kernel panic with ipnat/dummynet

From: sb_at_sysinfo.pl sb_at_sysinfo.pl <sb_at_sysinfo.pl>
Date: Thu, 29 Sep 2016 20:45:38 +0200 (CEST)
Hi,

I have problems with panics since 2 years. Diffrent machines, diffrent versions
of FreeBSD (9+). Nothing has changed even in 12-CURRENT.
FreeBSD is used as router/nat(ipnat)/ipfw/dummynet for over 400 desktops.

I have 2 panics in 3h. Previous with only screen photo:
https://postimg.org/image/g6eq69jkf/
And last:

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:
<110>ipfw: 3700 Deny TCP 200.100.229.149:12750 155.133.23.8:23 out via em1
<110>ipfw: 3700 Deny TCP 216.243.31.2:40159 155.133.22.217:443 out via em1
<110>ipfw: 3700 Deny TCP 192.168.0.101:48000 31.13.81.13:443 in via em1
Kernel page fault with the following non-sleepable locks held:
shared rw ipf IP NAT rwlock (ipf IP NAT rwlock) r = 0 (0xffffffff818d6170)
locked _at_ /usr/src/sys/contrib/ipfilter/netinet/ip_nat.c:4925
shared rw ipf filter rwlock (ipf filter rwlock) r = 0 (0xffffffff818d6058)
locked _at_ /usr/src/sys/contrib/ipfilter/netinet/fil.c:3024
shared rm PFil shared rmlock (PFil shared rmlock) r = 0 (0xffffffff81eab3f0)
locked _at_ /usr/src/sys/net/pfil.c:78
stack backtrace:
#0 0xffffffff80af7b90 at witness_debugger+0x70
#1 0xffffffff80af8e77 at witness_warn+0x3d7
#2 0xffffffff80f34507 at trap_pfault+0x57
#3 0xffffffff80f33bbb at trap+0x28b
#4 0xffffffff80f14461 at calltrap+0x8
#5 0xffffffff803a7e87 at ipf_proxy_check+0x127
#6 0xffffffff8039b36b at ipf_nat_out+0x6db
#7 0xffffffff8039a72f at ipf_nat_checkout+0x1ff
#8 0xffffffff80381496 at ipf_check+0x726
#9 0xffffffff80ba08cb at pfil_run_hooks+0x8b
#10 0xffffffff80c0326b at ip_tryforward+0x26b
#11 0xffffffff80c058b7 at ip_input+0x377
#12 0xffffffff80b9f7b0 at netisr_dispatch_src+0x80
#13 0xffffffff80cecc07 at dummynet_send+0x167
#14 0xffffffff80cec530 at dummynet_task+0x310
#15 0xffffffff80aeb5bc at taskqueue_run_locked+0x13c
#16 0xffffffff80aec138 at taskqueue_thread_loop+0x88
#17 0xffffffff80a5bd74 at fork_exit+0x84


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0xe
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff803a09cd
stack pointer           = 0x28:0xfffffe023ab3e4e0
frame pointer           = 0x28:0xfffffe023ab3e5c0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (dummynet)
trap number             = 12
panic: page fault
cpuid = 0
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe023ab3e060
vpanic() at vpanic+0x182/frame 0xfffffe023ab3e0e0
panic() at panic+0x43/frame 0xfffffe023ab3e140
trap_fatal() at trap_fatal+0x331/frame 0xfffffe023ab3e1a0
trap_pfault() at trap_pfault+0x1fd/frame 0xfffffe023ab3e200
trap() at trap+0x28b/frame 0xfffffe023ab3e410
calltrap() at calltrap+0x8/frame 0xfffffe023ab3e410
--- trap 0xc, rip = 0xffffffff803a09cd, rsp = 0xfffffe023ab3e4e0, rbp =
0xfffffe023ab3e5c0 ---
ipf_p_ftp_process() at ipf_p_ftp_process+0x16d/frame 0xfffffe023ab3e5c0
ipf_proxy_check() at ipf_proxy_check+0x127/frame 0xfffffe023ab3e630
ipf_nat_out() at ipf_nat_out+0x6db/frame 0xfffffe023ab3e690
ipf_nat_checkout() at ipf_nat_checkout+0x1ff/frame 0xfffffe023ab3e740
ipf_check() at ipf_check+0x726/frame 0xfffffe023ab3e8b0
pfil_run_hooks() at pfil_run_hooks+0x8b/frame 0xfffffe023ab3e940
ip_tryforward() at ip_tryforward+0x26b/frame 0xfffffe023ab3e9c0
ip_input() at ip_input+0x377/frame 0xfffffe023ab3ea20
netisr_dispatch_src() at netisr_dispatch_src+0x80/frame 0xfffffe023ab3ea80
dummynet_send() at dummynet_send+0x167/frame 0xfffffe023ab3eac0
dummynet_task() at dummynet_task+0x310/frame 0xfffffe023ab3eb20
taskqueue_run_locked() at taskqueue_run_locked+0x13c/frame 0xfffffe023ab3eb80
taskqueue_thread_loop() at taskqueue_thread_loop+0x88/frame 0xfffffe023ab3ebb0
fork_exit() at fork_exit+0x84/frame 0xfffffe023ab3ebf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe023ab3ebf0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
Uptime: 3h12m45s
Dumping 641 out of 8158 MB:..3%..13%..23%..33%..43%..53%..63%..73%..83%..93%

Reading symbols from /boot/kernel/fdescfs.ko...Reading symbols from
/usr/lib/debug//boot/kernel/fdescfs.ko.debug...done.
done.
Loaded symbols for /boot/kernel/fdescfs.ko
Reading symbols from /boot/kernel/iscsi.ko...Reading symbols from
/usr/lib/debug//boot/kernel/iscsi.ko.debug...done.
done.
Loaded symbols for /boot/kernel/iscsi.ko
#0  doadump (textdump=1) at pcpu.h:221
221             __asm("movq %%gs:%1,%0" : "=r" (td)
(kgdb) list *0xffffffff803a09cd
0xffffffff803a09cd is in ipf_p_ftp_process (ip_ftp_pxy.c:1336).
1331            aps = nat->nat_aps;
1332
1333            sel = aps->aps_sel[1 - rv];
1334            sel2 = aps->aps_sel[rv];
1335            if (rv == 1) {
1336                    seqoff = aps->aps_seqoff[sel];
1337                    if (aps->aps_seqmin[sel] > seqoff + thseq)
1338                            seqoff = aps->aps_seqoff[!sel];
1339                    ackoff = aps->aps_ackoff[sel2];
1340                    if (aps->aps_ackmin[sel2] > ackoff + thack)
Current language:  auto; currently minimal
(kgdb) backtrace
#0  doadump (textdump=1) at pcpu.h:221
#1  0xffffffff80a97b75 in kern_reboot (howto=<value optimized out>) at
/usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff80a9814b in vpanic (fmt=<value optimized out>, ap=<value optimized
out>) at /usr/src/sys/kern/kern_shutdown.c:759
#3  0xffffffff80a98193 in panic (fmt=0x0) at
/usr/src/sys/kern/kern_shutdown.c:690
#4  0xffffffff80f344a1 in trap_fatal (frame=0xfffffe023ab3e420, eva=14) at
/usr/src/sys/amd64/amd64/trap.c:837
#5  0xffffffff80f346ad in trap_pfault (frame=0xfffffe023ab3e420, usermode=0) at
/usr/src/sys/amd64/amd64/trap.c:694
#6  0xffffffff80f33bbb in trap (frame=0xfffffe023ab3e420) at
/usr/src/sys/amd64/amd64/trap.c:443
#7  0xffffffff80f14461 in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:236
#8  0xffffffff803a09cd in ipf_p_ftp_process (softf=<value optimized out>,
fin=0xfffffe023ab3e780, nat=0xfffff801c2ad7400, 
    ftp=0xfffff800433e4c00, rv=<value optimized out>) at ip_ftp_pxy.c:1331
#9  0xffffffff803a7e87 in ipf_proxy_check (fin=0xfffffe023ab3e780,
nat=0xfffff801c2ad7400)
    at /usr/src/sys/contrib/ipfilter/netinet/ip_proxy.c:992
#10 0xffffffff8039b36b in ipf_nat_out (fin=0xfffffe023ab3e780,
nat=0xfffff801c2ad7400, natadd=<value optimized out>, nflags=1)
    at /usr/src/sys/contrib/ipfilter/netinet/ip_nat.c:5315
#11 0xffffffff8039a72f in ipf_nat_checkout (fin=<value optimized out>,
passp=<value optimized out>)
    at /usr/src/sys/contrib/ipfilter/netinet/ip_nat.c:5019
#12 0xffffffff80381496 in ipf_check (ctx=<value optimized out>, ip=<value
optimized out>, hlen=<value optimized out>, 
    ifp=<value optimized out>, out=1, mp=<value optimized out>) at
/usr/src/sys/contrib/ipfilter/netinet/fil.c:3104
#13 0xffffffff80ba08cb in pfil_run_hooks (ph=<value optimized out>, mp=<value
optimized out>, ifp=<value optimized out>, 
    dir=<value optimized out>, inp=<value optimized out>) at
/usr/src/sys/net/pfil.c:83
#14 0xffffffff80c0326b in ip_tryforward (m=0xffffffff818d5fe0) at
/usr/src/sys/netinet/ip_fastfwd.c:330
#15 0xffffffff80c058b7 in ip_input (m=0x0) at
/usr/src/sys/netinet/ip_input.c:558
#16 0xffffffff80b9f7b0 in netisr_dispatch_src (proto=1, source=0,
m=0xfffff80009cf2900) at /usr/src/sys/net/netisr.c:1120
#17 0xffffffff80cecc07 in dummynet_send (m=<value optimized out>) at
/usr/src/sys/netpfil/ipfw/ip_dn_io.c:791
#18 0xffffffff80cec530 in dummynet_task (context=<value optimized out>,
pending=<value optimized out>)
    at /usr/src/sys/netpfil/ipfw/ip_dn_io.c:746
#19 0xffffffff80aeb5bc in taskqueue_run_locked (queue=<value optimized out>) at
/usr/src/sys/kern/subr_taskqueue.c:449
#20 0xffffffff80aec138 in taskqueue_thread_loop (arg=<value optimized out>) at
/usr/src/sys/kern/subr_taskqueue.c:708
#21 0xffffffff80a5bd74 in fork_exit (callout=0xffffffff80aec0b0
<taskqueue_thread_loop>, arg=0xffffffff81e0c278, 
    frame=0xfffffe023ab3ec00) at /usr/src/sys/kern/kern_fork.c:1038
#22 0xffffffff80f1499e in fork_trampoline () at
/usr/src/sys/amd64/amd64/exception.S:611
#23 0x0000000000000000 in ?? ()
(kgdb) 

SB
Received on Thu Sep 29 2016 - 16:52:22 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:08 UTC