From nobody Wed Feb 01 05:35:12 2023 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P69c04d45z3cB9r for ; Wed, 1 Feb 2023 05:35:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P69c02DL2z4ZLZ for ; Wed, 1 Feb 2023 05:35:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675229712; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NKn/8iSlwSp15Me1wfEkZCwIIvrK96foD8QiFVUBA2o=; b=MRBZpGdoV9nwXf3twkRLCWfDrfYNgrxwUzf8bIuwMJ3a91CXuV6UibgNbFDlItHIsJ/H95 CWmxL738VCeux0uPgx9cIbOnOlMBDP5oKe7vU5/aN9pxx7gnXVR9l8L1EbC3pdF6k8R5Dc NZc6VsyKw8S+Gm4NZ9aO6udIsF16PINrA0/77VTwNmQqdwFHiJHe0j5LuQ4VJp2PzwZ+Ip zE/dAFN9Skyf1exBRcCNsexxCBQjrYvyohNcmc+QMfz1BZ73XUAaDq7eJEnoJO4Ty3EJu7 3SbkYPr3b6se46pErfIxB+qxXFmlJX9aTvDVXo4/YH/FAr+j9iWGHsxagaSkWg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675229712; a=rsa-sha256; cv=none; b=DlsNjTauYgYMl0HErcOwna8wDEtNaLQfcm/P1gtQzs6fdfANlXIpPFNt6M2Wtf2OeZ74rV Dogk+VKOLDM3bUaxSfxRkp+FDHWGkIDOvdL6A//2zXL5jdk0QDrfMCV9tOvXaq2ndDqfol 6UEcUHxAd8K05IdrnG0ZOuB/0wIi8ZctPvBG8P5w8RoLbCdIqN4bev05XSBh7lizvzpDDW Ov//Ps/JQrm5t3cgub7vOoJKr+Hawi6M2JkUm+PqNQjMMYMQEgHy/KSub3diJ9PI7DxEAu 3+F0HhFP2T3P3DLdaUrywtDV/8g5QBTf/B6NAZf+Kgw2OZMi89C5D9ISrEk0QQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4P69c01Jpfz1HcL for ; Wed, 1 Feb 2023 05:35:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3115ZCwa089861 for ; Wed, 1 Feb 2023 05:35:12 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3115ZCmq089860 for net@FreeBSD.org; Wed, 1 Feb 2023 05:35:12 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 268246] crash and panic using pfsync on 13.1-RELEASE Date: Wed, 01 Feb 2023 05:35:12 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.1-RELEASE X-Bugzilla-Keywords: crash, needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268246 --- Comment #44 from Kristof Provost --- (In reply to jjasen from comment #43) That .. that doesn't make a whole lot of sense. With that patch the system should have panicked before that point. We don't modify mbufs while they're deferred, so if it's bad coming out it had to have been bad going in. Yet we didn't panic on insertion. So either the bad mbuf took the other path, for which I've extended the test patch now: diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index 61308a35a7e1..ae913185ec8a 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -604,7 +604,11 @@ pfsync_state_import(struct pfsync_state *sp, int flags) if (!(flags & PFSYNC_SI_IOCTL)) { st->state_flags &=3D ~PFSTATE_NOSYNC; if (st->state_flags & PFSTATE_ACK) { + struct pfsync_bucket *b =3D pfsync_get_bucket(sc, st); + PFSYNC_BUCKET_LOCK(b); pfsync_q_ins(st, PFSYNC_S_IACK, true); + PFSYNC_BUCKET_UNLOCK(b); + pfsync_push_all(sc); } } @@ -1690,6 +1694,17 @@ pfsync_sendout(int schedswi, int c) if_inc_counter(sc->sc_ifp, IFCOUNTER_OBYTES, m->m_pkthdr.len); b->b_len =3D PFSYNC_MINPKT; + { + struct ip *ip; + + ip =3D mtod(m, struct ip *); + if (ip->ip_v =3D=3D 4) { + int len =3D ntohs(ip->ip_len); + if (m_length(m, NULL) !=3D len) + panic("Incorrect ip_len %d !=3D m_length %d= ", len, m_length(m, NULL)); + } + } + if (!_IF_QFULL(&b->b_snd)) _IF_ENQUEUE(&b->b_snd, m); else { @@ -1734,6 +1749,7 @@ pfsync_defer(struct pf_kstate *st, struct mbuf *m) struct pfsync_softc *sc =3D V_pfsyncif; struct pfsync_deferral *pd; struct pfsync_bucket *b; + struct ip *ip; if (m->m_flags & (M_BCAST|M_MCAST)) return (0); @@ -1751,6 +1767,13 @@ pfsync_defer(struct pf_kstate *st, struct mbuf *m) return (0); } + ip =3D mtod(m, struct ip *); + if (ip->ip_v =3D=3D 4) { + int len =3D ntohs(ip->ip_len); + if (m_length(m, NULL) !=3D len) + panic("Incorrect ip_len %d !=3D m_length %d", len, m_length(m, NULL)); + } + PFSYNC_BUCKET_LOCK(b); PFSYNC_UNLOCK(sc); Or ... something else is wrong with that particular machine. Have you run a memory test on it? --=20 You are receiving this mail because: You are the assignee for the bug.=