From owner-freebsd-pf@FreeBSD.ORG  Fri Mar 19 01:01:46 2010
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D42B2106567F
	for <freebsd-pf@freebsd.org>; Fri, 19 Mar 2010 01:01:46 +0000 (UTC)
	(envelope-from dudu@dudu.ro)
Received: from mail-fx0-f224.google.com (mail-fx0-f224.google.com
	[209.85.220.224])
	by mx1.freebsd.org (Postfix) with ESMTP id 5E1188FC18
	for <freebsd-pf@freebsd.org>; Fri, 19 Mar 2010 01:01:46 +0000 (UTC)
Received: by fxm24 with SMTP id 24so38254fxm.3
	for <freebsd-pf@freebsd.org>; Thu, 18 Mar 2010 18:01:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.65.18 with SMTP id g18mr9813106fai.32.1268958821187; Thu, 
	18 Mar 2010 17:33:41 -0700 (PDT)
In-Reply-To: <ad79ad6b1003171644y11885d4an9ff70e9ccfd34e2a@mail.gmail.com>
References: <ad79ad6b1003171638w393f40aao4524d2a742a37c02@mail.gmail.com> 
	<ad79ad6b1003171644y11885d4an9ff70e9ccfd34e2a@mail.gmail.com>
From: Vlad Galu <dudu@dudu.ro>
Date: Fri, 19 Mar 2010 01:33:21 +0100
Message-ID: <ad79ad6b1003181733w30982746j1279c4d2fa3a7ea6@mail.gmail.com>
To: freebsd-pf@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Fwd: Crash in pf(4) with a fairly recent RELENG_8
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Mar 2010 01:01:46 -0000

Duh, never thought of writing to this list first :/

Forwarded conversation
Subject: Crash in pf(4) with a fairly recent RELENG_8
------------------------

From: *Vlad Galu* <dudu@dudu.ro>
Date: Thu, Mar 18, 2010 at 12:38 AM
To: freebsd-stable@freebsd.org


Luckily I could find this coredump:

-- cut here --
#0  doadump () at pcpu.h:223
#1  0xffffffff802f4ace in boot (howto=260) at
../../../kern/kern_shutdown.c:416
#2  0xffffffff802f4eab in panic (fmt=Variable "fmt" is not available.
) at ../../../kern/kern_shutdown.c:579
#3  0xffffffff805064d2 in trap_fatal (frame=0xffffff80000345c0, eva=0)
   at ../../../amd64/amd64/trap.c:857
#4  0xffffffff80506e8c in trap (frame=0xffffff80000345c0)
   at ../../../amd64/amd64/trap.c:644
#5  0xffffffff804eec93 in calltrap () at
../../../amd64/amd64/exception.S:224
#6  0xffffffff801a1140 in pf_state_tree_id_RB_MINMAX ()
   at ../../../contrib/pf/net/pf.c:401
#7  0xffffffff801a1210 in pf_src_tree_RB_FIND (head=Variable "head" is
not available.
)
   at ../../../contrib/pf/net/pf.c:396
#8  0xffffffff801a3594 in pf_insert_src_node (sn=0xffffff8000034868,
   rule=0xffffff0001694000, src=0xffffff000d75701c, af=2 '\002')
   at ../../../contrib/pf/net/pf.c:850
#9  0xffffffff801acd6e in pf_test_tcp (rm=0xffffff8000034978,
   sm=0xffffff8000034970, direction=1, kif=0xffffff000132ab00,
   m=0xffffff001e052b00, off=20, h=0xffffff000d757010,
pd=0xffffff8000034990,
   am=0xffffff8000034980, rsm=0xffffff8000034968, ifq=0x0, inp=0x0)
   at ../../../contrib/pf/net/pf.c:3500
#10 0xffffffff801ae7a6 in pf_test (dir=1, ifp=0xffffff0001201000,
   m0=0xffffff8000034ac8, eh=Variable "eh" is not available.
) at ../../../contrib/pf/net/pf.c:7066
#11 0xffffffff801b33a9 in pf_check_in (arg=Variable "arg" is not available.
)
   at ../../../contrib/pf/net/pf_ioctl.c:3646
-- and here --



--
Good, fast & cheap. Pick any two.

----------
From: *Vlad Galu* <dudu@dudu.ro>
Date: Thu, Mar 18, 2010 at 12:44 AM
To: freebsd-stable@freebsd.org


The pf_src_node struct in frame #8 is this:
-- cut here--
(kgdb) p k
$1 = {entry = {rbe_left = 0x0, rbe_right = 0x0,
   rbe_parent = 0xffffffff00000000, rbe_color = 0}, addr = {pfa = {v4 = {
       s_addr = 1684237067}, v6 = {__u6_addr = {
         __u6_addr8 = "\vkcd\200???\001\000\000\000\000\000\000",
         __u6_addr16 = {27403, 25699, 65408, 65535, 1, 0, 0, 0},
         __u6_addr32 = {1684237067, 4294967168, 1, 0}}},
     addr8 = "\vkcd\200???\001\000\000\000\000\000\000", addr16 = {27403,
       25699, 65408, 65535, 1, 0, 0, 0}, addr32 = {1684237067, 4294967168,
1,
       0}}}, raddr = {pfa = {v4 = {s_addr = 12}, v6 = {__u6_addr = {
         __u6_addr8 = "\f\000\000\000\000\000\000\000\000?2\001\000???",
         __u6_addr16 = {12, 0, 0, 0, 43776, 306, 65280, 65535},
         __u6_addr32 = {12, 0, 20097792, 4294967040}}},
     addr8 = "\f\000\000\000\000\000\000\000\000?2\001\000???", addr16 =
{12,
       0, 0, 0, 43776, 306, 65280, 65535}, addr32 = {12, 0, 20097792,
       4294967040}}}, rule = {ptr = 0xffffff0001694000, nr = 23674880},
 kif = 0xffffffff801a9858, bytes = {18446743523953737740,
   18446742974423724064}, packets = {3354, 17179869187}, states = 23510160,
 conn = 4294967040, conn_rate = {limit = 23403040, seconds = 4294967040,
   count = 20097792, last = 4294967040}, creation = 2, expire = 0,
 af = 2 '\002', ruletype = 0 '\0'}
-- and here--

The byte count looks weird...




-- 
Good, fast & cheap. Pick any two.