[Bug 274915] panic immediately on loading ruleset, in pf_ioctl_addrule sha #4ffe410

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 07 Nov 2023 22:58:13 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274915

Dave Cottlehuber <dch@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|New                         |In Progress

--- Comment #3 from Dave Cottlehuber <dch@freebsd.org> ---
(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
#1  doadump (textdump=textdump@entry=0) at
/usr/src/sys/kern/kern_shutdown.c:405
#2  0xffffffff804a291a in db_dump (dummy=<optimized out>, dummy2=<optimized
out>, dummy3=<optimized out>, dummy4=<optimized out>) at
/usr/src/sys/ddb/db_command.c:591
#3  0xffffffff804a271d in db_command (last_cmdp=<optimized out>,
cmd_table=<optimized out>, dopager=true) at /usr/src/sys/ddb/db_command.c:504
#4  0xffffffff804a23dd in db_command_loop () at
/usr/src/sys/ddb/db_command.c:551
#5  0xffffffff804a5d56 in db_trap (type=<optimized out>, code=<optimized out>)
at /usr/src/sys/ddb/db_main.c:268
#6  0xffffffff80b9c527 in kdb_trap (type=type@entry=3, code=code@entry=0,
tf=tf@entry=0xfffffe0268632860) at /usr/src/sys/kern/subr_kdb.c:790
#7  0xffffffff8102214d in trap (frame=0xfffffe0268632860) at
/usr/src/sys/amd64/amd64/trap.c:608
#8  <signal handler called>
#9  kdb_enter (why=<optimized out>, msg=<optimized out>) at
/usr/src/sys/kern/subr_kdb.c:556
#10 0xffffffff80b4d4b3 in vpanic (fmt=0xffffffff8114dead "%s",
ap=ap@entry=0xfffffe0268632a90) at /usr/src/sys/kern/kern_shutdown.c:958
#11 0xffffffff80b4d343 in panic (fmt=0xffffffff816b6b98 <gdb_consdev>
"\020\3272\201\377\377\377\377\001") at /usr/src/sys/kern/kern_shutdown.c:894
#12 0xffffffff8102260c in trap_fatal (frame=0xfffffe0268632b80, eva=0) at
/usr/src/sys/amd64/amd64/trap.c:952
#13 0xffffffff8102265f in trap_pfault (frame=0xfffffe0268632b80,
usermode=false, signo=<optimized out>, ucode=<optimized out>) at
/usr/src/sys/amd64/amd64/trap.c:760
#14 <signal handler called>
#15 0xffffffff83710574 in pf_ioctl_addrule (rule=rule@entry=0xfffff80cdc854800,
ticket=ticket@entry=2, pool_ticket=pool_ticket@entry=196,
anchor=anchor@entry=0xfffff8014bb5c028 "",
anchor_call=anchor_call@entry=0xfffff8014bb5c030 "", uid=<optimized out>,
pid=0)
    at /usr/src/sys/netpfil/pf/pf_ioctl.c:2094
#16 0xffffffff83730750 in pf_handle_addrule (hdr=0xfffff8014bb5c000,
npt=0xfffffe0268632dc0) at /usr/src/sys/netpfil/pf/pf_nl.c:631
#17 0xffffffff80d947fb in nl_receive_message (hdr=0xfffff8014bb5c000,
remaining_length=<optimized out>, nlp=0xfffff80c49506e00,
npt=0xfffffe0268632dc0) at /usr/src/sys/netlink/netlink_io.c:506
#18 nl_process_mbuf (m=0xfffff80164c27300, nlp=0xfffff80c49506e00) at
/usr/src/sys/netlink/netlink_io.c:580
#19 nl_process_received_one (nlp=0xfffff80c49506e00) at
/usr/src/sys/netlink/netlink_io.c:293
#20 nl_process_received (nlp=0xfffff80c49506e00) at
/usr/src/sys/netlink/netlink_io.c:320
#21 nl_taskqueue_handler (_arg=0xfffff80c49506e00, pending=<optimized out>) at
/usr/src/sys/netlink/netlink_io.c:371
#22 0xffffffff80bb2452 in taskqueue_run_locked
(queue=queue@entry=0xfffff80c4cb46c00) at
/usr/src/sys/kern/subr_taskqueue.c:512
#23 0xffffffff80bb36e2 in taskqueue_thread_loop
(arg=arg@entry=0xfffff80c49506e60) at /usr/src/sys/kern/subr_taskqueue.c:824
#24 0xffffffff80b0661f in fork_exit (callout=0xffffffff80bb3620
<taskqueue_thread_loop>, arg=0xfffff80c49506e60, frame=0xfffffe0268632f40) at
/usr/src/sys/kern/kern_fork.c:1160
#25 <signal handler called>


(kgdb) frame 15
#15 0xffffffff83710574 in pf_ioctl_addrule (rule=rule@entry=0xfffff80cdc854800,
ticket=ticket@entry=2, pool_ticket=pool_ticket@entry=196,
anchor=anchor@entry=0xfffff8014bb5c028 "",
anchor_call=anchor_call@entry=0xfffff8014bb5c030 "", uid=<optimized out>,
pid=0)
    at /usr/src/sys/netpfil/pf/pf_ioctl.c:2094
warning: Source file is more recent than executable.
2094            tail = TAILQ_LAST(ruleset->rules[rs_num].inactive.ptr,
(kgdb)

(kgdb) l
2089             */
2090            if (ruleset->rules[rs_num].inactive.tree == NULL) {
2091                    ERROUT(EINVAL);
2092            }
2093
2094            tail = TAILQ_LAST(ruleset->rules[rs_num].inactive.ptr,
2095                pf_krulequeue);
2096            if (tail)
2097                    rule->nr = tail->nr + 1;
2098            else
(kgdb)

I bumped my src repo today for $WORK but its not a big jump. Easy enough now to
repro with your steps above, thank-you!

-- 
You are receiving this mail because:
You are the assignee for the bug.