From owner-freebsd-hackers@FreeBSD.ORG Tue Sep 30 09:50:41 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E5A1316A4C2 for ; Tue, 30 Sep 2003 09:50:40 -0700 (PDT) Received: from bjpu.edu.cn (egw.bjpu.edu.cn [202.112.78.77]) by mx1.FreeBSD.org (Postfix) with ESMTP id E349144011 for ; Tue, 30 Sep 2003 09:50:34 -0700 (PDT) (envelope-from liukang@bjpu.edu.cn) Received: (eyou gateway send program); Wed, 01 Oct 2003 00:54:05 +0800 X-EYOU-ORIGINAL-IP: 202.112.78.224 X-EYOU-ENVELOPE-MAILFROM: liukang@bjpu.edu.cn Received: from unknown (HELO lkatschool) (unknown@202.112.78.224) by 202.112.78.77 with ; Wed, 01 Oct 2003 00:54:05 +0800 From: "Kang Liu" To: Date: Wed, 1 Oct 2003 00:47:17 +0800 Message-ID: <012901c38772$8288c9d0$e04e70ca@lkatschool> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal cc: freebsd-ipfw@freebsd.org cc: cokane@FreeBSD.ORG cc: freebsd-hackers@freebsd.org Subject: Re: kern/50216: kernel panic on 5.0-current when use ipfw2 with dynamic rules X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Sep 2003 16:50:41 -0000 I reproduced it on the latest 5.1current. Here is the backtrace: ##### GNU gdb 5.2.1 (FreeBSD) Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-undermydesk-freebsd"... panic: Most recently used by cred panic messages: --- panic: Most recently used by cred Stack backtrace: syncing disks, buffers remaining... 628 628 628 628 628 628 628 628 628 628 628 628 628 628 628 628 628 628 628 628 giving up on 520 buffers Uptime: 16m0s Dumping 255 MB 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 --- Reading symbols from /usr/obj/usr/src/sys/IPFW/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done. Loaded symbols for /usr/obj/usr/src/sys/IPFW/modules/usr/src/sys/modules/acpi/acpi.ko.debug Reading symbols from /boot/kernel/daemon_saver.ko...done. Loaded symbols for /boot/kernel/daemon_saver.ko #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 240 dumping++; (kgdb) bt #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 #1 0xc01a0221 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:372 #2 0xc01a05b7 in panic () at /usr/src/sys/kern/kern_shutdown.c:550 #3 0xc02817f7 in mtrash_ctor (mem=0xc29f8a80, size=0, arg=0x0) at /usr/src/sys/vm/uma_dbg.c:137 #4 0xc028002e in uma_zalloc_arg (zone=0xc083ab40, udata=0x0, flags=257) at /usr/src/sys/vm/uma_core.c:1413 #5 0xc0194a23 in malloc (size=3229854528, type=0xc03020c0, flags=257) at /usr/src/sys/vm/uma.h:234 #6 0xc021e03f in add_dyn_rule (id=0xcd7bfc90, dyn_type=39 '\'', rule=0xc2815e00) at /usr/src/sys/netinet/ip_fw2.c:976 #7 0xc021e43e in install_state (rule=0xc28f3a80, cmd=0xc28f3ac0, args=0xcd7bfc70) at /usr/src/sys/netinet/ip_fw2.c:1140 #8 0xc021f4dc in ipfw_chk (args=0xcd7bfc70) at /usr/src/sys/netinet/ip_fw2.c:1942 #9 0xc0221dd7 in ip_input (m=0xc0ed9800) at /usr/src/sys/netinet/ip_input.c:489 #10 0xc0211a82 in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:236 #11 0xc018c762 in ithread_loop (arg=0xc0ebec80) at /usr/src/sys/kern/kern_intr.c:534 #12 0xc018b76f in fork_exit (callout=0xc018c5e0 , arg=0x0, frame=0x0) at /usr/src/sys/kern/kern_fork.c:796 (kgdb) ##### Here is my full ipfw rule set script: # cat ./ipfwpanic.sh dumpon -v /dev/ad0s1b /sbin/ipfw add allow tcp from any to any established /sbin/ipfw add allow ip from a.b.c.0 to a.b.c.d /sbin/ipfw add allow tcp from any to a.b.c.d 80 limit src-addr 20 setup /sbin/ipfw add allow ip from a.b.c.d to any And I added "IPFIREWALL_DEFAULT_TO_ACCEPT" into kernel configure file. ##### Here is my test script. I installed an apache on that machine, and use ab to connect 80 port. cat panicstart.sh #!/bin/sh number=0 while (test $number -lt 10000) do echo "$number" ab -c 100 http://a.b.c.d/ number=`expr $number + 1` done ##### This problem can be reproduced on both MP and UP machine. I've tested it on a dell poweredge2650(with 2 P4xeon, HTT enabled/disabled) and a DIY PC(1 PIII CPU). The backtrace I post above is produced on PC(1CPU).