Hello Radek,
On Mon, Aug 29, 2022 at 04:42:45AM +0200, Radek wrote:
> Hi,
> the same problem occurs on -current.
>
> ddb{2}> show panic
> *cpu2: uvm_fault(0xffffffff822f6b20, 0xffff800021e6e6e4, 0, 1) -> d
>
> ddb{2}> trace
> splraise(ffffffff8237cce0) at splraise+0x7
> mtx_enter(ffffffff8237cce0) at mtx_enter+0x35
> pool_put(ffffffff8237cce0,fffffd81122e81e8) at pool_put+0x5c
> pf_join_fragment(fffffd81122e81e8) at pf_join_fragment+0x165
> pf_reassemble(ffff8000226d9428,1,ffff8000226d94ee) at pf_reassemble+0x1d9
> pf_normalize_ip(ffff8000226d93e8,ffff8000226d94ee) at pf_normalize_ip+0x7f
> pf_test(2,1,ffff8000000ac048,ffff8000226d95f8) at pf_test+0x270
> ip_input_if(ffff8000226d95f8,ffff8000226d9604,4,0,ffff8000000ac048) at
> ip_input
> _if+0xcd
> ipv4_input(ffff8000000ac048,fffffd80c8cdf400) at ipv4_input+0x39
> ether_input(ffff8000000ac048,fffffd80c8cdf400) at ether_input+0x3b1
> if_input_process(ffff8000000ac048,ffff8000226d96e8) at if_input_process+0x6f
> ifiq_process(ffff8000000ac458) at ifiq_process+0x69
> taskq_thread(ffff80000002c100) at taskq_thread+0x100
> end trace frame: 0x0, count: -13
>
does your box run also diff committed [1] by bluhm@ ~week ago?
List: openbsd-cvs
Subject: CVS: cvs.openbsd.org: src
From: Alexander Bluhm <bluhm () cvs ! openbsd ! org>
Date: 2022-08-22 20:35:39
Message-ID: eda7128d7a968e34 () cvs ! openbsd ! org
[Download RAW message or body]
CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2022/08/22 14:35:39
Modified files:
sys/net : pf_norm.c
Log message:
Protect pf_reassemble() with pf fragment lock. When the pool limit
for fragment entries was reached, pf_create_fragment() called
pf_flush_fragments() without lock. This could result in a crash.
Let PF_FRAG_LOCK() cover the whole pf_reassemble() function as
pf_nfrents++ was also missing the lock.
crash found and fix tested by Hrvoje Popovski; OK sashan@
thanks and
regards
sashan
[1] https://marc.info/?l=openbsd-cvs&m=166120027415653&w=2
