From owner-freebsd-bugs@FreeBSD.ORG Thu Dec 11 16:00:07 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8046D1065672 for ; Thu, 11 Dec 2008 16:00:07 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 61F078FC16 for ; Thu, 11 Dec 2008 16:00:07 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mBBG073u099845 for ; Thu, 11 Dec 2008 16:00:07 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mBBG07nP099844; Thu, 11 Dec 2008 16:00:07 GMT (envelope-from gnats) Date: Thu, 11 Dec 2008 16:00:07 GMT Message-Id: <200812111600.mBBG07nP099844@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Mamontov Roman Cc: Subject: Re: kern/125704: [ng_nat] kernel libalias: repeatable panic X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Mamontov Roman List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2008 16:00:07 -0000 The following reply was made to PR kern/125704; it has been noted by GNATS. From: Mamontov Roman To: bug-followup@FreeBSD.org, glebius@FreeBSD.org Cc: Subject: Re: kern/125704: [ng_nat] kernel libalias: repeatable panic Date: Thu, 11 Dec 2008 18:25:28 +0300 =C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, bug-followup. > Roman, > can you please obtain backtrace with loadable modules loaded into >kgdb? The process described here: > >http://www.freebsd.org/doc/en/books/developers-handbook/kerneldebug-kld.ht= ml > >Then it'll be interesting to look at contents of "*m" in the >ng_nat_rcvdata() function. Gleb, now I have 6.4-STABLE, but this bug still life. I have new full backtrace this crash: solution# kgdb kernel.debug /var/crash/vmcore.3 GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain condition= s. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd"... Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode fault virtual address =3D 0xc2ebf00f fault code =3D supervisor read, page not present instruction pointer =3D 0x20:0xc05ce9ad stack pointer =3D 0x28:0xcbfa89cc frame pointer =3D 0x28:0xcbfa89d4 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, def32 1, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 13 (swi1: net) trap number =3D 12 panic: page fault KDB: stack backtrace: kdb_backtrace(100,c217aa80,28,cbfa898c,c,...) at kdb_backtrace+0x29 panic(c06874b9,c06acbed,0,fffff,c217d69b,...) at panic+0xa8 trap_fatal(cbfa898c,c2ebf00f,c217aa80,c2ebf000,c,...) at trap_fatal+0x2a6 trap_pfault(cbfa898c,0,c2ebf00f) at trap_pfault+0x1f3 trap(c30f0008,28,c2130028,c2ebd000,c2ebf061,...) at trap+0x325 calltrap() at calltrap+0x5 --- trap 0xc, eip =3D 0xc05ce9ad, esp =3D 0xcbfa89cc, ebp =3D 0xcbfa89d4 --- AliasHandleName(c2ebe012,c2ebf061) at AliasHandleName+0x6d AliasHandleQuestion(7474,c2ebd028,c2ebf061,cbfa8a04) at AliasHandleQuestion= +0x1b AliasHandleUdpNbtNS(c2771000,c2ebd000,c30f9e80,cbfa8a54,cbfa8a5a,...) at Al= iasHandleUdpNbtNS+0x7f UdpAliasIn(c2771000,c2ebd000) at UdpAliasIn+0x101 