[issue1969] pf-related network problem

Jan Lentfer (via DragonFly issue tracker) sinknull at leaf.dragonflybsd.org
Wed Jan 26 14:24:45 PST 2011


Jan Lentfer <Jan.Lentfer at web.de> added the comment:

I think it boils down to  rn_u = {rn_leaf = {rn_Key = 0x4 <Address 0x4 out of
bounds>

I have seen that in 3 or 4 different dumps caused by different rn_ function
calls (e.g. rn_match, rn_walktree) as in:
#0  _get_mycpu (di=0xc06f1bc0) at ./machine/thread.h:83
#1  md_dumpsys (di=0xc06f1bc0) at
/home/lentferj/repo/src/sys/platform/pc32/i386/dump_machdep.c:264
#2  0xc0312cf6 in dumpsys () at /home/lentferj/repo/src/sys/kern/kern_shutdown.c:893
#3  0xc03132b6 in boot (howto=260) at
/home/lentferj/repo/src/sys/kern/kern_shutdown.c:388
#4  0xc0313581 in panic (fmt=0xc05bba44 "%s") at
/home/lentferj/repo/src/sys/kern/kern_shutdown.c:799
#5  0xc056e3c2 in trap_fatal (frame=0xd27356c4, eva=<value optimized out>) at
/home/lentferj/repo/src/sys/platform/pc32/i386/trap.c:1116
#6  0xc056e4f8 in trap_pfault (frame=0xd27356c4, usermode=0, eva=305406860) at
/home/lentferj/repo/src/sys/platform/pc32/i386/trap.c:1018
#7  0xc056ea51 in trap (frame=0xd27356c4) at
/home/lentferj/repo/src/sys/platform/pc32/i386/trap.c:705
#8  0xc05567b7 in calltrap () at
/home/lentferj/repo/src/sys/platform/pc32/i386/exception.s:785
#9  0xc039e06d in rn_walktree (h=0xd0409480, f=0xd362fa90 <pfr_walktree>,
w=0xd273572c) at /home/lentferj/repo/src/sys/net/radix.c:1004
#10 0xd362cad6 in pfr_enqueue_addrs (kt=0xd36549c0, workq=0xd2735760, naddr=0x0,
sweep=0) at /home/lentferj/repo/src/sys/net/pf/pf_table.c:748
#11 0xd362dc7c in pfr_destroy_ktable (kt=0xd36549c0, flushaddr=1) at
/home/lentferj/repo/src/sys/net/pf/pf_table.c:1952
#12 0xd362dea2 in pfr_setflags_ktable (kt=0xd36549c0, newf=0) at
/home/lentferj/repo/src/sys/net/pf/pf_table.c:1861
#13 0xd362df46 in pfr_detach_table (kt=0xd3657f60) at
/home/lentferj/repo/src/sys/net/pf/pf_table.c:2122
#14 0xd3616928 in pf_tbladdr_remove (aw=0xd365d6c0) at
/home/lentferj/repo/src/sys/net/pf/pf.c:1211
#15 0xd3622e79 in pf_rm_rule (rulequeue=0xd3636a8c, rule=0xd365d6c0) at
/home/lentferj/repo/src/sys/net/pf/pf_ioctl.c:433
#16 0xd36230aa in pf_commit_rules (ticket=2, rs_num=1, anchor=0xd2735c6b "") at
/home/lentferj/repo/src/sys/net/pf/pf_ioctl.c:933
#17 0xd3627251 in pf_unload (mod=0xc29e3d70, type=1, data=0x0) at
/home/lentferj/repo/src/sys/net/pf/pf_ioctl.c:3051
#18 pf_modevent (mod=0xc29e3d70, type=1, data=0x0) at
/home/lentferj/repo/src/sys/net/pf/pf_ioctl.c:3316
#19 0xc02f332c in module_unload (mod=0xc29e3d70) at
/home/lentferj/repo/src/sys/kern/kern_module.c:220
#20 0xc02f454c in linker_file_unload (file=0xc2a4bfb8) at
/home/lentferj/repo/src/sys/kern/kern_linker.c:487
#21 0xc02f4e5d in sys_kldunload (uap=0xd2735cf0) at
/home/lentferj/repo/src/sys/kern/kern_linker.c:825
#22 0xc056f1a7 in syscall2 (frame=0xd2735d40) at
/home/lentferj/repo/src/sys/platform/pc32/i386/trap.c:1322
#23 0xc0556866 in Xint0x80_syscall () at
/home/lentferj/repo/src/sys/platform/pc32/i386/exception.s:876
#24 0x0000001f in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(kgdb) f 10
#10 0xd362cad6 in pfr_enqueue_addrs (kt=0xd36549c0, workq=0xd2735760, naddr=0x0,
sweep=0) at /home/lentferj/repo/src/sys/net/pf/pf_table.c:748
748			if (kt->pfrkt_ip4->rnh_walktree(kt->pfrkt_ip4, pfr_walktree, &w))
(kgdb) p kt->pfrkt_ip4
$1 = (struct radix_node_head *) 0xd0409480
(kgdb) p *kt->pfrkt_ip4
$2 = {rnh_treetop = 0xd04094b8, rnh_addaddr = 0xc039e578 <rn_addroute>,
rnh_deladdr = 0xc039e89e <rn_delete>, rnh_matchaddr = 0xc039dbd2 <rn_match>, 
  rnh_lookup = 0xc039e848 <rn_lookup>, rnh_walktree = 0xc039e049 <rn_walktree>,
rnh_walktree_from = 0xc039df51 <rn_walktree_from>, rnh_close = 0, 
  rnh_nodes = {{rn_mklist = 0x0, rn_parent = 0xd3657f78, rn_bit = -33, rn_bmask
= 0 '\000', rn_flags = 6 '\006', rn_u = {rn_leaf = {rn_Key = 0xcd8cf7c0 "", 
          rn_Mask = 0x0, rn_Dupedkey = 0x0}, rn_node = {rn_Off = -846399552,
rn_L = 0x0, rn_R = 0x0}}}, {rn_mklist = 0x0, rn_parent = 0xd04094b8, 
      rn_bit = 32, rn_bmask = -128 '\200', rn_flags = 6 '\006', rn_u = {rn_leaf
= {rn_Key = 0x4 <Address 0x4 out of bounds>, rn_Mask = 0xd36582b8 "", 
          rn_Dupedkey = 0xd04094d0}, rn_node = {rn_Off = 4, rn_L = 0xd36582b8,
rn_R = 0xd04094d0}}}, {rn_mklist = 0x0, rn_parent = 0xd04094b8, 
      rn_bit = -33, rn_bmask = 0 '\000', rn_flags = 6 '\006', rn_u = {rn_leaf = {
          rn_Key = 0xcd8cf7dc '\377' <repeats 28 times>,
"\370\376\214\315\060\370\214\315", rn_Mask = 0x0, rn_Dupedkey = 0x0}, rn_node = {
          rn_Off = -846399524, rn_L = 0x0, rn_R = 0x0}}}}, rnh_addrsize = 0,
rnh_pktsize = 0, rnh_addpkt = 0, rnh_delpkt = 0, rnh_matchpkt = 0}

_____________________________________________________
DragonFly issue tracker <bugs at lists.dragonflybsd.org>
<http://bugs.dragonflybsd.org/issue1969>
_____________________________________________________






More information about the Bugs mailing list