From owner-freebsd-bugs@FreeBSD.ORG Sun Jan 25 11:40:01 2009 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B1FE21065670 for ; Sun, 25 Jan 2009 11:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 897858FC1C for ; Sun, 25 Jan 2009 11:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n0PBe1m8030880 for ; Sun, 25 Jan 2009 11:40:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n0PBe1PC030879; Sun, 25 Jan 2009 11:40:01 GMT (envelope-from gnats) Resent-Date: Sun, 25 Jan 2009 11:40:01 GMT Resent-Message-Id: <200901251140.n0PBe1PC030879@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Semenchuk Oleg Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 653001065673 for ; Sun, 25 Jan 2009 11:30:38 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 51AC48FC14 for ; Sun, 25 Jan 2009 11:30:38 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n0PBUcQF077106 for ; Sun, 25 Jan 2009 11:30:38 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id n0PBUcWo077105; Sun, 25 Jan 2009 11:30:38 GMT (envelope-from nobody) Message-Id: <200901251130.n0PBUcWo077105@www.freebsd.org> Date: Sun, 25 Jan 2009 11:30:38 GMT From: Semenchuk Oleg To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: misc/130977: [netgraph][pf] kernel panic trap 12 on user connect to VPN server X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Jan 2009 11:40:01 -0000 >Number: 130977 >Category: misc >Synopsis: [netgraph][pf] kernel panic trap 12 on user connect to VPN server >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Jan 25 11:40:01 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Semenchuk Oleg >Release: 7.0 Release, 7.1 Release, 7.1 Stable >Organization: NTU >Environment: # uname -v FreeBSD 7.1-STABLE #0: Sat Jan 24 16:17:10 EET 2009 root@srv.subnet.ntu.priv:/usr/src/sys/i386/compile/GENERIC >Description: Kernel goes to panic, when user connects to VPN server (based on mpd) or started mpd. Problem is not looks like mpd software bug, same was reproduced with default ppp. In case not load pf.ko - it's not reproduced. Note: bug is not looks like hardware problem, due to reproduceability 100% on different hardware loaded modules: ______________________________________ #kldstat Id Refs Address Size Name 1 11 0xc0400000 9a7f34 kernel 2 1 0xc0da8000 4674 ng_bridge.ko 3 7 0xc0dad000 d89c netgraph.ko 4 1 0xc0dbb000 3df8 ng_ether.ko 5 1 0xc0dbf000 6a45c acpi.ko 6 1 0xc23f2000 33000 pf.ko 7 1 0xc2583000 4000 ng_socket.ko 8 1 0xc25c9000 5000 ng_ksocket.ko 9 1 0xc26f6000 3000 ng_iface.ko 10 1 0xc26fd000 7000 ng_ppp.ko ______________________________________ kernel dump: ______________________________________ # kgdb /boot/kernel/kernel.symbols /var/crash/vmcore.1 GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd"... Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x2000200 fault code = supervisor read, page not present instruction pointer = 0x20:0xc23fd630 stack pointer = 0x28:0xcd0f6a80 frame pointer = 0x28:0xcd0f6ab8 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 3110 (mpd4) trap number = 12 panic: page fault cpuid = 0 Uptime: 8h36m1s Physical memory: 243 MB Dumping 38 MB: 23 7 Reading symbols from /boot/kernel/ng_bridge.ko...Reading symbols from /boot/kernel/ng_bridge.ko.symbols...done. done. Loaded symbols for /boot/kernel/ng_bridge.ko Reading symbols from /boot/kernel/netgraph.ko...Reading symbols from /boot/kernel/netgraph.ko.symbols...done. done. Loaded symbols for /boot/kernel/netgraph.ko Reading symbols from /boot/kernel/ng_ether.ko...Reading symbols from /boot/kernel/ng_ether.ko.symbols...done. done. Loaded symbols for /boot/kernel/ng_ether.ko Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done. done. Loaded symbols for /boot/kernel/acpi.ko Reading symbols from /boot/kernel/pf.ko...Reading symbols from /boot/kernel/pf.ko.symbols...done. done. Loaded symbols for /boot/kernel/pf.ko Reading symbols from /boot/kernel/ng_socket.ko...Reading symbols from /boot/kernel/ng_socket.ko.symbols...done. done. Loaded symbols for /boot/kernel/ng_socket.ko Reading symbols from /boot/kernel/ng_ksocket.ko...Reading symbols from /boot/kernel/ng_ksocket.ko.symbols...done. done. Loaded symbols for /boot/kernel/ng_ksocket.ko Reading symbols from /boot/kernel/ng_iface.ko...Reading symbols from /boot/kernel/ng_iface.ko.symbols...done. done. Loaded symbols for /boot/kernel/ng_iface.ko Reading symbols from /boot/kernel/ng_ppp.ko...Reading symbols from /boot/kernel/ng_ppp.ko.symbols...done. done. Loaded symbols for /boot/kernel/ng_ppp.ko Reading symbols from /boot/kernel/ng_pptpgre.ko...Reading symbols from /boot/kernel/ng_pptpgre.ko.symbols...done. done. Loaded symbols for /boot/kernel/ng_pptpgre.ko #0 doadump () at pcpu.h:196 196 pcpu.h: No such file or directory. in pcpu.h (kgdb) list *0xc23fd630 0xc23fd630 is in pfi_instance_add (/usr/src/sys/modules/pf/../../contrib/pf/net/pf_if.c:579). 574 int net2, af; 575 576 if (ifp == NULL) 577 return; 578 TAILQ_FOREACH(ia, &ifp->if_addrlist, ifa_list) { 579 if (ia->ifa_addr == NULL) 580 continue; 581 af = ia->ifa_addr->sa_family; 582 if (af != AF_INET && af != AF_INET6) 583 continue; (kgdb) backtrace #0 doadump () at pcpu.h:196 #1 0xc079a427 in boot (howto=260) at ../../../kern/kern_shutdown.c:418 #2 0xc079a6f9 in panic (fmt=Variable "fmt" is not available. ) at ../../../kern/kern_shutdown.c:574 #3 0xc0aac6bc in trap_fatal (frame=0xcd0f6a40, eva=33554944) at ../../../i386/i386/trap.c:939 #4 0xc0aac940 in trap_pfault (frame=0xcd0f6a40, usermode=0, eva=33554944) at ../../../i386/i386/trap.c:852 #5 0xc0aad2fc in trap (frame=0xcd0f6a40) at ../../../i386/i386/trap.c:530 #6 0xc0a9317b in calltrap () at ../../../i386/i386/exception.s:159 #7 0xc23fd630 in pfi_instance_add (ifp=0xc2288000, net=128, flags=0) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf_if.c:578 #8 0xc23fd933 in pfi_table_update (kt=0xc243f000, kif=0xc2379600, net=128, flags=0) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf_if.c:561 #9 0xc23fdbca in pfi_dynaddr_update (dyn=0xc243de74) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf_if.c:543 #10 0xc23fdc1d in pfi_kif_update (kif=0xc2379600) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf_if.c:520 #11 0xc23fdc44 in pfi_kif_update (kif=0xc26e7e00) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf_if.c:525 #12 0xc23fdcb4 in pfi_ifaddr_event (arg=0x0, ifp=0xc2287400) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf_if.c:942 #13 0xc086ff3c in in_control (so=0xc23d4680, cmd=2151704858, data=0xc24cea40 "ng0", ifp=0xc2287400, td=0xc26e6230) at ../../../netinet/in.c:460 #14 0xc0833a3d in ifioctl (so=0xc23d4680, cmd=2151704858, data=0xc24cea40 "ng0", td=0xc26e6230) at ../../../net/if.c:1952 #15 0xc07d85aa in soo_ioctl (fp=0xc23832ac, cmd=2151704858, data=0xc24cea40, active_cred=0xc2651500, td=0xc26e6230) at ../../../kern/sys_socket.c:191 #16 0xc07d1395 in kern_ioctl (td=0xc26e6230, fd=36, com=2151704858, data=0xc24cea40 "ng0") at file.h:268 #17 0xc07d14f4 in ioctl (td=0xc26e6230, uap=0xcd0f6cfc) at ../../../kern/sys_generic.c:570 #18 0xc0aacc95 in syscall (frame=0xcd0f6d38) at ../../../i386/i386/trap.c:1090 #19 0xc0a931e0 in Xint0x80_syscall () at ../../../i386/i386/exception.s:255 #20 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) ______________________________________ >How-To-Repeat: 1. install OS 2. cvsup to 7.0 Release 3. install mpd3 or mpd4 or mpd5 4. create any config for PPTP or PPPoE connections (1 or 2) 5. start mpd daemon 6. connect to VPN server 7. create config for PF with NAT 8. load pf module ( kldload pf ) 9. load pf rules from created config ( pfctl -f /etc/pf.conf ) 10. enable pf ( pfctl -e ) ACR: kernel panic >Fix: >Release-Note: >Audit-Trail: >Unformatted: