Date: Mon, 24 Mar 2003 02:06:10 +0800 From: "Kang Liu" <lazykang@hotmail.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/50216: kernel panic on 5.0-current when use ipfw2 with dynamic rules Message-ID: <F103XXUv1MJ3G9Vbj2l000025c4@hotmail.com>
next in thread | raw e-mail | index | archive | help
>Number: 50216
>Category: kern
>Synopsis: kernel panic on 5.0-current when use ipfw2 with dynamic rules
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Mar 23 10:10:14 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Kang Liu
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
Beijing University of Technology
>Environment:
System: FreeBSD cnproxy.bjpu.edu.cn 5.0-CURRENT FreeBSD 5.0-CURRENT #2: Sun
Mar 23 21:35:41 CST 2003
root@cnproxy.bjpu.edu.cn:/usr/obj/usr/src/sys/CNPROXY i386
DELL poweredge2650 CPU: 2*Intel(R) Xeon(TM) CPU 2.00GHz (1993.54-MHz
686-class CPU) (SMP and HyperThreading are both enabled in kenrel
configuration file)
>Description:
I tried to use ipfw2 with dynamic rules by commands shown below:
ipfw add allow tcp from any to any established
ipfw add allow tcp from 192.168.0.0/16 to server_ip some_ports limit
src-addr 20 setup
ipfw add allow udp from 192.168.0.0/16 to server_ip some_ports
ipfw add allow tcp from some_ip to server_ip some_ports limit src-addr 80
setup
... and so on
The kernel will panic immediately while network connection is active. If I
use static rules instead of those dynamic rules or disable network
connection by use "ifconfig bge0 down", nothing happens.
I've add "options DDB" and some other debug options into my kernel configure
file, I get the following message when kernel panic:
----Start of message---
Memory modified after free 0xc9471f0 (124)
panic: Most recently used by IpFw/IpAcct
cpuid=3;lapic.id=0300000
Stack bactrace:
backtrace(c0349879,3000000,C035a79a,e231fabe,1) at backtrace+0x17
panic(c035a79a,c03524d7,7c,c082ab64,c082ab40) at panic+0x10a
mtrash_ctor(c9471f00,80,0,54d,3) at mtrash_ctor+0x5d
uma_zalloc_arg(c082ab40,0,101,c034bc1,1be) at uma_zalloc_arg+0x17f
malloc(48,c037ef20,101,2700001b,e231fc70) at malloc+0xdc
add_dyn_rule(e231fc90,27,c9472180,c9472180,0)at add_dyn_rule+0x7b
install_state(c8fdd70,c8fdd764,e231fc70,e231fbf4,c01f1954)at
install_state+0x1fd
ipfw_chk(e231fc70,c01cc3ad,c03a96a0,1,c0348bc1)at ipfw_chk+0x9a1
ip_input(c3b52000,0,c0351940,e9,c8b6a240)at ip_input+0x2c3
swi_net(0,0,c0347569,217,c3b18000)at swi_net+0x112
ithread_loop(c3b17080,e231fd48,c0347300,363,0)at ithread_loop+0x182
fork_exit(c01c3190,c3b17080,e231fd48)at fork_exit+0xc4
fork_trampoline()at fork_trampoline+0x1a
--trap 0x1,eip=0,esp=0xe231fd7c,ebp=0--
Debygger("panic")
Stopped at Debugger+0xff:xchgl %ebx,in_Debugger,0
----End of Message---
I copy the message above from screen,I'm not sure whether I've typed it
exactly as displayed on the screen.I hope it is helpful.
>How-To-Repeat:
use dynamic rules with ipfw2.
(I do not have a machine with only a single CPU to run freebsd-current, the
problem might be related to SMP or HTT).
>Fix:
Sorry, I can not give and patch now.
The only way I found to get rid of this problem is run ipfw2 with static
rules instead of dynamic rules.
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
>Release-Note:
>Audit-Trail:
>Unformatted:
>rules
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F103XXUv1MJ3G9Vbj2l000025c4>