LibAliasIn(c2771000,c2ebd000,800,0,5dc,...) at LibAliasIn+0xb7 ng_nat_rcvdata(c269cc80,c2507c30,1,0,c267f200,...) at ng_nat_rcvdata+0x1d1 ng_apply_item(c267f200,c2507c30,1,cbfa8c54,cbfa8b4c,...) at ng_apply_item+0= x98 ng_snd_item(c2507c30,0,c263da00,cbfa8c54,0,...) at ng_snd_item+0x413 ng_ipfw_input(cbfa8c54,1,cbfa8b4c,0,c2e16b00,...) at ng_ipfw_input+0x11c ipfw_check_in(0,cbfa8c54,c222e400,1,0,...) at ipfw_check_in+0x217 pfil_run_hooks(c06fb5a0,cbfa8ca8,c222e400,1,0) at pfil_run_hooks+0xef ip_input(c2e16b00) at ip_input+0x20f netisr_processqueue(c06fa178) at netisr_processqueue+0x9f swi_net(0) at swi_net+0xf2 ithread_execute_handlers(c2179648,c2177380) at ithread_execute_handlers+0x1= 21 ithread_loop(c21436e0,cbfa8d38) at ithread_loop+0x54 fork_exit(c04f0648,c21436e0,cbfa8d38) at fork_exit+0x70 fork_trampoline() at fork_trampoline+0x8 --- trap 0x1, eip =3D 0, esp =3D 0xcbfa8d6c, ebp =3D 0 --- Uptime: 4h46m50s Dumping 255 MB (2 chunks) chunk 0: 1MB (160 pages) ... ok chunk 1: 255MB (65259 pages) 239 223 207 191 175 159 143 127 111 95 79 63= 47 31 15 Reading symbols from /boot/kernel/geom_mirror.ko...done. Loaded symbols for /boot/kernel/geom_mirror.ko Reading symbols from /boot/kernel/acpi.ko...done. Loaded symbols for /boot/kernel/acpi.ko Reading symbols from /boot/kernel/ng_ipfw.ko...done. Loaded symbols for /boot/kernel/ng_ipfw.ko Reading symbols from /boot/kernel/ng_nat.ko...done. Loaded symbols for /boot/kernel/ng_nat.ko #0 doadump () at pcpu.h:165 165 __asm __volatile("movl %%fs:0,%0" : "=3Dr" (td)); (kgdb) bt full #0 doadump () at pcpu.h:165 No locals. #1 0xc050926a in boot (howto=3D260) at ../../../kern/kern_shutdown.c:410 first_buf_printf =3D 1 #2 0xc0509530 in panic (fmt=3D0xc06874b9 "%s") at ../../../kern/kern_shutd= own.c:566 td =3D (struct thread *) 0xc217aa80 bootopt =3D 260 newpanic =3D 1 ap =3D 0xc217aa80 "H\226\027=E1=DE=EC\027=E1" buf =3D "page fault", '\0' #3 0xc065e5ca in trap_fatal (frame=3D0xcbfa898c, eva=3D3270242319) at ../.= ./../i386/i386/trap.c:838 code =3D 40 ss =3D 40 esp =3D 0 type =3D 12 softseg =3D {ssd_base =3D 0, ssd_limit =3D 1048575, ssd_type =3D 27= , ssd_dpl =3D 0, ssd_p =3D 1, ssd_xx =3D 6, ssd_xx1 =3D 1, ssd_def32 =3D 1,= ssd_gran =3D 1} msg =3D 0x0 #4 0xc065e2fb in trap_pfault (frame=3D0xcbfa898c, usermode=3D0, eva=3D3270= 242319) at ../../../i386/i386/trap.c:745 va =3D 3270242304 vm =3D (struct vmspace *) 0x0 map =3D 0xc104b000 rv =3D 1 ftype =3D 1 '\001' td =3D (struct thread *) 0xc217aa80 p =3D (struct proc *) 0xc2179648 #5 0xc065def5 in trap (frame=3D {tf_fs =3D -1022427128, tf_es =3D 40, tf_ds =3D -1038942168, tf_edi = =3D -1024733184, tf_esi =3D -1024724895, tf_ebp =3D -872773164, tf_isp =3D = -872773192, tf_ebx =3D 0, tf_edx =3D -1024724977, tf_ecx =3D -1024724977, t= f_eax =3D 42, tf_trapno =3D 12, tf_err =3D 0, tf_eip =3D -1067652691, tf_cs= =3D 32, tf_eflags =3D 590406, tf_esp =3D 29080, tf_ss =3D -1024724895}) at= ../../../i386/i386/trap.c:435 td =3D (struct thread *) 0xc217aa80 p =3D (struct proc *) 0xc2179648 sticks =3D 3226579559 type =3D 12 i =3D 0 ucode =3D 0 code =3D 0 eva =3D 3270242319 #6 0xc064ad1a in calltrap () at ../../../i386/i386/exception.s:139 No locals. #7 0xc05ce9ad in AliasHandleName (p=3D0xc2ebf00f
