From owner-freebsd-pf@FreeBSD.ORG Wed May 23 19:49:33 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 517BB106566C; Wed, 23 May 2012 19:49:33 +0000 (UTC) (envelope-from Joerg.Pulz@frm2.tum.de) Received: from mailhost.frm2.tum.de (mailhost.frm2.tum.de [129.187.179.12]) by mx1.freebsd.org (Postfix) with ESMTP id B86698FC12; Wed, 23 May 2012 19:49:32 +0000 (UTC) Received: from mailhost.frm2.tum.de (localhost [127.0.0.1]) by mailhost.frm2.tum.de (8.14.4/8.14.4) with ESMTP id q4NJmBKx097085; Wed, 23 May 2012 21:48:11 +0200 (CEST) (envelope-from Joerg.Pulz@frm2.tum.de) X-Virus-Scanned: at mailhost.frm2.tum.de Received: from hades.admin.frm2 (hades.admin.frm2 [172.25.1.10]) (authenticated bits=0) by mailhost.frm2.tum.de (8.14.4/8.14.4) with ESMTP id q4NJm6RQ097073 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 23 May 2012 21:48:09 +0200 (CEST) (envelope-from Joerg.Pulz@frm2.tum.de) Date: Wed, 23 May 2012 21:48:03 +0200 (CEST) From: Joerg Pulz To: Daniel Hartmeier In-Reply-To: <20120522150603.GF29536@insomnia.benzedrine.cx> Message-ID: References: <201205221200.q4MC0Gtg085514@freefall.freebsd.org> <20120522150603.GF29536@insomnia.benzedrine.cx> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="3469798045-1716925155-1337802345=:21881" Content-ID: X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.6 (mailhost.frm2.tum.de [129.187.179.12]); Wed, 23 May 2012 21:48:09 +0200 (CEST) Cc: FreeBSD-gnats-submit@freebsd.org, freebsd-pf@freebsd.org Subject: Re: kern/168190: [pf] panic when using pf and route-to (maybe: bad fragment handling?) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 May 2012 19:49:33 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --3469798045-1716925155-1337802345=:21881 Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8BIT Content-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Content-ID: On Tue, 22 May 2012, Daniel Hartmeier wrote: > If you have the chance, please try the patch below. > > It adds byte order checks all over the place, hoping for a panic closer > to the source of the problem. Daniel, system was running for about a day with your patch with many users using it. It panic'ed some minutes ago. System configuration is still the same, no other patches, no changed interface settings or removed/changed kernel options. Here is the kgdb(1) output with "m" and "ifp" listed. I hope this helps to get closer to the source of the problem. Let me know if you need more output. Kind regards Joerg #### kgdb.out_assert GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... Unread portion of the kernel message buffer: panic: ASSERT_HOST_BYTE_ORDER cpuid = 1 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2a kdb_backtrace() at kdb_backtrace+0x37 panic() at panic+0x182 pfil_run_hooks() at pfil_run_hooks+0x159 ip_output() at ip_output+0x6de ip_forward() at ip_forward+0x19e ip_input() at ip_input+0x670 swi_net() at swi_net+0x15a intr_event_execute_handlers() at intr_event_execute_handlers+0x66 ithread_loop() at ithread_loop+0xaf fork_exit() at fork_exit+0x12a fork_trampoline() at fork_trampoline+0xe - --- trap 0, rip = 0, rsp = 0xffffff8000241d00, rbp = 0 --- KDB: enter: panic Dumping 585 out of 4077 MB:..3%..11%..22%..31%..41%..52%..61%..72%..82%..91% Reading symbols from /boot/kernel/geom_mirror.ko...Reading symbols from /boot/kernel/geom_mirror.ko.symbols...done. done. Loaded symbols for /boot/kernel/geom_mirror.ko Reading symbols from /boot/kernel/ipmi.ko...Reading symbols from /boot/kernel/ipmi.ko.symbols...done. done. Loaded symbols for /boot/kernel/ipmi.ko #0 doadump (textdump=0) at pcpu.h:224 224 __asm("movq %%gs:0,%0" : "=r" (td)); (kgdb) up 10 #10 0xffffffff8074b325 in pfil_run_hooks (ph=0xfffffe000581f880, mp=0xffffff8000241978, ifp=0xfffffe0003002000, dir=2, inp=0x0) at /usr/src/sys/net/pfil.c:89 89 ASSERT_HOST_BYTE_ORDER(m); (kgdb) list 84 ASSERT_HOST_BYTE_ORDER(m); 85 rv = (*pfh->pfil_func)(pfh->pfil_arg, &m, ifp, dir, 86 inp); 87 if (rv != 0 || m == NULL) 88 break; 89 ASSERT_HOST_BYTE_ORDER(m); 90 } 91 } 92 PFIL_RUNLOCK(ph, &rmpt); 93 *mp = m; (kgdb) p *m $1 = {m_hdr = {mh_next = 0xfffffe000586bb00, mh_nextpkt = 0x0, mh_data = 0xfffffe010045c974 "E", mh_len = 60, mh_flags = 66, mh_type = 1, pad = "­ÞÞÀ­Þ"}, M_dat = {MH = {MH_pkthdr = {rcvif = 0xfffffe0003001800, header = 0x0, len = 450, flowid = 0, csum_flags = 768, csum_data = 26073, tso_segsz = 0, PH_vt = {vt_vtag = 0, vt_nrecs = 0}, tags = {slh_first = 0xfffffe000572c700}}, MH_dat = {MH_ext = { ext_buf = 0xc02c01fc0045
, ext_free = 0xc02c01c20045, ext_arg1 = 0x4d46cb4f398a0437, ext_arg2 = 0xc201004557b3bb81, ext_size = 21286, ref_cnt = 0x240119ac02079b0a, ext_type = 2059207427}, MH_databuf = "E\000ü\001,À\000\000E\000Â\001,À\000\0007\004\2129OËFM\201»³WE\000\001Â&S\000\000?\001\224\016\n\233\a\002¬\031\001$\003\003½z\000\000\000\000E\000\001¦åí\000\000>\021Ö\177¬\031\001$\n\233\a\002\0005ÿ_\001\222)Ûdh\201\200\000\001\000\003\000\b\000\bÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­Þ"}}, M_databuf = "\000\030\000\003\000þÿÿ\000\000\000\000\000\000\000\000Â\001\000\000\000\000\000\000\000\003\000\000Ùe\000\000\000\000\000\000ÞÀ­Þ\000Çr\005\000þÿÿE\000ü\001,À\000\000E\000Â\001,À\000\0007\004\2129OËFM\201»³WE\000\001Â&S\000\000?\001\224\016\n\233\a\002¬\031\001$\003\003½z\000\000\000\000E\000\001¦åí\000\000>\021Ö\177¬\031\001$\n\233\a\002\0005ÿ_\001\222)Ûdh\201\200\000\001\000\003\000\b\000\bÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­Þ"...}} (kgdb) p *ifp $2 = {if_softc = 0xffffff80007b1000, if_l2com = 0xfffffe000300ba40, if_vnet = 0x0, if_link = {tqe_next = 0xfffffe0003001000, tqe_prev = 0xfffffe0003001818}, if_xname = "bge1", '\0' , if_dname = 0xfffffe00028f07d8 "bge", if_dunit = 1, if_refcount = 1, if_addrhead = {tqh_first = 0xfffffe0003009800, tqh_last = 0xfffffe000591b4b8}, if_pcount = 0, if_carp = 0x0, if_bpf = 0xfffffe0005126900, if_index = 6, if_index_reserved = 0, if_vlantrunk = 0x0, if_flags = 34819, if_capabilities = 524443, if_capenable = 524443, if_linkmib = 0x0, if_linkmiblen = 0, if_data = { ifi_type = 6 '\006', ifi_physical = 0 '\0', ifi_addrlen = 6 '\006', ifi_hdrlen = 18 '\022', ifi_link_state = 2 '\002', ifi_spare_char1 = 0 '\0', ifi_spare_char2 = 0 '\0', ifi_datalen = 152 '\230', ifi_mtu = 1500, ifi_metric = 0, ifi_baudrate = 1000000000, ifi_ipackets = 1922972, ifi_ierrors = 0, ifi_opackets = 962786, ifi_oerrors = 0, ifi_collisions = 0, ifi_ibytes = 1150684321, ifi_obytes = 312161748, ifi_imcasts = 942443, ifi_omcasts = 0, ifi_iqdrops = 0, ifi_noproto = 0, ifi_hwassist = 3, ifi_epoch = 1, ifi_lastchange = {tv_sec = 1337714565, tv_usec = 347019}}, if_multiaddrs = {tqh_first = 0xfffffe0005915900, tqh_last = 0xfffffe0005a39100}, if_amcount = 0, if_output = 0xffffffff8073d805 , if_input = 0xffffffff8073cddb , if_start = 0xffffffff803c3087 , if_ioctl = 0xffffffff803c92ba , if_init = 0xffffffff803c9274 , if_resolvemulti = 0xffffffff8073c79d , if_qflush = 0xffffffff807355d2 , if_transmit = 0xffffffff8073549e , if_reassign = 0, if_home_vnet = 0x0, if_addr = 0xfffffe0003009800, if_llsoftc = 0x0, if_drv_flags = 64, if_snd = {ifq_head = 0x0, ifq_tail = 0x0, ifq_len = 0, ifq_maxlen = 511, ifq_drops = 0, ifq_mtx = {lock_object = { lo_name = 0xfffffe0003002028 "bge1", lo_flags = 16973824, lo_data = 0, lo_witness = 0xffffff80006cf480}, mtx_lock = 4}, ifq_drv_head = 0x0, ifq_drv_tail = 0x0, ifq_drv_len = 0, ifq_drv_maxlen = 511, altq_type = 0, altq_flags = 1, altq_disc = 0x0, altq_ifp = 0xfffffe0003002000, altq_enqueue = 0, altq_dequeue = 0, altq_request = 0, altq_clfier = 0x0, altq_classify = 0, altq_tbr = 0x0, altq_cdnr = 0x0}, if_broadcastaddr = 0xffffffff80adb000 "ÿÿÿÿÿÿ", if_bridge = 0x0, if_label = 0x0, if_prefixhead = {tqh_first = 0x0, tqh_last = 0xfffffe0003002278}, if_afdata = {0x0, 0x0, 0xfffffe000581fa00, 0x0 , 0xfffffe0005814800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, if_afdata_initialized = 2, if_afdata_lock = { lock_object = {lo_name = 0xffffffff80ada29a "if_afdata", lo_flags = 69402624, lo_data = 0, lo_witness = 0xffffff80006cf400}, rw_lock = 1}, if_linktask = {ta_link = {stqe_next = 0x0}, ta_pending = 0, ta_priority = 0, ta_func = 0xffffffff80737a79 , ta_context = 0xfffffe0003002000}, if_addr_mtx = {lock_object = { lo_name = 0xffffffff80acc360 "if_addr_mtx", lo_flags = 16973824, lo_data = 0, lo_witness = 0xffffff80006c8b80}, mtx_lock = 4}, if_clones = {le_next = 0x0, le_prev = 0x0}, if_groups = { tqh_first = 0xfffffe00050d3ae0, tqh_last = 0xfffffe00050d3ae8}, if_pf_kif = 0xfffffe0005889300, if_lagg = 0x0, if_description = 0x0, if_fib = 0, if_alloctype = 6 '\006', if_cspare = "\000\000", if_ispare = {0, 0, 0, 0}, if_pspare = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}} (kgdb) #### kgdb.out_assert - -- The beginning is the most important part of the work. -Plato -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iD8DBQFPvT72SPOsGF+KA+MRAvxgAJ91uOe4RymMtaUOoZ7IK61/qHpoSQCZAbd0 /LVHK3BmvPKBUbd6e5rokUE= =9vPz -----END PGP SIGNATURE----- --3469798045-1716925155-1337802345=:21881--