Date: Thu, 13 Aug 2009 05:16:09 +1000 From: Peter Jeremy <peterjeremy@optushome.com.au> To: freebsd-stable@freebsd.org Subject: Panic due to junk pointer in pf(4) Message-ID: <20090812191609.GA60973@server.vk2pj.dyndns.org>
next in thread | raw e-mail | index | archive | help
--YZ5djTAD1cGYuMQK
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
My firewall (7.2p3/i386) recently panic'd:
Fatal trap 12: page fault while in kernel mode
fault virtual address =3D 0x1065e
fault code =3D supervisor read, page not present
=2E..
I have a crashdump that shows:
#6 0xc06c9c1b in calltrap () at /usr/src/sys/i386/i386/exception.s:159
#7 0xc044ecd0 in pf_state_tree_lan_ext_RB_REMOVE_COLOR (head=3D0xc2a256a8,=
=20
parent=3D0xc442c6a0, elm=3D0xc40aa8e0) at /usr/src/sys/contrib/pf/net/p=
f.c:391
#8 0xc044ef79 in pf_state_tree_lan_ext_RB_REMOVE (head=3D0xc2a256a8,=20
elm=3D0xc404a11c) at /usr/src/sys/contrib/pf/net/pf.c:391
#9 0xc045383e in pf_unlink_state (cur=3D0xc404a11c)
at /usr/src/sys/contrib/pf/net/pf.c:1158
#10 0xc0456b6e in pf_purge_expired_states (maxcheck=3D119)
at /usr/src/sys/contrib/pf/net/pf.c:1242
#11 0xc04570f9 in pf_purge_thread (v=3D0x0)
at /usr/src/sys/contrib/pf/net/pf.c:998
#12 0xc0535781 in fork_exit (callout=3D0xc0456f50 <pf_purge_thread>, arg=3D=
0x0,=20
frame=3D0xd2d4cd38) at /usr/src/sys/kern/kern_fork.c:810
#13 0xc06c9c90 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:=
264
Working up, 'parent' in pf_state_tree_lan_ext_RB_REMOVE_COLOR() has
a garbage u.s.entry_lan_ext:
(kgdb) p parent->u
$3 =3D {s =3D {entry_lan_ext =3D {rbe_left =3D 0x10602, rbe_right =3D 0x500=
00,=20
rbe_parent =3D 0xc40aa8e0, rbe_color =3D -1002258432}, entry_ext_gwy =
=3D {
rbe_left =3D 0xc3c42238, rbe_right =3D 0x1, rbe_parent =3D 0x0,=20
rbe_color =3D 0}, entry_id =3D {rbe_left =3D 0xc3c54470, rbe_right =
=3D 0x0,=20
rbe_parent =3D 0x0, rbe_color =3D 0}, entry_list =3D {tqe_next =3D 0x=
c41f9e6c,=20
tqe_prev =3D 0x0}, kif =3D 0xc442c58c},=20
ifname =3D "\002\006\001\000\000\000\005\000=E0=A8\n=C4\000=C0B=C4"}
Does anyone have any suggestions on where to look next?
--=20
Peter Jeremy
--YZ5djTAD1cGYuMQK
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (FreeBSD)
iEYEARECAAYFAkqDFPkACgkQ/opHv/APuIdIuACfYVGdmiATGpFiljLb+KWrrC8u
EtoAn2P0l/+NRGB9IcJYYjR/ovlnCZ1E
=7tL1
-----END PGP SIGNATURE-----
--YZ5djTAD1cGYuMQK--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090812191609.GA60973>