Date: Fri, 29 Mar 2019 16:15:44 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 236864] sys/netpfil/pf/ioctl/validation:addtables triggered a GPF panic Message-ID: <bug-236864-227-n4QF2BO2Dx@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-236864-227@https.bugs.freebsd.org/bugzilla/> References: <bug-236864-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236864 --- Comment #2 from Kristof Provost <kp@freebsd.org> --- It appears to be reproducible by running the pf tests (/usr/tests/sys/netpfil/pf, not just the ioctl tests) in a loop. The backtrace suggests this is a generic issue with setting up or tearing d= own interfaces rather than something specific to pf though. This panics in ifunit_ref(), because while we're iterating the list of interfaces (and have the NET_EPOCH held) we run into a freed interface: #16 0xffffffff80cdcce1 in ifunit_ref (name=3D0xfffffe009dfae7e0 "epair0b") = at /usr/src/sys/net/if.c:2422 2422 if (strncmp(name, ifp->if_xname, IFNAMSIZ) =3D=3D 0= && (kgdb) p name $1 =3D 0xfffffe009dfae7e0 "epair0b" (kgdb) p ifp $2 =3D (struct ifnet *) 0xdeadc0dedeadc0de I'd assume that means some other part of the code has free()d the interface without going through the appropriate 'wait until the epoch is over' callba= ck. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-236864-227-n4QF2BO2Dx>