Re: pf panic with clean snapshot (GENERIC.MP) #570

Mon, 06 Jun 2022 03:46:20 -0700 

Hello,

</snip>
> 
> panic log:
> 
> bcbnfw1# uvm_fault(0xffffffff822e5e48, 0x0, 0, 1) -> e
> kernel: page fault trap, code=0
> Stopped at      pf_state_export+0x38:   movq    0(%rax),%rcx
>     TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
> *186873  72386      0     0x14000      0x200    1  softnet
>  177504   6658      0     0x14000      0x200    4  softnet
>   39873  45066      0     0x14000      0x200    3  softnet
>  212195  13588      0     0x14000      0x200    2  softnet
> pf_state_export(fffffd80610b3bd4,fffffd87778f3010) at pf_state_export+0x38
> pfsync_sendout() at pfsync_sendout+0x5e4
> pfsync_update_state(fffffd874a5bd190) at pfsync_update_state+0x15b
> pf_test(2,1,ffff800000bbe000,ffff800020b45b18) at pf_test+0xd53
> ip_input_if(ffff800020b45b18,ffff800020b45b24,4,0,ffff800000bbe000) at
> ip_input_if+0xcd
> ipv4_input(ffff800000bbe000,fffffd8061062300) at ipv4_input+0x39
> ether_input(ffff800000bbe000,fffffd8061062300) at ether_input+0x3ad
> carp_input(ffff800000bd5000,fffffd8061062300,5e000101) at carp_input+0x196
> ether_input(ffff800000bd5000,fffffd8061062300) at ether_input+0x1d9
> vlan_input(ffff800000ba1000,fffffd8061062300,ffff800020b45d4c) at
> vlan_input+0x23d
> ether_input(ffff800000ba1000,fffffd8061062300) at ether_input+0x85
> if_input_process(ffff80000048b048,ffff800020b45de8) at if_input_process+0x6f
> ifiq_process(ffff80000048e900) at ifiq_process+0x69
> taskq_thread(ffff800000035200) at taskq_thread+0x100
> end trace frame: 0x0, count: 1

    this is most likely identical to crash you've reported ?two weeks ago?
    I can not find an email with it.

    I'm working on diff to get it fixed. Will try to finish it later
    today.


according to stack and registers we die at line 1196 in pf_state_export() due
to NULL pointer dereference:

0xffffffff8172ee58 is in pf_state_export 
(/home/sashan/src.sashan/sys/net/pf.c:1196).
1191            int32_t expire;
1192
1193            memset(sp, 0, sizeof(struct pfsync_state));
1194
1195            /* copy from state key */
1196            sp->key[PF_SK_WIRE].addr[0] = st->key[PF_SK_WIRE]->addr[0];
1197            sp->key[PF_SK_WIRE].addr[1] = st->key[PF_SK_WIRE]->addr[1];
1198            sp->key[PF_SK_WIRE].port[0] = st->key[PF_SK_WIRE]->port[0];
1199            sp->key[PF_SK_WIRE].port[1] = st->key[PF_SK_WIRE]->port[1];
1200            sp->key[PF_SK_WIRE].rdomain = htons(st->key[PF_SK_WIRE]->rdomain

thanks and
regards
sashan

Reply via email to