Bug #2433

pf init: panic

Added by fgudin about 4 years ago. Updated over 3 years ago.

Target version:
Start date:
Due date:
% Done:




I'm getting panics when /etc/rc.d/pf starts: discussed a bit with Matt, some race could be involved.
The bt is so:

#1 md_dumpsys (di=0xc0aa8a00)
at /usr/src/sys/platform/pc32/i386/dump_machdep.c:266
#2 0xc03578ee in dumpsys () at /usr/src/sys/kern/kern_shutdown.c:925
#3 0xc0357f04 in boot (howto=<optimized out>)
at /usr/src/sys/kern/kern_shutdown.c:375
#4 0xc0358174 in panic (fmt=0xc0642063 "%s")
at /usr/src/sys/kern/kern_shutdown.c:831
#5 0xc0614a43 in trap_fatal (frame=0xd0fe7994, eva=<optimized out>)
at /usr/src/sys/platform/pc32/i386/trap.c:1143
#6 0xc0614bb4 in trap_pfault (frame=0xd0fe7994, usermode=<optimized out>,
eva=<unavailable>) at /usr/src/sys/platform/pc32/i386/trap.c:1045
#7 0xc06151f9 in trap (frame=0xd0fe7994)
at /usr/src/sys/platform/pc32/i386/trap.c:720
#8 0xc05e3f67 in calltrap ()
at /usr/src/sys/platform/pc32/i386/exception.s:787
#9 0xd100fdf0 in pfi_table_update (kt=0xce03ea58, kif=0xc304de70, net=128, <---------
flags=0) at /usr/src/sys/net/pf/pf_if.c:529
#10 0xd100fedf in pfi_dynaddr_update (dyn=0xccdfa560)
at /usr/src/sys/net/pf/pf_if.c:513
#11 0xd100ff1a in pfi_kif_update (kif=0xc304de70)
at /usr/src/sys/net/pf/pf_if.c:490
#12 0xd10102b4 in pfi_dynaddr_setup (aw=0xcdd43f88, af=28 '\034')
at /usr/src/sys/net/pf/pf_if.c:466
#13 0xd101105d in pf_addr_setup (ruleset=0xd1026d74, addr=0xcdd43f88,
af=65 'A') at /usr/src/sys/net/pf/pf_ioctl.c:929
#14 0xd1012762 in pfioctl (ap=0xd0fe7b54)
at /usr/src/sys/net/pf/pf_ioctl.c:1207
#15 0xc033aeb2 in dev_dioctl (dev=0xce4b1e80, cmd=3412345860,
data=0xcdd0b450 "", fflag=3, cred=0xccdfa4f8, msg=0xd0fe7cf0)
at /usr/src/sys/kern/kern_device.c:243
#16 0xc0507970 in devfs_fo_ioctl (fp=0xd4cc6338, com=3412345860,
data=0xcdd0b450 "", ucred=0xccdfa4f8, msg=0xd0fe7cf0)
at /usr/src/sys/vfs/devfs/devfs_vnops.c:1446
#17 0xc038a1a8 in fo_ioctl (fp=0xd4cc6338, com=3412345860,
data=0xcdd0b450 "", cred=0xccdfa4f8, msg=0xd0fe7cf0)
at /usr/src/sys/sys/file2.h:88
#18 0xc038a683 in mapped_ioctl (fd=3, com=3412345860,
uspc_data=0xbfbfdffc <Address 0xbfbfdffc out of bounds>, map=0x0,
msg=0xd0fe7cf0) at /usr/src/sys/kern/sys_generic.c:733
#19 0xc038a732 in sys_ioctl (uap=0xd0fe7cf0)
at /usr/src/sys/kern/sys_generic.c:552
#20 0xc06158fd in syscall2 (frame=0xd0fe7d40)
at /usr/src/sys/platform/pc32/i386/trap.c:1349
#21 0xc05e4016 in Xint0x80_syscall ()
at /usr/src/sys/platform/pc32/i386/exception.s:878
#22 0x0000001f in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

I put the core, kernel, etc. files into leaf:~fgudin/crash/ (#23) if someone could kindly help smash this one.

Thank you,

Associated revisions

Revision 5dfbf41e (diff)
Added by tuxillo over 2 years ago

network/pf - Avoid a possible bad pointer access.

- Make sure new pfi_kif structures are zeroed on allocation.
- A panic was hit when pfi_instance_add() tried to access a bad ifp
pointer (i.e. when using non-existing iface names in pf.conf)


#1 Updated by fgudin over 3 years ago

  • Status changed from New to Closed

No more panics after upgrading a bit further on 3.2 branch. Matt hinted that my pf module could have been out of sync, because the few commits in between were irrelevant to this crash.
Forget it :)

Also available in: Atom PDF