Subject: kern/28875: 2.0: ipf crash in fr_coalesce
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Hubert Feyrer <hubert@feyrer.de>
List: netbsd-bugs
Date: 01/05/2005 18:09:01
>Number: 28875
>Category: kern
>Synopsis: 2.0: ipf crash in fr_coalesce
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jan 05 18:09:00 +0000 2005
>Originator: Hubert Feyrer
>Release: NetBSD 2.0_STABLE
>Organization:
bla!
>Environment:
System: NetBSD vulab.fh-regensburg.de 2.0 NetBSD 2.0 (GENERIC) #10: Sun Oct 3 01:59:02 CEST 2004 feyrer@vulab.fh-regensburg.de:/disk4/cvs/src-2.0/sys/arch/i386/compile/obj.i386/GENERIC i386
Architecture: i386
Machine: i386
>Description:
I'm getting panics on 2.0/i386 with the following backtrace:
trap type 6 code 2 ... ilevel 5
panice: trap
...
db> bt
fr_coalesce
frpr_ipv6hdr
fr_makefrip
fr_checkicmp6matchingstate
fr_stlookup
fr_checkstate
fr_check
fr_check_wrapper
pfil_run_hooks
ip6_input
ip6intr
DDB lost frame for netbsd:Xsoftnet
Xsoftnet
--- interrupt ---
0x246:
End traceback
syncing disks ... <hang!>
*** press ctl+alt+esc ***
Stopped in pid 15.1 (raidio0)
cpu_Debugger
internal_command
wskbd_translate
wskbd_...
...
pckbcintr
Xintr_legacy
--- interrupt ---
ltsleep
db>
The panic has happened several times after enabling IPF on
this machine now, which does pkgsrc bulk builds (and did so
fine before enabling IPF!), and it also runs IPF to shield
two machines that are sitting idle behind it right now, so
no real IPF/NAT action going on right now.
The machine does use IPv6 (for NFS, ssh), but I didn't tell
IPF to configure any rules for IPv6.
Some config details:
/etc/rc.conf:
ipf=yes
ipnat=yes
/etc/ipf.conf:
pass out from any to any keep state
pass in from any to any keep state
/etc/ipnat.conf:
map wm0 10.0.0.0/24 -> 0/32 proxy port ftp ftp/tcp
map wm0 10.0.0.0/24 -> 0/32 portmap tcp/udp 40000:60000
map wm0 10.0.0.0/24 -> 0/32
(no ipf6=yes in rc.conf, and no /etc/ipf6.conf present!)
/var/run/dmesg.boot:
NetBSD 2.0 (GENERIC) #10: Sun Oct 3 01:59:02 CEST 2004
feyrer@vulab.fh-regensburg.de:/disk4/cvs/src-2.0/sys/arch/i386/compile/obj.i386/GENERIC
total memory = 1023 MB
avail memory = 993 MB
RTC BIOS diagnostic error 18<memory_size,fixed_disk>
BIOS32 rev. 0 found at 0xffe90
mainbus0 (root)
cpu0 at mainbus0: (uniprocessor)
cpu0: Intel (686-class), 3192.09 MHz, id 0xf34
cpu0: features bfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR>
cpu0: features bfebfbff<PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX>
cpu0: features bfebfbff<FXSR,SSE,SSE2,SS,HTT,TM,SBF>
cpu0: I-cache 12K uOp cache 8-way
cpu0: L2 cache 1 MB 64B/line 8-way
cpu0: ITLB 4K/4M: 128 entries
cpu0: DTLB 4K/4M: 64 entries
cpu0: 32 page colors
pci0 at mainbus0 bus 0: configuration mode 1
pci0: i/o space, memory space enabled, rd/line, rd/mult, wr/inv ok
pchb0 at pci0 dev 0 function 0
pchb0: Intel 82875P Host (rev. 0x02)
pchb0: random number generator enabled
agp0 at pchb0: aperture at 0xe8000000, size 0x8000000
ppb0 at pci0 dev 1 function 0: Intel 82875P AGP (rev. 0x02)
pci1 at ppb0 bus 1
pci1: i/o space, memory space enabled
vga1 at pci1 dev 0 function 0: Nvidia Corporation Quadro4 280 NVS (rev. 0xc1)
wsdisplay0 at vga1 kbdmux 1: console (80x25, vt100 emulation)
wsmux1: connecting to wsdisplay0
uhci0 at pci0 dev 29 function 0: Intel 82801EB/ER USB UHCI Controller #0 (rev. 0x02)
uhci0: interrupting at irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1: Intel 82801EB/ER USB UHCI Controller #1 (rev. 0x02)
uhci1: interrupting at irq 10
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2: Intel 82801EB/ER USB UHCI Controller #2 (rev. 0x02)
uhci2: interrupting at irq 9
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 29 function 3: Intel 82801EB/ER USB UHCI Controller #3 (rev. 0x02)
uhci3: interrupting at irq 11
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7: Intel 82801EB/ER USB EHCI Controller (rev. 0x02)
ehci0: interrupting at irq 5
ehci0: EHCI version 1.0
ehci0: companion controllers, 2 ports each: uhci0 uhci1 uhci2 uhci3
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
ppb1 at pci0 dev 30 function 0: Intel 82801BA Hub-to-PCI Bridge (rev. 0xc2)
pci2 at ppb1 bus 2
pci2: i/o space, memory space enabled
ex0 at pci2 dev 1 function 0: 3Com 3c905-TX 10/100 Ethernet (rev. 0x0)
ex0: interrupting at irq 5
ex0: MAC address 00:60:08:6a:22:7c
nsphy0 at ex0 phy 24: DP83840 10/100 media interface, rev. 1
nsphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
wm0 at pci2 dev 12 function 0: Intel i82540EM 1000BASE-T Ethernet, rev. 2
wm0: interrupting at irq 9
wm0: 32-bit 33MHz PCI bus
wm0: 256 word (8 address bits) MicroWire EEPROM
wm0: Ethernet address 00:11:11:20:b0:17
makphy0 at wm0 phy 1: Marvell 88E1011 Gigabit PHY, rev. 3
makphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
pcib0 at pci0 dev 31 function 0
pcib0: Intel 82801EB LPC Interface Bridge (rev. 0x02)
piixide0 at pci0 dev 31 function 1
piixide0: Intel 82801EB IDE Controller (ICH5) (rev. 0x02)
piixide0: bus-master DMA support present
piixide0: primary channel wired to compatibility mode
piixide0: primary channel ignored (disabled)
piixide0: secondary channel wired to compatibility mode
piixide0: secondary channel interrupting at irq 15
atabus0 at piixide0 channel 1
piixide1 at pci0 dev 31 function 2
piixide1: Intel 82801EB Serial ATA Controller (rev. 0x02)
piixide1: bus-master DMA support present
piixide1: primary channel configured to native-PCI mode
piixide1: using irq 9 for native-PCI interrupt
atabus1 at piixide1 channel 0
piixide1: secondary channel configured to native-PCI mode
atabus2 at piixide1 channel 1
Intel 82801EB/ER SMBus Controller (SMBus serial bus, revision 0x02) at pci0 dev 31 function 3 not configured
auich0 at pci0 dev 31 function 5: i82801EB (ICH5) AC-97 Audio
auich0: interrupting at irq 10
auich0: ac97: Analog Devices AD1980 codec; headphone, 20 bit DAC, no 3D stereo
auich0: ac97: ext id 3c3<AMAP,LDAC,SDAC,CDAC,DRA,VRA>
isa0 at pcib0
lpt0 at isa0 port 0x378-0x37b irq 7
com0 at isa0 port 0x3f8-0x3ff irq 4: ns16550a, working fifo
com1 at isa0 port 0x2f8-0x2ff irq 3: ns16550a, working fifo
pckbc0 at isa0 port 0x60-0x64
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
isapnp0 at isa0 port 0x279: ISA Plug 'n Play device support
npx0 at isa0 port 0xf0-0xff: using exception 16
isapnp0: no ISA Plug 'n Play devices found
auich0: measured ac97 link rate at 48001 Hz, will use 48000 Hz
audio0 at auich0: full duplex, mmap, independent
Kernelized RAIDframe activated
atapibus0 at atabus0: 2 targets
cd0 at atapibus0 drive 0: <SAMSUNG CD-ROM SC-148A, , B403> cdrom removable
cd0: 32-bit data port
cd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 2 (Ultra/33)
cd1 at atapibus0 drive 1: <HL-DT-ST RW/DVD GCC-4481B, , E106> cdrom removable
cd1: 32-bit data port
cd1: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 2 (Ultra/33)
cd0(piixide0:1:0): using PIO mode 4, Ultra-DMA mode 2 (Ultra/33) (using DMA data transfers)
cd1(piixide0:1:1): using PIO mode 4, Ultra-DMA mode 2 (Ultra/33) (using DMA data transfers)
wd0 at atabus1 drive 0: <ST3120026AS>
wd0: drive supports 16-sector PIO transfers, LBA48 addressing
wd0: 111 GB, 232514 cyl, 16 head, 63 sec, 512 bytes/sect x 234375000 sectors
wd0: 32-bit data port
wd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 6 (Ultra/133)
wd0(piixide1:0:0): using PIO mode 4, Ultra-DMA mode 6 (Ultra/133) (using DMA data transfers)
wd1 at atabus2 drive 0: <ST3120026AS>
wd1: drive supports 16-sector PIO transfers, LBA48 addressing
wd1: 111 GB, 232514 cyl, 16 head, 63 sec, 512 bytes/sect x 234375000 sectors
wd1: 32-bit data port
wd1: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 6 (Ultra/133)
wd1(piixide1:1:0): using PIO mode 4, Ultra-DMA mode 6 (Ultra/133) (using DMA data transfers)
raid0: RAID Level 1
raid0: Components: /dev/wd0a /dev/wd1a
raid0: Total Sectors: 234374784 (114440 MB)
boot device: raid0
root on raid0a dumps on raid0b
root file system type: ffs
wsdisplay0: screen 1 added (80x25, vt100 emulation)
wsdisplay0: screen 2 added (80x25, vt100 emulation)
wsdisplay0: screen 3 added (80x25, vt100 emulation)
wsdisplay0: screen 4 added (80x25, vt100 emulation)
>How-To-Repeat:
Enable ipf on NetBSD 2.0/i386
>Fix:
ASAP, please!
>Unformatted: