works as expected, and the container= =20 > stays online. It's been a long time since I wrote any C, but the code=20 > seems clear and checks that the endpoint and forwarding ports do not=20 > equal 0. I assume that a port 0 connection is not realistic or useful,=C2= =A0=20 > and that actual attempt to connect over this port indicate a bug in the= =20 > client code. Is this correct? Right, that's somehow unexpected because TCP port zero is reserved and not assigned, so it should never be used. However, I'm not sure how we can even reach flow_hash() with it. David, this seems to come from 163a339214dd ("tcp, flow: Replace TCP specific hash function with general flow hash"), any clue? --=20 Stefano