Date: Thu, 23 Feb 2012 09:44:16 +0100 From: Ali Mdidech <ali@moua7.com> To: freebsd-pf@freebsd.org Subject: Panic in packet filter Message-ID: <CAOxY2CotiKHHcw%2Bjv2pAi6CbZ7oM3V7ohMrwHY0XhrwTAaRz1w@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi List, I've a box that panics multiple times randomly since a year whatever the release is (8 or 9) The crash dump shows that the problem is related to pf. Is this some sort of identified bug? Below some info and my pf.conf file. Thank you very much for your help. panic: page fault GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you ar= e welcome to change it and/or distribute copies of it under certain condition= s. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. =A0Type "show warranty" for detail= s. This GDB was configured as "i386-marcel-freebsd"... Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid =3D 0; apic id =3D 00 fault virtual address =A0 =3D 0x6c fault code =A0 =A0 =A0 =A0 =A0 =A0 =A0=3D supervisor read, page not present instruction pointer =A0 =A0 =3D 0x20:0xc0a25dc0 stack pointer =A0 =A0 =A0 =A0 =A0 =3D 0x28:0xc4df5910 frame pointer =A0 =A0 =A0 =A0 =A0 =3D 0x28:0xc4df5954 code segment =A0 =A0 =A0 =A0 =A0 =A0=3D base 0x0, limit 0xfffff, type 0x1b =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=3D DPL 0, pres 1, def32 1, = gran 1 processor eflags =A0 =A0 =A0 =A0=3D interrupt enabled, resume, IOPL =3D 0 current process =A0 =A0 =A0 =A0 =3D 12 (irq256: em0:rx 0) trap number =A0 =A0 =A0 =A0 =A0 =A0 =3D 12 panic: page fault cpuid =3D 0 KDB: stack backtrace: #0 0xc08380b7 at kdb_backtrace+0x47 #1 0xc0805617 at panic+0x117 #2 0xc0aebcc3 at trap_fatal+0x323 #3 0xc0aec802 at trap+0x182 #4 0xc0ad5f8c at calltrap+0x6 #5 0xc589f7cc at pfr_update_stats+0x1cc #6 0xc588de21 at pf_test+0x981 #7 0xc5895e79 at pf_check_in+0x39 #8 0xc08c3c68 at pfil_run_hooks+0x78 #9 0xc08e18ae at ip_input+0x24e #10 0xc08c2d9f at netisr_dispatch_src+0x8f #11 0xc08c3040 at netisr_dispatch+0x20 #12 0xc08b9721 at ether_demux+0x171 #13 0xc08b9b6f at ether_nh_input+0x37f #14 0xc08c2d9f at netisr_dispatch_src+0x8f #15 0xc08c3040 at netisr_dispatch+0x20 #16 0xc08b9269 at ether_input+0x19 #17 0xc05b383f at em_rxeof+0x30f Uptime: 1h45m44s Physical memory: 2002 MB Dumping 185 MB: 170 154 138 122 106 90 74 58 42 26 10 Reading symbols from /boot/kernel/pf.ko...Reading symbols from /boot/kernel/pf.ko.symbols... done. done. Loaded symbols for /boot/kernel/pf.ko #0 =A0doadump (textdump=3D1) at pcpu.h:244 244 =A0 =A0 pcpu.h: No such file or directory. =A0 =A0 =A0 =A0in pcpu.h (kgdb) #0 =A0doadump (textdump=3D1) at pcpu.h:244 #1 =A00xc08053ba in kern_reboot (howto=3D260) =A0 =A0at /usr/src/sys/kern/kern_shutdown.c:442 #2 =A00xc0805651 in panic (fmt=3DVariable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:607 #3 =A00xc0aebcc3 in trap_fatal (frame=3D0xc4df58d0, eva=3D108) =A0 =A0at /usr/src/sys/i386/i386/trap.c:975 #4 =A00xc0aec802 in trap (frame=3D0xc4df58d0) at /usr/src/sys/i386/i386/tra= p.c:352 #5 =A00xc0ad5f8c in calltrap () at /usr/src/sys/i386/i386/exception.s:168 #6 =A00xc0a25dc0 in uma_zalloc_arg (zone=3D0x0, udata=3D0x0, flags=3D257) =A0 =A0at pcpu.h:244 #7 =A00xc589f7cc in pfr_update_stats (kt=3D0xc58d44d8, a=3D0xc56aa01a, af= =3D2 '\002', =A0 =A0len=3D52, dir_out=3D0, op_pass=3D0, notrule=3D0) at uma.h:305 #8 =A00xc588de21 in pf_test (dir=3D1, ifp=3D0xc5253c00, m0=3D0xc4df5acc, eh= =3D0x0, =A0 =A0inp=3D0x0) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf.c:7057 #9 =A00xc5895e79 in pf_check_in (arg=3D0x0, m=3D0xc4df5acc, ifp=3D0xc5253c0= 0, dir=3D1, =A0 =A0inp=3D0x0) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf_ioctl.