From owner-freebsd-ipfw@FreeBSD.ORG Mon Sep 3 17:50:43 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8F28516A418 for ; Mon, 3 Sep 2007 17:50:43 +0000 (UTC) (envelope-from vadimnuclight@tpu.ru) Received: from relay1.tpu.ru (relay1.tpu.ru [213.183.112.102]) by mx1.freebsd.org (Postfix) with ESMTP id E490B13C4CB for ; Mon, 3 Sep 2007 17:50:42 +0000 (UTC) (envelope-from vadimnuclight@tpu.ru) Received: from localhost (localhost.localdomain [127.0.0.1]) by relay1.tpu.ru (Postfix) with ESMTP id E988E10527F; Tue, 4 Sep 2007 00:50:39 +0700 (NOVST) X-Virus-Scanned: amavisd-new at tpu.ru Received: from relay1.tpu.ru ([127.0.0.1]) by localhost (relay1.tpu.ru [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4nZhbuQyMhKD; Tue, 4 Sep 2007 00:50:38 +0700 (NOVST) Received: from mail.main.tpu.ru (mail.main.tpu.ru [10.0.0.3]) by relay1.tpu.ru (Postfix) with ESMTP id 9516C10527E; Tue, 4 Sep 2007 00:50:38 +0700 (NOVST) Received: from mail.tpu.ru ([213.183.112.105]) by mail.main.tpu.ru with Microsoft SMTPSVC(6.0.3790.3959); Tue, 4 Sep 2007 00:50:38 +0700 Received: from nuclight.avtf.net ([83.172.2.158]) by mail.tpu.ru over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Tue, 4 Sep 2007 00:50:38 +0700 To: "Andrey V. Elsukov" , freebsd-ipfw@freebsd.org References: <1261981188838083@webmail15.yandex.ru> Message-ID: Date: Tue, 04 Sep 2007 00:50:36 +0700 From: "Vadim Goncharov" Organization: AVTF TPU Hostel Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r MIME-Version: 1.0 Content-Transfer-Encoding: 8bit In-Reply-To: <1261981188838083@webmail15.yandex.ru> User-Agent: Opera M2/7.54 (Win32, build 3865) X-OriginalArrivalTime: 03 Sep 2007 17:50:38.0180 (UTC) FILETIME=[EFD52240:01C7EE52] Cc: Subject: Re: dummynet / ipfw2: panic, double fault X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Sep 2007 17:50:43 -0000 03.09.07 @ 23:48 Andrey V. Elsukov wrote: > I got a trace for this fault. > dummynet reinject packet to the ip_input through netisr_dispath. > This procedure was done success several times, but in the next time > it's fault. > (kgdb) p &ipfw_chk > $1 = (int (*)(struct ip_fw_args *)) 0xc3374ea0 > (kgdb) l *(0xc3374ea0+0x16) > 0xc3374eb6 is in ipfw_chk > (/usr/src/sys/modules/ipfw/../../netinet/ip_fw2.c:2304). > 2299 * ip is the beginning of the ip(4 or 6) header. > 2300 * Calculated by adding the L3offset to the start > of data. > 2301 * (Until we start using L3offset, the packet is > 2302 * supposed to start with the ip header). > 2303 */ > 2304 struct mbuf *m = args->m; > 2305 struct ip *ip = mtod(m, struct ip *); > > I don't understand why we have panic here.. > Can someone explain this panic? We have repeating groups of calls for several times, ending in: > dblfault_handler() at dblfault_handler+0x9b > --- trap 0x17, eip = 0xc3343eb6, esp = 0xd4f80f7c, ebp = 0xd4f8127c --- > ipfw_chk(d4f81294,41ec0d7e,0,0,c30de000,...) at ipfw_chk+0x16 As we can see from comment in /sys/i386/i386/trap.c: * Double fault handler. Called when a fault occurs while writing * a frame for a trap/exception onto the stack. This usually occurs * when the stack overflows (such is the case with infinite recursion, * for example). That's look like our case, repeating calls, as in infinite recursion. I suppose that interrupt thread's stack in the kernel is too small for this case. Quick-n-dirty hackish solution could be increasing stack size, but that could be overriden by another bunch of rules. Alas, I am not a VM/netisr guru to find the right way... -- WBR, Vadim Goncharov