amd64/141905: pf kernel panic on 7.2-RELEASE with empty pf.conf

Andriy Tovstik andriy.tovstik at gmail.com
Tue Dec 22 21:40:01 UTC 2009 

>Number:         141905
>Category:       amd64
>Synopsis:       pf kernel panic on 7.2-RELEASE with empty pf.conf
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-amd64
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 22 21:40:00 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Andriy Tovstik
>Release:        7.2-RELEASE-p4
>Organization:
RedTram
>Environment:
uname -a
FreeBSD utel-gw.intra 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #0: Fri Oct  2 08:22:32 UTC 2009     root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
i try to load pf on my gateway with empty pf.conf (for testing purposes) and i get a kernel panic every time i try to 'pfctl -d':

kgdb message:

kgdb kernel.debug /var/crash/vmcore.4                                      
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:

Fatal trap 9: general protection fault while in kernel mode
cpuid = 0; apic id = 00
instruction pointer     = 0x8:0xffffffff80564a3d
stack pointer           = 0x10:0xfffffffef5f5e6b0
frame pointer           = 0x10:0xfffffffef5f5e830
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 35 (nfe0 taskq)
trap number             = 9
panic: general protection fault
cpuid = 0
Uptime: 56m49s
Physical memory: 4083 MB
Dumping 288 MB: 273 257 241 225 209 193 177 161 145 129 113 97 81 65 49 33 17 1

Reading symbols from /boot/kernel/if_bridge.ko...Reading symbols from /boot/kernel/if_bridge.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/if_bridge.ko
Reading symbols from /boot/kernel/bridgestp.ko...Reading symbols from /boot/kernel/bridgestp.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/bridgestp.ko
Reading symbols from /boot/kernel/pf.ko...Reading symbols from /boot/kernel/pf.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/pf.ko
#0  doadump () at pcpu.h:195
195             __asm __volatile("movq %%gs:0,%0" : "=r" (td));
(kgdb) list *0xffffffff80564a3d
0xffffffff80564a3d is in m_tag_locate (/usr/src/sys/kern/uipc_mbuf2.c:391).
386             if (t == NULL)
387                     p = SLIST_FIRST(&m->m_pkthdr.tags);
388             else
389                     p = SLIST_NEXT(t, m_tag_link);
390             while (p != NULL) {
391                     if (p->m_tag_cookie == cookie && p->m_tag_id == type)
392                             return p;
393                     p = SLIST_NEXT(p, m_tag_link);
394             }
395             return NULL;
(kgdb) bt                                                                                                      
#0  doadump () at pcpu.h:195                                                                                   
#1  0x0000000000000004 in ?? ()                                                                                
#2  0xffffffff8050df99 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418                            
#3  0xffffffff8050e3a2 in panic (fmt=0x104 <Address 0x104 out of bounds>) at /usr/src/sys/kern/kern_shutdown.c:574
#4  0xffffffff807d2273 in trap_fatal (frame=0xffffff000157f6e0, eva=Variable "eva" is not available.              
) at /usr/src/sys/amd64/amd64/trap.c:757                                                                          
#5  0xffffffff807d2dc5 in trap (frame=0xfffffffef5f5e600) at /usr/src/sys/amd64/amd64/trap.c:558                  
#6  0xffffffff807b70ee in calltrap () at /usr/src/sys/amd64/amd64/exception.S:209                                 
#7  0xffffffff80564a3d in m_tag_locate (m=0xffffff0004cf4300, cookie=0, type=21, t=Variable "t" is not available. 
) at /usr/src/sys/kern/uipc_mbuf2.c:390                                                                           
#8  0xffffffff80e3d7ed in pf_test (dir=2, ifp=0xffffff0001611800, m0=0xfffffffef5f5e890, eh=0x0, inp=0x0) at mbuf.h:957
#9  0xffffffff80e43b55 in pf_check_out (arg=Variable "arg" is not available.
) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c:3687
#10 0xffffffff805b98c1 in pfil_run_hooks (ph=Variable "ph" is not available.
) at /usr/src/sys/net/pfil.c:78
#11 0xffffffff805f46eb in ip_output (m=0xffffff0004cf4300, opt=Variable "opt" is not available.
) at /usr/src/sys/netinet/ip_output.c:443
#12 0xffffffff805e99bb in in_gif_output (ifp=0xffffff0004756800, family=Variable "family" is not available.
) at /usr/src/sys/netinet/in_gif.c:244
#13 0xffffffff805b083f in gif_output (ifp=0xffffff0004756800, m=0xffffff0004b9ac00, dst=0xffffff0004792590, rt=Variable "rt" is not available.
)
    at /usr/src/sys/net/if_gif.c:455
#14 0xffffffff805b0c09 in gif_start (ifp=0xffffff0004756800) at /usr/src/sys/net/if_gif.c:351
#15 0xffffffff80e26023 in bridge_forward (sc=0xffffff0004721c00, sbif=Variable "sbif" is not available.
)
    at /usr/src/sys/modules/if_bridge/../../net/if_bridge.c:2083
#16 0xffffffff80e2653f in bridge_input (ifp=0xffffff0001611000, m=0xffffff0004b9ac00)
    at /usr/src/sys/modules/if_bridge/../../net/if_bridge.c:2287
#17 0xffffffff805ae407 in ether_input (ifp=0xffffff0001611000, m=0xffffff0004b9ac00) at /usr/src/sys/net/if_ethersubr.c:655
#18 0xffffffff807fca8d in nfe_int_task (arg=Variable "arg" is not available.
) at /usr/src/sys/dev/nfe/if_nfe.c:2116
#19 0xffffffff80545efd in taskqueue_run (queue=0xffffff0004500380) at /usr/src/sys/kern/subr_taskqueue.c:282
#20 0xffffffff8054618e in taskqueue_thread_loop (arg=Variable "arg" is not available.
) at /usr/src/sys/kern/subr_taskqueue.c:401
#21 0xffffffff804ea993 in fork_exit (callout=0xffffffff80546140 <taskqueue_thread_loop>, arg=0xfffffffe8022e1c8,
    frame=0xfffffffef5f5ec80) at /usr/src/sys/kern/kern_fork.c:810
#22 0xffffffff807b74ae in fork_trampoline () at /usr/src/sys/amd64/amd64/exception.S:455
#23 0x0000000000000000 in ?? ()
<SKIP REPEATED MESSAGES>                        
#47 0x0000000000cf9000 in ?? ()                                                                                              
#48 0xffffffff80b325c0 in tdg_maxid ()                                                                                       
#49 0xffffffff80b3edc0 in tdq_cpu ()                                                                                         
#50 0xffffffff80b40830 in sleepq_chains ()                                                                                   
#51 0xffffff000157f6e0 in ?? ()                                                                                              
#52 0xffffff000157fa10 in ?? ()                                                                                              
#53 0xfffffffef5f5eb08 in ?? ()                                                                                              
#54 0xffffff000157f6e0 in ?? ()                                                                                              
#55 0xffffffff80531608 in sched_switch (td=0xffffffff80546140, newtd=0x800533350, flags=Variable "flags" is not available.   
)       at /usr/src/sys/kern/sched_ule.c:1938
<SKIP REPEATED MESSAGES>  
#123 0x0000000000000000 in ?? ()
Cannot access memory at address 0xfffffffef5f5f000

>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-amd64 mailing list