kern/77645: pfctl panices the system when interface renaming is used

Harald Schmalzbauer harry at schmalzbauer.de
Thu Feb 17 08:40:22 PST 2005 

>Number:         77645
>Category:       kern
>Synopsis:       pfctl panices the system when interface renaming is used
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 17 16:40:21 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Harald Schmalzbauer
>Release:        FreeBSD 5.3-STABLE
>Organization:
>Environment:
System: FreeBSD phobos.mars.mable.de 5.3.8.k-KAEPTN FreeBSD 5.3.8.k-KAEPTN #3: S
at Feb 12 12:59:01 UTC 2005 root at phobos.mars.mable.de:/usr/obj/usr/src/sys/GA-6I
EML i386
>Description:
When interface renaming feature is used "pfctl -Fall -f/etc/pf.conf"
panics the machine. When disabling interface renaming everyting works
fine, also a single "pfctl -F nat|rule|state|...." doesn't cause the
panic with renamed interfaces, only "-Fall".
>How-To-Repeat:
      Rename network interfaces e.g. by putting these lines in /etc/rc.conf:
ifconfig_em2_name="LAN"
ifconfig_LAN="192.168.0.1 netmask 255.255.255.0"
Then enter the command 'pfctl -Fall -f /etc/pf.conf' and the machine will panic with the following trace:

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0xdeadc1d7
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc047e4b1
stack pointer           = 0x10:0xcc69a9b4
frame pointer           = 0x10:0xcc69a9b8
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 37 (swi1: net)
[thread pid 37 tid 100033 ]
Stopped at      pf_state_compare_ext_gwy+0x11:  movzbl  0xf9(%ebx),%eax
db> trace
Tracing pid 37 tid 100033 td 0xc15154b0
pf_state_compare_ext_gwy(cc69aa10,deadc0de,c1783b00,cc69aa10,cc69a9e8) at pf_state_compare_ext_gwy+0x11
pf_state_tree_ext_gwy_RB_FIND(c1783bc4,cc69aa10,c1783b00,cc69ab64,cc69ab1c) at pf_state_tree_ext_gwy_RB_FIND+0x2c
pf_find_state_recurse(c1783b00,cc69aa10,1,608,c075d53e) at pf_find_state_recurse+0x82
pf_test_state_udp(cc69ab64,1,c1783b00,c18aca00,14) at pf_test_state_udp+0xf5
pf_test(1,c1585800,cc69ac54,0,c17510e0) at pf_test+0x617
pf_check_in(0,cc69ac54,c1585800,1,0) at pf_check_in+0x48
pfil_run_hooks(c0804020,cc69aca0,c1585800,1,0) at pfil_run_hooks+0xfb
ip_input(c18aca00,0,c077deb7,e6,c0803398) at ip_input+0x2a0
netisr_processqueue(c0803398,c07d90a0,1,c0774055,c1508cc0) at netisr_processqueue+0x8e
swi_net(0,0,c0772643,269,c07d90a0) at swi_net+0xe9
ithread_loop(c1526200,cc69ad48,c077243a,31e,0) at ithread_loop+0x172
fork_exit(c0565560,c1526200,cc69ad48) at fork_exit+0xc6
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip = 0, esp = 0xcc69ad7c, ebp = 0 ---
>Fix:
      
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list