FreeBSD Mail Archives

Date:      Thu, 17 Jul 2008 05:37:09 GMT
From:      Roman Mamontov <mr.xanto@gmail.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/125704: [ng_nat] kernel libalias: repeatable panic
Message-ID:  <200807170537.m6H5b9JE014314@www.freebsd.org>
Resent-Message-ID: <200807170540.m6H5e1IZ035055@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help


>Number:         125704
>Category:       kern
>Synopsis:       [ng_nat] kernel libalias: repeatable panic
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 17 05:40:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Roman Mamontov
>Release:        6.2-STABLE i386
>Organization:
>Environment:
FreeBSD solution 6.2-STABLE FreeBSD 6.2-STABLE #4: Wed Mar  5 11:31:30 MSK 2008     root@solution:/usr/src/sys/i386/compile/mlt  i386
>Description:
My router panices unexpectedly. 
Here is kgdb's output:

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0xc3660000
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc05c38c8
stack pointer           = 0x28:0xcbfa89e8
frame pointer           = 0x28:0xcbfa89f0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 13 (swi1: net)
trap number             = 12
panic: page fault
KDB: stack backtrace:
kdb_backtrace(100,c2177a80,28,cbfa89a8,c,...) at kdb_backtrace+0x29
panic(c0679b4b,c069ea13,0,fffff,c217e69b,...) at panic+0xa8
trap_fatal(cbfa89a8,c3660000,c2177a80,c3660000,c,...) at trap_fatal+0x2a6
trap_pfault(cbfa89a8,0,c3660000) at trap_pfault+0x1f3
trap(cbfa0008,28,c3650028,c365e800,c3660050,...) at trap+0x325
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0xc05c38c8, esp = 0xcbfa89e8, ebp = 0xcbfa89f0 ---
AliasHandleQuestion(7474,c365e828,c3660050,cbfa8a08) at AliasHandleQuestion+0x34
AliasHandleUdpNbtNS(c27fc000,c365e800,c36c4b00,cbfa8a58,cbfa8a5e,...) at AliasHandleUdpNbtNS+0x7f
UdpAliasIn(c27fc000,c365e800) at UdpAliasIn+0x101
LibAliasIn(c27fc000,c365e800,800,db3,5dc,...) at LibAliasIn+0xb7
ng_nat_rcvdata(c2694280,c225b5a0) at ng_nat_rcvdata+0x1d1
ng_apply_item(c263ba00,c225b5a0,1,c225b5a0,cbfa8b14,...) at ng_apply_item+0xb4
ng_snd_item(c225b5a0,0,c2694b80,cbfa8c54,0,...) at ng_snd_item+0x3cc
ng_ipfw_input(cbfa8c54,1,cbfa8b4c,0,c22c2700,...) at ng_ipfw_input+0x11c
ipfw_check_in(0,cbfa8c54,c221b400,1,0,...) at ipfw_check_in+0x217
pfil_run_hooks(c06ec300,cbfa8ca8,c221b400,1,0) at pfil_run_hooks+0xef
ip_input(c22c2700) at ip_input+0x20f
netisr_processqueue(c06eb278) at netisr_processqueue+0x9f
swi_net(0) at swi_net+0xaa
