Bug 144869 - [em] [panic] Instant kernel panic when adding NAT rules using ipfw on em interfaces
Summary: [em] [panic] Instant kernel panic when adding NAT rules using ipfw on em inte...
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 8.0-STABLE
Hardware: Any Any
: Normal Affects Only Me
Assignee: jfv
URL:
Keywords: IntelNetworking
Depends on:
Blocks:
 
Reported: 2010-03-19 11:50 UTC by freebsdlists
Modified: 2015-07-01 15:17 UTC (History)
1 user (show)

See Also:
bugmeister: mfc-stable8?
bugmeister: mfc-stable9?
bugmeister: mfc-stable10?


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description freebsdlists 2010-03-19 11:50:01 UTC
When adding two simple ipfw nat rules on em0 the kernel instantly panics and the server reboots. The issue can be avoided by running 'ifconfig em0 -rxcsum' prior to adding the ipfw nat rules.

How-To-Repeat: After a fresh reboot run the following commands:
kldload ipfw_nat
ipfw nat 1 config if em0 same_ports
ipfw add 10000 nat 1 ip from any to any via em0
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2010-03-19 23:51:40 UTC
Responsible Changed
From-To: freebsd-bugs->freebsd-ipfw

Over to maintainer(s).
Comment 2 freebsdlists 2010-05-31 20:39:35 UTC
The kernel panic can no longer be reproduced in 8.1-PRERELEASE from May 
31 2010.
Comment 3 hizel 2010-08-17 11:31:12 UTC
i reproduce this bug in virtualbox ose 3.2.8 with Intel PRO/1000 MT
Desktop (Bridged adapter, eth1) emulation in the gentoo linux host system
and ifconfig em0 -rxcsum solves the problem


the part of core.txt.0:

Tue Aug 17 14:12:55 MSD 2010

FreeBSD olo.vyborg.ru 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010     root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386

panic: page fault

Reading symbols from /boot/kernel/ipfw.ko...Reading symbols from /boot/kernel/ipfw.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ipfw.ko
Reading symbols from /boot/kernel/libalias.ko...Reading symbols from /boot/kernel/libalias.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/libalias.ko
#0  doadump () at pcpu.h:246
246     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) #0  doadump () at pcpu.h:246
#1  0xc089e9b7 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:416
#2  0xc089ec19 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:590
#3  0xc0bd3adc in trap_fatal (frame=0xcd1c660c, eva=12) at /usr/src/sys/i386/i386/trap.c:938
#4  0xc0bd3d60 in trap_pfault (frame=0xcd1c660c, usermode=0, eva=12) at /usr/src/sys/i386/i386/trap.c:851
#5  0xc0bd46a5 in trap (frame=0xcd1c660c) at /usr/src/sys/i386/i386/trap.c:533
#6  0xc0bb67bb in calltrap () at /usr/src/sys/i386/i386/exception.s:165
#7  0xc0628691 in lem_start_locked (ifp=0xc2621c00) at /usr/src/sys/dev/e1000/if_lem.c:2964
#8  0xc0628d56 in lem_start (ifp=0xc2621c00) at /usr/src/sys/dev/e1000/if_lem.c:867
#9  0xc09430d2 in if_start (ifp=0xc2621c00) at /usr/src/sys/net/if.c:3345
#10 0xc094707b in if_transmit (ifp=0xc2621c00, m=0xc26f7500) at /usr/src/sys/net/if.c:3357
#11 0xc094bda0 in ether_output_frame (ifp=0xc2621c00, m=0xc26f7500) at /usr/src/sys/net/if_ethersubr.c:452
#12 0xc094c7be in ether_output (ifp=0xc2621c00, m=0xc26f7500, dst=0xcd1c6a18, ro=0xcd1c6a10) at /usr/src/sys/net/if_ethersubr.c:423
#13 0xc09ac53e in ip_output (m=0xc29ffc00, opt=0x0, ro=0xcd1c6a10, flags=Variable "flags" is not available.
) at /usr/src/sys/netinet/ip_output.c:634
#14 0xc0a14f3f in tcp_output (tp=0xc2bdc278) at /usr/src/sys/netinet/tcp_output.c:1190
#15 0xc0a20fda in tcp_usr_send (so=0xc29eeb44, flags=0, m=0xc26f7400, nam=0x0, control=0x0, td=0xc2cc0a00) at tcp_offload.h:282
#16 0xc08ffed5 in sosend_generic (so=0xc29eeb44, addr=0x0, uio=0xcd1c6c58, top=0xc26f7400, control=0x0, flags=0, td=0xc2cc0a00) at /usr/src/sys/kern/uipc_socket.c:1260
#17 0xc08fbfdf in sosend (so=0xc29eeb44, addr=0x0, uio=0xcd1c6c58, top=0x0, control=0x0, flags=0, td=0xc2cc0a00) at /usr/src/sys/kern/uipc_socket.c:1304
#18 0xc08e31e3 in soo_write (fp=0xc29936c8, uio=0xcd1c6c58, active_cred=0xc297b000, flags=0, td=0xc2cc0a00) at /usr/src/sys/kern/sys_socket.c:102
#19 0xc08dc3c7 in dofilewrite (td=0xc2cc0a00, fd=3, fp=0xc29936c8, auio=0xcd1c6c58, offset=-1, flags=0) at file.h:239
#20 0xc08dc6b8 in kern_writev (td=0xc2cc0a00, fd=3, auio=0xcd1c6c58) at /usr/src/sys/kern/sys_generic.c:446
#21 0xc08dc73f in write (td=0xc2cc0a00, uap=0xcd1c6cf8) at /usr/src/sys/kern/sys_generic.c:362
#22 0xc0bd4053 in syscall (frame=0xcd1c6d38) at /usr/src/sys/i386/i386/trap.c:1111
#23 0xc0bb6820 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:261
#24 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) 



---
e-mail: hizel@vyborg.ru
jid: hizel@vyborg.ru, hizel@jabber.ru
Comment 4 Andrey V. Elsukov freebsd_committer 2010-08-17 12:21:08 UTC
On 17.08.2010 14:31, Ildar Hizbulin wrote:
> i reproduce this bug in virtualbox ose 3.2.8 with Intel PRO/1000 MT
> Desktop (Bridged adapter, eth1) emulation in the gentoo linux host system
> and ifconfig em0 -rxcsum solves the problem

Hi, Ildar.

This bug was fixed with r209959 and i think it was merged to stable/8
with r211241.

-- 
WBR, Andrey V. Elsukov
Comment 5 Andrey V. Elsukov freebsd_committer 2010-08-17 13:03:33 UTC
State Changed
From-To: open->patched

Patched in head (r209959) and merged to stable/8 (r211241). 



Comment 6 Andrey V. Elsukov freebsd_committer 2010-08-17 13:03:33 UTC
Responsible Changed
From-To: freebsd-ipfw->jfv

Jack is em(4) maintainer.