dummynet / ipfw2: panic, double fault

Andrey V. Elsukov bu7cher at yandex.ru
Mon Sep 3 09:48:34 PDT 2007 

Hi, 

I got a trace for this fault.
dummynet reinject packet to the ip_input through netisr_dispath. 
This procedure was done success several times, but in the next time
it's fault.

(kgdb) p &ipfw_chk
$1 = (int (*)(struct ip_fw_args *)) 0xc3374ea0 <ipfw_chk>
(kgdb) l *(0xc3374ea0+0x16)
0xc3374eb6 is in ipfw_chk (/usr/src/sys/modules/ipfw/../../netinet/ip_fw2.c:2304).
2299             * ip   is the beginning of the ip(4 or 6) header.
2300             *      Calculated by adding the L3offset to the start of data.
2301             *      (Until we start using L3offset, the packet is
2302             *      supposed to start with the ip header).
2303             */
2304            struct mbuf *m = args->m;
2305            struct ip *ip = mtod(m, struct ip *);
2306
2307            /*
2308             * For rules which contain uid/gid or jail constraints, cache

I don't understand why we have panic here.. 
Can someone explain this panic?

--
WBR, Andrey V. Elsukov
-------------- next part --------------
Fatal double fault:
eip = 0xc3343eb6
esp = 0xd4f80f7c
ebp = 0xd4f8127c
cpuid = 0; apic id = 00
panic: double fault
cpuid = 0
KDB: enter: panic
[thread pid 33 tid 100037 ]
Stopped at      kdb_enter+0x32: leave
db> bt
Tracing pid 33 tid 100037 td 0xc2ece400
kdb_enter(c0a8a0dc,0,c0ab6f9e,c0c06cb0,0,...) at kdb_enter+0x32
panic(c0ab6f9e,0,0,0,0,...) at panic+0x124
dblfault_handler() at dblfault_handler+0x9b
--- trap 0x17, eip = 0xc3343eb6, esp = 0xd4f80f7c, ebp = 0xd4f8127c ---
ipfw_chk(d4f81294,41ec0d7e,0,0,c30de000,...) at ipfw_chk+0x16
ipfw_check_in(0,d4f81398,c2eae800,1,0,...) at ipfw_check_in+0xd7
pfil_run_hooks(c0be9e00,d4f813ec,c2eae800,1,0,...) at pfil_run_hooks+0x88

ip_input(c30de000,c2ece498,c0b3b764,c337ab06,c30de000,...) at ip_input+0x24d
netisr_dispatch(2,c30de000,c337cb2c,1,c0a88e3d,...) at netisr_dispatch+0x73
dummynet_send(c337cb2c,0,c337ab06,560,cf,...) at dummynet_send+0x136
dummynet_io(c30de000,2,d4f814fc,0,c30de000,...) at dummynet_io+0x373
ipfw_check_in(0,d4f81600,c2eae800,1,0,...) at ipfw_check_in+0x220
pfil_run_hooks(c0be9e00,d4f81654,c2eae800,1,0,...) at pfil_run_hooks+0x88

ip_input(c30de000,c2ece498,c0b3b764,c337ab06,c30de000,...) at ip_input+0x24d
netisr_dispatch(2,c30de000,c337cb2c,1,c0a88e3d,...) at netisr_dispatch+0x73
dummynet_send(c337cb2c,0,c337ab06,560,cf,...) at dummynet_send+0x136
dummynet_io(c30de000,2,d4f81764,0,c30de000,...) at dummynet_io+0x373
ipfw_check_in(0,d4f81868,c2eae800,1,0,...) at ipfw_check_in+0x220
pfil_run_hooks(c0be9e00,d4f818bc,c2eae800,1,0,...) at pfil_run_hooks+0x88

ip_input(c30de000,c2ece498,c0b3b764,c337ab06,c30de000,...) at ip_input+0x24d
netisr_dispatch(2,c30de000,c337cb2c,1,c0a88e3d,...) at netisr_dispatch+0x73
dummynet_send(c337cb2c,0,c337ab06,560,cf,...) at dummynet_send+0x136
dummynet_io(c30de000,2,d4f819cc,0,c30de000,...) at dummynet_io+0x373
ipfw_check_in(0,d4f81ad0,c2eae800,1,0,...) at ipfw_check_in+0x220
pfil_run_hooks(c0be9e00,d4f81b24,c2eae800,1,0,...) at pfil_run_hooks+0x88

ip_input(c30de000,c2ece498,c0b3b764,c337ab06,c30de000,...) at ip_input+0x24d
netisr_dispatch(2,c30de000,c337cb2c,1,c0a88e3d,...) at netisr_dispatch+0x73
dummynet_send(c337cb2c,0,c337ab06,560,cf,...) at dummynet_send+0x136
dummynet_io(c30de000,2,d4f81c34,0,c30de000,...) at dummynet_io+0x373
ipfw_check_in(0,d4f81d38,c2eae800,1,0,...) at ipfw_check_in+0x220
pfil_run_hooks(c0be9e00,d4f81d8c,c2eae800,1,0,...) at pfil_run_hooks+0x88

