[Bug 274915] panic immediately on loading ruleset, in pf_ioctl_addrule sha #4ffe410

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 08 Nov 2023 07:16:38 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274915

--- Comment #5 from Dave Cottlehuber <dch@freebsd.org> ---
-- redone with src & core matching again
https://git.sr.ht/~dch/src/commit/c6fd7e65435a3ea7184bbeb0e0138a4daf6d80e6


(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
#1  doadump (textdump=textdump@entry=0) at
/usr/src/sys/kern/kern_shutdown.c:405
#2  0xffffffff804a2a1a in db_dump (dummy=<optimized out>, dummy2=<optimized
out>, dummy3=<optimized out>, dummy4=<optimized out>)
    at /usr/src/sys/ddb/db_command.c:591
#3  0xffffffff804a281d in db_command (last_cmdp=<optimized out>,
cmd_table=<optimized out>, dopager=false)
    at /usr/src/sys/ddb/db_command.c:504
#4  0xffffffff804a2966 in db_command_script
(command=command@entry=0xffffffff817b5724 <db_recursion_data+84> "dump")
    at /usr/src/sys/ddb/db_command.c:569
#5  0xffffffff804a7f58 in db_script_exec
(scriptname=scriptname@entry=0xfffffe026a44e520 "kdb.enter.panic",
    warnifnotfound=warnifnotfound@entry=0) at /usr/src/sys/ddb/db_script.c:302
#6  0xffffffff804a7d82 in db_script_kdbenter (eventname=<optimized out>) at
/usr/src/sys/ddb/db_script.c:324
#7  0xffffffff804a5e51 in db_trap (type=<optimized out>, code=<optimized out>)
at /usr/src/sys/ddb/db_main.c:267
#8  0xffffffff80b9c627 in kdb_trap (type=type@entry=3, code=code@entry=0,
tf=tf@entry=0xfffffe026a44e860)
    at /usr/src/sys/kern/subr_kdb.c:790
#9  0xffffffff8102214d in trap (frame=0xfffffe026a44e860) at
/usr/src/sys/amd64/amd64/trap.c:608
#10 <signal handler called>
#11 kdb_enter (why=<optimized out>, msg=<optimized out>) at
/usr/src/sys/kern/subr_kdb.c:556
#12 0xffffffff80b4d5b3 in vpanic (fmt=0xffffffff8114decf "%s",
ap=ap@entry=0xfffffe026a44ea90) at /usr/src/sys/kern/kern_shutdown.c:958
#13 0xffffffff80b4d443 in panic (fmt=0xffffffff816b6b98 <gdb_consdev>
"\320\3312\201\377\377\377\377\001")
    at /usr/src/sys/kern/kern_shutdown.c:894
#14 0xffffffff8102260c in trap_fatal (frame=0xfffffe026a44eb80, eva=0) at
/usr/src/sys/amd64/amd64/trap.c:952
#15 0xffffffff8102265f in trap_pfault (frame=0xfffffe026a44eb80,
usermode=false, signo=<optimized out>, ucode=<optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:760
#16 <signal handler called>
#17 0xffffffff836de574 in pf_ioctl_addrule (rule=rule@entry=0xfffff80c1342a000,
ticket=ticket@entry=2, pool_ticket=pool_ticket@entry=196,
    anchor=anchor@entry=0xfffff80cbe561028 "",
anchor_call=anchor_call@entry=0xfffff80cbe561030 "", uid=<optimized out>,
pid=0)
    at /usr/src/sys/netpfil/pf/pf_ioctl.c:2094
#18 0xffffffff836fe730 in pf_handle_addrule (hdr=0xfffff80cbe561000,
npt=0xfffffe026a44edc0) at /usr/src/sys/netpfil/pf/pf_nl.c:631
#19 0xffffffff80d94aeb in nl_receive_message (hdr=0xfffff80cbe561000,
remaining_length=<optimized out>, nlp=0xfffff80161e77300,
    npt=0xfffffe026a44edc0) at /usr/src/sys/netlink/netlink_io.c:506
#20 nl_process_mbuf (m=0xfffff80193368a00, nlp=0xfffff80161e77300) at
/usr/src/sys/netlink/netlink_io.c:580
#21 nl_process_received_one (nlp=0xfffff80161e77300) at
/usr/src/sys/netlink/netlink_io.c:293
#22 nl_process_received (nlp=0xfffff80161e77300) at
/usr/src/sys/netlink/netlink_io.c:320
#23 nl_taskqueue_handler (_arg=0xfffff80161e77300, pending=<optimized out>) at
