From owner-freebsd-ipfw@FreeBSD.ORG Fri Apr 23 16:47:34 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 632CC1065670 for ; Fri, 23 Apr 2010 16:47:34 +0000 (UTC) (envelope-from dan@dan.emsphone.com) Received: from email1.allantgroup.com (email1.emsphone.com [199.67.51.115]) by mx1.freebsd.org (Postfix) with ESMTP id 2B4B68FC18 for ; Fri, 23 Apr 2010 16:47:33 +0000 (UTC) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by email1.allantgroup.com (8.14.0/8.14.0) with ESMTP id o3NGdRE5048960 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 23 Apr 2010 11:39:27 -0500 (CDT) (envelope-from dan@dan.emsphone.com) Received: from dan.emsphone.com (smmsp@localhost [127.0.0.1]) by dan.emsphone.com (8.14.4/8.14.3) with ESMTP id o3NGdQk5056368 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 23 Apr 2010 11:39:27 -0500 (CDT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.14.4/8.14.3/Submit) id o3NGdQg9056367 for freebsd-ipfw@freebsd.org; Fri, 23 Apr 2010 11:39:26 -0500 (CDT) (envelope-from dan) Date: Fri, 23 Apr 2010 11:39:26 -0500 From: Dan Nelson To: freebsd-ipfw@freebsd.org Message-ID: <20100423163926.GD14572@dan.emsphone.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-OS: FreeBSD 8.0-STABLE User-Agent: Mutt/1.5.20 (2009-06-14) X-Virus-Scanned: clamav-milter 0.96 at email1.allantgroup.com X-Virus-Status: Clean X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (email1.allantgroup.com [199.67.51.78]); Fri, 23 Apr 2010 11:39:27 -0500 (CDT) X-Scanned-By: MIMEDefang 2.45 Subject: cdpd/ladvd panic after r205511 MFC X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Apr 2010 16:47:34 -0000 I recently upgraded my 8-stable i386 kernel, and ladvd caused a panic during bootup. ladvd is a deamon that sends out switch discovery frames via /dev/bpf . Switching to cdpd (another program like ladvd) results in the same panic. I traced it down to the ipfw MFC on 2010-03-23 (rev r205511). Unfortunately, all my crash dumps give garbage stack traces so the only info I have is the trap log and a DDB backtrace. I can generate more crashdumps if they are needed for debugging. It's reproducable on a GENERIC kernel by loading ipfw, ensuring that all traffic is allowed, and starting up either ladvd or cdpd from ports. Fatal trap 12: page fault while in kernel mode cpuid = 2; apic id = 02 fault virtual address = 0x0 fault code = supervisor read, page not present instruction pointer = 0x20:0x808a17f4 stack pointer = 0x28:0xe1526b58 frame pointer = 0x28:0xe1526bb8 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 2967 (ladvd) db:0:kdb.enter.default> show pcpu cpuid = 3 dynamic pcpu = 0x5f60600 curthread = 0x8c71b4a0: pid 2967 "ladvd" curpcb = 0xe1526d90 fpcurthread = none idlethread = 0x86d5e940: pid 11 "idle: cpu3" APIC ID = 3 currentldt = 0x50 spin locks held: db:0:kdb.enter.default> bt Tracing pid 2967 tid 100264 td 0x8c71b4a0 bcmp(86ea5d00,e1526c58,0,0,0,...) at bcmp+0x14 devfs_write_f(8eb588c0,e1526c58,86d5a100,0,8c71b4a0,...) at devfs_write_f+0xc1 dofilewrite(e1526c58,ffffffff,ffffffff,0,8eb588c0,...) at dofilewrite+0x95 kern_writev(8c71b4a0,a,e1526c58,e1526c78,1,...) at kern_writev+0x58 write(8c71b4a0,e1526cf8,80954c4b,8093722a,8eb0a550,...) at write+0x4f syscall(e1526d38) at syscall+0x260 Xint0x80_syscall() at Xint0x80_syscall+0x20 --- syscall (4, FreeBSD ELF32, write), eip = 0x281a7543, esp = 0x7fbfe42c, ebp = 0x7fbfe478 --- -- Dan Nelson dnelson@allantgroup.com