On Sat, Nov 20, 2021 at 10:17:54PM +0100, Alexander Bluhm wrote:
> Hi,
>
> Regress found an data_access_fault on sparc64 pfctl
>
> START sys/net/pf_table 2021-11-20T19:26:58Z
>
> rm -f a.out [Ee]rrs mklog *.core y.tab.h stamp-*
>
> ==== hit ====
> pfctl -qt __regress_tbl -T add -f /usr/src/regress/sys/net/pf_table/table.in
> Timeout, server ot21 not responding.
>
> panic: kernel data fault: pc=121e9fc addr=fffffffffffc2000
> Stopped at db_enter+0x8: nop
> TID PID UID PRFLAGS PFLAGS CPU COMMAND
> *357996 32001 0 0x2 0 1K pfctl
> data_access_fault(400266eb460, 30, 121e9fc, fffffffffffc2000,
> fffffffffffc2b18, 800809) at data_access_fault+0x2f0
> Ldatafault_internal(0, 0, 10000000, 40, caecb9beb0, caecba3fb8) at
> Ldatafault_internal+0xcc
> pfr_add_addrs(4000541a800, cd395f2000, 26, 4000541ac3c, 10000000, 0) at
> pfr_add_addrs+0x48
> pfioctl(4900, c4504443, 4000541a800, 3, 40002905b90, 0) at pfioctl+0x904
> spec_ioctl(400266eb9f8, 4002a7f8000, 1953188, 0, 0, 0) at spec_ioctl+0xb8
> VOP_IOCTL(14dca00, c4504443, 4000541a800, 1981e10, 4000431c9c0, 40002905b90)
> at VOP_IOCTL+0x5c
> vn_ioctl(40003ebdf10, c4504443, 4000541a800, 40002905b90, 1012f50, 800) at
> vn_ioctl+0x64
> sys_ioctl(0, 400266ebdb0, 400266ebdf0, 1878f30, 11110e0, 4d) at
> sys_ioctl+0x234
> syscall(400266ebed0, 436, caec82dc68, caec82dc6c, 0, 85) at syscall+0x418
> syscall_setup(3, c4504443, fffffffffffc26f8, 40, caecb9beb0, caecba3fb8) at
> syscall_setup+0x134
> https://www.openbsd.org/ddb.html describes the minimum info required in bug
> reports. Insufficient info makes it difficult to find and fix bugs.
>
> ddb{1}> show panic
> *cpu1: kernel data fault: pc=121e9fc addr=fffffffffffc2000
>
> OpenBSD 7.0-current (GENERIC.MP) #1060: Fri Nov 19 14:39:41 MST 2021
> [email protected]:/usr/src/sys/arch/sparc64/compile/GENERIC.MP
>
> ddb{1}> trace
> data_access_fault(400266eb460, 30, 121e9fc, fffffffffffc2000,
> fffffffffffc2b18, 800809) at data_access_fault+0x2f0
> Ldatafault_internal(0, 0, 10000000, 40, caecb9beb0, caecba3fb8) at
> Ldatafault_internal+0xcc
> pfr_add_addrs(4000541a800, cd395f2000, 26, 4000541ac3c, 10000000, 0) at
> pfr_add_addrs+0x48
> pfioctl(4900, c4504443, 4000541a800, 3, 40002905b90, 0) at pfioctl+0x904
> spec_ioctl(400266eb9f8, 4002a7f8000, 1953188, 0, 0, 0) at spec_ioctl+0xb8
> VOP_IOCTL(14dca00, c4504443, 4000541a800, 1981e10, 4000431c9c0, 40002905b90)
> at VOP_IOCTL+0x5c
> vn_ioctl(40003ebdf10, c4504443, 4000541a800, 40002905b90, 1012f50, 800) at
> vn_ioctl+0x64
> sys_ioctl(0, 400266ebdb0, 400266ebdf0, 1878f30, 11110e0, 4d) at
> sys_ioctl+0x234
> syscall(400266ebed0, 436, caec82dc68, caec82dc6c, 0, 85) at syscall+0x418
> syscall_setup(3, c4504443, fffffffffffc26f8, 40, caecb9beb0, caecba3fb8) at
> syscall_setup+0x134
>
> ddb{1}> ps
> PID TID PPID UID S FLAGS WAIT COMMAND
> *32001 357996 78543 0 7 0x2 pfctl