ip_input(c30de000,c2ece498,c0b3b764,c337ab06,c30de000,...) at ip_input+0x24d
netisr_dispatch(2,c30de000,c337cb2c,1,c0a88e3d,...) at netisr_dispatch+0x73
dummynet_send(c337cb2c,0,c337ab06,560,cf,...) at dummynet_send+0x136
dummynet_io(c30de000,2,d4f81e9c,0,c30de000,...) at dummynet_io+0x373
ipfw_check_in(0,d4f81fa0,c2eae800,1,0,...) at ipfw_check_in+0x220
pfil_run_hooks(c0be9e00,d4f81ff4,c2eae800,1,0,...) at pfil_run_hooks+0x88

ip_input(c30de000,c2ece498,c0b3b764,c337ab06,c30de000,...) at ip_input+0x24d
netisr_dispatch(2,c30de000,c337cb2c,1,c0a88e3d,...) at netisr_dispatch+0x73
dummynet_send(c337cb2c,0,c337ab06,560,cf,...) at dummynet_send+0x136
dummynet_io(c30de000,2,d4f82104,0,c30de000,...) at dummynet_io+0x373
ipfw_check_in(0,d4f82208,c2eae800,1,0,...) at ipfw_check_in+0x220
pfil_run_hooks(c0be9e00,d4f8225c,c2eae800,1,0,...) at pfil_run_hooks+0x88

ip_input(c30de000,c2ece498,c0b3b764,c337ab06,c30de000,...) at ip_input+0x24d
netisr_dispatch(2,c30de000,c337cb2c,1,c0a88e3d,...) at netisr_dispatch+0x73
dummynet_send(c337cb2c,0,c337ab06,560,cf,...) at dummynet_send+0x136
dummynet_io(c30de000,2,d4f8236c,0,c30de000,...) at dummynet_io+0x373
ipfw_check_in(0,d4f82470,c2eae800,1,0,...) at ipfw_check_in+0x220
pfil_run_hooks(c0be9e00,d4f824c4,c2eae800,1,0,...) at pfil_run_hooks+0x88

ip_input(c30de000,c2ece498,c0b3b764,c337ab06,c30de000,...) at ip_input+0x24d
netisr_dispatch(2,c30de000,c337cb2c,1,c0a88e3d,...) at netisr_dispatch+0x73
dummynet_send(c337cb2c,0,c337ab06,560,cf,...) at dummynet_send+0x136
dummynet_io(c30de000,2,d4f825d4,0,c30de000,...) at dummynet_io+0x373
ipfw_check_in(0,d4f826d8,c2eae800,1,0,...) at ipfw_check_in+0x220
pfil_run_hooks(c0be9e00,d4f8272c,c2eae800,1,0,...) at pfil_run_hooks+0x88
ip_input(c30de000,c2ece498,c0b3b764,c337ab06,c30de000,...) at ip_input+0x24d

netisr_dispatch(2,c30de000,c337cb2c,1,c0a88e3d,...) at netisr_dispatch+0x73
dummynet_send(c337cb2c,0,c337ab06,560,cf,...) at dummynet_send+0x136
dummynet_io(c30de000,2,d4f8283c,0,c30de000,...) at dummynet_io+0x373
ipfw_check_in(0,d4f82940,c2eae800,1,0,...) at ipfw_check_in+0x220
pfil_run_hooks(c0be9e00,d4f82994,c2eae800,1,0,...) at pfil_run_hooks+0x88
ip_input(c30de000,c2ece498,c0b3b764,c337ab06,c30de000,...) at ip_input+0x24d

netisr_dispatch(2,c30de000,c337cb2c,1,c0a88e3d,...) at netisr_dispatch+0x73
dummynet_send(c337cb2c,0,c337ab06,560,c09e3115,...) at dummynet_send+0x136
dummynet_io(c30de000,2,d4f82aa4,0,c30de000,...) at dummynet_io+0x373
ipfw_check_in(0,d4f82ba8,c2eae800,1,0,...) at ipfw_check_in+0x220
pfil_run_hooks(c0be9e00,d4f82bfc,c2eae800,1,0,...) at pfil_run_hooks+0x88
ip_input(c30de000,c0651a02,800,c2eae800,800,...) at ip_input+0x24d

netisr_dispatch(2,c30de000,c2ece498,c0b3b764,c0aa4b46,...) at netisr_dispatch+0x73
ether_demux(c2eae800,c30de000,3,0,3,...) at ether_demux+0x1f1
ether_input(c2eae800,c30de000,c0aa4b46,4b2,0,...) at ether_input+0x37f
rl_rxeof(c2e99cd4,0,c0aa4b46,53c,c2e99cd4,...) at rl_rxeof+0x244
rl_intr(c2e99800,0,c0a86ce5,471,c2db2564,...) at rl_intr+0x9c
ithread_loop(c2edc210,d4f82d38,c0a86a59,315,c2ed0558,...) at ithread_loop+0x1b5
fork_exit(c072ed70,c2edc210,d4f82d38) at fork_exit+0xb8
fork_trampoline() at fork_trampoline+0x8
--- trap 0, eip = 0, esp = 0xd4f82d70, ebp = 0 ---

More information about the freebsd-ipfw mailing list