Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 31 Dec 2015 20:56:46 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-amd64@FreeBSD.org
Subject:   [Bug 205743] null pointer dereference in PF running a vimage jail
Message-ID:  <bug-205743-6-eGFl7575QG@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-205743-6@https.bugs.freebsd.org/bugzilla/>
References:  <bug-205743-6@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D205743

--- Comment #4 from gila <ing.gila@gmail.com> ---
I've applied the patch against 0efa1469be94566c09b9f4ce538c28e92d26026c and
there is another panic.

(kgdb) bt
#0  doadump (textdump=3D0x1) at pcpu.h:221
During symbol reading, Incomplete CFI data; unspecified registers at
0xffffffff80a9ed76.
#1  0xffffffff80a9eaa3 in kern_reboot (howto=3D0x104) at
/usr/src/sys/kern/kern_shutdown.c:364
#2  0xffffffff80a9f00b in vpanic (fmt=3D<value optimized out>, ap=3D<value
optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:757
#3  0xffffffff80a9ee43 in panic (fmt=3D0x0) at
/usr/src/sys/kern/kern_shutdown.c:688
#4  0xffffffff8038a3b7 in db_panic (addr=3D<value optimized out>, have_addr=
=3D0x0,
count=3D0x0, modif=3D0x0)
    at /usr/src/sys/ddb/db_command.c:473
#5  0xffffffff8038993e in db_command (cmd_table=3D0x0) at
/usr/src/sys/ddb/db_command.c:440
#6  0xffffffff803896d4 in db_command_loop () at
/usr/src/sys/ddb/db_command.c:493
#7  0xffffffff8038c1db in db_trap (type=3D<value optimized out>, code=3D0x0=
) at
/usr/src/sys/ddb/db_main.c:251
#8  0xffffffff80ae3803 in kdb_trap (type=3D0xc, code=3D0x0, tf=3D<value opt=
imized
out>) at /usr/src/sys/kern/subr_kdb.c:654
#9  0xffffffff80f8e711 in trap_fatal (frame=3D0xfffffe0231d4e1c0, eva=3D<va=
lue
optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:829
#10 0xffffffff80f8e944 in trap_pfault (frame=3D0xfffffe0231d4e1c0,
usermode=3D<value optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:684
#11 0xffffffff80f8e0fe in trap (frame=3D0xfffffe0231d4e1c0) at
/usr/src/sys/amd64/amd64/trap.c:435
#12 0xffffffff80f71337 in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:234
#13 0xffffffff80d22752 in pfsync_clear_states (creatorid=3D<value optimized=
 out>,
ifname=3D0x0)
    at /usr/src/sys/netpfil/pf/if_pfsync.c:1973
#14 0xffffffff80d3bac5 in pfioctl (dev=3D<value optimized out>, cmd=3D<value
optimized out>, addr=3D0xfffff80006f62500 "",
    flags=3D<value optimized out>, td=3D<value optimized out>) at
/usr/src/sys/netpfil/pf/pf_ioctl.c:1692
#15 0xffffffff8095a9ab in devfs_ioctl_f (fp=3D0xfffff800068e12d0, com=3D0xc=
0e04412,
data=3D0xfffff80006f62500,
    cred=3D<value optimized out>, td=3D0xfffff8004649e000) at
/usr/src/sys/fs/devfs/devfs_vnops.c:813
#16 0xffffffff80b00a3c in kern_ioctl (td=3D0xfffff8004649e000, fd=3D<value
optimized out>, com=3D0x0,
    data=3D0xfffff80006f62500 "") at file.h:324
#17 0xffffffff80b005be in sys_ioctl (td=3D0xfffff8004649e000,
uap=3D0xfffffe0231d4ea40)
    at /usr/src/sys/kern/sys_generic.c:723
#18 0xffffffff80f8f0e8 in amd64_syscall (td=3D0xfffff8004649e000, traced=3D=
0x0) at
subr_syscall.c:135
#19 0xffffffff80f7161b in Xfast_syscall () at
/usr/src/sys/amd64/amd64/exception.S:394
#20 0x0000000800de94ba in ?? ()

Now the panic occurs in pfsync_clear_states()

--=20
You are receiving this mail because:
You are on the CC list for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-205743-6-eGFl7575QG>