From owner-freebsd-bugs@FreeBSD.ORG Thu Jul 9 14:30:03 2009 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4D45C10656A9 for ; Thu, 9 Jul 2009 14:30:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 273238FC19 for ; Thu, 9 Jul 2009 14:30:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n69EU3Qx093155 for ; Thu, 9 Jul 2009 14:30:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n69EU2sO093149; Thu, 9 Jul 2009 14:30:02 GMT (envelope-from gnats) Resent-Date: Thu, 9 Jul 2009 14:30:02 GMT Resent-Message-Id: <200907091430.n69EU2sO093149@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Anonymous Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0E167106564A for ; Thu, 9 Jul 2009 14:27:42 +0000 (UTC) (envelope-from swell.k@gmail.com) Received: from mail-fx0-f224.google.com (mail-fx0-f224.google.com [209.85.220.224]) by mx1.freebsd.org (Postfix) with ESMTP id 8979D8FC22 for ; Thu, 9 Jul 2009 14:27:41 +0000 (UTC) (envelope-from swell.k@gmail.com) Received: by fxm24 with SMTP id 24so174567fxm.43 for ; Thu, 09 Jul 2009 07:27:40 -0700 (PDT) Received: by 10.103.217.5 with SMTP id u5mr479539muq.43.1247149660681; Thu, 09 Jul 2009 07:27:40 -0700 (PDT) Received: from localhost (95-24-71-52.broadband.corbina.ru [95.24.71.52]) by mx.google.com with ESMTPS id n10sm19676422mue.47.2009.07.09.07.27.38 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 09 Jul 2009 07:27:39 -0700 (PDT) Message-Id: <86tz1mhqy0.fsf@gmail.com> Date: Thu, 09 Jul 2009 18:27:35 +0400 From: Anonymous To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: kern/136618: [pf][stf] panic on cloning interface without unit number X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jul 2009 14:30:03 -0000 >Number: 136618 >Category: kern >Synopsis: [pf][stf] panic on cloning interface without unit number, e.g. `stf' >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jul 09 14:30:02 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Anonymous >Release: FreeBSD 8.0-BETA1 amd64 >Organization: >Environment: System: FreeBSD 8.0-BETA1 #0: Sat Jul 4 03:55:14 UTC 2009 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 qemu -no-kqemu -echr 3 -nographic /dev/zvol/h/home/luser/freebsd-i386 boot.config: -h -S115200 -s >Description: `ifconfig lo create' produces loN and outputs interface name into stdout. # ifconfig lo create lo1 # ifconfig lo1 lo1: flags=8008 metric 0 mtu 16384 options=3 Most other pseudo devices work in similar fashion. However, stf(4) behaves in different way, `ifconfig stf create' actually creates `stf' interface without unit number. This interface name confuses pf(4) and panic occurs. # ifconfig stf create # ifconfig stf stf: flags=0<> metric 0 mtu 1280 >How-To-Repeat: First, boot into single user mode. Then type # kldload pf # ifconfig stf create Fatal double fault: eip = 0xc23c1520 esp = 0xc89f7000 ebp = 0xc89f7010 cpuid = 0; apic id = 00 panic: double fault cpuid = 0 KDB: enter: panic [thread pid 22 tid 100042 ] Stopped at kdb_enter+0x3a: movl $0,kdb_why db> show all pcpu Current CPU: 0 cpuid = 0 dynamic pcpu = 0x6aed54 curthread = 0xc2388900: pid 22 "ifconfig" curpcb = 0xc89f8d90 fpcurthread = none idlethread = 0xc2156b40: pid 11 "idle: cpu0" APIC ID = 0 currentldt = 0x50 spin locks held: db> show all locks Process 22 (ifconfig) thread 0xc2388900 (100042) exclusive sleep mutex pf task mtx (pf task mtx) r = 0 (0xc23d98cc) locked @ /usr/src/sys/modules/pf/../../contrib/pf/net/pf_if.c:934 db> bt Tracing pid 22 tid 100042 td 0xc2388900 kdb_enter(c0c58284,c0c58284,c0c90701,c0f6cc70,0,...) at kdb_enter+0x3a panic(c0c90701,0,0,0,0,...) at panic+0x136 dblfault_handler() at dblfault_handler+0x9b --- trap 0x17, eip = 0xc23c1520, esp = 0xc89f7000, ebp = 0xc89f7010 --- pfi_kif_update(c2361e00,c23760b0,c2361e00,c89f7038,c23c1564,...) at pfi_kif_update pfi_kif_update(c2361e00,c23760b0,c2361e00,c89f704c,c23c1564,...) at pfi_kif_update+0x44 [...] pfi_kif_update(c2361e00,c2365320,c23ea41e,c89f8ab8,c23c16e9,...) at pfi_kif_update+0x44 pfi_kif_update(c2361e00,0,c23d7a21,3a6,c89f8af0,...) at pfi_kif_update+0x44 pfi_change_group_event(0,c23ea41e,c0c6732b,3fa,c2378d8c,...) at pfi_change_group_event+0x59 if_addgroup(c2353400,c23ea41e,10,0,0,...) at if_addgroup+0x500 if_clone_createif(0,0,c0c6781f,ad,c2365140,...) at if_clone_createif+0x81 if_clone_create(c2365140,10,0,c2388900,c89f8bac,...) at if_clone_create+0x8c ifioctl(c246cce0,c020697c,c2365140,c2388900,c237b700,...) at ifioctl+0x43f soo_ioctl(c238a9a0,c020697c,c2365140,c2152080,c2388900,...) at soo_ioctl+0x415 kern_ioctl(c2388900,3,c020697c,c2365140,18af480,...) at kern_ioctl+0x1fd ioctl(c2388900,c89f8cf8,c,c0c6f37d,c0d3c608,...) at ioctl+0x134 syscall(c89f8d38) at syscall+0x2a3 Xint0x80_syscall() at Xint0x80_syscall+0x20 --- syscall (54, FreeBSD ELF32, ioctl), eip = 0x281bd9c3, esp = 0xbfbfe58c, ebp = 0xbfbfe5d8 --- >Fix: >Release-Note: >Audit-Trail: >Unformatted: