From owner-freebsd-pf@freebsd.org Sun Jul 26 02:30:25 2015 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BBEB29A99D5 for ; Sun, 26 Jul 2015 02:30:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A85599E for ; Sun, 26 Jul 2015 02:30:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t6Q2UPFD082571 for ; Sun, 26 Jul 2015 02:30:25 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 201879] panic: boot time panic with a scrub rule on "exclusive sleep mutex pf fragments"... Date: Sun, 26 Jul 2015 02:30:25 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jul 2015 02:30:25 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201879 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-pf@FreeBSD.org -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-pf@freebsd.org Sun Jul 26 10:15:30 2015 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 41F709A734E for ; Sun, 26 Jul 2015 10:15:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2E1937B9 for ; Sun, 26 Jul 2015 10:15:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t6QAFUd0085886 for ; Sun, 26 Jul 2015 10:15:30 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 201879] panic: boot time panic with a scrub rule on "exclusive sleep mutex pf fragments"... Date: Sun, 26 Jul 2015 10:15:30 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jul 2015 10:15:30 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201879 Kristof Provost changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kp@freebsd.org --- Comment #1 from Kristof Provost --- The dump suggests something's wrong with the pf_fragqueue. It looks like an element was freed but not removed from the list (based on the fault address of 0xdeadc0de, and the PC shows the panic is at the first dereference of the frag taken from the list). I don't understand how that can happen though. The list manipulations are always done with the pf_frag_mtx mutex held so it can't be a race. Any free of fragments is done through pf_remove_fragment(), which immediately removes it from the tailq. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-pf@freebsd.org Sun Jul 26 14:07:12 2015 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C068C9AB400 for ; Sun, 26 Jul 2015 14:07:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A7B7DA95 for ; Sun, 26 Jul 2015 14:07:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t6QE7CCv020483 for ; Sun, 26 Jul 2015 14:07:12 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 201879] panic: boot time panic with a scrub rule on "exclusive sleep mutex pf fragments"... Date: Sun, 26 Jul 2015 14:07:12 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: jason.unovitch@gmail.com X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jul 2015 14:07:13 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201879 --- Comment #2 from Jason Unovitch --- Created attachment 159239 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=159239&action=edit r285884M panic with some extra debug statements in pf_purge_expired_fragments (In reply to Kristof Provost from comment #1) I'm with you and I'm still trying to understand it myself. Last night I sprinkled some debug prints around pf_purge_expired_fragments since the line 237 pointed me in the right direction there. I managed to find a replication case. I can get a stable boot with the scrub rules if I turn off OpenNTPD along with Puppet and Monit since they will try to start it manually. The full boot log is attached and the tail end of it is below. Once I start OpenNTPD the burst of network traffic causes an instance panic the next time the pf purge thread fires. root@xju-rtr:~ # service openntpd onestart Starting openntpd. root@xju-rtr:~ # Jul 26 03:43:23 xju-rtr ntpd[23153]: constraint certificate verification turned off DEBUG: Entry of pf_purge_expired_fragments() DEBUG: Trying to PR_FRAG_LOCK()() DEBUG: Finished PF_FRAG_LOCK() DEBUG: Start fragment purge() Kernel page fault with the following non-sleepable locks held: exclusive sleep mutex pf fragments (pf fragments) r = 0 (0xc9fe2458) locked @ /usr/src/head/sys/modules/pf/../../netpfil/pf/pf_norm.c:239 KDB: stack backtrace: db_trace_self_wrapper(c1538c45,702f6670,6f6e5f66,632e6d72,3933323a,...) at db_trace_self_wrapper+0x2a/frame 0xeb7719a0 kdb_backtrace(c153cfd1,0,c9fe2458,c9fdfc3d,ef,...) at kdb_backtrace+0x2d/frame 0xeb771a08 witness_warn(5,0,c16ffc72,c1960a9c,c764f330,...) at witness_warn+0x40f/frame 0xeb771a58 trap_pfault(deadc0de,c,c7e62cc0,7f,c1960a10,...) at trap_pfault+0x58/frame 0xeb771ad0 trap(eb771c1c) at trap+0x6c1/frame 0xeb771c10 calltrap() at calltrap+0x6/frame 0xeb771c10 --- trap 0xc, eip = 0xc9fd00c6, esp = 0xeb771c5c, ebp = 0xeb771c74 --- pf_purge_expired_fragments(c9fe20a0,c9fdea6a,5b8,c9fdeca0,1999997c,...) at pf_purge_expired_fragments+0x96/frame 0xeb771c74 pf_purge_thread(0,eb771ce8,c152c72d,3e6,0,...) at pf_purge_thread+0x15/frame 0xeb771cac fork_exit(c9fb2240,0,eb771ce8) at fork_exit+0x7e/frame 0xeb771cd4 fork_trampoline() at fork_trampoline+0x8/frame 0xeb771cd4 --- trap 0, eip = 0, esp = 0xeb771d20, ebp = 0 --- Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0xdeadc0de fault code = supervisor read, page not present instruction pointer = 0x20:0xc9fd00c6 stack pointer = 0x28:0xeb771c5c frame pointer = 0x28:0xeb771c74 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 5280 (pf purge) [ thread pid 5280 tid 100108 ] Stopped at pf_purge_expired_fragments+0x96: movl 0(%eax),%esi db> -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-pf@freebsd.org Sun Jul 26 14:15:50 2015 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E79149AB5D8 for ; Sun, 26 Jul 2015 14:15:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CD51DD86 for ; Sun, 26 Jul 2015 14:15:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t6QEFo69031595 for ; Sun, 26 Jul 2015 14:15:50 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 201879] panic: boot time panic with a scrub rule on "exclusive sleep mutex pf fragments"... Date: Sun, 26 Jul 2015 14:15:50 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: jason.unovitch@gmail.com X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jul 2015 14:15:51 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201879 --- Comment #3 from Jason Unovitch --- Created attachment 159240 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=159240&action=edit r285884M panic on routing network traffic (also with extra debug statements in pf_purge_expired_fragments) (In reply to Kristof Provost from comment #1) I also managed to find a second reproduction case as well and this is attached. For this one I did not start the service on the router like I did in the previous comment. I had the router up for a couple minutes while I was doing basic ICMP via ping and TCP and UDP connects via netcat out the WAN interface. As soon as I opened Firefox to go to a web site the router paniced. What is interesting here is that pf_purge_expired_fragments() appears to have completed. My debug statements show the entry to the function, getting the mutex, purging, and releasing the mutex. This time the "pf fragments" mutex is mentioned as being on line 1275 vice the 237 from earlier (keep in mind the couple extra lines of debug printf's). DEBUG: Entry of pf_purge_expired_fragments() DEBUG: Trying to PR_FRAG_LOCK()() DEBUG: Finished PF_FRAG_LOCK() DEBUG: Start fragment purge() DEBUG: Finished fragment purge() DEBUG: Trying to PR_FRAG_UNLOCK()() DEBUG: Finished PF_FRAG_UNLOCK() Kernel page fault with the following non-sleepable locks held: exclusive sleep mutex pf fragments (pf fragments) r = 0 (0xc9fcc458) locked @ /usr/src/head/sys/modules/pf/../../netpfil/pf/pf_norm.c:1275 shared rw pf rulesets (pf rulesets) r = 0 (0xc9fcc090) locked @ /usr/src/head/sys/modules/pf/../../netpfil/pf/pf.c:5732 shared rm PFil shared rmlock (PFil shared rmlock) r = 0 (0xc1a2bd88) locked @ /usr/src/head/sys/net/pfil.c:78 KDB: stack backtrace: db_trace_self_wrapper(c1538c45,702f6670,3a632e66,32333735,3732000a,...) at db_trace_self_wrapper+0x2a/frame 0xeb63b4a0 kdb_backtrace(c153cfd1,0,c1a2bd88,c154d234,4e,...) at kdb_backtrace+0x2d/frame 0xeb63b508 witness_warn(5,0,c16ffc72,eb63b5c0,c0c6604f,...) at witness_warn+0x40f/frame 0xeb63b558 trap_pfault(deadc0fe,c,246,c199ff58,c719fd00,...) at trap_pfault+0x58/frame 0xeb63b5d0 trap(eb63b71c) at trap+0x6c1/frame 0xeb63b710 calltrap() at calltrap+0x6/frame 0xeb63b710 --- trap 0xc, eip = 0xc9fb9ca3, esp = 0xeb63b75c, ebp = 0xeb63b778 --- pf_frag_tree_RB_FIND(c9fcc46c,eb63b808,c9fc9c3d,153,cbcb180e,...) at pf_frag_tree_RB_FIND+0x23/frame 0xeb63b778 pf_find_fragment(c9fcc468,0,c9fc9c3d,4fb,c0c655c6,...) at pf_find_fragment+0x3c/frame 0xeb63b798 pf_normalize_ip(eb63b9fc,1,c7ec0a00,eb63b960,eb63b908,...) at pf_normalize_ip+0xa19/frame 0xeb63b878 pf_test(1,c7880400,eb63b9fc,0,c1a2c0b8,...) at pf_test+0x216/frame 0xeb63b9b0 pf_check_in(0,eb63b9fc,c7880400,1,0,...) at pf_check_in+0x29/frame 0xeb63b9d0 pfil_run_hooks(c1a2c0b8,eb63ba7c,c7880400,1,0,...) at pfil_run_hooks+0x9f/frame 0xeb63ba30 ip_input(cbc8a600,c788b058,0,c154a713,cbc8a600,...) at ip_input+0x6e1/frame 0xeb63ba9c netisr_dispatch_src(1,0,cbc8a600) at netisr_dispatch_src+0xab/frame 0xeb63bae0 netisr_dispatch(1,cbc8a600,0,0,c14dd2c4,cbc8a600) at netisr_dispatch+0x20/frame 0xeb63baf4 ether_demux(c7880400,cbc8a600,6,0,8,...) at ether_demux+0x18d/frame 0xeb63bb20 ether_nh_input(cbc8a600,801,246,eb63bbac,cbdbae00,...) at ether_nh_input+0x377/frame 0xeb63bb4c netisr_dispatch_src(5,0,cbc8a600) at netisr_dispatch_src+0xab/frame 0xeb63bb90 netisr_dispatch(5,cbc8a600,c786e120,1,c786e100,...) at netisr_dispatch+0x20/frame 0xeb63bba4 ether_input(c7880400,cbc8a600,eb63bc2c,c06f484c,c7880400,...) at ether_input+0x4f/frame 0xeb63bbc0 if_input(c7880400,cbc8a600,c1250d45,123c,c78e0000,...) at if_input+0x19/frame 0xeb63bbd0 em_rxeof(c7880400,c1960310,0,c769f700,c76c4280,...) at em_rxeof+0x3bc/frame 0xeb63bc2c em_msix_rx(c786e100,c152c9b9,560,5d4afdf8,c76c42c8,...) at em_msix_rx+0x2f/frame 0xeb63bc48 intr_event_execute_handlers(c1960310,c76c4280,c152c9b9,560,c1960300,...) at intr_event_execute_handlers+0xde/frame 0xeb63bc70 ithread_loop(c7643250,eb63bce8,c152c72d,3e6,0,...) at ithread_loop+0x90/frame 0xeb63bcac fork_exit(c0bd1ff0,c7643250,eb63bce8) at fork_exit+0x7e/frame 0xeb63bcd4 fork_trampoline() at fork_trampoline+0x8/frame 0xeb63bcd4 --- trap 0, eip = 0, esp = 0xeb63bd20, ebp = 0 --- Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0xdeadc0fe fault code = supervisor read, page not present instruction pointer = 0x20:0xc9fb9ca3 stack pointer = 0x28:0xeb63b75c frame pointer = 0x28:0xeb63b778 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 12 (irq268: em3:rx0) [ thread pid 12 tid 100079 ] Stopped at pf_frag_tree_RB_FIND+0x23: subl 0x20(%edi),%eax db> -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-pf@freebsd.org Mon Jul 27 14:58:47 2015 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B51219AC4BF for ; Mon, 27 Jul 2015 14:58:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A162FF00 for ; Mon, 27 Jul 2015 14:58:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t6REwleZ008010 for ; Mon, 27 Jul 2015 14:58:47 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 200321] [ip] [pf] pfSync generates demotion events to carp when not needed Date: Mon, 27 Jul 2015 14:58:47 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: gnn@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: eri@freebsd.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jul 2015 14:58:47 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200321 George V. Neville-Neil changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gnn@FreeBSD.org Assignee|freebsd-pf@FreeBSD.org |eri@freebsd.org -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-pf@freebsd.org Mon Jul 27 14:59:05 2015 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6F3309AC4FA for ; Mon, 27 Jul 2015 14:59:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5BA31FFF for ; Mon, 27 Jul 2015 14:59:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t6REx5S0008359 for ; Mon, 27 Jul 2015 14:59:05 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 200320] pfSync causes crashes Date: Mon, 27 Jul 2015 14:59:05 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: gnn@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: eri@freebsd.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jul 2015 14:59:05 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200320 George V. Neville-Neil changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gnn@FreeBSD.org Assignee|freebsd-pf@FreeBSD.org |eri@freebsd.org -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-pf@freebsd.org Tue Jul 28 03:49:15 2015 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5121F9AB376 for ; Tue, 28 Jul 2015 03:49:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3D8BD189 for ; Tue, 28 Jul 2015 03:49:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t6S3nFnE009900 for ; Tue, 28 Jul 2015 03:49:15 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 201932] panic: pf_frag_tree_RB_FIND - dereference to 0xdeadc0dedeadc0de Date: Tue, 28 Jul 2015 03:49:15 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jul 2015 03:49:15 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201932 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-pf@FreeBSD.org -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-pf@freebsd.org Tue Jul 28 08:00:14 2015 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ED08E9AA00B for ; Tue, 28 Jul 2015 08:00:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D9D081AEF for ; Tue, 28 Jul 2015 08:00:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t6S80E8B045299 for ; Tue, 28 Jul 2015 08:00:14 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 201932] panic: pf_frag_tree_RB_FIND - dereference to 0xdeadc0dedeadc0de Date: Tue, 28 Jul 2015 08:00:14 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: kp@freebsd.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jul 2015 08:00:15 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201932 Kristof Provost changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-pf@FreeBSD.org |kp@freebsd.org --- Comment #1 from Kristof Provost --- Thanks for the report. This is very likely the same issue as bug #201879. A corruption of the fragment cache (a freed element not being removed from the list/tree). I've not yet been able to reproduce this myself, and I can't figure out how it might happen from simple code reading. Knowing that it's related to the v4 path is useful though. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-pf@freebsd.org Wed Jul 29 01:15:47 2015 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E7F709AD2E0 for ; Wed, 29 Jul 2015 01:15:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D46747D4 for ; Wed, 29 Jul 2015 01:15:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t6T1Fle1072238 for ; Wed, 29 Jul 2015 01:15:47 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 201879] panic: boot time panic with a scrub rule on "exclusive sleep mutex pf fragments"... Date: Wed, 29 Jul 2015 01:15:48 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: jason.unovitch@gmail.com X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jul 2015 01:15:48 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201879 --- Comment #4 from Jason Unovitch --- For anyone stumbling across this PR, The patch at https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201932#c6 has provided a resolution on this. Thanks Kristof! -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-pf@freebsd.org Wed Jul 29 06:36:20 2015 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DFCF19AEE71 for ; Wed, 29 Jul 2015 06:36:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CC02371 for ; Wed, 29 Jul 2015 06:36:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t6T6aKMI077538 for ; Wed, 29 Jul 2015 06:36:20 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 201879] panic: boot time panic with a scrub rule on "exclusive sleep mutex pf fragments"... Date: Wed, 29 Jul 2015 06:36:21 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jul 2015 06:36:21 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201879 --- Comment #5 from commit-hook@freebsd.org --- A commit references this bug: Author: kp Date: Wed Jul 29 06:35:37 UTC 2015 New revision: 285999 URL: https://svnweb.freebsd.org/changeset/base/285999 Log: pf: Always initialise pf_fragment.fr_flags When we allocate the struct pf_fragment in pf_fillup_fragment() we forgot to initialise the fr_flags field. As a result we sometimes mistakenly thought the fragment to not be a buffered fragment. This resulted in panics because we'd end up freeing the pf_fragment but not removing it from V_pf_fragqueue (believing it to be part of V_pf_cachequeue). The next time we iterated V_pf_fragqueue we'd use a freed object and panic. While here also fix a pf_fragment use after free in pf_normalize_ip(). pf_reassemble() frees the pf_fragment, so we can't use it any more. PR: 201879, 201932 MFC after: 5 days Changes: head/sys/netpfil/pf/pf_norm.c -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-pf@freebsd.org Wed Jul 29 06:37:02 2015 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CC73E9AEE84 for ; Wed, 29 Jul 2015 06:37:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B88F083 for ; Wed, 29 Jul 2015 06:37:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t6T6b2g6078085 for ; Wed, 29 Jul 2015 06:37:02 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 201879] panic: boot time panic with a scrub rule on "exclusive sleep mutex pf fragments"... Date: Wed, 29 Jul 2015 06:37:02 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: Closed X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: resolution bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jul 2015 06:37:02 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201879 Kristof Provost changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|New |Closed -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-pf@freebsd.org Wed Jul 29 15:59:24 2015 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5415A9AE4FE for ; Wed, 29 Jul 2015 15:59:24 +0000 (UTC) (envelope-from daemon-user@freebsd.org) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [IPv6:2001:4f8:3:ffe0:406a:0:50:2]) by mx1.freebsd.org (Postfix) with ESMTP id 3B32E16DB for ; Wed, 29 Jul 2015 15:59:24 +0000 (UTC) (envelope-from daemon-user@freebsd.org) Received: by phabric-backend.isc.freebsd.org (Postfix, from userid 1346) id 3A26999FD; Wed, 29 Jul 2015 15:59:24 +0000 (UTC) Date: Wed, 29 Jul 2015 15:59:24 +0000 To: freebsd-pf@freebsd.org From: "rodrigc (Craig Rodrigues)" Reply-to: D1944+331+90181aefda88703e@reviews.freebsd.org Subject: [Differential] [Commented On] D1944: PF and VIMAGE fixes Message-ID: <5632421efa98d647b1ddc50c4b85264b@localhost.localdomain> X-Priority: 3 Thread-Topic: D1944: PF and VIMAGE fixes X-Herald-Rules: none X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: In-Reply-To: References: Thread-Index: NDc2NzM0MzY4OTdiYThiNTU1MjY2ZDZmMTJiIFW4+Fw= Precedence: bulk X-Phabricator-Sent-This-Message: Yes X-Mail-Transport-Agent: MetaMTA X-Auto-Response-Suppress: All X-Phabricator-Mail-Tags: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="utf-8" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.20 List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jul 2015 15:59:24 -0000 rodrigc added a comment. @glebius: Nikos updated the patch. Can you review it? REVISION DETAIL https://reviews.freebsd.org/D1944 EMAIL PREFERENCES https://reviews.freebsd.org/settings/panel/emailpreferences/ To: nvass-gmx.com, bz, trociny, kristof, gnn, zec, rodrigc, glebius, eri Cc: farrokhi, julian, robak, freebsd-virtualization-list, freebsd-pf-list, freebsd-net-list