Subject: kern/30082: IPF + bridge = panic
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Pascal Cabaud <pc@eila.jussieu.fr>
List: netbsd-bugs
Date: 04/28/2005 17:00:01
>Number:         30082
>Category:       kern
>Synopsis:       Pb with IPF and bridge
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Apr 28 17:00:00 +0000 2005
>Originator:     Pascal Cabaud
>Release:        NetBSD 3.0_BETA (27/04/2005)
>Organization:
>Environment:
System: NetBSD gw 3.0_BETA NetBSD 3.0_BETA (BRIDGE3.i386) #1: Sun Apr 17 18:00:59 CEST 2005  root@compile:/users/nb/release-3/src/sys/arch/i386/compile/BRIDGE3.i386 i386
Architecture: i386
Machine: i386
>Description:
	Filtered bridge with IPF panic 3.0_BETA (fresh sources from 27/04/2005) :
Stopped at      netbsd:fr_movequeue+0x17:       movl    %eax,0(%edx)
db> bt
fr_movequeue(c2843ab4,0,c0719000,0,cbf9e022) at netbsd:fr_movequeue+0x17
fr_updatestate(c07d4660,c2843a00,c0719000,1d,c07d4660) at netbsd:fr_updatestate+0x3a
fr_checkstate(c07d4660,c07d465c,c07d4660,c2098600,4) at netbsd:fr_checkstate+0x126
fr_check(cbf9e00e,14,c245b04c,1,c07d4778) at netbsd:fr_check+0x4bd
fr_check_wrapper(0,c07d4778,c245b04c,2,c07d47d8) at netbsd:fr_check_wrapper+0x72
pfil_run_hooks(c0716280,c07d4808,c245b04c,2,c284ccb4) at netbsd:pfil_run_hooks+0x6e
bridge_ipf(0,c07d4808,c245b04c,2,c272b400) at netbsd:bridge_ipf+0x215
pfil_run_hooks(c272b524,c07d4858,c245b04c,2,cbf9e006) at netbsd:pfil_run_hooks+0x6e
bridge_enqueue(c272b400,c245b04c,c2098600,1,1) at netbsd:bridge_enqueue+0x11b
bridge_broadcast(c272b400,c253304c,c2098600,0,1) at netbsd:bridge_broadcast+0xad 
bridge_forward(c272b400,c2098600,3b9aca00,1,5e0dc800) at netbsd:bridge_forward+0x199
bridge_input(c253304c,c2793700,0,c27b7a00,7) at netbsd:bridge_input+0xa8
ether_input(c253304c,c2793700,0,20000,63) at netbsd:ether_input+0x3c2
wm_rxintr(c2533000,16e22,0,0,c07d49c0) at netbsd:wm_rxintr+0x344
wm_intr(c2533000,5,ac120010,10030,c07d0010) at netbsd:wm_intr+0x4f
Xintr_legacy3() at netbsd:Xintr_legacy3+0xa9
--- interrupt ---
fr_queueappend(c2843ab4,c0719000,c2843a00,0,c07d4cd0) at netbsd:fr_queueappend+0x12
fr_setstatequeue(c2843a00,0,10,c2757600,0) at netbsd:fr_setstatequeue+0x53
fr_addstate(c07d4cd0,0,0,0,0) at netbsd:fr_addstate+0x524
fr_firewall(c07d4cd0,c07d4ccc,c07d4cd0,c2094b00,4) at netbsd:fr_firewall+0x103
fr_check(cbf0980e,14,c20ac04c,0,c07d4de8) at netbsd:fr_check+0x48a
fr_check_wrapper(0,c07d4de8,c20ac04c,1,c20ac900) at netbsd:fr_check_wrapper+0x72
pfil_run_hooks(c0716280,c07d4e50,c20ac04c,1,c20ac138) at netbsd:pfil_run_hooks+0x6e
ip_input(c2094b00,0,0,246,0) at netbsd:ip_input+0x15d
ipintr(12590010,30030,8e940010,10,c07d1000) at netbsd:ipintr+0x76
DDB lost frame for netbsd:Xsoftnet+0x41, trying 0xc07d4e70
Xsoftnet() at netbsd:Xsoftnet+0x41
--- interrupt ---
0x246:

	Here is the configuration :
$ cat /etc/ifconfig.wm1
up
ip4csum tcp4csum udp4csum tso4
$ cat /etc/ifconfig.wm4
up
ip4csum tcp4csum udp4csum tso4
$ cat /etc/ifconfig.bridge0
create
!brconfig $int \
        add wm1 stp wm1 \
        add wm4 stp wm4 \
        ipf \
        up
	
	In my kernel conf', I have :
options         PFIL_HOOKS
options         IPFILTER_LOG
options         BRIDGE_IPF
pseudo-device   bridge
pseudo-device   bpfilter
pseudo-device   ipfilter 

	Here is the dmesg(1) :
NetBSD 3.0_BETA (BRIDGE3.i386) #1: Sun Apr 17 18:00:59 CEST 2005
        root@compile:/users/nb/release-3/src/sys/arch/i386/compile/BRIDGE3.i386
total memory = 1535 MB
avail memory = 1495 MB
BIOS32 rev. 0 found at 0xffe90
mainbus0 (root)
cpu0 at mainbus0: (uniprocessor)
cpu0: Intel Xeon (686-class), 2392.17 MHz, id 0xf29
cpu0: features bfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR>
cpu0: features bfebfbff<PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX>
cpu0: features bfebfbff<FXSR,SSE,SSE2,SS,HTT,TM,SBF>
cpu0: features2 4400<CID,xTPR>
cpu0: "Intel(R) Xeon(TM) CPU 2.40GHz"
cpu0: I-cache 12K uOp cache 8-way, D-cache 8 KB 64B/line 4-way
cpu0: L2 cache 512 KB 64B/line 8-way
cpu0: ITLB 4K/4M: 64 entries
cpu0: DTLB 4K/4M: 64 entries
cpu0: running without thermal monitor!
cpu0: 16 page colors
pci0 at mainbus0 bus 0: configuration mode 1
pci0: i/o space, memory space enabled, rd/line, rd/mult, wr/inv ok
pchb0 at pci0 dev 0 function 0
pchb0: ServerWorks CMIC-SL PCI/AGP bridge (rev. 0x32)
pchb1 at pci0 dev 0 function 1
pchb1: ServerWorks CMIC-SL PCI/AGP bridge (rev. 0x00)
wm0 at pci0 dev 2 function 0: Intel i82540EM 1000BASE-T Ethernet, rev. 2
wm0: interrupting at irq 11
wm0: 32-bit 33MHz PCI bus
wm0: 64 word (6 address bits) MicroWire EEPROM
wm0: Ethernet address 00:c0:9f:42:8e:87
makphy0 at wm0 phy 1: Marvell 88E1011 Gigabit PHY, rev. 3
makphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
vga1 at pci0 dev 14 function 0: ATI Technologies Rage XL (rev. 0x27)
wsdisplay0 at vga1 kbdmux 1
wsmux1: connecting to wsdisplay0
pchb2 at pci0 dev 15 function 0
pchb2: ServerWorks CSB5 southbridge (rev. 0x93)
rccide0 at pci0 dev 15 function 1
rccide0: ServerWorks CSB5 IDE Controller (rev. 0x93)
rccide0: bus-master DMA support present
rccide0: primary channel configured to compatibility mode
rccide0: primary channel interrupting at irq 14
atabus0 at rccide0 channel 0
rccide0: secondary channel configured to compatibility mode
rccide0: secondary channel interrupting at irq 15
atabus1 at rccide0 channel 1
ohci0 at pci0 dev 15 function 2: ServerWorks OSB4/CSB5 USB Host Controller (rev. 0x05)
ohci0: interrupting at irq 10
ohci0: OHCI version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: ServerWorks OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
pcib0 at pci0 dev 15 function 3
pcib0: ServerWorks CSB5 ISA/LPC bridge (rev. 0x00)
pchb3 at pci0 dev 16 function 0
pchb3: ServerWorks CIOB-X2 PCI-X bridge (rev. 0x05)
pci1 at pchb3 bus 1
pci1: i/o space, memory space enabled
mpt0 at pci1 dev 4 function 0: LSI Logic 53c1030 Ultra320 SCSI
mpt0: interrupting at irq 5
scsibus0 at mpt0: 16 targets, 8 luns per target
pchb4 at pci0 dev 16 function 2
pchb4: ServerWorks CIOB-X2 PCI-X bridge (rev. 0x05)
pci2 at pchb4 bus 2
pci2: i/o space, memory space enabled
ppb0 at pci2 dev 2 function 0: IBM 133 PCI-X Bridge (rev. 0x02)
pci3 at ppb0 bus 3
pci3: i/o space, memory space enabled
wm1 at pci3 dev 4 function 0: Intel i82546EB 1000BASE-T Ethernet, rev. 1
wm1: interrupting at irq 3
wm1: 64-bit 120MHz PCIX bus
wm1: 256 word (8 address bits) MicroWire EEPROM
wm1: Ethernet address 00:04:23:09:12:e4
makphy1 at wm1 phy 1: Marvell 88E1011 Gigabit PHY, rev. 3
makphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
wm2 at pci3 dev 4 function 1: Intel i82546EB 1000BASE-T Ethernet, rev. 1
wm2: interrupting at irq 11
wm2: 64-bit 120MHz PCIX bus
wm2: 256 word (8 address bits) MicroWire EEPROM
wm2: Ethernet address 00:04:23:09:12:e5
makphy2 at wm2 phy 1: Marvell 88E1011 Gigabit PHY, rev. 3
makphy2: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
wm3 at pci3 dev 6 function 0: Intel i82546EB 1000BASE-T Ethernet, rev. 1
wm3: interrupting at irq 5
wm3: 64-bit 120MHz PCIX bus
wm3: 256 word (8 address bits) MicroWire EEPROM
wm3: Ethernet address 00:04:23:09:12:e6
makphy3 at wm3 phy 1: Marvell 88E1011 Gigabit PHY, rev. 3
makphy3: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
wm4 at pci3 dev 6 function 1: Intel i82546EB 1000BASE-T Ethernet, rev. 1
wm4: interrupting at irq 3
wm4: 64-bit 120MHz PCIX bus
wm4: 256 word (8 address bits) MicroWire EEPROM
wm4: Ethernet address 00:04:23:09:12:e7
makphy4 at wm4 phy 1: Marvell 88E1011 Gigabit PHY, rev. 3
makphy4: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
ppb1 at pci2 dev 4 function 0: IBM 133 PCI-X Bridge (rev. 0x02)
pci4 at ppb1 bus 4
pci4: i/o space, memory space enabled
wm5 at pci4 dev 4 function 0: Intel i82546EB 1000BASE-T Ethernet, rev. 1
wm5: interrupting at irq 3
wm5: 64-bit 120MHz PCIX bus
wm5: 256 word (8 address bits) MicroWire EEPROM
wm5: Ethernet address 00:04:23:09:10:5c
makphy5 at wm5 phy 1: Marvell 88E1011 Gigabit PHY, rev. 3
makphy5: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
wm6 at pci4 dev 4 function 1: Intel i82546EB 1000BASE-T Ethernet, rev. 1
wm6: interrupting at irq 5
wm6: 64-bit 120MHz PCIX bus
wm6: 256 word (8 address bits) MicroWire EEPROM
wm6: Ethernet address 00:04:23:09:10:5d
makphy6 at wm6 phy 1: Marvell 88E1011 Gigabit PHY, rev. 3
makphy6: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
wm7 at pci4 dev 6 function 0: Intel i82546EB 1000BASE-T Ethernet, rev. 1
wm7: interrupting at irq 11
wm7: 64-bit 120MHz PCIX bus
wm7: 256 word (8 address bits) MicroWire EEPROM
wm7: Ethernet address 00:04:23:09:10:5e
makphy7 at wm7 phy 1: Marvell 88E1011 Gigabit PHY, rev. 3
makphy7: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
wm8 at pci4 dev 6 function 1: Intel i82546EB 1000BASE-T Ethernet, rev. 1
wm8: interrupting at irq 3
wm8: 64-bit 120MHz PCIX bus
wm8: 256 word (8 address bits) MicroWire EEPROM
wm8: Ethernet address 00:04:23:09:10:5f
makphy8 at wm8 phy 1: Marvell 88E1011 Gigabit PHY, rev. 3
makphy8: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
isa0 at pcib0
lpt0 at isa0 port 0x378-0x37b irq 7
com0 at isa0 port 0x3f8-0x3ff irq 4: ns16550a, working fifo
com0: console
pckbc0 at isa0 port 0x60-0x64
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 mux 1
wskbd0: connecting to wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
isapnp0 at isa0 port 0x279: ISA Plug 'n Play device support
npx0 at isa0 port 0xf0-0xff: using exception 16
fdc0 at isa0 port 0x3f0-0x3f7 irq 6 drq 2
isapnp0: no ISA Plug 'n Play devices found
npx0 at isa0 port 0xf0-0xff: using exception 16
fdc0 at isa0 port 0x3f0-0x3f7 irq 6 drq 2
isapnp0: no ISA Plug 'n Play devices found
fd0 at fdc0 drive 0: 1.44MB, 80 cyl, 2 head, 18 sec
IPsec: Initialized Security Association Processing.
atapibus0 at atabus1: 2 targets
scsibus0: waiting 2 seconds for devices to settle...
cd0 at atapibus0 drive 0: <SAMSUNG CD-ROM  SC-148A, , B403> cdrom removable
cd0: 32-bit data port
cd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 2 (Ultra/33)
cd0(rccide0:1:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2 (Ultra/33) (using DMA)
sd0 at scsibus0 target 0 lun 0: <IBM, IC35L036UCDY10-0, S27T> disk fixed
sd0: 34732 MB, 36703 cyl, 6 head, 323 sec, 512 bytes/sect x 71132959 sectors
sd0: sync (6.25ns offset 127), 16-bit (320.000MB/s) transfers, tagged queueing
sd1 at scsibus0 target 1 lun 0: <IBM, IC35L036UCDY10-0, S27T> disk fixed
sd1: 34732 MB, 36703 cyl, 6 head, 323 sec, 512 bytes/sect x 71132959 sectors
sd1: sync (6.25ns offset 127), 16-bit (320.000MB/s) transfers, tagged queueing
ses0 at scsibus0 target 6 lun 0: <SDR, GEM318P, 1> processor fixed
ses0: SAF-TE Compliant Device
ses0: async, 8-bit transfers
boot device: sd0
root on sd0a dumps on sd0b
root file system type: ffs
wsdisplay0: screen 1 added (80x25, vt100 emulation)
wsdisplay0: screen 2 added (80x25, vt100 emulation)
wsdisplay0: screen 3 added (80x25, vt100 emulation)
wsdisplay0: screen 4 added (80x25, vt100 emulation)

>How-To-Repeat:
	active the option BRIDGE_IPF and add 'ipf' option to brconfig(8)
	(on wm(4) interfaces ?)
>Fix: