pfctl segmentation fault in pfctl_optimize.c

Patrick Lamaiziere patfbsd at davenulle.org
Tue Mar 9 10:05:47 UTC 2021


Hello,

FreeBSD 11.4-RELEASE-p3 / amd64

Yesterday while loading a ruleset, pfctl core dumped with a
segmentation fault (see gdb below)

We are recently using some big tables so may be this is what triggered the problem (?), i can't reproduce this.

I've found something on tech at openbsd.org that looks closely related:
https://www.mail-archive.com/tech@openbsd.org/msg42870.html

Thanks, regards.

# gdb /sbin/pfctl
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
(gdb) core /home/adminsys/pfctl.core 
Core was generated by `/sbin/pfctl -f /etc/pf.conf'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libm.so.5...Reading symbols from /usr/lib/debug//lib/libm.so.5.debug...done.
done.
Loaded symbols for /lib/libm.so.5
Reading symbols from /lib/libmd.so.6...Reading symbols from /usr/lib/debug//lib/libmd.so.6.debug...done.
done.
Loaded symbols for /lib/libmd.so.6
Reading symbols from /lib/libc.so.7...Reading symbols from /usr/lib/debug//lib/libc.so.7.debug...done.
done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /libexec/ld-elf.so.1...Reading symbols from /usr/lib/debug//libexec/ld-elf.so.1.debug...done.
done.
Loaded symbols for /libexec/ld-elf.so.1
#0  0x0000000800d6bf4d in ifree (ptr=0x801452fc0, tcache=0x80140d000, slow_path=<value optimized out>)
    at src/contrib/jemalloc/include/jemalloc/internal/tcache.h:415
415		if (unlikely(tbin->ncached == tbin_info->ncached_max)) {
Current language:  auto; currently minimal
(gdb) bt
#0  0x0000000800d6bf4d in ifree (ptr=0x801452fc0, tcache=0x80140d000, slow_path=<value optimized out>)
    at src/contrib/jemalloc/include/jemalloc/internal/tcache.h:415
#1  0x0000000800d6bdb1 in __free (ptr=0x801452fc0) at src/contrib/jemalloc/include/jemalloc/internal/tsd.h:716
#2  0x0000000000425345 in superblock_free (pf=0x7fffffffdd60, block=0x80149b600) at /usr/src/sbin/pfctl/pfctl_optimize.c:1647
#3  0x0000000000424b1f in pfctl_optimize_ruleset (pf=0x7fffffffdd60, rs=0x801458490) at /usr/src/sbin/pfctl/pfctl_optimize.c:357
#4  0x000000000040572c in pfctl_load_ruleset (pf=0x7fffffffdd60, path=<value optimized out>, rs=0x801458490, rs_num=1, depth=0)
    at /usr/src/sbin/pfctl/pfctl.c:1396
#5  0x0000000000405ffd in pfctl_rules (dev=3, filename=0x7fffffffee6f "/etc/pf.conf", opts=0, optimize=<value optimized out>, 
    anchorname=0x7fffffffe600 "", trans=0x0) at /usr/src/sbin/pfctl/pfctl.c:1594
#6  0x000000000040856f in main (argc=<value optimized out>, argv=<value optimized out>) at /usr/src/sbin/pfctl/pfctl.c:2475
#7  0x000000000040251b in _start ()
#8  0x0000000800667000 in ?? ()
#9  0x0000000000000000 in ?? ()
(gdb) frame 2
#2  0x0000000000425345 in superblock_free (pf=0x7fffffffdd60, block=0x80149b600) at /usr/src/sbin/pfctl/pfctl_optimize.c:1647
warning: Source file is more recent than executable.

1647				free(por->por_dst_tbl);


More information about the freebsd-pf mailing list