= c:4139 #10 0xc08c3c68 in pfil_run_hooks (ph=3D0xc0d685e0, mp=3D0xc4df5b24, =A0 =A0ifp=3D0xc5253c00, dir=3D1, inp=3D0x0) at /usr/src/sys/net/pfil.c:82 #11 0xc08e18ae in ip_input (m=3D0xc567db00) =A0 =A0at /usr/src/sys/netinet/ip_input.c:510 #12 0xc08c2d9f in netisr_dispatch_src (proto=3D1, source=3D0, m=3D0xc567db0= 0) =A0 =A0at /usr/src/sys/net/netisr.c:1013 #13 0xc08c3040 in netisr_dispatch (proto=3D1, m=3D0xc567db00) =A0 =A0at /usr/src/sys/net/netisr.c:1104 #14 0xc08b9721 in ether_demux (ifp=3D0xc5253c00, m=3D0xc567db00) =A0 =A0at /usr/src/sys/net/if_ethersubr.c:937 #15 0xc08b9b6f in ether_nh_input (m=3D0xc567db00) =A0 =A0at /usr/src/sys/net/if_ethersubr.c:756 #16 0xc08c2d9f in netisr_dispatch_src (proto=3D9, source=3D0, m=3D0xc567db0= 0) =A0 =A0at /usr/src/sys/net/netisr.c:1013 #17 0xc08c3040 in netisr_dispatch (proto=3D9, m=3D0xc567db00) =A0 =A0at /usr/src/sys/net/netisr.c:1104 #18 0xc08b9269 in ether_input (ifp=3D0xc5253c00, m=3D0xc567db00) =A0 =A0at /usr/src/sys/net/if_ethersubr.c:797 #19 0xc05b383f in em_rxeof (rxr=3D0xc520bc00, count=3D99, done=3D0x0) =A0 =A0at /usr/src/sys/dev/e1000/if_em.c:4340 #20 0xc05b3a06 in em_msix_rx (arg=3D0xc520bc00) =A0 =A0at /usr/src/sys/dev/e1000/if_em.c:1577 #21 0xc07da6eb in intr_event_execute_handlers (p=3D0xc5157588, ie=3D0xc5241= 680) =A0 =A0at /usr/src/sys/kern/kern_intr.c:1257 #22 0xc07dbeaa in ithread_loop (arg=3D0xc52506e0) =A0 =A0at /usr/src/sys/kern/kern_intr.c:1270 #23 0xc07d78f7 in fork_exit (callout=3D0xc07dbe30 <ithread_loop>, =A0 =A0arg=3D0xc52506e0, frame=3D0xc4df5d28) at /usr/src/sys/kern/kern_fork= .c:995 #24 0xc0ad6004 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:= 275 (kgdb) ################## pf.conf ################## ext_if =3D "em0" public_tcp_ports =3D "{21,25,53,80,143,443,873,993,50021:50121}" public_udp_ports =3D "53" table <secure> {someip} table <ssh_brute> persist counters ### Redirection for SMTP rdr on $ext_if proto tcp from any to $ext_if port 225 -> $ext_if port 25 ### Block everything in an pass everything out pass out on $ext_if all modulate state block in on $ext_if all ### secure users pass in quick on $ext_if proto tcp from <secure> to any flags S/SA \ modulate state ### public tcp/udp ports rules pass in on $ext_if proto udp to $ext_if port $public_udp_ports pass in on $ext_if proto tcp to $ext_if port $public_tcp_ports flags S/SA \ modulate state ### block ssh bruteforce block in quick from <ssh_brute> pass in quick on $ext_if proto tcp to $ext_if port 22 flags S/SA modulate state \ (max-src-conn 5, max-src-conn-rate 10/60, overload <ssh_brute> flush global= ) ### block icmp timestamp request/response block in quick on $ext_if inet proto icmp all icmp-type {13, 14} pass in quick on $ext_if proto icmp all ############ end pf.conf ############## -- Ali Mdidech
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOxY2CotiKHHcw%2Bjv2pAi6CbZ7oM3V7ohMrwHY0XhrwTAaRz1w>