Panic in ipfw

From: Ian FREISLICH <ianf_at_clue.co.za>
Date: Thu, 07 Jun 2007 10:57:35 +0200
Hi

I got this panic yesterday on a fairly busy firewall.  I have some
private patches to ip_fw2.c and to the em driver (see the earlier
"em0 hijacking traffic to port 623" thread).  I don't think this
panic is a result of those changes.

It occurred round about the time an address was added to an interface.

I'll keep the crashdump around for a while in case anyone wants more data.

FreeBSD firewall2 7.0-CURRENT FreeBSD 7.0-CURRENT #4: Thu May 24 10:43:20 SAST 2007     ianf_at_firewall2:/usr/obj/usr/src/sys/FIREWALL  i386

Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 06
fault virtual address   = 0xbd
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc05ab4a6
stack pointer           = 0x28:0xe38d86d4
frame pointer           = 0x28:0xe38d89c0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 35 (idlepoll)
trap number             = 12
panic: page fault
cpuid = 1
KDB: stack backtrace:
db_trace_self_wrapper(c068e9ea,e38d8578,c04fc441,c06a2ebe,1,...) at db_trace_sel
f_wrapper+0x26
kdb_backtrace(c06a2ebe,1,c068181b,e38d8584,0,...) at kdb_backtrace+0x29
panic(c068181b,c06a4121,c4e4f630,1,1,...) at panic+0x10f
trap_fatal(c06eec20,0,1,0,4,...) at trap_fatal+0x32a
trap_pfault(2,0,0,0,c4e4f480,...) at trap_pfault+0x22b
trap(e38d8694) at trap+0x35c
calltrap() at calltrap+0x6
--- trap 0xc, eip = 0xc05ab4a6, esp = 0xe38d86d4, ebp = 0xe38d89c0 ---
ipfw_chk(e38d89d8,41ec0d7e,0,0,c5406b00,...) at ipfw_chk+0x180c
ipfw_check_in(0,e38d8adc,c5032000,1,0,...) at ipfw_check_in+0xc8
pfil_run_hooks(c0738ea0,e38d8b50,c5032000,1,0,...) at pfil_run_hooks+0x74
ip_fastforward(c5406b00,e,e38d8bd8,c06620d7,c5032000,...) at ip_fastforward+0x31
3
ether_demux(c5032000,c5406b00,e38d8bc4,e38d8bbc,da7a0000,...) at ether_demux+0x1
65
ether_input(c5032000,c5406b00,0,c5587000,800,...) at ether_input+0x3e4
vlan_input(c4dc9c00,c5406b00,a2,e38d8c2c,c4dc9c00,...) at vlan_input+0x16d
ether_demux(c4dc9c00,c5406b00,6,a2,c52e2798,...) at ether_demux+0x102
ether_input(c4dc9c00,c5406b00,c4ce3a00,0,e38d8c5c,...) at ether_input+0x3e4
em_rxeof(c05051fd,c4ce3870,0,1,c4ce3870,...) at em_rxeof+0x45e
em_poll(c4dc9c00,0,3e8,c4ce3870,e38d8ccc,...) at em_poll+0x141
ether_poll(3e8,0,0,0,0,...) at ether_poll+0xd1
poll_idle(0,e38d8d38,0,0,0,...) at poll_idle+0xe3
fork_exit(c04f2576,0,e38d8d38) at fork_exit+0xa0
fork_trampoline() at fork_trampoline+0x8
--- trap 0, eip = 0, esp = 0xe38d8d70, ebp = 0 ---
Uptime: 5d22h22m6s
Physical memory: 2039 MB
Dumping 220 MB: 205 189 173 157 141 125 109 93 77 61 45 29 13

#0  doadump () at pcpu.h:172
172     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:172
#1  0xc04fc185 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2  0xc04fc4f8 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:563
#3  0xc0658285 in trap_fatal (frame=0xe38d8694, eva=189)
    at /usr/src/sys/i386/i386/trap.c:876
#4  0xc06584bc in trap_pfault (frame=0xe38d8694, usermode=0, eva=189)
    at /usr/src/sys/i386/i386/trap.c:785
#5  0xc0658d96 in trap (frame=0xe38d8694) at /usr/src/sys/i386/i386/trap.c:462
#6  0xc063fbfb in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc05ab4a6 in ipfw_chk (args=0xe38d89d8)
    at /usr/src/sys/netinet/ip_fw2.c:2929
#8  0xc05ad97b in ipfw_check_in (arg=0x0, m0=0xe38d8adc, ifp=0xc5032000, 
    dir=1, inp=0x0) at /usr/src/sys/netinet/ip_fw_pfil.c:128
#9  0xc05906ba in pfil_run_hooks (ph=0xc0738ea0, mp=0xe38d8b50, 
    ifp=0xc5032000, dir=1, inp=0x0) at /usr/src/sys/net/pfil.c:78
#10 0xc05a6be1 in ip_fastforward (m=0xc5406b00)
    at /usr/src/sys/netinet/ip_fastfwd.c:353
#11 0xc058d41e in ether_demux (ifp=0xc5032000, m=0xc5406b00)
    at /usr/src/sys/net/if_ethersubr.c:779
#12 0xc058d8fe in ether_input (ifp=0xc5032000, m=0xc5406b00)
    at /usr/src/sys/net/if_ethersubr.c:701
#13 0xc058f491 in vlan_input (ifp=0xc4dc9c00, m=0xc5406b00)
    at /usr/src/sys/net/if_vlan.c:973
---Type <return> to continue, or q <return> to quit--- 
#14 0xc058d3bb in ether_demux (ifp=0xc4dc9c00, m=0xc5406b00)
    at /usr/src/sys/net/if_ethersubr.c:752
#15 0xc058d8fe in ether_input (ifp=0xc4dc9c00, m=0xc5406b00)
    at /usr/src/sys/net/if_ethersubr.c:701
#16 0xc046b85d in em_rxeof (adapter=0xc4d79000, count=998)
    at /usr/src/sys/dev/em/if_em.c:4298
#17 0xc046d419 in em_poll (ifp=0xc4dc9c00, cmd=POLL_ONLY, count=1000)
    at /usr/src/sys/dev/em/if_em.c:1385
#18 0xc04f1661 in ether_poll (count=1000) at /usr/src/sys/kern/kern_poll.c:339
#19 0xc04f2659 in poll_idle () at /usr/src/sys/kern/kern_poll.c:590
#20 0xc04dee99 in fork_exit (callout=0xc04f2576 <poll_idle>, arg=0x0, 
    frame=0xe38d8d38) at /usr/src/sys/kern/kern_fork.c:812
#21 0xc063fc70 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:205
(kgdb) frame 7
#7  0xc05ab4a6 in ipfw_chk (args=0xe38d89d8)
    at /usr/src/sys/netinet/ip_fw2.c:2929
2929                                            INADDR_TO_IFP(src_ip, tif);
(kgdb) l
2924
2925                            case O_IP_SRC_ME:
2926                                    if (is_ipv4) {
2927                                            struct ifnet *tif;
2928
2929                                            INADDR_TO_IFP(src_ip, tif);
2930                                            match = (tif != NULL);
2931                                    }
2932                                    break;
2933
(kgdb) print src_ip
$1 = {s_addr = 3268032198}
(kgdb) print tif
Variable "tif" is not available.
(kgdb) print *tif
Variable "tif" is not available.


--
Ian Freislich
Received on Thu Jun 07 2007 - 06:58:11 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:12 UTC