Kernel panic with pfil

Stefan Olteanu stefanolteanu at yahoo.com
Sun Mar 6 03:51:52 PST 2005 

Hi everyone,

I have a FreeBSD firewall. I get this fatal trap while
in kernel mode.
I experienced this every time I use dc++ on my pc from
the private network.


-------------------------
Here is my dmesg output :

Copyright (c) 1992-2004 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989,
1991, 1992, 1993, 1994
	The Regents of the University of California. All
rights reserved.
FreeBSD 5.3-RELEASE #0: Sun Mar  6 06:05:00 EET 2005
    [EMAIL
PROTECTED]:/usr/src/sys/i386/compile/FIREWALL3
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Pentium/P55C (199.91-MHz 586-class CPU)
  Origin = "GenuineIntel"  Id = 0x543  Stepping = 3
 
Features=0x8001bf<FPU,VME,DE,PSE,TSC,MSR,MCE,CX8,MMX>
real memory  = 33554432 (32 MB)
avail memory = 27553792 (26 MB)
Intel Pentium detected, installing workaround for F00F
bug
npx0: [FAST]
npx0: <math processor> on motherboard
npx0: INT 16 interface
acpi0: <COMPAQ CPQAE70> on motherboard
Timecounter "ACPI-safe" frequency 3579545 Hz quality
1000
acpi_timer0: <24-bit timer at 3.579545MHz> port
0xfc08-0xfc0b on acpi0
cpu0: <ACPI CPU (2 Cx states)> on acpi0
acpi_tz0: <Thermal Zone> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on
acpi0
pci0: <ACPI PCI bus> on pcib0
rl0: <RealTek 8139 10/100BaseTX> port 0x1000-0x10ff
mem 0x44000000-0x440000ff irq 11 at 

device 12.0 on pci0
miibus0: <MII bus> on rl0
rlphy0: <RealTek internal media interface> on miibus0
rlphy0:  10baseT, 10baseT-FDX, 100baseTX,
100baseTX-FDX, auto
rl0: Ethernet address: 00:40:f4:b2:f9:bd
rl1: <RealTek 8139 10/100BaseTX> port 0x1400-0x14ff
mem 0x44100000-0x441000ff irq 11 at 

device 13.0 on pci0
miibus1: <MII bus> on rl1
rlphy1: <RealTek internal media interface> on miibus1
rlphy1:  10baseT, 10baseT-FDX, 100baseTX,
100baseTX-FDX, auto
rl1: Ethernet address: 00:40:f4:b2:fe:f4
pci0: <display, VGA> at device 14.0 (no driver
attached)
tl0: <Compaq Netelligent 10/100 TX Embedded UTP> port
0x1820-0x182f irq 11 at device 16.0 

on pci0
miibus2: <MII bus> on tl0
lxtphy0: <LXT970 10/100 media interface> on miibus2
lxtphy0:  100baseFX, 100baseFX-FDX, 10baseT,
10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
tlphy0: <ThunderLAN 10baseT media interface> on
miibus2
tlphy0:  10base2/BNC, 10base5/AUI
tl0: Ethernet address: 00:80:5f:63:e0:80
tl0: if_start running deferred for Giant
tl0: [GIANT-LOCKED]
isab0: <PCI-ISA bridge> at device 20.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <VIA 82C586B UDMA33 controller> port 

0x1830-0x183f,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at
device 20.1 on pci0
ata0: channel #0 on atapci0
ata1: channel #1 on atapci0
uhci0: <VIA 83C572 USB controller> port 0x1800-0x181f
at device 20.2 on pci0
uhci0: [GIANT-LOCKED]
usb0: <VIA 83C572 USB controller> on uhci0
usb0: USB revision 1.0
uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00,
addr 1
uhub0: 2 ports with 2 removable, self powered
pci0: <old, non-VGA display device> at device 20.3 (no
driver attached)
acpi_button0: <Power Button> on acpi0
speaker0: <PC speaker> port 0x61 on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x64,0x60
irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
ppc0: <ECP parallel printer port> port
0x778-0x77d,0x378-0x37f irq 7 drq 3 on acpi0
ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in
COMPATIBLE mode
ppc0: FIFO with 16/16/8 bytes threshold
ppbus0: <Parallel port bus> on ppc0
plip0: <PLIP network interface> on ppbus0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
sio0: <Standard PC COM port> port 0x3f8-0x3ff irq 4
flags 0x10 on acpi0
sio0: type 16550A
fdc0: <floppy drive controller> port 0x3f0-0x3f5 irq 6
drq 2 on acpi0
fdc0: [FAST]
sio1: <Standard PC COM port> port 0x2f8-0x2ff irq 3 on
acpi0
sio1: type 16550A
orm0: <ISA Option ROMs> at iomem
0xe7000-0xeffff,0xe0000-0xe6fff,0xc0000-0xc7fff on
isa0
pmtimer0 on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem
0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 199905462 Hz quality 800
Timecounters tick every 10.000 msec
ad0: 6150MB <ST36421A/8.01> [13330/15/63] at
ata0-master UDMA33
Mounting root from ufs:/dev/ad0s1a
WARNING: / was not properly dismounted
WARNING: /tmp was not properly dismounted
WARNING: /usr was not properly dismounted
WARNING: /var was not properly dismounted
IP Filter: v3.4.35 initialized.  Default = pass all,
Logging = enabled
tl0: adapter check: 100007

----------------------------------------------------------------------------
Here is my backtrace output :

Script started on Sun Mar  6 12:22:29 2005
[root@ crash]# gdb6 -k kernel.debug.0 vmcore.0
GNU gdb 20040803 [GDB v6.x for FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General
Public License, and you are
welcome to change it and/or distribute copies of it
under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show
warranty" for details.
This GDB was configured as
"i386-portbld-freebsd5.3"...
panic: from debugger
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0xc
fault code		= supervisor read, page not present
instruction pointer	= 0x8:0xc04f4c5c
stack pointer	        = 0x10:0xc3eb7aec
frame pointer	        = 0x10:0xc3eb7af8
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 29 (swi1: net)
panic: from debugger
Uptime: 13m22s
Dumping 32 MB
 16
---
#0  doadump () at pcpu.h:159
159	pcpu.h: No such file or directory.
	in pcpu.h
doadump () at pcpu.h:159
159	in pcpu.h
(kgdb) where
#0  doadump () at pcpu.h:159
#1  0xc04c1ad5 in boot (howto=260) at
../../../kern/kern_shutdown.c:397
#2  0xc04c1dbd in panic (fmt=0xc0617bb0 "from
debugger")
    at ../../../kern/kern_shutdown.c:553
#3  0xc0438959 in db_panic (addr=-1068544932,
have_addr=0, count=-1, 
    modif=0xc3eb791c "") at
../../../ddb/db_command.c:435
#4  0xc04388f0 in db_command (last_cmdp=0xc066c4c4,
cmd_table=0x0, 
    aux_cmd_tablep=0xc063cc54,
aux_cmd_tablep_end=0xc063cc58)
    at ../../../ddb/db_command.c:349
#5  0xc04389b8 in db_command_loop () at
../../../ddb/db_command.c:455
#6  0xc043a52d in db_trap (type=12, code=0) at
../../../ddb/db_main.c:221
#7  0xc04d913a in kdb_trap (type=12, code=0,
tf=0xc3eb7aac)
    at ../../../kern/subr_kdb.c:418
#8  0xc05f6cc9 in trap_fatal (frame=0xc3eb7aac,
eva=12)
    at ../../../i386/i386/trap.c:804
#9  0xc05f6a4f in trap_pfault (frame=0xc3eb7aac,
usermode=0, eva=12)
    at ../../../i386/i386/trap.c:727
#10 0xc05f664d in trap (frame=
      {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi =
56, tf_esi = 0, tf_ebp = -1007977736, 

tf_isp = -1007977768, tf_ebx = 0, tf_edx = 0, tf_ecx =
0, tf_eax = 3469992, tf_trapno = 

12, tf_err = 0, tf_eip = -1068544932, tf_cs = 8,
tf_eflags = 66050, tf_esp = 1, tf_ss = 

-1055494464}) at ../../../i386/i386/trap.c:417
#11 0xc05e6afa in calltrap () at
../../../i386/i386/exception.s:140
#12 0x00000018 in ?? ()
#13 0x00000010 in ?? ()
#14 0x00000010 in ?? ()
#15 0x00000038 in ?? ()
#16 0x00000000 in ?? ()
#17 0xc3eb7af8 in ?? ()
#18 0xc3eb7ad8 in ?? ()
#19 0x00000000 in ?? ()
#20 0x00000000 in ?? ()
#21 0x00000000 in ?? ()
#22 0x0034f2a8 in ?? ()
#23 0x0000000c in ?? ()
#24 0x00000000 in ?? ()
#25 0xc04f4c5c in m_copydata (m=0x0, off=0, len=56,
cp=0xc1166ec0 "")
    at ../../../kern/uipc_mbuf.c:513
#26 0xc0ea0ac9 in ?? ()
#27 0xc0e18d00 in ?? ()
#28 0x00000000 in ?? ()
#29 0x00000038 in ?? ()
#30 0xc1166ec0 in ?? ()
#31 0x00000000 in ?? ()
#32 0xc3eb7bd8 in ?? ()
#33 0x00000038 in ?? ()
#34 0xc3eb7b94 in ?? ()
#35 0xc0ea095f in ?? ()
#36 0x00000000 in ?? ()
#37 0xc3eb7bd8 in ?? ()
#38 0xc3eb7b50 in ?? ()
#39 0xc3eb7b48 in ?? ()
#40 0xc3eb7b40 in ?? ()
#41 0x00000002 in ?? ()
#42 0xc0d8c000 in ?? ()
#43 0x00000000 in ?? ()
#44 0x00000001 in ?? ()
#45 0x00000028 in ?? ()
#46 0x00000038 in ?? ()
#47 0xc3eb7b58 in ?? ()
#48 0xc0e18d00 in ?? ()
#49 0x00000000 in ?? ()
#50 0x00306c72 in ?? ()
#51 0x00000000 in ?? ()
#52 0x00000000 in ?? ()
#53 0x00000000 in ?? ()
#54 0xffff3800 in ?? ()
#55 0x0000000c in ?? ()
#56 0x00000000 in ?? ()
#57 0x00004019 in ?? ()
#58 0x00000000 in ?? ()
#59 0x0000000c in ?? ()
#60 0xc3eb7bdc in ?? ()
#61 0x00004019 in ?? ()
#62 0xc0ebc800 in ?? ()
#63 0xc0e18d50 in ?? ()
#64 0xc3eb7c44 in ?? ()
#65 0xc0ea4280 in ?? ()
#66 0x00004019 in ?? ()
#67 0xc0e18d50 in ?? ()
#68 0xc3eb7bd8 in ?? ()
#69 0xc0e18d00 in ?? ()
#70 0xffffffff in ?? ()
#71 0x00000000 in ?? ()
#72 0x00000000 in ?? ()
#73 0xc0e18d00 in ?? ()
#74 0x00000000 in ?? ()
#75 0xc0ebe600 in ?? ()
#76 0x00000004 in ?? ()
#77 0x00000041 in ?? ()
#78 0x00000000 in ?? ()
#79 0xc0ea9740 in ?? ()
#80 0x00000000 in ?? ()
#81 0xc0d8c000 in ?? ()
#82 0x013ec004 in ?? ()
#83 0x8ac213c1 in ?? ()
#84 0x00000000 in ?? ()
#85 0x00000000 in ?? ()
#86 0x00000000 in ?? ()
#87 0xd5662ac2 in ?? ()
#88 0x00000000 in ?? ()
#89 0x00000000 in ?? ()
#90 0x00000000 in ?? ()
#91 0x00000000 in ?? ()
#92 0x00000000 in ?? ()
#93 0x00000003 in ?? ()
#94 0x00000000 in ?? ()
#95 0x00000014 in ?? ()
#96 0x00000000 in ?? ()
#97 0x0000000c in ?? ()
#98 0x00000000 in ?? ()
#99 0xc0ebe600 in ?? ()
#100 0xc0e1a844 in ?? ()
#101 0x000000b5 in ?? ()
#102 0x48fb00a1 in ?? ()
#103 0x00000000 in ?? ()
#104 0xc3eb7c80 in ?? ()
#105 0xc0e7a140 in ?? ()
#106 0xc067cee0 in ip_rsvpd ()
#107 0x00000001 in ?? ()
#108 0xc3eb7c60 in ?? ()
#109 0xc0ea0d06 in ?? ()
#110 0xc0e18d50 in ?? ()
#111 0x00000014 in ?? ()
#112 0xc0d8c000 in ?? ()
#113 0x00000000 in ?? ()
#114 0xc3eb7c80 in ?? ()
#115 0xc3eb7c90 in ?? ()
#116 0xc0532f7f in pfil_run_hooks (ph=0xc1166ec0,
mp=0xc3eb7bd8, 
    ifp=0xc3eb7b50, dir=-1055494528, inp=0xc3eb7b40)
at ../../../net/pfil.c:137
Previous frame inner to this frame (corrupt stack?)
(kgdb)

-------------------------------------------------------------------------------
Here is my ipf.rules :

#################################################################
# Outside Interface 
#################################################################

pass out quick on rl0 proto tcp from any to any keep
state
pass out quick on rl0 proto udp from any to any keep
state
pass out quick on rl0 proto icmp from any to any keep
state
block out quick on rl0 all

#-----------------------------------------------------------------------
# Block all inbound traffic from non-routable or
reserved address spaces
#-----------------------------------------------------------------------
block in log quick on rl0 from 192.168.0.0/16 to any 
#RFC 1918 private IP
block in log quick on rl0 from 172.16.0.0/12 to any  
#RFC 1918 private IP
block in log quick on rl0 from 10.0.0.0/8 to any     
#RFC 1918 private IP
block in log quick on rl0 from 127.0.0.0/8 to any    
#loopback
block in log quick on rl0 from 0.0.0.0/8 to any      
#loopback
block in log quick on rl0 from 169.254.0.0/16 to any 
#DHCP auto-config
block in log quick on rl0 from 192.0.2.0/24 to any   
#reserved for doc's
block in log quick on rl0 from 204.152.64.0/23 to any
#Sun cluster interconnect
block in quick on rl0 from 224.0.0.0/3 to any        
#Class D & E multicast

#----------------------------------------------------------------
# Allow bootp traffic in from your ISP's DHCP server
only. 
#----------------------------------------------------------------
pass in quick on rl0 proto udp from 194.42.102.129/32
to any port = 68 keep state


block return-rst in log quick on rl0 proto tcp from
any to any
block return-icmp-as-dest(port-unr) in log quick on
rl0 proto udp from any to any
block in log quick on rl0 all 

#################################################################

# Inside Interface 
#################################################################


#----------------------------------------------------------------

# Allow out all TCP, UDP, and ICMP traffic & keep
state 
#----------------------------------------------------------------

pass out quick on rl1 proto tcp from any to any keep
state 
pass out quick on rl1 proto udp from any to any keep
state 
pass out quick on rl1 proto icmp from any to any keep
state 
block out quick on rl1 all 

pass out quick on tl0 proto tcp from any to any keep
state 
pass out quick on tl0 proto udp from any to any keep
state 
pass out quick on tl0 proto icmp from any to any keep
state 
block out quick on tl0 all 

#----------------------------------------------------------------
# Allow in all TCP, UDP, and ICMP traffic & keep state

#----------------------------------------------------------------

pass in quick on rl1 proto tcp from any to any keep
state 
pass in quick on rl1 proto udp from any to any keep
state 
pass in quick on rl1 proto icmp from any to any keep
state 
block in quick on rl1 all 

pass in quick on tl0 proto tcp from any to any keep
state 
pass in quick on tl0 proto udp from any to any keep
state 
pass in quick on tl0 proto icmp from any to any keep
state 
block in quick on tl0 all 

#################################################################

# Loopback Interface 
#################################################################


#----------------------------------------------------------------

# ping
#----------------------------------------------------------------

pass in quick on lo0 all 
pass out quick on lo0 all 


Thank you very much for any lead on how to resolve
this.

Stefan Olteanu


=====

More information about the freebsd-net mailing list