From owner-freebsd-bugs@FreeBSD.ORG Mon Dec 24 14:30:04 2007 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 31AD516A419 for ; Mon, 24 Dec 2007 14:30:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id F0DD213C4D9 for ; Mon, 24 Dec 2007 14:30:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id lBOEU3Te079222 for ; Mon, 24 Dec 2007 14:30:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id lBOEU3iJ079221; Mon, 24 Dec 2007 14:30:03 GMT (envelope-from gnats) Resent-Date: Mon, 24 Dec 2007 14:30:03 GMT Resent-Message-Id: <200712241430.lBOEU3iJ079221@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Andrey V. Elsukov" Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0768F16A418 for ; Mon, 24 Dec 2007 14:27:48 +0000 (UTC) (envelope-from elsukov@kirov.so-cdu.ru) Received: from mgat.kirov.so-cdu.ru (mgat.kirov.so-cdu.ru [77.72.136.147]) by mx1.freebsd.org (Postfix) with ESMTP id 588AF13C45D for ; Mon, 24 Dec 2007 14:27:47 +0000 (UTC) (envelope-from elsukov@kirov.so-cdu.ru) Received: from mail.kirov.so-cdu.ru ([62.33.253.129]) by mgat.kirov.so-cdu.ru with InterScan Message Security Suite; Mon, 24 Dec 2007 16:57:43 +0300 Received: from kas30pipe.localhost (localhost.kirov.so-cdu.ru [127.0.0.1]) by mail.kirov.so-cdu.ru (Postfix) with SMTP id 6674FB8055; Mon, 24 Dec 2007 16:57:41 +0300 (MSK) Received: by mail.kirov.so-cdu.ru (Postfix, from userid 1011) id 411A8B8054; Mon, 24 Dec 2007 16:57:41 +0300 (MSK) Message-Id: <20071224135741.411A8B8054@mail.kirov.so-cdu.ru> Date: Mon, 24 Dec 2007 16:57:41 +0300 (MSK) From: "Andrey V. Elsukov" To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: maksim_l@mail.ru Subject: kern/118993: [ipfw] page fault - probably it's a locking problem X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Andrey V. Elsukov" List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Dec 2007 14:30:04 -0000 >Number: 118993 >Category: kern >Synopsis: [ipfw] page fault - probably it's a locking problem >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Dec 24 14:30:03 UTC 2007 >Closed-Date: >Last-Modified: >Originator: Andrey V. Elsukov >Release: FreeBSD 6.2-STABLE #6: Mon Jul 30 >Organization: >Environment: FreeBSD 6.2-STABLE i386 SMP >Description: It's my friends system, not my. Just for record. System has panic when an operator starts `sh /etc/rc.firewall`. This is production system and it uses ipfw2, ng_ipfw, ng_nat, ng_netflow, dummynet, mpd4. # ident /sys/netinet/ip_fw2.c $FreeBSD: src/sys/netinet/ip_fw2.c,v 1.106.2.40 2007/06/07 09:50:53 bz Exp $ Unread portion of the kernel message buffer: ipfw: ouch!, skip past end of rules, denying packet ipfw: ouch!, skip past end of rules, denying packet Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x2910 fault code = supervisor read, page not present instruction pointer = 0x20:0xc05ac561 stack pointer = 0x28:0xe35a3a00 frame pointer = 0x28:0xe35a3ac4 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 14 (swi1: net) panic: from debugger cpuid = 0 panic: smp_tlb_shootdown: interrupts disabled cpuid = 0 KDB: enter: panic panic: from debugger cpuid = 0 Uptime: 122d2h32m52s Physical memory: 1013 MB Dumping 439 MB: 424 408 392 376 360 344 328 312 296 280 264 248 232 216 200 184 168 152 136 120 104 88 72 56 40 24 8 #0 doadump () at pcpu.h:165 165 pcpu.h: No such file or directory. in pcpu.h #1 0xc0514cbe in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409 #2 0xc0515015 in panic (fmt=0xc06ac929 "from debugger") at /usr/src/sys/kern/kern_shutdown.c:565 #3 0xc044f38d in db_panic (addr=-1068307841, have_addr=0, count=1, modif=0xe35a3434 "") at /usr/src/sys/ddb/db_command.c:438 #4 0xc044f324 in db_command (last_cmdp=0xc0713b44, cmd_table=0xc06dd280, aux_cmd_tablep=0xc06d72f4, aux_cmd_tablep_end=0xc06d72f8) at /usr/src/sys/ddb/db_command.c:350 #5 0xc044f3ec in db_command_loop () at /usr/src/sys/ddb/db_command.c:458 #6 0xc0451005 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:222 #7 0xc052ed18 in kdb_trap (type=3, code=0, tf=0xe35a3578) at /usr/src/sys/kern/subr_kdb.c:473 #8 0xc0682fb0 in trap (frame= {tf_fs = -480641016, tf_es = -1068302296, tf_ds = -1066729432, tf_edi = -1066593057, tf_esi = 0, tf_ebp = -480627272, t f_isp = -480627292, tf_ebx = -480627228, tf_edx = 0, tf_ecx = -1056755712, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = - 1068307841, tf_cs = 32, tf_eflags = 134, tf_esp = -480627240, tf_ss = -1068413053}) at /usr/src/sys/i386/i386/trap.c:594 #9 0xc066e10a in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #10 0xc052ea7f in kdb_enter (msg=0x12
) at cpufunc.h:60 #11 0xc0514f83 in panic (fmt=0xc06d14df "%s: interrupts disabled") at /usr/src/sys/kern/kern_shutdown.c:549 #12 0xc067a608 in smp_tlb_shootdown (vector=245, addr1=18, addr2=18) at /usr/src/sys/i386/i386/mp_machdep.c:1023 #13 0xc067a8dc in smp_invlpg_range (addr1=3693789184, addr2=3693805568) at /usr/src/sys/i386/i386/mp_machdep.c:1111 #14 0xc067d6ab in pmap_invalidate_range (pmap=0xc1033000, sva=3693789184, eva=0) at /usr/src/sys/i386/i386/pmap.c:683 #15 0xc067dddd in pmap_qremove (sva=3693789184, count=0) at /usr/src/sys/i386/i386/pmap.c:1057 #16 0xc055e990 in vfs_vmio_release (bp=0xd8c6ef70) at /usr/src/sys/kern/vfs_bio.c:1517 #17 0xc055f038 in getnewbuf (slpflag=0, slptimeo=0, size=12288, maxsize=16384) at /usr/src/sys/kern/vfs_bio.c:1798 #18 0xc0560748 in geteblk (size=12288) at /usr/src/sys/kern/vfs_bio.c:2599 #19 0xc061bbad in ffs_bufwrite (bp=0xd8c62790) at /usr/src/sys/ufs/ffs/ffs_vfsops.c:1705 #20 0xc055d90b in bawrite (bp=0x12) at buf.h:410 #21 0xc0565fac in vop_stdfsync (ap=0xe35a375c) at /usr/src/sys/kern/vfs_default.c:431 #22 0xc04c57b3 in devfs_fsync (ap=0xe35a375c) at /usr/src/sys/fs/devfs/devfs_vnops.c:379 #23 0xc0697318 in VOP_FSYNC_APV (vop=0x12, a=0x0) at vnode_if.c:1020 #24 0xc061aeeb in ffs_sync (mp=0xc4df1cf8, waitfor=2, td=0xc4af2c00) at vnode_if.h:537 #25 0xc057298e in sync (td=0xc4af2c00, uap=0x0) at /usr/src/sys/kern/vfs_syscalls.c:138 #26 0xc051498e in boot (howto=256) at pcpu.h:162 #27 0xc0515015 in panic (fmt=0xc06ac929 "from debugger") at /usr/src/sys/kern/kern_shutdown.c:565 #28 0xc044f38d in db_panic (addr=-1067793055, have_addr=0, count=-1, modif=0xe35a3828 "") at /usr/src/sys/ddb/db_command.c:438 #29 0xc044f324 in db_command (last_cmdp=0xc0713b44, cmd_table=0x0, aux_cmd_tablep=0xc06d72f4, aux_cmd_tablep_end=0xc06d72f8) at /usr/src/sys/ddb/db_command.c:350 #30 0xc044f3ec in db_command_loop () at /usr/src/sys/ddb/db_command.c:458 #31 0xc0451005 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:222 #32 0xc052ed18 in kdb_trap (type=12, code=0, tf=0xe35a39c0) at /usr/src/sys/kern/subr_kdb.c:473 #33 0xc06834e4 in trap_fatal (frame=0xe35a39c0, eva=10512) at /usr/src/sys/i386/i386/trap.c:828 #34 0xc0683227 in trap_pfault (frame=0xe35a39c0, usermode=0, eva=10512) at /usr/src/sys/i386/i386/trap.c:745 #35 0xc0682e3d in trap (frame= {tf_fs = 180682760, tf_es = -993787864, tf_ds = -1067843544, tf_edi = 5, tf_esi = 180690860, tf_ebp = -480625980, tf_isp = -480626196, tf_ebx = -958182940, tf_edx = 0, tf_ecx = 10498, tf_eax = 10498, tf_trapno = 12, tf_err = 0, tf_eip = -1067793055, tf_cs = 32, tf_eflags = 66050, tf_esp = -480626144, tf_ss = -1067870963}) at /usr/src/sys/i386/i386/trap.c:435 #36 0xc066e10a in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #37 0xc05ac561 in ipfw_chk (args=0xe35a3ad0) at /usr/src/sys/netinet/ip_fw2.c:2538 #38 0xc05af6b9 in ipfw_check_out (arg=0x0, m0=0xe35a3bdc, ifp=0xc4c49c00, dir=2, inp=0x0) at /usr/src/sys/netinet/ip_fw_pfil.c:248 #39 0xc0591317 in pfil_run_hooks (ph=0xc0723a00, mp=0xe35a3c54, ifp=0xc4c49c00, dir=2, inp=0x0) at /usr/src/sys/net/pfil.c:139 #40 0xc05b2f32 in ip_output (m=0xd04c4d00, opt=0xc4c49c00, ro=0xe35a3c20, flags=1, imo=0x0, inp=0x0) at /usr/src/sys/netinet/ip_output.c:679 #41 0xc07e4b06 in ?? () #42 0xd04c4d00 in ?? () #43 0x00000000 in ?? () #44 0xe35a3c20 in ?? () #45 0x00000001 in ?? () #46 0x00000000 in ?? () #47 0x00000000 in ?? () #48 0xd1205930 in ?? () #49 0xe35a3c94 in ?? () #50 0xc05998ec in ng_apply_item (node=0xc51ffe00, item=0xd04c4d00, rw=0) at /usr/src/sys/netgraph/ng_base.c:2372 Previous frame identical to this frame (corrupt stack?) >How-To-Repeat: This panic seems not easy repeatable. >Fix: >Release-Note: >Audit-Trail: >Unformatted: