Date: Sat, 10 Mar 2001 12:38:17 +0100 From: "Manuel Kasper" <manuelk@bluewin.ch> To: freebsd-stable@freebsd.org Cc: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> Subject: Re: panic, ipfw broken in stable? Message-ID: <200103101238170970.00A30124@smtp.freesurf.ch> In-Reply-To: <200103091822.KAA29463@gndrsh.dnsmgr.net> References: <200103091822.KAA29463@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi all,
On 09.03.2001 at 10:22 Rodney W. Grimes wrote:
> Since it looks like you haven't seen the ongoing thread about
> your problem, I thought I would follow up to your original email.
>
> Right now we have a hypothosis that a MFC of the stats counters
> to ip_output is causing your panic. I would like to try and
> duplicate that on a system here, but I need some configuration
> data from your system, particularly the ipfw rule set that
> is triggering the problem. (this applies to anyone who has
> seen this panic.)
I just decided to add that I'm experiencing the same problem now that I've
upgraded to 4.3-BETA (from 4.2-RELEASE) - I hope my observations are of
some use. It really only happens when there's a ipfw ruleset that uses
DUMMYNET... I wanted to try out DUMMYNET, and so enabled it: as soon as I
connected to the FreeBSD box, it paniced. The following rules I added to
rc.firewall seem to cause the problem:
${fwcmd} add pipe 1 ip from any to any
${fwcmd} pipe 1 config bw 2Mbit/s
If I comment these out and do a sh rc.firewall, everything is well again
(no problems with the firewall). Just FYI, the machine is an AMD Duron
800/128 MB RAM, and the last time I cvsup'ed and made world was at about
09:00 GMT today. I also removed all options from make.conf that are
possibly unsafe (CPUTYPE and all CFLAGS), but it's the same story. The
kernel I used was a GENERIC one with the only options added being:
options IPFIREWALL
options DUMMYNET
I attempted to use gdb as described in
(http://www.freebsd.org/handbook/kerneldebug.html):
----------------------------------------------------------------------
bash-2.04# gdb -k GNU gdb 4.18 Copyright 1998 Free Software Foundation,
Inc. GDB is free software, covered by the GNU General Public License, and
you are welcome to change it and/or distribute copies of it under certain
conditions. Type "show copying" to see the conditions. There is absolutely
no warranty for GDB. Type "show warranty" for details. This GDB was
configured as "i386-unknown-freebsd". (kgdb) symbol-file kernel.debug
Reading symbols from kernel.debug...done. (kgdb) exec-file
/usr/crash/kernel.0 (kgdb) core-file /usr/crash/vmcore.0 IdlePTD 4648960
initial pcb at 3bc240 panicstr: page fault panic messages: --- Fatal trap
12: page fault while in kernel mode fault virtual address = 0x28 fault code
= supervisor write, page not present instruction pointer = 0x8:0xc02051ab
stack pointer = 0x10:0xc038818c frame pointer =
0x10:0xc03881e0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL
0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume,
IOPL = 0 current process = Idle interrupt mask = net tty trap number =
12 panic: page fault syncing disks... 20 20 14 done Uptime: 33m49s
dumping to dev #ad/0x30001, offset 270848 dump ata0: resetting devices ..
done 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111
110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90
89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65
64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40
39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15
14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 --- #0 dumpsys () at
../../kern/kern_shutdown.c:469 469 if (dumping++) { (kgdb) where #0
dumpsys () at ../../kern/kern_shutdown.c:469 #1 0xc01abd63 in boot
(howto=256) at ../../kern/kern_shutdown.c:309 #2 0xc01ac0e0 in
poweroff_wait (junk=0xc037f56f, howto=0) at
../../kern/kern_shutdown.c:556 #3 0xc031a549 in trap_fatal
(frame=0xc038814c, eva=40) at ../../i386/i386/trap.c:951 #4 0xc031a221
in trap_pfault (frame=0xc038814c, usermode=0, eva=40) at
../../i386/i386/trap.c:844 #5 0xc0319ddb in trap (frame={tf_fs = 16,
tf_es = 16, tf_ds = 16, tf_edi = -1057765888, tf_esi = 0, tf_ebp =
-1070038560, tf_isp = -1070038664, tf_ebx = -1058781184, tf_edx =
44805, tf_ecx = 0, tf_eax = -1061880004, tf_trapno = 12, tf_err = 2,
tf_eip = -1071623765, tf_cs = 8, tf_eflags = 66118, tf_esp =
-1057763072, tf_ss = -1058116352}) at ../../i386/i386/trap.c:443 #6