/usr/src/sys/netlink/netlink_io.c:371
#24 0xffffffff80bb2552 in taskqueue_run_locked
(queue=queue@entry=0xfffff80c09004a00) at
/usr/src/sys/kern/subr_taskqueue.c:512
#25 0xffffffff80bb37e2 in taskqueue_thread_loop
(arg=arg@entry=0xfffff80161e77360) at /usr/src/sys/kern/subr_taskqueue.c:824
#26 0xffffffff80b0671f in fork_exit (callout=0xffffffff80bb3720
<taskqueue_thread_loop>, arg=0xfffff80161e77360, frame=0xfffffe026a44ef40)
    at /usr/src/sys/kern/kern_fork.c:1160
#27 <signal handler called>
(kgdb) frame 17
#17 0xffffffff836de574 in pf_ioctl_addrule (rule=rule@entry=0xfffff80c1342a000,
ticket=ticket@entry=2, pool_ticket=pool_ticket@entry=196,
    anchor=anchor@entry=0xfffff80cbe561028 "",
anchor_call=anchor_call@entry=0xfffff80cbe561030 "", uid=<optimized out>,
pid=0)
    at /usr/src/sys/netpfil/pf/pf_ioctl.c:2094
2094            tail = TAILQ_LAST(ruleset->rules[rs_num].inactive.ptr,
(kgdb) l
2089             */
2090            if (ruleset->rules[rs_num].inactive.tree == NULL) {
2091                    ERROUT(EINVAL);
2092            }
2093
2094            tail = TAILQ_LAST(ruleset->rules[rs_num].inactive.ptr,
2095                pf_krulequeue);
2096            if (tail)
2097                    rule->nr = tail->nr + 1;
2098            else
(kgdb) p rs_num
$1 = <optimized out>
(kgdb) p ruleset
$2 = (struct pf_kruleset *) 0xfffffe00d69e4078
(kgdb) p ruleset->rules
$3 = {{queues = {{tqh_first = 0xfffff801616ea000, tqh_last =
0xfffff801616ea328}, {tqh_first = 0x0, tqh_last = 0xfffffe00d69e4088}},
    active = {ptr = 0xfffffe00d69e4088, ptr_array = 0x0, rcount = 0, ticket =
1, open = 0, tree = 0xfffff80c850ea4d0}, inactive = {
      ptr = 0xfffffe00d69e4078, ptr_array = 0x0, rcount = 1, ticket = 2, open =
1, tree = 0xfffff80193841180}}, {queues = {{
        tqh_first = 0xfffff80be2d45000, tqh_last = 0xfffff80c1342a328},
{tqh_first = 0x0, tqh_last = 0xfffffe00d69e40f8}}, active = {
      ptr = 0xfffffe00d69e40f8, ptr_array = 0x0, rcount = 0, ticket = 1, open =
0, tree = 0xfffff801617f8f60}, inactive = {
      ptr = 0xfffffe00d69e40e8, ptr_array = 0x0, rcount = 150, ticket = 2, open
= 1, tree = 0xfffff80a1889d4f0}}, {queues = {{
        tqh_first = 0xfffff80a182e4800, tqh_last = 0xfffff8016b176328},
{tqh_first = 0x0, tqh_last = 0xfffffe00d69e4168}}, active = {
      ptr = 0xfffffe00d69e4168, ptr_array = 0x0, rcount = 0, ticket = 1, open =
0, tree = 0xfffff80a188a4640}, inactive = {
      ptr = 0xfffffe00d69e4158, ptr_array = 0x0, rcount = 18, ticket = 2, open
= 1, tree = 0xfffff80a1889d5b0}}, {queues = {{
        tqh_first = 0x0, tqh_last = 0xfffffe00d69e41c8}, {tqh_first = 0x0,
tqh_last = 0xfffffe00d69e41d8}}, active = {
      ptr = 0xfffffe00d69e41d8, ptr_array = 0x0, rcount = 0, ticket = 1, open =
0, tree = 0xfffff80c850ea4e0}, inactive = {
      ptr = 0xfffffe00d69e41c8, ptr_array = 0x0, rcount = 0, ticket = 2, open =
1, tree = 0xfffff80c850ea490}}, {queues = {{
        tqh_first = 0xfffff80be2d3f800, tqh_last = 0xfffff80be2d3fb28},
{tqh_first = 0x0, tqh_last = 0xfffffe00d69e4248}}, active = {
      ptr = 0xfffffe00d69e4248, ptr_array = 0x0, rcount = 0, ticket = 1, open =
0, tree = 0xfffff80cac818520}, inactive = {
      ptr = 0xfffffe00d69e4238, ptr_array = 0x0, rcount = 1, ticket = 2, open =
1, tree = 0xfffff80a1889d530}}}
(kgdb)

btw see you on irc for faster RTT

-- 
You are receiving this mail because:
You are the assignee for the bug.