netbsd-bugs: kern/26141: kernel panics on DSL reconnect

Subject: kern/26141: kernel panics on DSL reconnect
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <Christoph_Egger@gmx.de>
List: netbsd-bugs
Date: 07/02/2004 10:51:48
>Number:         26141
>Category:       kern
>Synopsis:       kernel panics on DSL reconnect
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jul 02 10:52:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Christoph Egger
>Release:        NetBSD 1.6.2_STABLE
>Organization:
>Environment:
System: NetBSD blocker 1.6.2_STABLE NetBSD 1.6.2_STABLE (GENERIC) #2: Thu Jul 1 15:31:50 CEST 2004 root@blocker:/usr/src/sys/arch/i386/compile/GENERIC i386
Architecture: i386
Machine: i386
>Description:
This machine acts as an DSL router with a dynamic IP address. The german Telekom disconnects the pppoe0 line every 24h.
An immediate reconnect is possible and this is tried to do, whenever this happens.

Unfortunately, a kernel panic happens on reconnect.

The debugger output:


panic: m_copym: m == 0
Stopped at cpu_Debgger + 0x4: leave
db> trace
cpu_Debugger(c0aee238,cebf282c,c0aee24c,c0287fee,a70ae) at cpu_Debugger+0x4
panic(c04fa318,c0b44088,c0aee200,c0b66e30,c0aee238) at panic + 0xad
m_copym0(0,5dc,5c8,1,0) at m_copym0 + 0x78
m_copym(c0aee500,5dc,5c8,1,c0b5b000) at m_copym + 0x1c
ipfr_fastroute(c0aee500,cf7bdcd8,cf7bdcdc,c0ba0728) at ipfr_fastroute + 0x499
fr_check(cebf2818,14,c0b36400,0,cf7bdda8) at fr_check + 0x976
gcc2_compiled.(0,cf7bdda8,c0b36400,1,c0aee245) at gcc2_compiled. + 0x72
pfil_run_hooks(c0699340,cf7bddf4,c0b36400,1) at pfil_run_hooks + 0x4c
ip_input(c0aee200,c0ac2a7c,cf7bde20,0) at ip_input + 0x1f5
ipintr(10,10,10,10,cf64e39c) at ipintr + 0x6b
Xsoftnet() at Xsoftnet + 0x2c
--- interrupt ---
idle(cf64e39c,64,c0287f18,cf64e39c) at idle + 0x1b
bpendtsleep(c066cde0,120,c04f8960,65,0) at bpendtsleep
sys_nanosleep(cf64e39c,cf7bdf80,cf7bdf78,c037ab7b) at sys_nanosleep+0xf7
syscall_plain(1f,1f,1f,1f,0) at syscall_plain + 0xa7
db>


The running processes are:

 ps axuww
USER PID %CPU %MEM VSZ   RSS TT STAT STARTED    TIME COMMAND
root   0  0.0  7.3   0 14304 ?? DKs  10:29AM 0:00.01 [swapper]
root 286  0.0  0.8 940  1600 p0 S+   10:42AM 0:01.47 vi /tmp/p237
root 237  0.0  0.2 500   364 p0 S+   10:42AM 0:00.03 /bin/sh /usr/bin/send-pr
root 226  0.0  0.6 624  1220 p1 Ss   10:32AM 0:00.04 -bash
root 224  0.1  1.1 512  2084 ?? Ss   10:32AM 0:00.14 sshd: root@ttyp1
root 221  0.0  0.6 632  1236 p0 Ss   10:32AM 0:00.06 -bash
root 219  0.0  1.1 512  2132 ?? Ss   10:32AM 0:01.12 sshd: root@ttyp0
root 218  0.0  0.3  48   644 E3 Ss+  10:31AM 0:00.01 /usr/libexec/getty Pc ttyE3
root 217  0.0  0.3  48   644 E2 Ss+  10:31AM 0:00.01 /usr/libexec/getty Pc ttyE2
root 216  0.0  0.3  48   644 E1 Ss+  10:31AM 0:00.01 /usr/libexec/getty Pc ttyE1
root 215  0.0  0.3  48   644 E0 Ss+  10:31AM 0:00.01 /usr/libexec/getty Pc console
root 213  0.0  0.3 224   620 ?? Ss   10:31AM 0:00.01 /usr/sbin/cron
root 204  0.0  0.3  40   508 ?? Ss   10:31AM 0:00.00 /usr/sbin/ifwatchd -u /etc/ppp/ip-up -d /etc/ppp/ip-down pppoe0
root 201  0.0  0.3  60   616 ?? Ss   10:31AM 0:00.01 /usr/sbin/inetd -l
root 188  0.0  0.6 376  1196 ?? Ss   10:31AM 0:00.01 /usr/sbin/sshd
root 109  0.0  0.3 584   536 ?? Ss   10:31AM 0:00.22 /usr/sbin/ipmon -s -D
root 105  0.0  0.3 172   652 ?? Ss   10:31AM 0:00.29 /usr/sbin/syslogd -s
root   6  0.0  7.3   0 14304 ?? DK   10:29AM 0:00.01 [aiodoned]
root   5  0.0  7.3   0 14304 ?? DK   10:29AM 0:00.48 [ioflush]
root   4  0.0  7.3   0 14304 ?? DK   10:29AM 0:00.05 [reaper]
root   3  0.0  7.3   0 14304 ?? DK   10:29AM 0:00.01 [pagedaemon]
root   2  0.0  7.3   0 14304 ?? DK   10:29AM 0:00.00 [atapibus0]
root   1  0.0  0.1 344   256 ?? Ss   10:29AM 0:00.01 init
root 290  0.0  0.1 380   192 p1 R+   10:56AM 0:00.00 ps axuww


