Date: Sun, 24 Oct 2004 16:47:54 +0200 From: Gilbert Cao <hika@bsdmon.com> To: freebsd-net@freebsd.org Subject: Kernel panic with pf Message-ID: <20041024144754.GA1670@bsdmon.com>
next in thread | raw e-mail | index | archive | help
Hi everyone,
I just experienced a kernel panic when I have execute
a small program I just grab from apache2 configure script.
I guess this program just check the TCP_NODELAY behaviour ...
-------------------------------------------------------------------------------
Here is the following source code :
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
/*typedef int socklen_t;*/
int main(void) {
int listen_s, connected_s, client_s;
int listen_port, rc;
struct sockaddr_in sa;
socklen_t sa_len;
socklen_t option_len;
int option;
listen_s = socket(AF_INET, SOCK_STREAM, 0);
if (listen_s < 0) {
perror("socket");
exit(1);
}
option = 1;
rc = setsockopt(listen_s, IPPROTO_TCP, TCP_NODELAY, &option, sizeof option);
if (rc < 0) {
perror("setsockopt TCP_NODELAY");
exit(1);
}
memset(&sa, 0, sizeof sa);
sa.sin_family = AF_INET;
#ifdef BEOS
sa.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
#endif
/* leave port 0 to get ephemeral */
rc = bind(listen_s, (struct sockaddr *)&sa, sizeof sa);
if (rc < 0) {
perror("bind for ephemeral port");
exit(1);
}
/* find ephemeral port */
sa_len = sizeof(sa);
rc = getsockname(listen_s, (struct sockaddr *)&sa, &sa_len);
if (rc < 0) {
perror("getsockname");
exit(1);
}
listen_port = sa.sin_port;
rc = listen(listen_s, 5);
if (rc < 0) {
perror("listen");
exit(1);
}
client_s = socket(AF_INET, SOCK_STREAM, 0);
if (client_s < 0) {
perror("socket");
exit(1);
}
memset(&sa, 0, sizeof sa);
sa.sin_family = AF_INET;
sa.sin_port = listen_port;
#ifdef BEOS
sa.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
#endif
/* leave sin_addr all zeros to use loopback */
rc = connect(client_s, (struct sockaddr *)&sa, sizeof sa);
if (rc < 0) {
perror("connect");
exit(1);
}
sa_len = sizeof sa;
connected_s = accept(listen_s, (struct sockaddr *)&sa, &sa_len);
if (connected_s < 0) {
perror("accept");
exit(1);
}
option_len = sizeof option;
rc = getsockopt(connected_s, IPPROTO_TCP, TCP_NODELAY, &option, &option_len);
if (rc < 0) {
perror("getsockopt");
exit(1);
}
if (!option) {
fprintf(stderr, "TCP_NODELAY is not set in the child.\n");
exit(1);
}
return 0;
}
-------------------------------------------------------------------------------
Here is my dmesg output :
Copyright (c) 1992-2004 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights
reserved.
FreeBSD 5.3-RC1 #6: Sat Oct 23 11:47:59 CEST 2004
root@sdf1.bsdmon.com:/usr/obj/usr/src/sys/SDF1BSD
ACPI APIC Table: <VIA694 MSI ACPI>
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: AMD Athlon(tm) XP (1249.41-MHz 686-class CPU)
Origin = "AuthenticAMD" Id = 0x662 Stepping = 2
Features=0x383fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
AMD Features=0xc0400000<AMIE,DSP,3DNow!>
real memory = 536805376 (511 MB)
avail memory = 511422464 (487 MB)
MADT: Forcing active-low polarity and level trigger for SCI
ioapic0 <Version 1.1> irqs 0-23 on motherboard
npx0: [FAST]
npx0: <math processor> on motherboard
npx0: INT 16 interface
acpi0: <VIA694 MSI ACPI> on motherboard
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0
cpu0: <ACPI CPU (3 Cx states)> on acpi0
acpi_button0: <Power Button> on acpi0
acpi_button1: <Sleep Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port
0x6000-0x607f,0x5000-0x500f,0x4080-0x40ff,0x4000-0x407f,0xcf8-0xcff on
acpi0
ACPI link \\_SB_.PCI0.LNKD has invalid initial irq 9, ignoring
pci0: <ACPI PCI bus> on pcib0
agp0: <VIA 82C8363 (Apollo KT133A) host to PCI bridge> mem
0xe0000000-0xe3ffffff at device 0.0 on pci0
pcib1: <PCI-PCI bridge> at device 1.0 on pci0
pci1: <PCI bus> on pcib1
nvidia0: <GeForce FX 5600XT> mem
0xd0000000-0xdfffffff,0xe4000000-0xe4ffffff irq 16 at device 0.0 on pci1
nvidia0: [GIANT-LOCKED]
isab0: <PCI-ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <VIA 82C686B UDMA100 controller> port
0xc000-0xc00f,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at device 7.1 on pci0
ata0: channel #0 on atapci0
ata1: channel #1 on atapci0
uhci0: <VIA 83C572 USB controller> port 0xc400-0xc41f irq 10 at device
7.2 on pci0
uhci0: [GIANT-LOCKED]
usb0: <VIA 83C572 USB controller> on uhci0
usb0: USB revision 1.0
uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhid0: Logitech WingMan Precision USB, rev 1.10/1.03, addr 2, iclass 3/0
uhci1: <VIA 83C572 USB controller> port 0xc800-0xc81f irq 10 at device
7.3 on pci0
uhci1: [GIANT-LOCKED]
usb1: <VIA 83C572 USB controller> on uhci1
usb1: USB revision 1.0
uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
pci0: <multimedia, audio> at device 7.5 (no driver attached)
rl0: <RealTek 8139 10/100BaseTX> port 0xdc00-0xdcff mem
0xe7000000-0xe70000ff irq 17 at device 8.0 on pci0
miibus0: <MII bus> on rl0
rlphy0: <RealTek internal media interface> on miibus0
rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl0: Ethernet address: 00:50:fc:43:a7:8a
trm0: <Tekram DC395U/UW/F DC315/U Fast20 Wide SCSI Adapter> port
0xe000-0xe0ff mem 0xe7001000-0xe7001fff irq 18 at device 9.0 on pci0
trm0: [GIANT-LOCKED]
pcm0: <Creative EMU10K1> port 0xe400-0xe41f irq 19 at device 10.0 on
pci0
pcm0: <SigmaTel STAC9708/11 AC97 Codec>
fdc0: <floppy drive controller> port 0x3f7,0x3f2-0x3f5 irq 6 drq 2 on
acpi0
fdc0: [FAST]
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on
acpi0
sio0: type 16550A
sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550A
ppc0: <Standard parallel printer port> port 0x378-0x37f irq 7 on acpi0
ppc0: Generic chipset (EPP/NIBBLE) in COMPATIBLE mode
ppbus0: <Parallel port bus> on ppc0
ppi0: <Parallel I/O> on ppbus0
plip0: <PLIP network interface> on ppbus0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
atkbdc0: <Keyboard controller (i8042)> port 0x64,0x60 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: model IntelliMouse Explorer, device ID 4
orm0: <ISA Option ROM> at iomem 0xd0000-0xd7fff on isa0
pmtimer0 on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on
isa0
Timecounter "TSC" frequency 1249409092 Hz quality 800
Timecounters tick every 10.000 msec
IP Filter: v3.4.35 initialized. Default = pass all, Logging = enabled
ipfw2 initialized, divert enabled, rule-based forwarding enabled,
default to accept, logging unlimited
ad0: 38166MB <WDC WD400BB-00CCB0/05.04E05> [77545/16/63] at ata0-master
UDMA100
ad1: 57241MB <WDC WD600BB-75CCB0/22.04A22> [116301/16/63] at ata0-slave
UDMA100
acd0: DVDR <HL-DT-ST DVDRAM GSA-4081B/A100> at ata1-slave UDMA33
Waiting 15 seconds for SCSI devices to settle
cd0 at trm0 bus 0 target 0 lun 0
cd0: <PLEXTOR CD-ROM PX-40TS 1.12> Removable CD-ROM SCSI-2 device
cd0: 20.000MB/s transfers (20.000MHz, offset 15)
cd0: Attempt to query device size failed: NOT READY, Medium not present
- tray closed
cd1 at ata1 bus 0 target 1 lun 0
cd1: <HL-DT-ST DVDRAM GSA-4081B A100> Removable CD-ROM SCSI-0 device
cd1: 33.000MB/s transfers
cd1: Attempt to query device size failed: NOT READY, Medium not present
Mounting root from ufs:/dev/ad0s1a
WARNING: / was not properly dismounted
WARNING: /usr was not properly dismounted
/usr: mount pending error: blocks 12 files 4
NVRM: detected agp.ko, aborting NVIDIA AGP setup!
NVRM: detected agp.ko, aborting NVIDIA AGP setup!
-------------------------------------------------------------------------------
Here is my backtrace output :
# kgdb /usr/obj/usr/src/sys/SDF1BSD/kernel.debug /usr/crash/vmcore.0
[GDB will not be able to debug user-mode threads:
/usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-marcel-freebsd".
doadump () at pcpu.h:159
(kgdb) list
159 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) where
#0 doadump () at pcpu.h:159
#1 0xc065106b in boot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:397
#2 0xc06513c1 in panic (fmt=0xc082c23e "from debugger") at
/usr/src/sys/kern/kern_shutdown.c:553
#3 0xc049cbd5 in db_panic (addr=-1069012735, have_addr=0, count=-1,
modif=0xd55f18d4 "") at /usr/src/sys/ddb/db_command.c:435
#4 0xc049cb6c in db_command (last_cmdp=0xc0900244, cmd_table=0x0,
aux_cmd_tablep=0xc087c2fc, aux_cmd_tablep_end=0xc087c318) at
/usr/src/sys/ddb/db_command.c:349
#5 0xc049cc34 in db_command_loop () at
/usr/src/sys/ddb/db_command.c:455
#6 0xc049e7ad in db_trap (type=12, code=0) at
/usr/src/sys/ddb/db_main.c:221
#7 0xc0668f53 in kdb_trap (type=12, code=0, tf=0x1) at
/usr/src/sys/kern/subr_kdb.c:418
#8 0xc07f589d in trap_fatal (frame=0xd55f1a68, eva=296) at
/usr/src/sys/i386/i386/trap.c:804
#9 0xc07f55fb in trap_pfault (frame=0xd55f1a68, usermode=0, eva=296) at
/usr/src/sys/i386/i386/trap.c:727
#10 0xc07f51f1 in trap (frame=
{tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = -715187408, tf_esi =
-715187412, tf_ebp = -715187500, tf_isp = -715187564, tf_ebx =
-1038093076, tf_edx = -1042521712, tf_ecx = 16885952, tf_eax = 0,
tf_trapno = 12, tf_err = 0, tf_eip = -1069012735, tf_cs = 8, tf_eflags =
66050, tf_esp = -1673396224, tf_ss = -1040125440}) at
/usr/src/sys/i386/i386/trap.c:417
#11 0xc07e307a in calltrap () at /usr/src/sys/i386/i386/exception.s:140
#12 0x00000018 in ?? ()
#13 0x00000010 in ?? ()
#14 0x00000010 in ?? ()
#15 0xd55f1b30 in ?? ()
#16 0xd55f1b2c in ?? ()
#17 0xd55f1ad4 in ?? ()
#18 0xd55f1a94 in ?? ()
#19 0xc21ff4ec in ?? ()
#20 0xc1dc6190 in ?? ()
#21 0x0101a8c0 in ?? ()
#22 0x00000000 in ?? ()
#23 0x0000000c in ?? ()
#24 0x00000000 in ?? ()
#25 0xc0482901 in pf_socket_lookup (uid=0xd55f1b2c, gid=0xd55f1b30,
direction=1, pd=0x0, inp_arg=0x0) at
/usr/src/sys/contrib/pf/net/pf.c:2509
#26 0xc0483199 in pf_test_tcp (rm=0xd55f1b98, sm=0x0, direction=1,
kif=0xc202c800, m=0xc200f200, off=20, h=0xc200f240, pd=0xd55f1be8,
am=0xd55f1b9c, rsm=0xd55f1ba0, inp=0x0)
at /usr/src/sys/contrib/pf/net/pf.c:2778
#27 0xc048a0b7 in pf_test (dir=1, ifp=0xc1f19400, m0=0xd55f1c84,
inp=0x0) at /usr/src/sys/contrib/pf/net/pf.c:5988
#28 0xc04931ad in pf_check_in (arg=0x0, m=0xd55f1c84, ifp=0xc1f19400,
dir=1, inp=0x0) at /usr/src/sys/contrib/pf/net/pf_ioctl.c:3226
#29 0xc06c3603 in pfil_run_hooks (ph=0xc09265e0, mp=0xd55f1ccc,
ifp=0xc1f19400, dir=1, inp=0x0) at /usr/src/sys/net/pfil.c:137
#30 0xc06dfae7 in ip_input (m=0xc200f200) at
/usr/src/sys/netinet/ip_input.c:439
#31 0xc06c1ddf in netisr_processqueue (ni=0xc0925318) at
/usr/src/sys/net/netisr.c:233
#32 0xc06c220a in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:346
#33 0xc063c965 in ithread_loop (arg=0xc1d89c80) at
/usr/src/sys/kern/kern_intr.c:547
#34 0xc063ba15 in fork_exit (callout=0xc063c80c <ithread_loop>,
arg=0xc1d89c80, frame=0xd55f1d48) at /usr/src/sys/kern/kern_fork.c:811
#35 0xc07e30dc in fork_trampoline () at
/usr/src/sys/i386/i386/exception.s:209
(kgdb)
-------------------------------------------------------------------------------
Here is my pf config :
int_if="rl0"
int_addr="192.168.1.1"
int_net="192.168.1.0/24"
wifi_net="192.168.0.0/24"
restricted_users="{ 1001 >< 1004, 1004 >< 65354 }"
# Options
set optimization aggressive
# Normalization des paquets
scrub in all fragment reassemble
block in log quick from any os "NMAP" to any
block log quick proto { tcp, udp } all user $restricted_users
# Règle sur la machine locale
pass in quick on lo0 all
pass out quick on lo0 all
# On peut sortir sur l'extérieur, et accepter les retours
pass out quick on $int_if proto tcp from $int_addr to any keep state
pass out quick on $int_if proto udp from $int_addr to any
pass out quick on $int_if proto icmp from $int_addr to any
block in log quick from any to 127.0.0.0/8
block out log quick from any to 127.0.0.0/8
block in log quick from 127.0.0.0/8 to any
block out log quick from 127.0.0.0/8 to any
# On ouvre de l'extérieur vers les services internes
pass in quick on $int_if proto tcp from any to $int_addr port { 21, 22,
25, 80, 210, 1113, 6671, 10080 } flags S/SA keep state
pass in quick on $int_if proto tcp from any to $int_addr port 59999 ><
60101 flags S/SA keep state
pass in quick on $int_if proto tcp from any to $int_addr port 5499 ><
5511 flags S/SA keep state
pass in quick on $int_if proto tcp from any to $int_addr port 7880 ><
8000 flags S/SA keep state
pass in quick on $int_if proto udp from any port { 53, 123 } to
$int_addr
pass in quick on $int_if proto icmp from any to $int_addr
# On accepte les réponses au PING
# pass in quick on $int_if proto icmp from any to $int_addr icmp-type
# echorep
# On fait confiance aux réseaux locales
pass in quick on $int_if proto tcp from $int_net to $int_addr flags S/SA
keep state
pass in quick on $int_if proto udp from $int_net to $int_addr
pass in quick on $int_if proto udp from $int_net to $int_net
pass in quick on $int_if proto tcp from $wifi_net to $int_addr flags
S/SA keep state
pass in quick on $int_if proto udp from $wifi_net to $int_addr
pass in quick on $int_if proto udp from $wifi_net to $int_net
# On bloque tout et on logge sinon
block log all
---------------------------------
** IMPORTANT NOTE :
When I remove the following line from my pf.conf :
block log quick proto { tcp, udp } all user $restricted_users
The kernel does not panic !
Thanks in advance.
Gilbert Cao.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041024144754.GA1670>