> 78543 205553 36239 0 3 0x10008a sigsusp make
> 36239 119328 87511 0 3 0x10008a sigsusp sh
> 87511 162950 77857 0 3 0x10008a sigsusp make
> 48116 276236 0 0 3 0x14200 bored sosplice
> 5397 509795 0 0 3 0x14200 bored sensors
> 36503 235268 74172 0 3 0x100082 piperd gzip
> 74172 14599 77857 0 3 0x100082 piperd pax
> 77857 494115 67569 0 3 0x82 piperd perl
> 67569 358287 43870 0 3 0x10008a sigsusp ksh
> 43870 111015 61303 0 3 0x9a kqread sshd
> 82582 428531 1 0 3 0x100083 ttyin getty
> 98167 267822 1 0 3 0x100098 kqread cron
> 9021 360408 0 0 3 0x14280 nfsidl nfsio
> 50116 292519 0 0 3 0x14280 nfsidl nfsio
> 74067 491290 0 0 3 0x14280 nfsidl nfsio
> 23370 42309 0 0 3 0x14280 nfsidl nfsio
> 83681 520369 1 99 3 0x100090 kqread sndiod
> 64225 415938 1 110 3 0x100090 kqread sndiod
> 80580 497443 3261 95 3 0x100092 kqread smtpd
> 78262 381576 3261 103 3 0x100092 kqread smtpd
> 47573 70104 3261 95 3 0x100092 kqread smtpd
> 97714 501391 3261 95 3 0x100092 kqread smtpd
> 81008 139287 3261 95 3 0x100092 kqread smtpd
> 887 55917 3261 95 3 0x100092 kqread smtpd
> 3261 388421 1 0 3 0x100080 kqread smtpd
> 61303 5012 1 0 3 0x88 kqread sshd
> 43848 49295 0 0 3 0x14200 acct acct
> 8150 176276 1 0 3 0x100080 kqread ntpd
> 78896 39445 74621 83 3 0x100092 kqread ntpd
> 74621 6746 1 83 3 0x100092 kqread ntpd
> 97682 494213 61007 74 3 0x100092 bpf pflogd
> 61007 468432 1 0 3 0x80 netio pflogd
> 34918 136484 89470 73 3 0x100090 kqread syslogd
> 89470 308552 1 0 3 0x100082 netio syslogd
> 54092 319789 1 0 3 0x100080 kqread resolvd
> 85801 253881 94117 77 3 0x100092 kqread dhcpleased
> 92273 98689 94117 77 3 0x100092 kqread dhcpleased
> 94117 175861 1 0 3 0x80 kqread dhcpleased
> 31373 280796 49165 115 3 0x100092 kqread slaacd
> 72966 232384 49165 115 3 0x100092 kqread slaacd
> 49165 216743 1 0 3 0x100080 kqread slaacd
> 62832 471012 0 0 3 0x14200 bored smr
> 22657 309869 0 0 3 0x14200 pgzero zerothread
> 28066 488381 0 0 3 0x14200 aiodoned aiodoned
> 17640 305742 0 0 3 0x14200 syncer update
> 86511 196284 0 0 3 0x14200 cleaner cleaner
> 23534 221576 0 0 3 0x14200 reaper reaper
> 18915 201221 0 0 3 0x14200 pgdaemon pagedaemon
> 57976 219273 0 0 3 0x40014200 idle1
> 60701 458024 0 0 3 0x14200 bored softnet
> 34275 489143 0 0 3 0x14200 bored systqmp
> 30178 494915 0 0 3 0x14200 bored systq
> 42176 411931 0 0 3 0x40014200 bored softclock
> 40939 283149 0 0 7 0x40014200 idle0
> 66755 138272 0 0 3 0x14200 kmalloc kmthread
> 1 434460 0 0 3 0x82 wait init
> 0 0 -1 0 3 0x10200 scheduler swapper
>
> ddb{1}> show register
> tstate 0x80000600
> pc 0x11f33c8 db_enter+0x8
> npc 0x11f33cc db_enter+0xc
> ipl 0xf
> y 0
> g0 0
> g1 0x1c07000 db_machine_command_table+0x198
> g2 0x1
> g3 0
> g4 0
> g5 0x400266eb127
> g6 0
> g7 0xe0018000
> o0 0x3b
> o1 0x4002a7f8964
> o2 0x1879078 T+0x3e8
> o3 0x400266eb368
> o4 0x1012f50 Lcopyfault
