misc/130977: [netgraph][pf] kernel panic trap 12 on user connect to VPN server

Semenchuk Oleg darkibot at gmail.com
Sun Jan 25 03:40:01 PST 2009 

>Number:         130977
>Category:       misc
>Synopsis:       [netgraph][pf] kernel panic trap 12 on user connect to VPN server
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 25 11:40:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Semenchuk Oleg
>Release:        7.0 Release, 7.1 Release, 7.1 Stable
>Organization:
NTU
>Environment:
# uname -v
FreeBSD 7.1-STABLE #0: Sat Jan 24 16:17:10 EET 2009 root at srv.subnet.ntu.priv:/usr/src/sys/i386/compile/GENERIC
>Description:
Kernel goes to panic, when user connects to VPN server (based on mpd) or started mpd. Problem is not looks like mpd software bug, same was reproduced with default ppp. In case not load pf.ko - it's not reproduced.

Note: bug is not looks like hardware problem, due to reproduceability 100% on different hardware


loaded modules:
______________________________________
#kldstat 
Id Refs Address    Size     Name 
 1   11 0xc0400000 9a7f34   kernel 
 2    1 0xc0da8000 4674     ng_bridge.ko 
 3    7 0xc0dad000 d89c     netgraph.ko 
 4    1 0xc0dbb000 3df8     ng_ether.ko 
 5    1 0xc0dbf000 6a45c    acpi.ko 
 6    1 0xc23f2000 33000    pf.ko 
 7    1 0xc2583000 4000     ng_socket.ko 
 8    1 0xc25c9000 5000     ng_ksocket.ko 
 9    1 0xc26f6000 3000     ng_iface.ko 
10    1 0xc26fd000 7000     ng_ppp.ko 
______________________________________



kernel dump:
______________________________________
# kgdb /boot/kernel/kernel.symbols /var/crash/vmcore.1
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...


Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x2000200
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc23fd630
stack pointer           = 0x28:0xcd0f6a80
frame pointer           = 0x28:0xcd0f6ab8
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 3110 (mpd4)
trap number             = 12
panic: page fault
cpuid = 0
Uptime: 8h36m1s
Physical memory: 243 MB
Dumping 38 MB: 23 7

Reading symbols from /boot/kernel/ng_bridge.ko...Reading symbols from /boot/kernel/ng_bridge.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_bridge.ko
Reading symbols from /boot/kernel/netgraph.ko...Reading symbols from /boot/kernel/netgraph.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/netgraph.ko
Reading symbols from /boot/kernel/ng_ether.ko...Reading symbols from /boot/kernel/ng_ether.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_ether.ko
Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi.ko
Reading symbols from /boot/kernel/pf.ko...Reading symbols from /boot/kernel/pf.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/pf.ko
Reading symbols from /boot/kernel/ng_socket.ko...Reading symbols from /boot/kernel/ng_socket.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_socket.ko
Reading symbols from /boot/kernel/ng_ksocket.ko...Reading symbols from /boot/kernel/ng_ksocket.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_ksocket.ko
Reading symbols from /boot/kernel/ng_iface.ko...Reading symbols from /boot/kernel/ng_iface.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_iface.ko
Reading symbols from /boot/kernel/ng_ppp.ko...Reading symbols from /boot/kernel/ng_ppp.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_ppp.ko
Reading symbols from /boot/kernel/ng_pptpgre.ko...Reading symbols from /boot/kernel/ng_pptpgre.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_pptpgre.ko
#0  doadump () at pcpu.h:196
196     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) list *0xc23fd630
0xc23fd630 is in pfi_instance_add (/usr/src/sys/modules/pf/../../contrib/pf/net/pf_if.c:579).
574             int              net2, af;
575
576             if (ifp == NULL)
577                     return;
578             TAILQ_FOREACH(ia, &ifp->if_addrlist, ifa_list) {
579                     if (ia->ifa_addr == NULL)
580                             continue;
581                     af = ia->ifa_addr->sa_family;
582                     if (af != AF_INET && af != AF_INET6)
583                             continue;
(kgdb) backtrace
#0  doadump () at pcpu.h:196
#1  0xc079a427 in boot (howto=260) at ../../../kern/kern_shutdown.c:418
#2  0xc079a6f9 in panic (fmt=Variable "fmt" is not available.
) at ../../../kern/kern_shutdown.c:574
#3  0xc0aac6bc in trap_fatal (frame=0xcd0f6a40, eva=33554944) at ../../../i386/i386/trap.c:939
#4  0xc0aac940 in trap_pfault (frame=0xcd0f6a40, usermode=0, eva=33554944) at ../../../i386/i386/trap.c:852
#5  0xc0aad2fc in trap (frame=0xcd0f6a40) at ../../../i386/i386/trap.c:530
#6  0xc0a9317b in calltrap () at ../../../i386/i386/exception.s:159
#7  0xc23fd630 in pfi_instance_add (ifp=0xc2288000, net=128, flags=0)
    at /usr/src/sys/modules/pf/../../contrib/pf/net/pf_if.c:578
#8  0xc23fd933 in pfi_table_update (kt=0xc243f000, kif=0xc2379600, net=128, flags=0)
    at /usr/src/sys/modules/pf/../../contrib/pf/net/pf_if.c:561
#9  0xc23fdbca in pfi_dynaddr_update (dyn=0xc243de74) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf_if.c:543
#10 0xc23fdc1d in pfi_kif_update (kif=0xc2379600) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf_if.c:520
#11 0xc23fdc44 in pfi_kif_update (kif=0xc26e7e00) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf_if.c:525
#12 0xc23fdcb4 in pfi_ifaddr_event (arg=0x0, ifp=0xc2287400) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf_if.c:942
#13 0xc086ff3c in in_control (so=0xc23d4680, cmd=2151704858, data=0xc24cea40 "ng0", ifp=0xc2287400, td=0xc26e6230)
    at ../../../netinet/in.c:460
#14 0xc0833a3d in ifioctl (so=0xc23d4680, cmd=2151704858, data=0xc24cea40 "ng0", td=0xc26e6230) at ../../../net/if.c:1952
#15 0xc07d85aa in soo_ioctl (fp=0xc23832ac, cmd=2151704858, data=0xc24cea40, active_cred=0xc2651500, td=0xc26e6230)
    at ../../../kern/sys_socket.c:191
#16 0xc07d1395 in kern_ioctl (td=0xc26e6230, fd=36, com=2151704858, data=0xc24cea40 "ng0") at file.h:268
#17 0xc07d14f4 in ioctl (td=0xc26e6230, uap=0xcd0f6cfc) at ../../../kern/sys_generic.c:570
#18 0xc0aacc95 in syscall (frame=0xcd0f6d38) at ../../../i386/i386/trap.c:1090
#19 0xc0a931e0 in Xint0x80_syscall () at ../../../i386/i386/exception.s:255
#20 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
______________________________________
>How-To-Repeat:
1. install OS
2. cvsup to 7.0 Release
3. install mpd3 or mpd4 or mpd5
4. create any config for PPTP or PPPoE connections (1 or 2)
5. start mpd daemon
6. connect to VPN server
7. create config for PF with NAT
8. load pf module ( kldload pf )
9. load pf rules from created config ( pfctl -f /etc/pf.conf )
10. enable pf ( pfctl -e )

ACR:
kernel panic
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list