kern/143543: PF route-to causes kernel panic
Slava
slava at aprec.ru
Thu Feb 4 10:00:03 UTC 2010
>Number: 143543
>Category: kern
>Synopsis: PF route-to causes kernel panic
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Feb 04 10:00:02 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Slava
>Release: 8.0-RELEASE
>Organization:
Relant LLC
>Environment:
FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Wed Feb 3 13:22:07 MSK 2010
>Description:
When using PF route-to on my router, to pass packets to different channels based on their source address, after enabling PF with route-to rules, kernel panics in 5-10 minutes.
If i'm not using PF route-to (for now i'm using ipfw fwd instead, but need to switch to PF-nat and to use PF route-to) everything works fine.
route-to rule example:
pass in quick on vlan2 route-to ( vlan5 XXX.XXX.XXX.XXX ) inet from 10.253.0.0/16 to any no state
Dump information is below:
router.domain.ru dumped core - see /var/crash/vmcore.5
Thu Feb 4 11:10:35 MSK 2010
FreeBSD router.domain.ru 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Wed Feb 3 13:22:07 MSK 2010 root at router.domain.ru:/usr/src/sys/i386/compile/ROUTER i386
panic: page fault
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address = 0x34
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc09c6e4b
stack pointer = 0x28:0xc537f990
frame pointer = 0x28:0xc537f9c8
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 12 (swi1: netisr 0)
trap number = 12
panic: page fault
cpuid = 1
Uptime: 20h10m1s
Physical memory: 2000 MB
Dumping 344 MB: 329 313 297 281 265 249 233 217 201 185 169 153 137 121 105 89 73 57 41 25 9
Reading symbols from /boot/kernel/if_vlan.ko...Reading symbols from /boot/kernel/if_vlan.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/if_vlan.ko
Reading symbols from /boot/kernel/ng_ether.ko...Reading symbols from /boot/kernel/ng_ether.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_ether.ko
Reading symbols from /boot/kernel/netgraph.ko...Reading symbols from /boot/kernel/netgraph.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/netgraph.ko
Reading symbols from /boot/kernel/ng_netflow.ko...Reading symbols from /boot/kernel/ng_netflow.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_netflow.ko
Reading symbols from /boot/kernel/ng_vlan.ko...Reading symbols from /boot/kernel/ng_vlan.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_vlan.ko
Reading symbols from /boot/kernel/ng_ksocket.ko...Reading symbols from /boot/kernel/ng_ksocket.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_ksocket.ko
Reading symbols from /boot/kernel/ng_socket.ko...Reading symbols from /boot/kernel/ng_socket.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_socket.ko
Reading symbols from /boot/kernel/ng_tee.ko...Reading symbols from /boot/kernel/ng_tee.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_tee.ko
Reading symbols from /boot/kernel/ng_one2many.ko...Reading symbols from /boot/kernel/ng_one2many.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_one2many.ko
#0 doadump () at pcpu.h:246
246 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) #0 doadump () at pcpu.h:246
#1 0xc08d6ef7 in boot (howto=260) at ../../../kern/kern_shutdown.c:416
#2 0xc08d71e9 in panic (fmt=Variable "fmt" is not available.
) at ../../../kern/kern_shutdown.c:579
#3 0xc0b9a58c in trap_fatal (frame=0xc537f950, eva=52)
at ../../../i386/i386/trap.c:933
#4 0xc0b9a7f0 in trap_pfault (frame=0xc537f950, usermode=0, eva=52)
at ../../../i386/i386/trap.c:846
#5 0xc0b9b1a9 in trap (frame=0xc537f950) at ../../../i386/i386/trap.c:528
#6 0xc0b7e39b in calltrap () at ../../../i386/i386/exception.s:165
#7 0xc09c6e4b in arpresolve (ifp=0xc5a4d000, rt0=0x0, m=0xcaac8000,
dst=0xc537fa5c, desten=0xc537f9f0 "\032АнМ", lle=0xc537f9fc)
at ../../../netinet/if_ether.c:363
#8 0xc097f92c in ether_output (ifp=0xc5a4d000, m=0xcaac8000, dst=0xc537fa5c,
ro=0xc537fa54) at ../../../net/if_ethersubr.c:200
#9 0xc050ae0d in pf_route (m=0xc537fc0c, r=0xcb34133c, dir=1,
oifp=0xc5a51400, s=0x0, pd=0xc537fb3c)
at ../../../contrib/pf/net/pf.c:6277
#10 0xc050a7f5 in pf_test (dir=1, ifp=0xc5a51400, m0=0xc537fc0c, eh=0x0,
inp=0x0) at ../../../contrib/pf/net/pf.c:7173
#11 0xc050f976 in pf_check_in (arg=0x0, m=0xc537fc0c, ifp=0xc5a51400, dir=1,
inp=0x0) at ../../../contrib/pf/net/pf_ioctl.c:3646
#12 0xc0987438 in pfil_run_hooks (ph=0xc0d9d6c0, mp=0xc537fc5c,
ifp=0xc5a51400, dir=1, inp=0x0) at ../../../net/pfil.c:81
#13 0xc09e6865 in ip_input (m=0xcaac8000) at ../../../netinet/ip_input.c:517
#14 0xc0986fdf in swi_net (arg=0xc1025800) at ../../../net/netisr.c:716
#15 0xc08b04db in intr_event_execute_handlers (p=0xc55337f8, ie=0xc5579d80)
at ../../../kern/kern_intr.c:1165
#16 0xc08b1a7b in ithread_loop (arg=0xc55320c0)
at ../../../kern/kern_intr.c:1178
#17 0xc08ae221 in fork_exit (callout=0xc08b1a10 <ithread_loop>,
arg=0xc55320c0, frame=0xc537fd38) at ../../../kern/kern_fork.c:843
#18 0xc0b7e410 in fork_trampoline () at ../../../i386/i386/exception.s:270
(kgdb)
I saw another message about this problem on 7.2-RELEASE-p4, but without any comments:
http://old.nabble.com/PF-route-to-on-7.2-RELEASE-p4-td26230682.html
>How-To-Repeat:
Enable pf route-to rules and wait for some time.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list