ithread_execute_handlers(c2176648,c2174380) at ithread_execute_handlers+0x121
ithread_loop(c215f6f0,cbfa8d38) at ithread_loop+0x54
fork_exit(c04e9bb8,c215f6f0,cbfa8d38) at fork_exit+0x70
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip = 0, esp = 0xcbfa8d6c, ebp = 0 ---
Uptime: 23d17h42m8s
Dumping 255 MB (2 chunks)
  chunk 0: 1MB (160 pages) ... ok
  chunk 1: 255MB (65259 pages) 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
165             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) backtrace
#0  doadump () at pcpu.h:165
#1  0xc05000c2 in boot (howto=260) at ../../../kern/kern_shutdown.c:409
#2  0xc0500388 in panic (fmt=0xc0679b4b "%s") at ../../../kern/kern_shutdown.c:565
#3  0xc0650946 in trap_fatal (frame=0xcbfa89a8, eva=3278241792) at ../../../i386/i386/trap.c:837
#4  0xc0650677 in trap_pfault (frame=0xcbfa89a8, usermode=0, eva=3278241792) at ../../../i386/i386/trap.c:745
#5  0xc0650271 in trap (frame=
      {tf_fs = -872808440, tf_es = 40, tf_ds = -1016791000, tf_edi = -1016731648, tf_esi = -1016725424, tf_ebp = -872773136, tf_isp = -872773164, tf_ebx = 27451, tf_edx = -1016725505, tf_ecx = -1016725505, tf_eax = -1016725501, tf_trapno = 12, tf_err = 0, tf_eip = -1067697976, tf_cs = 32, tf_eflags = 590467, tf_esp = -1016731620, tf_ss = -1016725424}) at ../../../i386/i386/trap.c:435
#6  0xc063d53a in calltrap () at ../../../i386/i386/exception.s:139
#7  0xc05c38c8 in AliasHandleQuestion (count=27451, q=0xc365ffff, pmax=0xc3660050 <Address 0xc3660050 out of bounds>, nbtarg=0xcbfa8a08)
    at ../../../netinet/libalias/alias_nbt.c:314
#8  0xc05c3cf7 in AliasHandleUdpNbtNS (la=0xc27fc000, pip=0xc365ffff, lnk=0xc36c4b00, alias_address=0xc3660003, alias_port=0xc3660003,
    original_address=0xc3660003, original_port=0xc3660003) at endian.h:151
#9  0xc05bf955 in UdpAliasIn (la=0xc27fc000, pip=0xc365e800) at ../../../netinet/libalias/alias.c:744
#10 0xc05c0723 in LibAliasIn (la=0xc27fc000, ptr=0xc365e800 "E", maxpacketsize=2048) at ../../../netinet/libalias/alias.c:1206
#11 0xc25cebc9 in ?? ()
#12 0xc27fc000 in ?? ()
#13 0xc365e800 in ?? ()
#14 0x00000800 in ?? ()
#15 0x00000db3 in ?? ()
#16 0x000005dc in ?? ()
#17 0x00000002 in ?? ()
#18 0xe6dc0001 in ?? ()
#19 0xc225b5a0 in ?? ()
#20 0xc2694280 in ?? ()
#21 0x00000000 in ?? ()
#22 0xcbfa8ae4 in ?? ()
#23 0xc058510c in ng_apply_item (node=0xc2694280, item=0xc365e800, rw=0) at ../../../netgraph/ng_base.c:2372
Previous frame identical to this frame (corrupt stack?)

########################################################################################################################################

kgdb: kvm_nlist(_stopped_cpus):
kgdb: kvm_nlist(_stoppcbs):
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0xc3be6001
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc05c3755
stack pointer           = 0x28:0xcbfa89d0
frame pointer           = 0x28:0xcbfa89d8
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 13 (swi1: net)
trap number             = 12
panic: page fault
KDB: stack backtrace:
kdb_backtrace(100,c2177a80,28,cbfa8990,c,...) at kdb_backtrace+0x29
panic(c0679b4b,c069ea13,0,fffff,c217e69b,...) at panic+0xa8
trap_fatal(cbfa8990,c3be6001,c2177a80,c3be6000,c,...) at trap_fatal+0x2a6
trap_pfault(cbfa8990,0,c3be6001) at trap_pfault+0x1f3
trap(c2c60008,28,c2130028,c3be5800,c3be7050,...) at trap+0x325
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0xc05c3755, esp = 0xcbfa89d0, ebp = 0xcbfa89d8 ---
AliasHandleName(c3be5de0,c3be7050) at AliasHandleName+0x6d
AliasHandleQuestion(7474,c3be5828,c3be7050,cbfa8a08) at AliasHandleQuestion+0x1b
AliasHandleUdpNbtNS(c289c000,c3be5800,c2c64180,cbfa8a58,cbfa8a5e,...) at AliasHandleUdpNbtNS+0x7f
UdpAliasIn(c289c000,c3be5800) at UdpAliasIn+0x101
LibAliasIn(c289c000,c3be5800,800,c,5dc,...) at LibAliasIn+0xb7
ng_nat_rcvdata(c2679300,c2568db0) at ng_nat_rcvdata+0x1d1
ng_apply_item(c27cec00,c2568db0,1,c2568db0,cbfa8b14,...) at ng_apply_item+0xb4
ng_snd_item(c2568db0,0,c2679200,cbfa8c54,0,...) at ng_snd_item+0x3cc
ng_ipfw_input(cbfa8c54,1,cbfa8b4c,0,c3d94a00,...) at ng_ipfw_input+0x11c
ipfw_check_in(0,cbfa8c54,c221b400,1,0,...) at ipfw_check_in+0x217
pfil_run_hooks(c06ec300,cbfa8ca8,c221b400,1,0) at pfil_run_hooks+0xef
ip_input(c3d94a00) at ip_input+0x20f
netisr_processqueue(c06eb278) at netisr_processqueue+0x9f
swi_net(0) at swi_net+0xf2
ithread_execute_handlers(c2176648,c2174380) at ithread_execute_handlers+0x121
ithread_loop(c215f6f0,cbfa8d38) at ithread_loop+0x54
fork_exit(c04e9bb8,c215f6f0,cbfa8d38) at fork_exit+0x70
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip = 0, esp = 0xcbfa8d6c, ebp = 0 ---
Uptime: 23h5m58s
Dumping 255 MB (2 chunks)
  chunk 0: 1MB (160 pages) ... ok
  chunk 1: 255MB (65259 pages) 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
165     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) backtrace
#0  doadump () at pcpu.h:165
#1  0xc05000c2 in boot (howto=260) at ../../../kern/kern_shutdown.c:409
#2  0xc0500388 in panic (fmt=0xc0679b4b "%s") at ../../../kern/kern_shutdown.c:565
#3  0xc0650946 in trap_fatal (frame=0xcbfa8990, eva=3284033537) at ../../../i386/i386/trap.c:837
#4  0xc0650677 in trap_pfault (frame=0xcbfa8990, usermode=0, eva=3284033537) at ../../../i386/i386/trap.c:745
#5  0xc0650271 in trap (frame=
      {tf_fs = -1027211256, tf_es = 40, tf_ds = -1038942168, tf_edi = -1010935808, tf_esi = -1010929584, tf_ebp = -872773160, tf_isp = -872773188, tf_ebx = 0, tf_edx = -1010933759, tf_ecx = -1010933759, tf_eax = 12, tf_trapno = 12, tf_err = 0, tf_eip = -1067698347, tf_cs = 32, tf_eflags = 590406, tf_esp = 29080, tf_ss = -1010929584}) at ../../../i386/i386/trap.c:435
#6  0xc063d53a in calltrap () at ../../../i386/i386/exception.s:139
#7  0xc05c3755 in AliasHandleName (p=0xc3be6001 <Address 0xc3be6001 out of bounds>, pmax=0xc3be7050 "\225&#1103;)P\020&#1066;&#1066;s&#9580;")
    at ../../../netinet/libalias/alias_nbt.c:187
#8  0xc05c38af in AliasHandleQuestion (count=29080, q=0xc3be6001, pmax=0xc3be7050 "\225&#1103;)P\020&#1066;&#1066;s&#9580;", nbtarg=0xcbfa8a08)
    at ../../../netinet/libalias/alias_nbt.c:310
#9  0xc05c3cf7 in AliasHandleUdpNbtNS (la=0xc289c000, pip=0xc3be6001, lnk=0xc2c64180, alias_address=0xc, alias_port=0xc, original_address=0xc,
    original_port=0xc) at endian.h:151
#10 0xc05bf955 in UdpAliasIn (la=0xc289c000, pip=0xc3be5800) at ../../../netinet/libalias/alias.c:744
#11 0xc05c0723 in LibAliasIn (la=0xc289c000, ptr=0xc3be5800 "E", maxpacketsize=2048) at ../../../netinet/libalias/alias.c:1206
#12 0xc258dbc9 in ?? ()
#13 0xc289c000 in ?? ()
#14 0xc3be5800 in ?? ()
#15 0x00000800 in ?? ()
#16 0x0000000c in ?? ()
#17 0x000005dc in ?? ()
#18 0x00000002 in ?? ()
#19 0xe6dc0001 in ?? ()
#20 0xc2568db0 in ?? ()
#21 0xc2679300 in ?? ()
#22 0x00000000 in ?? ()
#23 0xcbfa8ae4 in ?? ()
#24 0xc058510c in ng_apply_item (node=0xc2679300, item=0xc3be5800, rw=0) at ../../../netgraph/ng_base.c:2372
Previous frame identical to this frame (corrupt stack?)
>How-To-Repeat:
Unknown.
>Fix:
Unknown.

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807170537.m6H5b9JE014314>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation