On Wednesday 12 August 2009 21:16:09 Peter Jeremy wrote:> My firewall (7.2p3/i386) recently panic'd:
> Fatal trap 12: page fault while in kernel mode
> fault virtual address = 0x1065e
> fault code = supervisor read, page not present
> ...
> I have a crashdump that shows:
> #6 0xc06c9c1b in calltrap () at /usr/src/sys/i386/i386/exception.s:159
> #7 0xc044ecd0 in pf_state_tree_lan_ext_RB_REMOVE_COLOR (head=0xc2a256a8,
> parent=0xc442c6a0, elm=0xc40aa8e0) at
> /usr/src/sys/contrib/pf/net/pf.c:391 #8 0xc044ef79 in
> pf_state_tree_lan_ext_RB_REMOVE (head=0xc2a256a8, elm=0xc404a11c) at
> /usr/src/sys/contrib/pf/net/pf.c:391
> #9 0xc045383e in pf_unlink_state (cur=0xc404a11c)
> at /usr/src/sys/contrib/pf/net/pf.c:1158
> #10 0xc0456b6e in pf_purge_expired_states (maxcheck=119)
> at /usr/src/sys/contrib/pf/net/pf.c:1242
> #11 0xc04570f9 in pf_purge_thread (v=0x0)
> at /usr/src/sys/contrib/pf/net/pf.c:998
> #12 0xc0535781 in fork_exit (callout=0xc0456f50 <pf_purge_thread>,
arg=0x0,
> frame=0xd2d4cd38) at /usr/src/sys/kern/kern_fork.c:810
> #13 0xc06c9c90 in fork_trampoline () at
> /usr/src/sys/i386/i386/exception.s:264
>
> Working up, 'parent' in pf_state_tree_lan_ext_RB_REMOVE_COLOR() has
> a garbage u.s.entry_lan_ext:
> (kgdb) p parent->u
> $3 = {s = {entry_lan_ext = {rbe_left = 0x10602, rbe_right = 0x50000,
> rbe_parent = 0xc40aa8e0, rbe_color = -1002258432}, entry_ext_gwy = {
> rbe_left = 0xc3c42238, rbe_right = 0x1, rbe_parent = 0x0,
> rbe_color = 0}, entry_id = {rbe_left = 0xc3c54470, rbe_right = 0x0,
> rbe_parent = 0x0, rbe_color = 0}, entry_list = {tqe_next >
0xc41f9e6c, tqe_prev = 0x0}, kif = 0xc442c58c},
> ifname = "\002\006\001\000\000\000\005\000??\n?\000?B?"}
>
> Does anyone have any suggestions on where to look next?
You could try the attached patch that I just set to re@ for inclusion. There
is an obvious error in how I handle the pf_consistency_lock in the purge
thread that might well be the culprit for the error you are seeing. I assume
you can't trigger the panic at will, though. In any case I'd be
interested in
your feedback, thanks.
--
/"\ Best regards, | mlaier@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pfpurge_lock.diff
Type: text/x-patch
Size: 5573 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20090814/563c4626/pfpurge_lock.bin