> o5 0
> o6 0x400266ea941
> o7 0x124376c panic+0xcc
> l0 0x400266eb298
> l1 0x400266eb160
> l2 0x400266eb2c0
> l3 0x400266eb1e0
> l4 0x1981e10 __guard_local
> l5 0x4000541a800
> l6 0x1981e10 __guard_local
> l7 0x4000541a800
> i0 0
> i1 0
> i2 0
> i3 0
> i4 0
> i5 0
> i6 0
> i7 0
> f0 0
> f2 0
> f4 0
> f6 0
> f8 0
> f10 0
> f12 0
> f14 0
> f16 0
> f18 0
> f20 0
> f22 0
> f24 0
> f26 0
> f28 0
> f30 0
> f32 0
> f34 0
> f36 0
> f38 0
> f40 0
> f42 0
> f44 0
> f46 0
> f48 0
> f50 0
> f52 0
> f54 0
> f56 0
> f58 0
> f60 0
> f62 0
> fsr 0
> gsr 0
>
> ddb{1}> print 0x121e9fc-pfr_add_addrs
> 5c
>
> 0000000000006b40 <pfr_add_addrs>:
> /usr/src/sys/net/pf_table.c:324
> * 6b9c: c2 04 24 20 ld [ %l0 + 0x420 ], %g1
> 6ba0: 80 88 60 02 btst 2, %g1
> 6ba4: 12 60 00 4d bne,pn %xcc, 6cd8 <pfr_add_addrs+0x198>
> 6ba8: b0 10 20 01 mov 1, %i0
> /usr/src/sys/net/pf_table.c:326
>
> 311 pfr_add_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
> 312 int *nadd, int flags)
> 313 {
> 314 struct pfr_ktable *kt, *tmpkt;
> 315 struct pfr_kentryworkq workq, ioq;
> 316 struct pfr_kentry *p, *q, *ke;
> 317 struct pfr_addr ad;
> 318 int i, rv, xadd = 0;
> 319 time_t tzero = gettime();
> 320
> 321 ACCEPT_FLAGS(flags, PFR_FLAG_DUMMY | PFR_FLAG_FEEDBACK);
> 322 if (pfr_validate_table(tbl, 0, flags & PFR_FLAG_USERIOCTL))
> 323 return (EINVAL);
> * 324 if (kt->pfrkt_flags & PFR_TFLAG_CONST)
> 325 return (EPERM);
> 326 tmpkt = pfr_create_ktable(&pfr_nulltable, 0, 0,
>
> kt looks quite uninitialized here
It looks like the intent was something like this?
Index: pf_table.c
===================================================================
RCS file: /cvs/src/sys/net/pf_table.c,v
retrieving revision 1.138
diff -u -p -U7 -r1.138 pf_table.c
--- pf_table.c 16 Nov 2021 20:51:31 -0000 1.138
+++ pf_table.c 22 Nov 2021 00:23:39 -0000
@@ -317,16 +317,14 @@ pfr_add_addrs(struct pfr_table *tbl, str
struct pfr_addr ad;
int i, rv, xadd = 0;
time_t tzero = gettime();
ACCEPT_FLAGS(flags, PFR_FLAG_DUMMY | PFR_FLAG_FEEDBACK);
if (pfr_validate_table(tbl, 0, flags & PFR_FLAG_USERIOCTL))
return (EINVAL);
- if (kt->pfrkt_flags & PFR_TFLAG_CONST)
- return (EPERM);
tmpkt = pfr_create_ktable(&pfr_nulltable, 0, 0,
!(flags & PFR_FLAG_USERIOCTL));
if (tmpkt == NULL)
return (ENOMEM);
SLIST_INIT(&workq);
SLIST_INIT(&ioq);
for (i = 0; i < size; i++) {
@@ -346,14 +344,19 @@ pfr_add_addrs(struct pfr_table *tbl, str
NET_LOCK();
PF_LOCK();
kt = pfr_lookup_table(tbl);
if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE)) {
PF_UNLOCK();
NET_UNLOCK();
senderr(ESRCH);
+ }
+ if (kt->pfrkt_flags & PFR_TFLAG_CONST) {
+ PF_UNLOCK();
+ NET_UNLOCK();
+ senderr(EPERM);
}
SLIST_FOREACH(ke, &ioq, pfrke_ioq) {
pfr_kentry_kif_ref(ke);
p = pfr_lookup_kentry(kt, ke, 1);
q = pfr_lookup_kentry(tmpkt, ke, 1);
if (flags & PFR_FLAG_FEEDBACK) {
if (q != NULL)
