Date: Thu, 09 Jul 2009 18:27:35 +0400 From: Anonymous <swell.k@gmail.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/136618: [pf][stf] panic on cloning interface without unit number Message-ID: <86tz1mhqy0.fsf@gmail.com> Resent-Message-ID: <200907091430.n69EU2sO093149@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 136618 >Category: kern >Synopsis: [pf][stf] panic on cloning interface without unit number, e.g. `stf' >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jul 09 14:30:02 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Anonymous >Release: FreeBSD 8.0-BETA1 amd64 >Organization: >Environment: System: FreeBSD 8.0-BETA1 #0: Sat Jul 4 03:55:14 UTC 2009 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 qemu -no-kqemu -echr 3 -nographic /dev/zvol/h/home/luser/freebsd-i386 boot.config: -h -S115200 -s >Description: `ifconfig lo create' produces loN and outputs interface name into stdout. # ifconfig lo create lo1 # ifconfig lo1 lo1: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> Most other pseudo devices work in similar fashion. However, stf(4) behaves in different way, `ifconfig stf create' actually creates `stf' interface without unit number. This interface name confuses pf(4) and panic occurs. # ifconfig stf create # ifconfig stf stf: flags=0<> metric 0 mtu 1280 >How-To-Repeat: First, boot into single user mode. Then type # kldload pf # ifconfig stf create Fatal double fault: eip = 0xc23c1520 esp = 0xc89f7000 ebp = 0xc89f7010 cpuid = 0; apic id = 00 panic: double fault cpuid = 0 KDB: enter: panic [thread pid 22 tid 100042 ] Stopped at kdb_enter+0x3a: movl $0,kdb_why db> show all pcpu Current CPU: 0 cpuid = 0 dynamic pcpu = 0x6aed54 curthread = 0xc2388900: pid 22 "ifconfig" curpcb = 0xc89f8d90 fpcurthread = none idlethread = 0xc2156b40: pid 11 "idle: cpu0" APIC ID = 0 currentldt = 0x50 spin locks held: db> show all locks Process 22 (ifconfig) thread 0xc2388900 (100042) exclusive sleep mutex pf task mtx (pf task mtx) r = 0 (0xc23d98cc) locked @ /usr/src/sys/modules/pf/../../contrib/pf/net/pf_if.c:934 db> bt Tracing pid 22 tid 100042 td 0xc2388900 kdb_enter(c0c58284,c0c58284,c0c90701,c0f6cc70,0,...) at kdb_enter+0x3a panic(c0c90701,0,0,0,0,...) at panic+0x136 dblfault_handler() at dblfault_handler+0x9b --- trap 0x17, eip = 0xc23c1520, esp = 0xc89f7000, ebp = 0xc89f7010 --- pfi_kif_update(c2361e00,c23760b0,c2361e00,c89f7038,c23c1564,...) at pfi_kif_update pfi_kif_update(c2361e00,c23760b0,c2361e00,c89f704c,c23c1564,...) at pfi_kif_update+0x44 [...] pfi_kif_update(c2361e00,c2365320,c23ea41e,c89f8ab8,c23c16e9,...) at pfi_kif_update+0x44 pfi_kif_update(c2361e00,0,c23d7a21,3a6,c89f8af0,...) at pfi_kif_update+0x44 pfi_change_group_event(0,c23ea41e,c0c6732b,3fa,c2378d8c,...) at pfi_change_group_event+0x59 if_addgroup(c2353400,c23ea41e,10,0,0,...) at if_addgroup+0x500 if_clone_createif(0,0,c0c6781f,ad,c2365140,...) at if_clone_createif+0x81 if_clone_create(c2365140,10,0,c2388900,c89f8bac,...) at if_clone_create+0x8c ifioctl(c246cce0,c020697c,c2365140,c2388900,c237b700,...) at ifioctl+0x43f soo_ioctl(c238a9a0,c020697c,c2365140,c2152080,c2388900,...) at soo_ioctl+0x415 kern_ioctl(c2388900,3,c020697c,c2365140,18af480,...) at kern_ioctl+0x1fd ioctl(c2388900,c89f8cf8,c,c0c6f37d,c0d3c608,...) at ioctl+0x134 syscall(c89f8d38) at syscall+0x2a3 Xint0x80_syscall() at Xint0x80_syscall+0x20 --- syscall (54, FreeBSD ELF32, ioctl), eip = 0x281bd9c3, esp = 0xbfbfe58c, ebp = 0xbfbfe5d8 --- >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86tz1mhqy0.fsf>