nfe taskq kernel panic

Emil Muratov gpm at hotplug.ru
Sat May 7 12:01:51 UTC 2011 

> On Thu, May 5, 2011 at 2:49 PM, Arnaud Lacombe <lacombar at gmail.com>  
> wrote:
>> There is a stale reference to the mbuf passed to, and freed in
>> m_megapullup(); could you test the following patch ?
>>
>> diff --git a/sys/netinet/ipfw/ip_fw_nat.c b/sys/netinet/ipfw/ip_fw_nat.c
>> index f8c3e63..80c13dc 100644
>> --- a/sys/netinet/ipfw/ip_fw_nat.c
>> +++ b/sys/netinet/ipfw/ip_fw_nat.c
>> @@ -263,7 +263,7 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat
>> *t, struct mbuf *m)
>>                retval = LibAliasOut(t->lib, c,
>>                        mcl->m_len + M_TRAILINGSPACE(mcl));
>>        if (retval == PKT_ALIAS_RESPOND) {
>> -               m->m_flags |= M_SKIP_FIREWALL;
>> +               mcl->m_flags |= M_SKIP_FIREWALL;
>>                retval = PKT_ALIAS_OK;
>>        }
>>        if (retval != PKT_ALIAS_OK &&
>>
>> This was introduced in r188294 by piso@ (added to the CC: list).
>>
> this can only happen if you are NAT'ing SCTP traffic. So it might not
> be the culprit in your case..
>
>   - Arnaud

Hi!
I've got another crash with this patch applied, so you were right this was  
not my case.
Providing backtrace if it might help.


GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you  
are
welcome to change it and/or distribute copies of it under certain  
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 02
fault virtual address	= 0xffffff802f98aac8
fault code		= supervisor write data, page not present
instruction pointer	= 0x20:0xffffffff8037dfdb
stack pointer	        = 0x28:0xffffff80000fde20
frame pointer	        = 0x28:0xffffff80000fde60
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 0 (nfe0 taskq)
trap number		= 12
panic: page fault
cpuid = 2
KDB: stack backtrace:
#0 0xffffffff802a97a3 at kdb_backtrace+0x5e
#1 0xffffffff8027aa98 at panic+0x182
#2 0xffffffff80446ef0 at trap_fatal+0x292
#3 0xffffffff804472a5 at trap_pfault+0x286
#4 0xffffffff8044774f at trap+0x3cb
#5 0xffffffff80430774 at calltrap+0x8
#6 0xffffffff8035d506 at ipfw_nat+0x206
#7 0xffffffff80354cea at ipfw_chk+0xb1a
#8 0xffffffff80359c6a at ipfw_check_hook+0xfa
#9 0xffffffff8032a221 at pfil_run_hooks+0x9c
#10 0xffffffff803605f3 at ip_input+0x2d3
#11 0xffffffff8032947f at netisr_dispatch_src+0x71
#12 0xffffffff80c22cab at ng_iface_rcvdata+0xdc
#13 0xffffffff80c18964 at ng_apply_item+0x20a
#14 0xffffffff80c17afd at ng_snd_item+0x2a1
#15 0xffffffff80c18964 at ng_apply_item+0x20a
#16 0xffffffff80c17afd at ng_snd_item+0x2a1
#17 0xffffffff80c25305 at ng_ppp_rcvdata+0x202
Uptime: 15h24m44s
Physical memory: 2005 MB
Dumping 1547 MB: 1532 1516 1500 1484 1468 1452 1436 1420 1404 1388 1372  
1356 1340 1324 1308 1292 1276 1260 1244 1228 1212 1196 1180 1164 1148 1132  
1116 1100 1084 1068 1052 1036 1020 1004 988 972 956 940 924 908 892 876  
860 844 828 812 796 780 764 748 732 716 700 684 668 652 636 620 604 588  
572 556 540 524 508 492 476 460 444 428 412 396 380 364 348 332 316 300  
284 268 252 236 220 204 188 172 156 140 124 108 92 76 60 44 28 12