, pmax=3D0xc2ebf061
) at ../../../netinet/libalias/alias_nbt.c:187 s =3D (u_char *) 0xc2ebf00f
compress =3D 0 #8 0xc05ceb07 in AliasHandleQuestion (count=3D29080, q=3D0xc2ebf00f, pmax= =3D0xc2ebf061
, nbtarg=3D0xcbfa8a04) at ../../../netinet/libalias/alias_nbt.c:310 No locals. #9 0xc05cef4f in AliasHandleUdpNbtNS (la=3D0xc2771000, pip=3D0xc2ebf00f, l= nk=3D0xc30f9e80, alias_address=3D0x2a, alias_port=3D0x2a, original_address= =3D0x2a, original_port=3D0x2a) at endian.h:151 uh =3D (struct udphdr *) 0xc2ebf00f nsh =3D (NbtNSHeader *) 0xc2ebd01c p =3D (u_char *) 0xc2ebf00f
pmax =3D 0xc2ebf061
nbtarg =3D {oldaddr =3D {s_addr =3D 169134683}, oldport =3D 35072, = newaddr =3D {s_addr =3D 169134683}, newport =3D 35072, uh_sum =3D 0xc2ebd01= a} #10 0xc05cabfd in UdpAliasIn (la=3D0xc2771000, pip=3D0xc2ebd000) at ../../.= ./netinet/libalias/alias.c:744 alias_address =3D {s_addr =3D 169134683} original_address =3D {s_addr =3D 169134683} alias_port =3D 35072 accumulate =3D -1022386560 r =3D 0 ud =3D (struct udphdr *) 0xc2ebd014 lnk =3D (struct alias_link *) 0xc30f9e80 #11 0xc05cb9cb in LibAliasIn (la=3D0xc2771000, ptr=3D0xc2ebd000 "E", maxpac= ketsize=3D2048) at ../../../netinet/libalias/alias.c:1206 alias_addr =3D {s_addr =3D 169134683} pip =3D (struct ip *) 0xc2ebd000 iresult =3D 2048 #12 0xc276dadd in ng_nat_rcvdata () from /boot/kernel/ng_nat.ko No symbol table info available. #13 0xc058f200 in ng_apply_item (node=3D0xc267f200, item=3D0xc2507c30, rw= =3D1) at ../../../netgraph/ng_base.c:2398 hook =3D 0xc269cc80 rcvdata =3D (ng_rcvdata_t *) 0x2a rcvmsg =3D (ng_rcvmsg_t *) 0x2a apply =3D (struct ng_apply_info *) 0x0 error =3D 0 depth =3D 1 #14 0xc058f073 in ng_snd_item (item=3D0xc2507c30, flags=3D0) at ../../../ne= tgraph/ng_base.c:2317 hook =3D 0xc2ebf00f node =3D 0xc267f200 queue =3D 0 rw =3D 1 ngq =3D (struct ng_queue *) 0xc267f254 error =3D -872772788 #15 0xc276ac5c in ng_ipfw_input () from /boot/kernel/ng_ipfw.ko No symbol table info available. #16 0xc05b4d5f in ipfw_check_in (arg=3D0x0, m0=3D0xcbfa8c54, ifp=3D0xc222e4= 00, dir=3D1, inp=3D0x0) at ../../../netinet/ip_fw_pfil.c:190 args =3D {m =3D 0xc2e16b00, oif =3D 0x0, next_hop =3D 0x0, rule =3D= 0xc269d580, eh =3D 0x0, f_id =3D {dst_ip =3D 1539970058, src_ip =3D 328348= 6750, dst_port =3D 137, src_port =3D 65403, proto =3D 17 '\021', flags =3D 0 '\0', addr_type = =3D 4 '\004', dst_ip6 =3D {__u6_addr =3D {__u6_addr8 =3D '\0' , __u6_addr16 =3D { 0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 =3D {0, 0, 0, 0}}}, src_ip6 = =3D {__u6_addr =3D {__u6_addr8 =3D '\0' , __u6_addr16 =3D= {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 =3D {0, 0, 0, 0}}}, flow_id6 =3D 0, frag_id= 6 =3D 0}, cookie =3D 61, inp =3D 0x0, dummypar =3D {opt_or =3D 0x0, ro_or = =3D {ro_rt =3D 0x0, ro_dst =3D {sin6_len =3D 0 '\0', sin6_family =3D 0 '\0', sin6_port = =3D 0, sin6_flowinfo =3D 0, sin6_addr =3D {__u6_addr =3D {__u6_addr8 =3D '\= 0' , __u6_addr16 =3D {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 =3D {0, 0= , 0, 0}}}, sin6_scope_id =3D 0}}, flags_or =3D 0, im6o_or =3D 0x0, origifp_= or =3D 0x0, ifp_or =3D 0x0, dst_or =3D {sin6_len =3D 0 '\0', sin6_family =3D 0 '\0'= , sin6_port =3D 0, sin6_flowinfo =3D 0, sin6_addr =3D {__u6_addr =3D { __u6_addr8 =3D '\0' , __u6_addr16 =3D {0, 0, 0,= 0, 0, 0, 0, 0}, __u6_addr32 =3D {0, 0, 0, 0}}}, sin6_scope_id =3D 0}, mtu_= or =3D 0, ro_pmtu_or =3D {ro_rt =3D 0x0, ro_dst =3D {sin6_len =3D 0 '\0', sin6_fa= mily =3D 0 '\0', sin6_port =3D 0, sin6_flowinfo =3D 0, sin6_addr =3D {__u6_= addr =3D { __u6_addr8 =3D '\0' , __u6_addr16 =3D {0, 0, = 0, 0, 0, 0, 0, 0}, __u6_addr32 =3D {0, 0, 0, 0}}}, sin6_scope_id =3D 0}}}, = hopstore =3D { sin_len =3D 0 '\0', sin_family =3D 0 '\0', sin_port =3D 0, sin_addr =3D= {s_addr =3D 0}, sin_zero =3D "\000\000\000\000\000\000\000"}} ng_tag =3D (struct ng_ipfw_tag *) 0xc2ebf00f ipfw =3D -1024724977 divert =3D -1033643520 tee =3D -1033643520 #17 0xc05842cf in pfil_run_hooks (ph=3D0xc06fb5a0, mp=3D0xcbfa8ca8, ifp=3D0= xc222e400, dir=3D1, inp=3D0x0) at ../../../net/pfil.c:139 pfh =3D (struct packet_filter_hook *) 0xc2341ae0 m =3D (struct mbuf *) 0x0 rv =3D 0 #18 0xc05b63af in ip_input (m=3D0xc2e16b00) at ../../../netinet/ip_input.c:= 468 ip =3D (struct ip *) 0xc259f020 ia =3D (struct in_ifaddr *) 0x0 ifa =3D (struct ifaddr *) 0xc2ebf00f checkif =3D -1913050015 hlen =3D 20 sum =3D 55808 dchg =3D 0 #19 0xc0582e3f in netisr_processqueue (ni=3D0xc06fa178) at ../../../net/net= isr.c:236 m =3D (struct mbuf *) 0xc2e16b00 #20 0xc058303a in swi_net (dummy=3D0x0) at ../../../net/netisr.c:349 ni =3D (struct netisr *) 0xc06fa178 bits =3D 0 i =3D -1024724977 #21 0xc04f0581 in ithread_execute_handlers (p=3D0xc2179648, ie=3D0xc2177380= ) at ../../../kern/kern_intr.c:682 ih =3D (struct intr_handler *) 0xc2170900 ihn =3D (struct intr_handler *) 0x0 #22 0xc04f069c in ithread_loop (arg=3D0xc21436e0) at ../../../kern/kern_int= r.c:766 intr_event =3D (struct intr_thread *) 0xc21436e0 ---Type to continue, or q to quit--- ie =3D (struct intr_event *) 0xc2177380 td =3D (struct thread *) 0xc217aa80 p =3D (struct proc *) 0xc2179648 #23 0xc04ef508 in fork_exit (callout=3D0xc04f0648 , arg=3D0xc= 21436e0, frame=3D0xcbfa8d38) at ../../../kern/kern_fork.c:788 p =3D (struct proc *) 0xc2179648 td =3D (struct thread *) 0xc2ebf00f #24 0xc064ad7c in fork_trampoline () at ../../../i386/i386/exception.s:208 No locals. --=20 =D1 =F3=E2=E0=E6=E5=ED=E8=E5=EC, Mamontov Roman mailto:mr.xanto@gmail.com