Re: kern/53036: 'block user' in pf's ruleset panics 8.0_BETA

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,alnsn%NetBSD.org@localhost
Subject: Re: kern/53036: 'block user' in pf's ruleset panics 8.0_BETA
From: Alexander Nasonov <alnsn%yandex.ru@localhost>
Date: Sun, 18 Feb 2018 21:20:01 +0000 (UTC)

The following reply was made to PR kern/53036; it has been noted by GNATS.

From: Alexander Nasonov <alnsn%yandex.ru@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
	netbsd-bugs%netbsd.org@localhost
Subject: Re: kern/53036: 'block user' in pf's ruleset panics 8.0_BETA
Date: Sun, 18 Feb 2018 21:14:47 +0000

 alnsn%NetBSD.org@localhost wrote:
 > >Description:
 > Starting pf with the following rules:
 > 
 > 	local_users="{ dnsmasq, privoxy, _tcpdump, _pflogd }"
 > 	block log user $local_users
 > 	pass on lo0 all
 > 
 > panics the system instanly when a tor relay process is running. When it's
 > not running, the box seems to work fine (for a couple of minutes) but it
 > panics when I start the relay.
 > 
 > The relay process doesn't use pf features but there is another tor process
 > on the box which has the following in the torrc file:
 > 
 > 	VirtualAddrNetworkIPv4 127.192.0.0/16
 > 	AutomapHostsOnResolve  1
 > 	AutomapHostsSuffixes   .onion
 
 I reproduced it on a different box which was configured with savecore=YES.
 
 $ crash -M /home/crash/netbsd.43.core                                                                                
 Crash version 8.0_BETA, image version 8.0_BETA.
 System panicked: kernel diagnostic assertion "cred != NULL" failed: file "/home/alnsn/netbsd-8/src/sys/kern/kern_auth.c", line 266 
 Backtrace from time of crash is available.
 crash> bt
 _KERNEL_OPT_NARCNET() at 0
 ?() at fffffe811cdc382c
 vpanic() at vpanic+0x149
 ch_voltag_convert_in() at ch_voltag_convert_in
 kauth_cred_geteuid() at kauth_cred_geteuid+0x50
 pf_socket_lookup() at pf_socket_lookup+0x179
 pf_test_rule() at pf_test_rule+0x10d8
 pf_test() at pf_test+0xe43
 pfil4_wrapper() at pfil4_wrapper+0x4a
 pfil_run_hooks() at pfil_run_hooks+0x114
 ipintr() at ipintr+0x5b3
 softint_dispatch() at softint_dispatch+0xd4
 DDB lost frame for Xsoftintr+0x4f, trying 0xfffffe80daff6ff0
 Xsoftintr() at Xsoftintr+0x4f
 --- interrupt ---
 0:
 
 
 I modified fstat.c to print so.so_cred but I don't see any NULL values:
 
 $ ./fstat -v -n -M /home/crash/netbsd.43.core
 ... nothing interesting in the output ...
 
 -- 
 Alex

Prev by Date: Re: kern/53036: 'block user' in pf's ruleset panics 8.0_BETA
Next by Date: Re: kern/53037 (tunnel mode for gif(4) manpage)
Previous by Thread: Re: kern/53036: 'block user' in pf's ruleset panics 8.0_BETA
Next by Thread: Re: kern/46697 (netbsd-6 crash with IPF and ipv6)
Indexes:

Home | Main Index | Thread Index | Old Index