Reading symbols from /boot/kernel/zfs.ko...Reading symbols from  
/boot/kernel/zfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/zfs.ko
Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols from  
/boot/kernel/opensolaris.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/opensolaris.ko
Reading symbols from /boot/kernel/krpc.ko...Reading symbols from  
/boot/kernel/krpc.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/krpc.ko
Reading symbols from /boot/kernel/if_nfe.ko...Reading symbols from  
/boot/kernel/if_nfe.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/if_nfe.ko
Reading symbols from /boot/kernel/aio.ko...Reading symbols from  
/boot/kernel/aio.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/aio.ko
Reading symbols from /boot/kernel/alias_ftp.ko...Reading symbols from  
/boot/kernel/alias_ftp.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/alias_ftp.ko
Reading symbols from /boot/kernel/if_stf.ko...Reading symbols from  
/boot/kernel/if_stf.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/if_stf.ko
Reading symbols from /boot/kernel/ng_socket.ko...Reading symbols from  
/boot/kernel/ng_socket.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_socket.ko
Reading symbols from /boot/kernel/netgraph.ko...Reading symbols from  
/boot/kernel/netgraph.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/netgraph.ko
Reading symbols from /boot/kernel/ng_mppc.ko...Reading symbols from  
/boot/kernel/ng_mppc.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_mppc.ko
Reading symbols from /boot/kernel/rc4.ko...Reading symbols from  
/boot/kernel/rc4.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/rc4.ko
Reading symbols from /boot/kernel/ng_iface.ko...Reading symbols from  
/boot/kernel/ng_iface.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_iface.ko
Reading symbols from /boot/kernel/ng_ppp.ko...Reading symbols from  
/boot/kernel/ng_ppp.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_ppp.ko
Reading symbols from /boot/kernel/ng_tee.ko...Reading symbols from  
/boot/kernel/ng_tee.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_tee.ko
Reading symbols from /boot/kernel/ng_ether.ko...Reading symbols from  
/boot/kernel/ng_ether.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_ether.ko
Reading symbols from /boot/kernel/ng_pppoe.ko...Reading symbols from  
/boot/kernel/ng_pppoe.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_pppoe.ko
Reading symbols from /boot/kernel/accf_http.ko...Reading symbols from  
/boot/kernel/accf_http.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/accf_http.ko
Reading symbols from /boot/kernel/accf_data.ko...Reading symbols from  
/boot/kernel/accf_data.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/accf_data.ko
Reading symbols from /boot/kernel/ng_tcpmss.ko...Reading symbols from  
/boot/kernel/ng_tcpmss.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_tcpmss.ko
#0  doadump () at pcpu.h:224
224	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) #0  doadump () at pcpu.h:224
#1  0xffffffff8027a615 in boot (howto=260)
     at /usr/src/sys/kern/kern_shutdown.c:419
#2  0xffffffff8027aa82 in panic (fmt=Variable "fmt" is not available.
)
     at /usr/src/sys/kern/kern_shutdown.c:592
#3  0xffffffff80446ef0 in trap_fatal (frame=0xc, eva=Variable "eva" is not  
available.
)
     at /usr/src/sys/amd64/amd64/trap.c:811
#4  0xffffffff804472a5 in trap_pfault (frame=0xffffff80000fdd70,  
usermode=0)
     at /usr/src/sys/amd64/amd64/trap.c:727
#5  0xffffffff8044774f in trap (frame=0xffffff80000fdd70)
     at /usr/src/sys/amd64/amd64/trap.c:477
#6  0xffffffff80430774 in calltrap ()
     at /usr/src/sys/amd64/amd64/exception.S:228
#7  0xffffffff8037dfdb in LibAliasIn (la=0xffffff802f97b000,
     ptr=0xffffff809d95a01c "E", maxpacketsize=9188) at atomic.h:159
#8  0xffffffff8035d506 in ipfw_nat (args=0xffffff80000fe050,
     t=0xffffff001940d180, m=Variable "m" is not available.
) at /usr/src/sys/netinet/ipfw/ip_fw_nat.c:261
#9  0xffffffff80354cea in ipfw_chk (args=0xffffff80000fe050)
     at /usr/src/sys/netinet/ipfw/ip_fw2.c:2136
#10 0xffffffff80359c6a in ipfw_check_hook (arg=Variable "arg" is not  
available.
)
     at /usr/src/sys/netinet/ipfw/ip_fw_pfil.c:139
#11 0xffffffff8032a221 in pfil_run_hooks (ph=Variable "ph" is not  
available.
) at /usr/src/sys/net/pfil.c:82
#12 0xffffffff803605f3 in ip_input (m=0xffffff003bdc5600)
     at /usr/src/sys/netinet/ip_input.c:532
#13 0xffffffff8032947f in netisr_dispatch_src (proto=1, source=Variable  
"source" is not available.
)
     at /usr/src/sys/net/netisr.c:859
#14 0xffffffff80c22cab in ng_iface_rcvdata (hook=Variable "hook" is not  
