Crash in pf(4) with a fairly recent RELENG_8

Wed Mar 17 23:44:49 UTC 2010

On Thu, Mar 18, 2010 at 12:38 AM, Vlad Galu <dudu at dudu.ro> wrote:
> Luckily I could find this coredump:
>
> -- cut here --
> #0  doadump () at pcpu.h:223
> #1  0xffffffff802f4ace in boot (howto=260) at ../../../kern/kern_shutdown.c:416
> #2  0xffffffff802f4eab in panic (fmt=Variable "fmt" is not available.
> ) at ../../../kern/kern_shutdown.c:579
> #3  0xffffffff805064d2 in trap_fatal (frame=0xffffff80000345c0, eva=0)
>    at ../../../amd64/amd64/trap.c:857
> #4  0xffffffff80506e8c in trap (frame=0xffffff80000345c0)
>    at ../../../amd64/amd64/trap.c:644
> #5  0xffffffff804eec93 in calltrap () at ../../../amd64/amd64/exception.S:224
> #6  0xffffffff801a1140 in pf_state_tree_id_RB_MINMAX ()
>    at ../../../contrib/pf/net/pf.c:401
> #7  0xffffffff801a1210 in pf_src_tree_RB_FIND (head=Variable "head" is
> not available.
> )
>    at ../../../contrib/pf/net/pf.c:396
> #8  0xffffffff801a3594 in pf_insert_src_node (sn=0xffffff8000034868,
>    rule=0xffffff0001694000, src=0xffffff000d75701c, af=2 '\002')
>    at ../../../contrib/pf/net/pf.c:850
> #9  0xffffffff801acd6e in pf_test_tcp (rm=0xffffff8000034978,
>    sm=0xffffff8000034970, direction=1, kif=0xffffff000132ab00,
>    m=0xffffff001e052b00, off=20, h=0xffffff000d757010, pd=0xffffff8000034990,
>    am=0xffffff8000034980, rsm=0xffffff8000034968, ifq=0x0, inp=0x0)
>    at ../../../contrib/pf/net/pf.c:3500
> #10 0xffffffff801ae7a6 in pf_test (dir=1, ifp=0xffffff0001201000,
>    m0=0xffffff8000034ac8, eh=Variable "eh" is not available.
> ) at ../../../contrib/pf/net/pf.c:7066
> #11 0xffffffff801b33a9 in pf_check_in (arg=Variable "arg" is not available.
> )
>    at ../../../contrib/pf/net/pf_ioctl.c:3646
> -- and here --
>

The pf_src_node struct in frame #8 is this:
-- cut here--
(kgdb) p k
$1 = {entry = {rbe_left = 0x0, rbe_right = 0x0,
    rbe_parent = 0xffffffff00000000, rbe_color = 0}, addr = {pfa = {v4 = {
        s_addr = 1684237067}, v6 = {__u6_addr = {
          __u6_addr8 = "\vkcd\200???\001\000\000\000\000\000\000",
          __u6_addr16 = {27403, 25699, 65408, 65535, 1, 0, 0, 0},
          __u6_addr32 = {1684237067, 4294967168, 1, 0}}},
      addr8 = "\vkcd\200???\001\000\000\000\000\000\000", addr16 = {27403,
        25699, 65408, 65535, 1, 0, 0, 0}, addr32 = {1684237067, 4294967168, 1,
        0}}}, raddr = {pfa = {v4 = {s_addr = 12}, v6 = {__u6_addr = {
          __u6_addr8 = "\f\000\000\000\000\000\000\000\000?2\001\000???",
          __u6_addr16 = {12, 0, 0, 0, 43776, 306, 65280, 65535},
          __u6_addr32 = {12, 0, 20097792, 4294967040}}},
      addr8 = "\f\000\000\000\000\000\000\000\000?2\001\000???", addr16 = {12,
        0, 0, 0, 43776, 306, 65280, 65535}, addr32 = {12, 0, 20097792,
        4294967040}}}, rule = {ptr = 0xffffff0001694000, nr = 23674880},
  kif = 0xffffffff801a9858, bytes = {18446743523953737740,
    18446742974423724064}, packets = {3354, 17179869187}, states = 23510160,
  conn = 4294967040, conn_rate = {limit = 23403040, seconds = 4294967040,
    count = 20097792, last = 4294967040}, creation = 2, expire = 0,
  af = 2 '\002', ruletype = 0 '\0'}
-- and here--

The byte count looks weird...