From owner-freebsd-ipfw@freebsd.org Fri Jun 14 17:13:15 2019 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 18BC515AD07C for ; Fri, 14 Jun 2019 17:13:15 +0000 (UTC) (envelope-from pmc@citylink.dinoex.sub.org) Received: from uucp.dinoex.org (uucp.dinoex.sub.de [IPv6:2001:1440:5001:1::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "uucp.dinoex.sub.de", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CCF6721B2 for ; Fri, 14 Jun 2019 17:13:13 +0000 (UTC) (envelope-from pmc@citylink.dinoex.sub.org) Received: from uucp.dinoex.sub.de (uucp.dinoex.sub.de [194.45.71.2]) by uucp.dinoex.org (8.16.0.41/8.16.0.41) with ESMTPS id x5EHD4Wv084565 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Fri, 14 Jun 2019 19:13:05 +0200 (CEST) (envelope-from pmc@citylink.dinoex.sub.org) X-MDaemon-Deliver-To: Received: from citylink.dinoex.sub.org (uucp@localhost) by uucp.dinoex.sub.de (8.16.0.41/8.16.0.41/Submit) with UUCP id x5EHD4JQ084564 for freebsd-ipfw@freebsd.org; Fri, 14 Jun 2019 19:13:04 +0200 (CEST) (envelope-from pmc@citylink.dinoex.sub.org) Received: from gate.oper.dinoex.org (gate-e [192.168.98.2]) by citylink.dinoex.sub.de (8.15.2/8.15.2) with ESMTP id x5EFXLdf005281 for ; Fri, 14 Jun 2019 17:33:21 +0200 (CEST) (envelope-from peter@gate.oper.dinoex.org) Received: from gate.oper.dinoex.org (gate-e [192.168.98.2]) by gate.oper.dinoex.org (8.15.2/8.15.2) with ESMTP id x5EFX2Z8005274 for ; Fri, 14 Jun 2019 17:33:02 +0200 (CEST) (envelope-from peter@gate.oper.dinoex.org) Received: (from peter@localhost) by gate.oper.dinoex.org (8.15.2/8.15.2/Submit) id x5EFX2RJ005273 for freebsd-ipfw@freebsd.org; Fri, 14 Jun 2019 17:33:02 +0200 (CEST) (envelope-from peter) Date: Fri, 14 Jun 2019 17:33:02 +0200 From: Peter To: freebsd-ipfw@freebsd.org Subject: ipfw: switching sets does stall the machine Message-ID: <20190614153302.GA4503@gate.oper.dinoex.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.11.4 (2019-03-13) X-Milter: Spamilter (Reciever: uucp.dinoex.sub.de; Sender-ip: 194.45.71.2; Sender-helo: uucp.dinoex.sub.de; ) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (uucp.dinoex.org [194.45.71.2]); Fri, 14 Jun 2019 19:13:08 +0200 (CEST) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jun 2019 17:13:15 -0000 Hi, I am trying to use two different configurations (production and test) loaded into different sets, and switch between them with # ipfw set disable ... enable ... When testing my script, this did work, except once the machine went into "swap_pager indefinite wait" and was lost. Then, after reboot (and automatically loading the production rules) I tried to load and switch to the test rules, and immediately got ATA COMMAND TIMEOUT and the machine was lost. I repeated this a few times, it is nicely reproducible: withing 3-5 seconds after the new rules are loaded, the machine locks up and is lost. I analyzed more closely by running "top -HPS" in rtprio, and found this: * loading the rules is no problem. * when switching sets, the command returns, but then within few seconds the machine gets unresponsive and stays so until watchdog hits. * The last thing seen in "top" (before it freezes) is this thread eating 85% CPU (and running with high priority): [irq12: uhci0 uhci1] It there a known workaround? Details: Machine : i386 OS : FreeBSD 11.2-RELEASE-p10 Command : ipfw set disable 1 2 3 4 5 6 7 8 9 10 11 12 13 14 enable 16 17 18 19 20 21 22 23 24 25 26 27 28 29