kern/136618: [pf][stf] panic on cloning interface without unit
number
Anonymous
swell.k at gmail.com
Thu Jul 9 14:30:03 UTC 2009
>Number: 136618
>Category: kern
>Synopsis: [pf][stf] panic on cloning interface without unit number, e.g. `stf'
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jul 09 14:30:02 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Anonymous
>Release: FreeBSD 8.0-BETA1 amd64
>Organization:
>Environment:
System: FreeBSD 8.0-BETA1 #0: Sat Jul 4 03:55:14 UTC 2009
root at almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
qemu -no-kqemu -echr 3 -nographic /dev/zvol/h/home/luser/freebsd-i386
boot.config: -h -S115200 -s
>Description:
`ifconfig lo create' produces loN and outputs interface name into stdout.
# ifconfig lo create
lo1
# ifconfig lo1
lo1: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
Most other pseudo devices work in similar fashion. However, stf(4) behaves
in different way, `ifconfig stf create' actually creates `stf' interface
without unit number. This interface name confuses pf(4) and panic occurs.
# ifconfig stf create
# ifconfig stf
stf: flags=0<> metric 0 mtu 1280
>How-To-Repeat:
First, boot into single user mode. Then type
# kldload pf
# ifconfig stf create
Fatal double fault:
eip = 0xc23c1520
esp = 0xc89f7000
ebp = 0xc89f7010
cpuid = 0; apic id = 00
panic: double fault
cpuid = 0
KDB: enter: panic
[thread pid 22 tid 100042 ]
Stopped at kdb_enter+0x3a: movl $0,kdb_why
db> show all pcpu
Current CPU: 0
cpuid = 0
dynamic pcpu = 0x6aed54
curthread = 0xc2388900: pid 22 "ifconfig"
curpcb = 0xc89f8d90
fpcurthread = none
idlethread = 0xc2156b40: pid 11 "idle: cpu0"
APIC ID = 0
currentldt = 0x50
spin locks held:
db> show all locks
Process 22 (ifconfig) thread 0xc2388900 (100042)
exclusive sleep mutex pf task mtx (pf task mtx) r = 0 (0xc23d98cc) locked @ /usr/src/sys/modules/pf/../../contrib/pf/net/pf_if.c:934
db> bt
Tracing pid 22 tid 100042 td 0xc2388900
kdb_enter(c0c58284,c0c58284,c0c90701,c0f6cc70,0,...) at kdb_enter+0x3a
panic(c0c90701,0,0,0,0,...) at panic+0x136
dblfault_handler() at dblfault_handler+0x9b
--- trap 0x17, eip = 0xc23c1520, esp = 0xc89f7000, ebp = 0xc89f7010 ---
pfi_kif_update(c2361e00,c23760b0,c2361e00,c89f7038,c23c1564,...) at pfi_kif_update
pfi_kif_update(c2361e00,c23760b0,c2361e00,c89f704c,c23c1564,...) at pfi_kif_update+0x44
[...]
pfi_kif_update(c2361e00,c2365320,c23ea41e,c89f8ab8,c23c16e9,...) at pfi_kif_update+0x44
pfi_kif_update(c2361e00,0,c23d7a21,3a6,c89f8af0,...) at pfi_kif_update+0x44
pfi_change_group_event(0,c23ea41e,c0c6732b,3fa,c2378d8c,...) at pfi_change_group_event+0x59
if_addgroup(c2353400,c23ea41e,10,0,0,...) at if_addgroup+0x500
if_clone_createif(0,0,c0c6781f,ad,c2365140,...) at if_clone_createif+0x81
if_clone_create(c2365140,10,0,c2388900,c89f8bac,...) at if_clone_create+0x8c
ifioctl(c246cce0,c020697c,c2365140,c2388900,c237b700,...) at ifioctl+0x43f
soo_ioctl(c238a9a0,c020697c,c2365140,c2152080,c2388900,...) at soo_ioctl+0x415
kern_ioctl(c2388900,3,c020697c,c2365140,18af480,...) at kern_ioctl+0x1fd
ioctl(c2388900,c89f8cf8,c,c0c6f37d,c0d3c608,...) at ioctl+0x134
syscall(c89f8d38) at syscall+0x2a3
Xint0x80_syscall() at Xint0x80_syscall+0x20
--- syscall (54, FreeBSD ELF32, ioctl), eip = 0x281bd9c3, esp = 0xbfbfe58c, ebp = 0xbfbfe5d8 ---
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list