The /etc/ppp/ip-up:

#!/bin/sh

/sbin/route add default $5
/etc/rc.d/ipnat forcestart

The /etc/ppp/ip-down:

#!/bin/sh

/sbin/route delete default $5
/etc/rc.d/ipnat forcestop


The /etc/ipnat.conf:

map pppoe0 10.0.0.0/24 -> 0/32 proxy port ftp ftp/tcp
map pppoe0 10.0.0.0/24 -> 0/32 portmap tcp/udp 40000:60000
map pppoe0 10.0.0.0/24 -> 0/32

map pppoe0 10.0.1.0/24 -> 0/32 proxy port ftp ftp/tcp
map pppoe0 10.0.1.0/24 -> 0/32 portmap tcp/udp 40000:60000
map pppoe0 10.0.1.0/24 -> 0/32

map pppoe0 10.0.2.0/24 -> 0/32 proxy port ftp ftp/tcp
map pppoe0 10.0.2.0/24 -> 0/32 portmap tcp/udp 40000:60000
map pppoe0 10.0.2.0/24 -> 0/32
map pppoe0 10.254.0.0/24 -> 0/32 proxy port ftp ftp/tcp
map pppoe0 10.254.0.0/24 -> 0/32 portmap tcp/udp 40000:60000
map pppoe0 10.254.0.0/24 -> 0/32

map pppoe0 10.254.1.0/24 -> 0/32 proxy port ftp ftp/tcp
map pppoe0 10.254.1.0/24 -> 0/32 portmap tcp/udp 40000:60000
map pppoe0 10.254.1.0/24 -> 0/32


The /etc/ipf.conf:

# ne2 == network interface to tekla router
# ne3/pppoe0 == network interface to the internet
# ne4 == network interface used for protocol only

# group 200 == traffic from the internet
# group 300 == traffic to the internet

# *Nasty* packets we don't want to allow near us at all!
# short packets which are packets fragmented too short to be real.
block in quick all with short

# Only allow outgoing traffic on ne4 for protocolling
block in quick on ne4 all
pass out on ne4 all

# Create group for logging facility
block in log level local6.info on pppoe0 dup-to ne4 all head 200
block in log level local6.info on ne2 dup-to ne4 all head 300

# Allow packets from/to the loopback interface (lo0)
pass in quick on lo0 from 127.0.0.0/8 to 127.0.0.0/8

# packets going in/out of network interfaces that aren't on
# the loopback interface should *NOT* exist.
block in log level local6.info quick from 127.0.0.0/8 to any group 200
block in log level local6.info quick from any to 127.0.0.0/8 group 200
block in log level local6.info quick from 127.0.0.0/8 to any group 300
block in log level local6.info quick from any to 127.0.0.0/8 group 300

## block internal traffic
#block in log level local6.info quick from 62.159.104.208/29 to 62.159.104.208/29 group 200
#block in log level local6.info quick from 62.159.104.208/29 to 62.159.104.208/29 group 300


# internet traffic on pppoe0
block in log level local6.info on pppoe0 dup-to ne4 to ne2 all head 1000 group 200

# internal traffic on ne2
block in log level local6.info on ne2 dup-to ne4 to pppoe0 all head 2000 group 300


# Allow Services

# Allow NTP from any internal host to any external NTP server.
pass out quick proto udp from any to any port = ntp keep state group 200

# allow DNS traffic
pass out quick proto tcp/udp from any to any port = 53 keep state group 200

# allow ping out
pass out quick on pppoe0 proto icmp all keep state

# allow ssh packets coming from localhost (needed to perform cvs update)
pass out quick on pppoe0 proto tcp from any to any port = ssh keep state



# allow all packets coming from routers
pass in quick from 10.254.1.0/24 to any keep state group 2000
pass in quick from 10.254.0.0/24 to any keep state group 2000

# allow all packets coming from internal network
pass in quick from 10.0.0.0/24 to any keep state group 2000

# allow all packets coming from dmzintern
pass in quick from 10.0.1.0/24 to any keep state group 2000

# allow all packets coming from dmzextern
pass in quick from 10.0.2.0/24 to any keep state group 2000
>How-To-Repeat:
Whenever the remote side disconnects and NetBSD tries to reconnect,
the panic happens.
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: