kern/125704: [ng_nat] kernel libalias: repeatable panic
Mamontov Roman
mr.xanto at gmail.com
Thu Dec 11 08:00:07 PST 2008
The following reply was made to PR kern/125704; it has been noted by GNATS.
From: Mamontov Roman <mr.xanto at gmail.com>
To: bug-followup at FreeBSD.org, glebius at FreeBSD.org
Cc:
Subject: Re: kern/125704: [ng_nat] kernel libalias: repeatable panic
Date: Thu, 11 Dec 2008 18:25:28 +0300
=C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, bug-followup.
> Roman,
> can you please obtain backtrace with loadable modules loaded into
>kgdb? The process described here:
>
>http://www.freebsd.org/doc/en/books/developers-handbook/kerneldebug-kld.ht=
ml
>
>Then it'll be interesting to look at contents of "*m" in the
>ng_nat_rcvdata() function.
Gleb, now I have 6.4-STABLE, but this bug still life.
I have new full backtrace this crash:
solution# kgdb kernel.debug /var/crash/vmcore.3
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain condition=
s.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
fault virtual address =3D 0xc2ebf00f
fault code =3D supervisor read, page not present
instruction pointer =3D 0x20:0xc05ce9ad
stack pointer =3D 0x28:0xcbfa89cc
frame pointer =3D 0x28:0xcbfa89d4
code segment =3D base 0x0, limit 0xfffff, type 0x1b
=3D DPL 0, pres 1, def32 1, gran 1
processor eflags =3D interrupt enabled, resume, IOPL =3D 0
current process =3D 13 (swi1: net)
trap number =3D 12
panic: page fault
KDB: stack backtrace:
kdb_backtrace(100,c217aa80,28,cbfa898c,c,...) at kdb_backtrace+0x29
panic(c06874b9,c06acbed,0,fffff,c217d69b,...) at panic+0xa8
trap_fatal(cbfa898c,c2ebf00f,c217aa80,c2ebf000,c,...) at trap_fatal+0x2a6
trap_pfault(cbfa898c,0,c2ebf00f) at trap_pfault+0x1f3
trap(c30f0008,28,c2130028,c2ebd000,c2ebf061,...) at trap+0x325
calltrap() at calltrap+0x5
--- trap 0xc, eip =3D 0xc05ce9ad, esp =3D 0xcbfa89cc, ebp =3D 0xcbfa89d4 ---
AliasHandleName(c2ebe012,c2ebf061) at AliasHandleName+0x6d
AliasHandleQuestion(7474,c2ebd028,c2ebf061,cbfa8a04) at AliasHandleQuestion=
+0x1b
AliasHandleUdpNbtNS(c2771000,c2ebd000,c30f9e80,cbfa8a54,cbfa8a5a,...) at Al=
iasHandleUdpNbtNS+0x7f
UdpAliasIn(c2771000,c2ebd000) at UdpAliasIn+0x101
LibAliasIn(c2771000,c2ebd000,800,0,5dc,...) at LibAliasIn+0xb7
ng_nat_rcvdata(c269cc80,c2507c30,1,0,c267f200,...) at ng_nat_rcvdata+0x1d1
ng_apply_item(c267f200,c2507c30,1,cbfa8c54,cbfa8b4c,...) at ng_apply_item+0=
x98
ng_snd_item(c2507c30,0,c263da00,cbfa8c54,0,...) at ng_snd_item+0x413
ng_ipfw_input(cbfa8c54,1,cbfa8b4c,0,c2e16b00,...) at ng_ipfw_input+0x11c
ipfw_check_in(0,cbfa8c54,c222e400,1,0,...) at ipfw_check_in+0x217
pfil_run_hooks(c06fb5a0,cbfa8ca8,c222e400,1,0) at pfil_run_hooks+0xef
ip_input(c2e16b00) at ip_input+0x20f
netisr_processqueue(c06fa178) at netisr_processqueue+0x9f
swi_net(0) at swi_net+0xf2
ithread_execute_handlers(c2179648,c2177380) at ithread_execute_handlers+0x1=
21
ithread_loop(c21436e0,cbfa8d38) at ithread_loop+0x54
fork_exit(c04f0648,c21436e0,cbfa8d38) at fork_exit+0x70
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip =3D 0, esp =3D 0xcbfa8d6c, ebp =3D 0 ---
Uptime: 4h46m50s
Dumping 255 MB (2 chunks)
chunk 0: 1MB (160 pages) ... ok
chunk 1: 255MB (65259 pages) 239 223 207 191 175 159 143 127 111 95 79 63=
47 31 15
Reading symbols from /boot/kernel/geom_mirror.ko...done.
Loaded symbols for /boot/kernel/geom_mirror.ko
Reading symbols from /boot/kernel/acpi.ko...done.
Loaded symbols for /boot/kernel/acpi.ko
Reading symbols from /boot/kernel/ng_ipfw.ko...done.
Loaded symbols for /boot/kernel/ng_ipfw.ko
Reading symbols from /boot/kernel/ng_nat.ko...done.
Loaded symbols for /boot/kernel/ng_nat.ko
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=3Dr" (td));
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc050926a in boot (howto=3D260) at ../../../kern/kern_shutdown.c:410
first_buf_printf =3D 1
#2 0xc0509530 in panic (fmt=3D0xc06874b9 "%s") at ../../../kern/kern_shutd=
own.c:566
td =3D (struct thread *) 0xc217aa80
bootopt =3D 260
newpanic =3D 1
ap =3D 0xc217aa80 "H\226\027=E1=DE=EC\027=E1"
buf =3D "page fault", '\0' <repeats 245 times>
#3 0xc065e5ca in trap_fatal (frame=3D0xcbfa898c, eva=3D3270242319) at ../.=
./../i386/i386/trap.c:838
code =3D 40
ss =3D 40
esp =3D 0
type =3D 12
softseg =3D {ssd_base =3D 0, ssd_limit =3D 1048575, ssd_type =3D 27=
, ssd_dpl =3D 0, ssd_p =3D 1, ssd_xx =3D 6, ssd_xx1 =3D 1, ssd_def32 =3D 1,=
ssd_gran =3D 1}
msg =3D 0x0
#4 0xc065e2fb in trap_pfault (frame=3D0xcbfa898c, usermode=3D0, eva=3D3270=
242319) at ../../../i386/i386/trap.c:745
va =3D 3270242304
vm =3D (struct vmspace *) 0x0
map =3D 0xc104b000
rv =3D 1
ftype =3D 1 '\001'
td =3D (struct thread *) 0xc217aa80
p =3D (struct proc *) 0xc2179648
#5 0xc065def5 in trap (frame=3D
{tf_fs =3D -1022427128, tf_es =3D 40, tf_ds =3D -1038942168, tf_edi =
=3D -1024733184, tf_esi =3D -1024724895, tf_ebp =3D -872773164, tf_isp =3D =
-872773192, tf_ebx =3D 0, tf_edx =3D -1024724977, tf_ecx =3D -1024724977, t=
f_eax =3D 42, tf_trapno =3D 12, tf_err =3D 0, tf_eip =3D -1067652691, tf_cs=
=3D 32, tf_eflags =3D 590406, tf_esp =3D 29080, tf_ss =3D -1024724895}) at=
../../../i386/i386/trap.c:435
td =3D (struct thread *) 0xc217aa80
p =3D (struct proc *) 0xc2179648
sticks =3D 3226579559
type =3D 12
i =3D 0
ucode =3D 0
code =3D 0
eva =3D 3270242319
#6 0xc064ad1a in calltrap () at ../../../i386/i386/exception.s:139
No locals.
#7 0xc05ce9ad in AliasHandleName (p=3D0xc2ebf00f <Address 0xc2ebf00f out o=
f bounds>, pmax=3D0xc2ebf061 <Address 0xc2ebf061 out of bounds>)
at ../../../netinet/libalias/alias_nbt.c:187
s =3D (u_char *) 0xc2ebf00f <Address 0xc2ebf00f out of bounds>
compress =3D 0
#8 0xc05ceb07 in AliasHandleQuestion (count=3D29080, q=3D0xc2ebf00f, pmax=
=3D0xc2ebf061 <Address 0xc2ebf061 out of bounds>, nbtarg=3D0xcbfa8a04)
at ../../../netinet/libalias/alias_nbt.c:310
No locals.
#9 0xc05cef4f in AliasHandleUdpNbtNS (la=3D0xc2771000, pip=3D0xc2ebf00f, l=
nk=3D0xc30f9e80, alias_address=3D0x2a, alias_port=3D0x2a, original_address=
=3D0x2a,
original_port=3D0x2a) at endian.h:151
uh =3D (struct udphdr *) 0xc2ebf00f
nsh =3D (NbtNSHeader *) 0xc2ebd01c
p =3D (u_char *) 0xc2ebf00f <Address 0xc2ebf00f out of bounds>
pmax =3D 0xc2ebf061 <Address 0xc2ebf061 out of bounds>
nbtarg =3D {oldaddr =3D {s_addr =3D 169134683}, oldport =3D 35072, =
newaddr =3D {s_addr =3D 169134683}, newport =3D 35072, uh_sum =3D 0xc2ebd01=
a}
#10 0xc05cabfd in UdpAliasIn (la=3D0xc2771000, pip=3D0xc2ebd000) at ../../.=
./netinet/libalias/alias.c:744
alias_address =3D {s_addr =3D 169134683}
original_address =3D {s_addr =3D 169134683}
alias_port =3D 35072
accumulate =3D -1022386560
r =3D 0
ud =3D (struct udphdr *) 0xc2ebd014
lnk =3D (struct alias_link *) 0xc30f9e80
#11 0xc05cb9cb in LibAliasIn (la=3D0xc2771000, ptr=3D0xc2ebd000 "E", maxpac=
ketsize=3D2048) at ../../../netinet/libalias/alias.c:1206
alias_addr =3D {s_addr =3D 169134683}
pip =3D (struct ip *) 0xc2ebd000
iresult =3D 2048
#12 0xc276dadd in ng_nat_rcvdata () from /boot/kernel/ng_nat.ko
No symbol table info available.
#13 0xc058f200 in ng_apply_item (node=3D0xc267f200, item=3D0xc2507c30, rw=
=3D1) at ../../../netgraph/ng_base.c:2398
hook =3D 0xc269cc80
rcvdata =3D (ng_rcvdata_t *) 0x2a
rcvmsg =3D (ng_rcvmsg_t *) 0x2a
apply =3D (struct ng_apply_info *) 0x0
error =3D 0
depth =3D 1
#14 0xc058f073 in ng_snd_item (item=3D0xc2507c30, flags=3D0) at ../../../ne=
tgraph/ng_base.c:2317
hook =3D 0xc2ebf00f
node =3D 0xc267f200
queue =3D 0
rw =3D 1
ngq =3D (struct ng_queue *) 0xc267f254
error =3D -872772788
#15 0xc276ac5c in ng_ipfw_input () from /boot/kernel/ng_ipfw.ko
No symbol table info available.
#16 0xc05b4d5f in ipfw_check_in (arg=3D0x0, m0=3D0xcbfa8c54, ifp=3D0xc222e4=
00, dir=3D1, inp=3D0x0) at ../../../netinet/ip_fw_pfil.c:190
args =3D {m =3D 0xc2e16b00, oif =3D 0x0, next_hop =3D 0x0, rule =3D=
0xc269d580, eh =3D 0x0, f_id =3D {dst_ip =3D 1539970058, src_ip =3D 328348=
6750, dst_port =3D 137,
src_port =3D 65403, proto =3D 17 '\021', flags =3D 0 '\0', addr_type =
=3D 4 '\004', dst_ip6 =3D {__u6_addr =3D {__u6_addr8 =3D '\0' <repeats 15 t=
imes>, __u6_addr16 =3D {
0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 =3D {0, 0, 0, 0}}}, src_ip6 =
=3D {__u6_addr =3D {__u6_addr8 =3D '\0' <repeats 15 times>, __u6_addr16 =3D=
{0, 0, 0, 0, 0,
0, 0, 0}, __u6_addr32 =3D {0, 0, 0, 0}}}, flow_id6 =3D 0, frag_id=
6 =3D 0}, cookie =3D 61, inp =3D 0x0, dummypar =3D {opt_or =3D 0x0, ro_or =
=3D {ro_rt =3D 0x0,
ro_dst =3D {sin6_len =3D 0 '\0', sin6_family =3D 0 '\0', sin6_port =
=3D 0, sin6_flowinfo =3D 0, sin6_addr =3D {__u6_addr =3D {__u6_addr8 =3D '\=
0' <repeats 15 times>,
__u6_addr16 =3D {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 =3D {0, 0=
, 0, 0}}}, sin6_scope_id =3D 0}}, flags_or =3D 0, im6o_or =3D 0x0, origifp_=
or =3D 0x0,
ifp_or =3D 0x0, dst_or =3D {sin6_len =3D 0 '\0', sin6_family =3D 0 '\0'=
, sin6_port =3D 0, sin6_flowinfo =3D 0, sin6_addr =3D {__u6_addr =3D {
__u6_addr8 =3D '\0' <repeats 15 times>, __u6_addr16 =3D {0, 0, 0,=
0, 0, 0, 0, 0}, __u6_addr32 =3D {0, 0, 0, 0}}}, sin6_scope_id =3D 0}, mtu_=
or =3D 0,
ro_pmtu_or =3D {ro_rt =3D 0x0, ro_dst =3D {sin6_len =3D 0 '\0', sin6_fa=
mily =3D 0 '\0', sin6_port =3D 0, sin6_flowinfo =3D 0, sin6_addr =3D {__u6_=
addr =3D {
__u6_addr8 =3D '\0' <repeats 15 times>, __u6_addr16 =3D {0, 0, =
0, 0, 0, 0, 0, 0}, __u6_addr32 =3D {0, 0, 0, 0}}}, sin6_scope_id =3D 0}}}, =
hopstore =3D {
sin_len =3D 0 '\0', sin_family =3D 0 '\0', sin_port =3D 0, sin_addr =3D=
{s_addr =3D 0}, sin_zero =3D "\000\000\000\000\000\000\000"}}
ng_tag =3D (struct ng_ipfw_tag *) 0xc2ebf00f
ipfw =3D -1024724977
divert =3D -1033643520
tee =3D -1033643520
#17 0xc05842cf in pfil_run_hooks (ph=3D0xc06fb5a0, mp=3D0xcbfa8ca8, ifp=3D0=
xc222e400, dir=3D1, inp=3D0x0) at ../../../net/pfil.c:139
pfh =3D (struct packet_filter_hook *) 0xc2341ae0
m =3D (struct mbuf *) 0x0
rv =3D 0
#18 0xc05b63af in ip_input (m=3D0xc2e16b00) at ../../../netinet/ip_input.c:=
468
ip =3D (struct ip *) 0xc259f020
ia =3D (struct in_ifaddr *) 0x0
ifa =3D (struct ifaddr *) 0xc2ebf00f
checkif =3D -1913050015
hlen =3D 20
sum =3D 55808
dchg =3D 0
#19 0xc0582e3f in netisr_processqueue (ni=3D0xc06fa178) at ../../../net/net=
isr.c:236
m =3D (struct mbuf *) 0xc2e16b00
#20 0xc058303a in swi_net (dummy=3D0x0) at ../../../net/netisr.c:349
ni =3D (struct netisr *) 0xc06fa178
bits =3D 0
i =3D -1024724977
#21 0xc04f0581 in ithread_execute_handlers (p=3D0xc2179648, ie=3D0xc2177380=
) at ../../../kern/kern_intr.c:682
ih =3D (struct intr_handler *) 0xc2170900
ihn =3D (struct intr_handler *) 0x0
#22 0xc04f069c in ithread_loop (arg=3D0xc21436e0) at ../../../kern/kern_int=
r.c:766
intr_event =3D (struct intr_thread *) 0xc21436e0
---Type <return> to continue, or q <return> to quit---
ie =3D (struct intr_event *) 0xc2177380
td =3D (struct thread *) 0xc217aa80
p =3D (struct proc *) 0xc2179648
#23 0xc04ef508 in fork_exit (callout=3D0xc04f0648 <ithread_loop>, arg=3D0xc=
21436e0, frame=3D0xcbfa8d38) at ../../../kern/kern_fork.c:788
p =3D (struct proc *) 0xc2179648
td =3D (struct thread *) 0xc2ebf00f
#24 0xc064ad7c in fork_trampoline () at ../../../i386/i386/exception.s:208
No locals.
--=20
=D1 =F3=E2=E0=E6=E5=ED=E8=E5=EC,
Mamontov Roman mailto:mr.xanto at gmail.com
More information about the freebsd-bugs
mailing list