kern/142877: network-related repeatable 8.0-STABLE hard hang (kernel loop)

Eugene Grosbein eugen at grosbein.pp.ru
Sat Jan 16 10:20:04 UTC 2010 

>Number:         142877
>Category:       kern
>Synopsis:       network-related repeatable 8.0-STABLE hard hang (kernel loop)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jan 16 10:20:03 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Eugene Grosbein
>Release:        FreeBSD 8.0-STABLE i386
>Organization:
RDTC JSC
>Environment:
System: FreeBSD grosbein.pp.ru 8.0-STABLE FreeBSD 8.0-STABLE #10: Thu Jan 14 22:59:15 KRAT 2010 root at grosbein.pp.ru:/usr/local/obj/usr/local/src/sys/DADV i386

>Description:
	I've home router (FreeBSD 8.0-STABLE) having one LAN interface (vr0)
	and two distinct providers. First uplink is connected using
	plain ethernet via vr1 and second through PPPoE connection/mpd (ng0).

	Default route points to first provider's gateway IP.
	LAN uses "private" IP addresses and I try to run 'ipfw nat' here
	using:

sysctl net.inet.ip.fastforwarding=1
sysctl net.inet.ip.fw.one_pass=0
uplink1="vr1"
uplink2="ng0"

ipfw add 40 nat 100 ip4 from any to any via ng0 keep-state
ipfw add 45 skipto 100 ip4 from any to any via ng0
ipfw add 50 nat 123 ip4 from any to any via vr1 # keep-state

ipfw add 100 allow ip from any to any via lo0
ipfw add 200 deny ip from any to 127.0.0.0/8
ipfw add 300 deny ip from 127.0.0.0/8 to any

ipfw 4050 fwd $uplink1_gw ip from $iplink1_ip to any out xmit $uplink2
ipfw 4055 fwd $uplink2_gw ip from $iplink2_ip to any out xmit $uplink1

	If I uncomment 'keep-state' clause in the rule 50,
	the routes hangs hard at once: it stops responding to pings from LAN,
	it does not respond to console and even to Ctrl-Alt-ESC
	(it has kernel debugger compiled in). Power cycle is required to reboot.

	This PR is not about right way to do NAT and route packets,
	it's about how to reproduce kernel hang.

>How-To-Repeat:
	See above. This router does not have any module loaded,
	all needed options and drivers are compiled in.
	It does not use any NETGRAPH module other than mpd uses
	to provide client-side PPPoE. Kernel config follows.
	Device polling and IPSEC are compiled in but not used presently.

# GW kernel config
# CPU Geode LX 800

options		INCLUDE_CONFIG_FILE

machine		i386
cpu		I586_CPU
cpu		I686_CPU
options		NO_F00F_HACK
options		CPU_GEODE
options		CPU_SOEKRIS

ident		GW
maxusers	0

options 	SCHED_ULE
options 	PREEMPTION		# Enable kernel thread preemption

options 	INET			#InterNETworking
options		INET6
options		SCTP
options 	FFS			#Berkeley Fast Filesystem
options 	SOFTUPDATES		#Enable FFS soft updates support
options 	_KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options 	KTRACE			#ktrace(1) support

options         UFS_GJOURNAL            # Enable gjournal-based UFS journaling
options         GEOM_JOURNAL
options		GEOM_LABEL

options 	MSDOSFS			# MSDOS Filesystem
options 	CD9660			# ISO 9660 Filesystem
options 	NTFS			# MSDOS Filesystem
options		UDF

options		LIBICONV
options         CD9660_ICONV
options         MSDOSFS_ICONV
options         NTFS_ICONV
options         UDF_ICONV

options 	SYSVSHM			# SYSV-style shared memory
options 	SYSVMSG			# SYSV-style message queues
options 	SYSVSEM			# SYSV-style semaphores
options 	P1003_1B_SEMAPHORES	# POSIX-style semaphores
options 	PRINTF_BUFR_SIZE=512	# Prevent printf output being interspersed.
options 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev

options 	NFSCLIENT		# Network Filesystem Client
options 	NFSSERVER		# Network Filesystem Server
options 	NFSLOCKD		# Network Lock Manager

options		COMPAT_LINUX
options 	PROCFS			# Process filesystem (requires PSEUDOFS)
options		LINPROCFS
options 	PSEUDOFS		# Pseudo-filesystem framework

device		eisa
device		pci

# atkbdc0 controls both the keyboard and the PS/2 mouse
device		atkbdc
device		atkbd

options 	ATKBD_DFLT_KEYMAP	# specify the built-in keymap
makeoptions	ATKBD_DFLT_KEYMAP=ru.koi8-r

device		vga

# syscons is the default console driver, resembling an SCO console
device		sc
options		SC_HISTORY_SIZE=1000
options 	SC_DFLT_FONT		# compile font in
makeoptions	SC_DFLT_FONT=cp866

# Floating point support - do not disable.
device		npx

# Serial (COM) ports
device		uart

device		speaker

# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device		miibus		# MII bus support
device		vr

# Pseudo devices
device		loop			# Network loopback
device		random
device		ether		# Ethernet support
device		tun		# Packet tunnel.
device		pty		# Pseudo-ttys (telnet etc)
device		md
device		gif		# IPv6 and IPv4 tunneling
device		faith		# IPv6-to-IPv4 relaying (translation)
device		vlan

# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
device		bpf		#Berkeley packet filter

device		ata
device		atadisk		# ATA disk drives

# USB support
device		ohci
device		ehci
device		usb		# USB Bus (required)
device		umass		# Disks/Mass storage - Requires scbus and da

device		scbus		# SCSI bus (required for SCSI)
device		da		# Direct Access (disks)
device		pass		# Passthrough device (direct SCSI access)

options         LIBALIAS

options 	IPFIREWALL
options 	IPDIVERT
options 	IPFIREWALL_FORWARD
options		IPFIREWALL_NAT
options		DUMMYNET

options		DEVICE_POLLING

options		NETGRAPH
options		NETGRAPH_BPF
options		NETGRAPH_ECHO
options		NETGRAPH_ETHER
options         NETGRAPH_IFACE
options         NETGRAPH_EIFACE
options		NETGRAPH_IPFW
options		NETGRAPH_SOCKET
options		NETGRAPH_KSOCKET
options		NETGRAPH_TEE
options		NETGRAPH_NAT
options         NETGRAPH_MPPC_ENCRYPTION
options         NETGRAPH_TCPMSS
options         NETGRAPH_PPTPGRE
options         NETGRAPH_PPP
options         NETGRAPH_PPPOE
options         NETGRAPH_VJC

device		crypto
device		glxsb
options		IPSEC
options		IPSEC_FILTERTUNNEL

device		cpuctl

# Debugging kernel
options 	KDB			# Enable kernel debugger support.
options 	KDB_UNATTENDED		# Enable kernel debugger support.
options 	DDB			# Support DDB.
options 	GDB			# Support remote GDB.
options 	INVARIANTS		# Enable calls of extra sanity checking
options 	INVARIANT_SUPPORT	# Extra sanity checks of internal structures, required by INVARIANTS
options 	WITNESS			# Enable checks to detect deadlocks and cycles
options 	WITNESS_SKIPSPIN	# Don't run witness on spinlocks for speed

>Fix:

	Unknown.


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list