available.
)
     at /usr/src/sys/modules/netgraph/iface/../../../netgraph/ng_iface.c:784
#15 0xffffffff80c18964 in ng_apply_item (node=0xffffff002fa72300,
     item=0xffffff0074cc5880, rw=0)
     at  
/usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2327
#16 0xffffffff80c17afd in ng_snd_item (item=0xffffff0074cc5880, flags=0)
     at  
/usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2244
#17 0xffffffff80c18964 in ng_apply_item (node=0xffffff00143e1c00,
     item=0xffffff0074cc5880, rw=0)
     at  
/usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2327
#18 0xffffffff80c17afd in ng_snd_item (item=0xffffff0074cc5880, flags=0)
     at  
/usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2244
#19 0xffffffff80c25305 in ng_ppp_rcvdata (hook=Variable "hook" is not  
available.
)
     at /usr/src/sys/modules/netgraph/ppp/../../../netgraph/ng_ppp.c:1524
#20 0xffffffff80c18964 in ng_apply_item (node=0xffffff002fbe4c00,
     item=0xffffff0074cc5880, rw=0)
     at  
/usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2327
#21 0xffffffff80c17afd in ng_snd_item (item=0xffffff0074cc5880, flags=0)
     at  
/usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2244
#22 0xffffffff80c18964 in ng_apply_item (node=0xffffff003b975000,
     item=0xffffff0074cc5880, rw=0)
     at  
/usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2327
#23 0xffffffff80c17afd in ng_snd_item (item=0xffffff0074cc5880, flags=0)
     at  
/usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2244
#24 0xffffffff80c2cfc1 in ng_pppoe_rcvdata_ether (hook=Variable "hook" is  
not available.
)
     at  
/usr/src/sys/modules/netgraph/pppoe/../../../netgraph/ng_pppoe.c:1657
#25 0xffffffff80c18964 in ng_apply_item (node=0xffffff002ff4d600,
     item=0xffffff0074cc5880, rw=0)
     at  
/usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2327
#26 0xffffffff80c17afd in ng_snd_item (item=0xffffff0074cc5880, flags=0)
     at  
/usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2244
#27 0xffffffff80320b5a in ether_demux (ifp=0xffffff0006a61000,
     m=0xffffff003bdc5600) at /usr/src/sys/net/if_ethersubr.c:911
#28 0xffffffff80320f41 in ether_input (ifp=0xffffff0006a61000,
     m=0xffffff003bdc5600) at /usr/src/sys/net/if_ethersubr.c:753
#29 0xffffffff80320aa2 in ether_demux (ifp=0xffffff0001676800,
     m=0xffffff003bdc5600) at /usr/src/sys/net/if_ethersubr.c:803
#30 0xffffffff80320f41 in ether_input (ifp=0xffffff0001676800,
     m=0xffffff003bdc5600) at /usr/src/sys/net/if_ethersubr.c:753
#31 0xffffffff809ec76e in nfe_jrxeof (sc=0xffffff80003ae000, count=191,
     rx_npktsp=0x0) at /usr/src/sys/modules/nfe/../../dev/nfe/if_nfe.c:2303
#32 0xffffffff809f0fea in nfe_int_task (arg=Variable "arg" is not  
available.
)
     at /usr/src/sys/modules/nfe/../../dev/nfe/if_nfe.c:1899
#33 0xffffffff802b3f7e in taskqueue_run_locked (queue=0xffffff0001722700)
     at /usr/src/sys/kern/subr_taskqueue.c:248
#34 0xffffffff802b410c in taskqueue_thread_loop (arg=Variable "arg" is not  
available.
)
     at /usr/src/sys/kern/subr_taskqueue.c:385
#35 0xffffffff80252d5d in fork_exit (
     callout=0xffffffff802b40c4 <taskqueue_thread_loop>,
     arg=0xffffff80003ae1b8, frame=0xffffff80000fec50)
     at /usr/src/sys/kern/kern_fork.c:865
#36 0xffffffff80430cbe in fork_trampoline ()
     at /usr/src/sys/amd64/amd64/exception.S:603
#37 0x0000000000000000 in ?? ()
#38 0x0000000000000000 in ?? ()
#39 0x0000000000000000 in ?? ()
#40 0x0000000000000000 in ?? ()
#41 0x0000000000000000 in ?? ()
#42 0x0000000000000000 in ?? ()
#43 0x0000000000000000 in ?? ()
#44 0x0000000000000000 in ?? ()
#45 0x0000000000000000 in ?? ()
#46 0x0000000000000000 in ?? ()
#47 0x0000000000000000 in ?? ()
#48 0x0000000000000000 in ?? ()
#49 0x0000000000000000 in ?? ()
#50 0x0000000000000000 in ?? ()
#51 0x0000000000000000 in ?? ()
#52 0x0000000000000000 in ?? ()
#53 0x0000000000000000 in ?? ()
#54 0x0000000000000000 in ?? ()
#55 0x0000000000000000 in ?? ()
#56 0x0000000000000000 in ?? ()
#57 0x0000000000000000 in ?? ()
#58 0x0000000000000000 in ?? ()
#59 0x0000000000000000 in ?? ()
#60 0x0000000000000000 in ?? ()
#61 0xffffffff80665940 in affinity ()
#62 0x0000000000000000 in ?? ()
#63 0x0000000000000000 in ?? ()
#64 0xffffff0001741460 in ?? ()
#65 0xffffff80000fd9d0 in ?? ()
#66 0xffffff80000fd978 in ?? ()
#67 0xffffff00015b8000 in ?? ()
#68 0xffffffff8029d819 in sched_switch (td=0xffffffff802b40c4,
     newtd=0xffffff80003ae1b8, flags=Variable "flags" is not available.
) at /usr/src/sys/kern/sched_ule.c:1859
Previous frame inner to this frame (corrupt stack?)
(kgdb)

More information about the freebsd-net mailing list