0xc02051ab in ip_output (m0=0xc0b4ff00, opt=0x0, ro=0xc0f3d124, flags=0,
imo=0x0) at ../../netinet/ip_output.c:791 #7 0xc01fdb6a in
transmit_event (pipe=0xc0ee6d00) at ../../netinet/ip_dummynet.c:426 #8
0xc01fdd6f in ready_event (q=0xc0f3c600) at ../../netinet/ip_dummynet.c:566
#9 0xc01feb8f in dummynet_io (pipe_nr=1, dir=1, m=0xc0b4ff00,
ifp=0xc0e44800, ro=0xc80696a8, dst=0xc0f3d128, rule=0xc0e73e50,
flags=0) at ../../netinet/ip_dummynet.c:1137 #10 0xc02050b4 in
ip_output (m0=0xc0b4ff00, opt=0x0, ro=0xc80696a8, flags=0, imo=0x0) at
../../netinet/ip_output.c:483 ---Type <return> to continue, or q <return>
to quit--- #11 0xc020add4 in tcp_output (tp=0xc8069720) at
../../netinet/tcp_output.c:861 #12 0xc02096b7 in tcp_input (m=0xc0b4ff00,
off0=20, proto=6) at ../../netinet/tcp_input.c:2282 #13 0xc0203b61 in
ip_input (m=0xc0b4ff00) at ../../netinet/ip_input.c:792 #14 0xc01fdb7e in
transmit_event (pipe=0xc0ee6d00) at ../../netinet/ip_dummynet.c:431 #15
0xc01fdd6f in ready_event (q=0xc0f3c600) at ../../netinet/ip_dummynet.c:566
#16 0xc01fe207 in dummynet (unused=0x0) at ../../netinet/ip_dummynet.c:719
#17 0xc01b195d in softclock () at ../../kern/kern_timeout.c:131 (kgdb) up 5
#5 0xc0319ddb in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16,
tf_edi = -1057765888, tf_esi = 0, tf_ebp = -1070038560, tf_isp =
-1070038664, tf_ebx = -1058781184, tf_edx = 44805, tf_ecx = 0,
tf_eax = -1061880004, tf_trapno = 12, tf_err = 2, tf_eip = -1071623765,
tf_cs = 8, tf_eflags = 66118, tf_esp = -1057763072, tf_ss =
-1058116352}) at ../../i386/i386/trap.c:443 443 (void)
trap_pfault(&frame, FALSE, eva); (kgdb) frame frame->tf_ebp frame->tf_eip
#0 0xc02051ab in ip_output (m0=0xc0b4ff00, opt=0x0, ro=0xc0f3d124,
flags=0, imo=0x0) at ../../netinet/ip_output.c:791 791
ia->ia_ifa.if_opackets++; (kgdb) list 786 } 787 } 788 789 /* Record
statistics for this interface address. */ 790 if (!(flags &
IP_FORWARDING)) { 791 ia->ia_ifa.if_opackets++; 792
ia->ia_ifa.if_obytes += m->m_pkthdr.len; 793 } 794 795 error =
(*ifp->if_output)(ifp, m, (kgdb) print ia $1 = (struct in_ifaddr *) 0x0
(kgdb) up #1 0xc01fdb6a in transmit_event (pipe=0xc0ee6d00) at
../../netinet/ip_dummynet.c:426 426 (void)ip_output((struct mbuf
*)pkt, NULL, NULL, 0, NULL); (kgdb) up #2 0xc01fdd6f in ready_event
(q=0xc0f3c600) at ../../netinet/ip_dummynet.c:566 566 transmit_event(p);
(kgdb) up #3 0xc01feb8f in dummynet_io (pipe_nr=1, dir=1, m=0xc0b4ff00,
ifp=0xc0e44800, ro=0xc80696a8, dst=0xc0f3d128, rule=0xc0e73e50,
flags=0) at ../../netinet/ip_dummynet.c:1137 1137 ready_event( q
); (kgdb) up #4 0xc02050b4 in ip_output (m0=0xc0b4ff00, opt=0x0,
ro=0xc80696a8, flags=0, imo=0x0) at ../../netinet/ip_output.c:483 483
error = dummynet_io(off & 0xffff, DN_TO_IP_OUT, m, (kgdb) up #5
0xc020add4 in tcp_output (tp=0xc8069720) at ../../netinet/tcp_output.c:861
861 error = ip_output(m, tp->t_inpcb->inp_options,
&tp->t_inpcb->inp_route, (kgdb) up #6 0xc02096b7 in tcp_input
(m=0xc0b4ff00, off0=20, proto=6) at ../../netinet/tcp_input.c:2282 2282
(void) tcp_output(tp); (kgdb) up #7 0xc0203b61 in ip_input (m=0xc0b4ff00)
at ../../netinet/ip_input.c:792 792
(*inetsw[ip_protox[ip->ip_p]].pr_input)(m, off, nh); (kgdb) up #8
0xc01fdb7e in transmit_event (pipe=0xc0ee6d00) at
../../netinet/ip_dummynet.c:431 431 ip_input((struct mbuf *)pkt) ;
(kgdb) up #9 0xc01fdd6f in ready_event (q=0xc0f3c600) at
../../netinet/ip_dummynet.c:566 566 transmit_event(p); (kgdb) up #10
0xc01fe207 in dummynet (unused=0x0) at ../../netinet/ip_dummynet.c:719 719
ready_event(p) ; (kgdb) up #11 0xc01b195d in softclock () at
../../kern/kern_timeout.c:131 131 c_func(c_arg); (kgdb) up Initial
frame selected; you cannot go up. (kgdb) quit
----------------------------------------------------------------------
And here's the output of dmesg:
----------------------------------------------------------------------
Copyright (c) 1992-2001 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 4.3-BETA #0: Sat Mar 10 10:57:01 CET 2001
root@freebsd.neon1.net:/usr/src/sys/compile/TEST
Timecounter "i8254" frequency 1193182 Hz
CPU: AMD Duron(tm) Processor (799.62-MHz 686-class CPU)
Origin = "AuthenticAMD" Id = 0x631 Stepping = 1
Features=0x183f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMO
V,PAT,PSE36,MMX,FXSR>
AMD Features=0xc0440000<<b18>,AMIE,DSP,3DNow!>
real memory = 134152192 (131008K bytes)
avail memory = 126214144 (123256K bytes)
Preloaded elf kernel "kernel" at 0xc0450000.
Pentium Pro MTRR support enabled
md0: Malloc disk
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcib0: <Host to PCI bridge> on motherboard
pci0: <PCI bus> on pcib0
pcib2: <PCI to PCI bridge (vendor=1106 device=8305)> at device 1.0 on pci0
pci1: <PCI bus> on pcib2
pci1: <ATI model 4c42 graphics accelerator> at 0.0 irq 10
isab0: <VIA 82C686 PCI-ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <VIA 82C686 ATA66 controller> port 0xa000-0xa00f at device 7.1 on
pci0
ata0: at 0x1f0 irq 14 on atapci0
ata1: at 0x170 irq 15 on atapci0
uhci0: <VIA 83C572 USB controller> port 0xa400-0xa41f irq 10 at device 7.2
on pci0
usb0: <VIA 83C572 USB controller> on uhci0
usb0: USB revision 1.0
uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1: <VIA 83C572 USB controller> port 0xa800-0xa81f irq 10 at device 7.3
on pci0
usb1: <VIA 83C572 USB controller> on uhci1
usb1: USB revision 1.0
uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
chip2: <VIA 82C686 AC97 Audio> port
0xb400-0xb403,0xb000-0xb003,0xac00-0xacff irq 5 at device 7.5 on pci0
fxp0: <Intel Pro 10/100B/100+ Ethernet> port 0xbc00-0xbc3f mem
0xdc000000-0xdc0fffff,0xdc100000-0xdc100fff irq 11 at device 9.0 on pci0
fxp0: Ethernet address 00:90:27:c1:32:cb
pci0: <unknown card> (vendor=0x0675, dev=0x1702) at 13.0 irq 11
pcib1: <Host to PCI bridge> on motherboard
pci2: <PCI bus> on pcib1
fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
fdc0: FIFO enabled, 8 bytes threshold
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
kbd0 at atkbd0
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: model MouseMan+, device ID 0
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A
sio1 at port 0x2f8-0x2ff irq 3 on isa0
sio1: type 16550A
ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/8 bytes threshold
plip0: <PLIP network interface> on ppbus0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
IP packet filtering initialized, divert disabled, rule-based forwarding
disabled, default to deny, logging disabled
DUMMYNET initialized (010124)
ad0: 43979MB <IBM-DTLA-307045> [89355/16/63] at ata0-master UDMA66
acd0: CD-RW <CR-4804TE> at ata1-master using PIO3
ast0: TAPE <COMPAQ TR4 ATAPI> at ata1-slave using PIO0
Mounting root from ufs:/dev/ad0s2a
----------------------------------------------------------------------
Finally, here's the output from 'ipfw list' with the DUMMYNET options
enabled (as I said, with these loaded it crashes as soon as I connect to
the box):
----------------------------------------------------------------------
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 pipe 1 ip from any to any
00500 allow tcp from any to any established
00600 allow ip from any to any frag
00700 allow tcp from any to 192.168.0.21 25 setup
00800 allow tcp from any to 192.168.0.21 21 setup
00900 allow tcp from any to 192.168.0.21 137-139 setup
01000 allow udp from any to any 137-139
01100 allow tcp from 192.168.0.21 to any setup
01200 deny tcp from any to any 0-1023 setup
01300 allow tcp from any to any setup
01400 allow udp from 192.168.0.21 to any 53 keep-state
01500 allow udp from 192.168.0.21 to any 123 keep-state
65535 deny ip from any to any
----------------------------------------------------------------------
Please tell me if there's anything else I can do in order to help eliminate
the bug.
HTH,
Manuel
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103101238170970.00A30124>