Date: Fri, 29 Mar 2019 16:15:44 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 236864] sys/netpfil/pf/ioctl/validation:addtables triggered a GPF panic Message-ID: <bug-236864-227-n4QF2BO2Dx@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-236864-227@https.bugs.freebsd.org/bugzilla/> References: <bug-236864-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236864 --- Comment #2 from Kristof Provost <kp@freebsd.org> --- It appears to be reproducible by running the pf tests (/usr/tests/sys/netpfil/pf, not just the ioctl tests) in a loop. The backtrace suggests this is a generic issue with setting up or tearing down interfaces rather than something specific to pf though. This panics in ifunit_ref(), because while we're iterating the list of interfaces (and have the NET_EPOCH held) we run into a freed interface: #16 0xffffffff80cdcce1 in ifunit_ref (name=0xfffffe009dfae7e0 "epair0b") at /usr/src/sys/net/if.c:2422 2422 if (strncmp(name, ifp->if_xname, IFNAMSIZ) == 0 && (kgdb) p name $1 = 0xfffffe009dfae7e0 "epair0b" (kgdb) p ifp $2 = (struct ifnet *) 0xdeadc0dedeadc0de I'd assume that means some other part of the code has free()d the interface without going through the appropriate 'wait until the epoch is over' callback. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-236864-227-n4QF2BO2Dx>