From owner-freebsd-bugs@FreeBSD.ORG Thu Jul 17 05:40:02 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E3BB71065677 for ; Thu, 17 Jul 2008 05:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id BA6B38FC1F for ; Thu, 17 Jul 2008 05:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m6H5e1Gw035056 for ; Thu, 17 Jul 2008 05:40:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m6H5e1IZ035055; Thu, 17 Jul 2008 05:40:01 GMT (envelope-from gnats) Resent-Date: Thu, 17 Jul 2008 05:40:01 GMT Resent-Message-Id: <200807170540.m6H5e1IZ035055@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Roman Mamontov Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 46985106567A for ; Thu, 17 Jul 2008 05:37:10 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 2486B8FC20 for ; Thu, 17 Jul 2008 05:37:10 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m6H5b94Q014315 for ; Thu, 17 Jul 2008 05:37:09 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.2/8.14.1/Submit) id m6H5b9JE014314; Thu, 17 Jul 2008 05:37:09 GMT (envelope-from nobody) Message-Id: <200807170537.m6H5b9JE014314@www.freebsd.org> Date: Thu, 17 Jul 2008 05:37:09 GMT From: Roman Mamontov To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/125704: [ng_nat] kernel libalias: repeatable panic X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jul 2008 05:40:02 -0000 >Number: 125704 >Category: kern >Synopsis: [ng_nat] kernel libalias: repeatable panic >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jul 17 05:40:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Roman Mamontov >Release: 6.2-STABLE i386 >Organization: >Environment: FreeBSD solution 6.2-STABLE FreeBSD 6.2-STABLE #4: Wed Mar 5 11:31:30 MSK 2008 root@solution:/usr/src/sys/i386/compile/mlt i386 >Description: My router panices unexpectedly. Here is kgdb's output: Fatal trap 12: page fault while in kernel mode fault virtual address = 0xc3660000 fault code = supervisor read, page not present instruction pointer = 0x20:0xc05c38c8 stack pointer = 0x28:0xcbfa89e8 frame pointer = 0x28:0xcbfa89f0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 13 (swi1: net) trap number = 12 panic: page fault KDB: stack backtrace: kdb_backtrace(100,c2177a80,28,cbfa89a8,c,...) at kdb_backtrace+0x29 panic(c0679b4b,c069ea13,0,fffff,c217e69b,...) at panic+0xa8 trap_fatal(cbfa89a8,c3660000,c2177a80,c3660000,c,...) at trap_fatal+0x2a6 trap_pfault(cbfa89a8,0,c3660000) at trap_pfault+0x1f3 trap(cbfa0008,28,c3650028,c365e800,c3660050,...) at trap+0x325 calltrap() at calltrap+0x5 --- trap 0xc, eip = 0xc05c38c8, esp = 0xcbfa89e8, ebp = 0xcbfa89f0 --- AliasHandleQuestion(7474,c365e828,c3660050,cbfa8a08) at AliasHandleQuestion+0x34 AliasHandleUdpNbtNS(c27fc000,c365e800,c36c4b00,cbfa8a58,cbfa8a5e,...) at AliasHandleUdpNbtNS+0x7f UdpAliasIn(c27fc000,c365e800) at UdpAliasIn+0x101 LibAliasIn(c27fc000,c365e800,800,db3,5dc,...) at LibAliasIn+0xb7 ng_nat_rcvdata(c2694280,c225b5a0) at ng_nat_rcvdata+0x1d1 ng_apply_item(c263ba00,c225b5a0,1,c225b5a0,cbfa8b14,...) at ng_apply_item+0xb4 ng_snd_item(c225b5a0,0,c2694b80,cbfa8c54,0,...) at ng_snd_item+0x3cc ng_ipfw_input(cbfa8c54,1,cbfa8b4c,0,c22c2700,...) at ng_ipfw_input+0x11c ipfw_check_in(0,cbfa8c54,c221b400,1,0,...) at ipfw_check_in+0x217 pfil_run_hooks(c06ec300,cbfa8ca8,c221b400,1,0) at pfil_run_hooks+0xef ip_input(c22c2700) at ip_input+0x20f netisr_processqueue(c06eb278) at netisr_processqueue+0x9f swi_net(0) at swi_net+0xaa ithread_execute_handlers(c2176648,c2174380) at ithread_execute_handlers+0x121 ithread_loop(c215f6f0,cbfa8d38) at ithread_loop+0x54 fork_exit(c04e9bb8,c215f6f0,cbfa8d38) at fork_exit+0x70 fork_trampoline() at fork_trampoline+0x8 --- trap 0x1, eip = 0, esp = 0xcbfa8d6c, ebp = 0 --- Uptime: 23d17h42m8s Dumping 255 MB (2 chunks) chunk 0: 1MB (160 pages) ... ok chunk 1: 255MB (65259 pages) 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 #0 doadump () at pcpu.h:165 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) backtrace #0 doadump () at pcpu.h:165 #1 0xc05000c2 in boot (howto=260) at ../../../kern/kern_shutdown.c:409 #2 0xc0500388 in panic (fmt=0xc0679b4b "%s") at ../../../kern/kern_shutdown.c:565 #3 0xc0650946 in trap_fatal (frame=0xcbfa89a8, eva=3278241792) at ../../../i386/i386/trap.c:837 #4 0xc0650677 in trap_pfault (frame=0xcbfa89a8, usermode=0, eva=3278241792) at ../../../i386/i386/trap.c:745 #5 0xc0650271 in trap (frame= {tf_fs = -872808440, tf_es = 40, tf_ds = -1016791000, tf_edi = -1016731648, tf_esi = -1016725424, tf_ebp = -872773136, tf_isp = -872773164, tf_ebx = 27451, tf_edx = -1016725505, tf_ecx = -1016725505, tf_eax = -1016725501, tf_trapno = 12, tf_err = 0, tf_eip = -1067697976, tf_cs = 32, tf_eflags = 590467, tf_esp = -1016731620, tf_ss = -1016725424}) at ../../../i386/i386/trap.c:435 #6 0xc063d53a in calltrap () at ../../../i386/i386/exception.s:139 #7 0xc05c38c8 in AliasHandleQuestion (count=27451, q=0xc365ffff, pmax=0xc3660050
, nbtarg=0xcbfa8a08) at ../../../netinet/libalias/alias_nbt.c:314 #8 0xc05c3cf7 in AliasHandleUdpNbtNS (la=0xc27fc000, pip=0xc365ffff, lnk=0xc36c4b00, alias_address=0xc3660003, alias_port=0xc3660003, original_address=0xc3660003, original_port=0xc3660003) at endian.h:151 #9 0xc05bf955 in UdpAliasIn (la=0xc27fc000, pip=0xc365e800) at ../../../netinet/libalias/alias.c:744 #10 0xc05c0723 in LibAliasIn (la=0xc27fc000, ptr=0xc365e800 "E", maxpacketsize=2048) at ../../../netinet/libalias/alias.c:1206 #11 0xc25cebc9 in ?? () #12 0xc27fc000 in ?? () #13 0xc365e800 in ?? () #14 0x00000800 in ?? () #15 0x00000db3 in ?? () #16 0x000005dc in ?? () #17 0x00000002 in ?? () #18 0xe6dc0001 in ?? () #19 0xc225b5a0 in ?? () #20 0xc2694280 in ?? () #21 0x00000000 in ?? () #22 0xcbfa8ae4 in ?? () #23 0xc058510c in ng_apply_item (node=0xc2694280, item=0xc365e800, rw=0) at ../../../netgraph/ng_base.c:2372 Previous frame identical to this frame (corrupt stack?) ######################################################################################################################################## kgdb: kvm_nlist(_stopped_cpus): kgdb: kvm_nlist(_stoppcbs): [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode fault virtual address = 0xc3be6001 fault code = supervisor read, page not present instruction pointer = 0x20:0xc05c3755 stack pointer = 0x28:0xcbfa89d0 frame pointer = 0x28:0xcbfa89d8 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 13 (swi1: net) trap number = 12 panic: page fault KDB: stack backtrace: kdb_backtrace(100,c2177a80,28,cbfa8990,c,...) at kdb_backtrace+0x29 panic(c0679b4b,c069ea13,0,fffff,c217e69b,...) at panic+0xa8 trap_fatal(cbfa8990,c3be6001,c2177a80,c3be6000,c,...) at trap_fatal+0x2a6 trap_pfault(cbfa8990,0,c3be6001) at trap_pfault+0x1f3 trap(c2c60008,28,c2130028,c3be5800,c3be7050,...) at trap+0x325 calltrap() at calltrap+0x5 --- trap 0xc, eip = 0xc05c3755, esp = 0xcbfa89d0, ebp = 0xcbfa89d8 --- AliasHandleName(c3be5de0,c3be7050) at AliasHandleName+0x6d AliasHandleQuestion(7474,c3be5828,c3be7050,cbfa8a08) at AliasHandleQuestion+0x1b AliasHandleUdpNbtNS(c289c000,c3be5800,c2c64180,cbfa8a58,cbfa8a5e,...) at AliasHandleUdpNbtNS+0x7f UdpAliasIn(c289c000,c3be5800) at UdpAliasIn+0x101 LibAliasIn(c289c000,c3be5800,800,c,5dc,...) at LibAliasIn+0xb7 ng_nat_rcvdata(c2679300,c2568db0) at ng_nat_rcvdata+0x1d1 ng_apply_item(c27cec00,c2568db0,1,c2568db0,cbfa8b14,...) at ng_apply_item+0xb4 ng_snd_item(c2568db0,0,c2679200,cbfa8c54,0,...) at ng_snd_item+0x3cc ng_ipfw_input(cbfa8c54,1,cbfa8b4c,0,c3d94a00,...) at ng_ipfw_input+0x11c ipfw_check_in(0,cbfa8c54,c221b400,1,0,...) at ipfw_check_in+0x217 pfil_run_hooks(c06ec300,cbfa8ca8,c221b400,1,0) at pfil_run_hooks+0xef ip_input(c3d94a00) at ip_input+0x20f netisr_processqueue(c06eb278) at netisr_processqueue+0x9f swi_net(0) at swi_net+0xf2 ithread_execute_handlers(c2176648,c2174380) at ithread_execute_handlers+0x121 ithread_loop(c215f6f0,cbfa8d38) at ithread_loop+0x54 fork_exit(c04e9bb8,c215f6f0,cbfa8d38) at fork_exit+0x70 fork_trampoline() at fork_trampoline+0x8 --- trap 0x1, eip = 0, esp = 0xcbfa8d6c, ebp = 0 --- Uptime: 23h5m58s Dumping 255 MB (2 chunks) chunk 0: 1MB (160 pages) ... ok chunk 1: 255MB (65259 pages) 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 #0 doadump () at pcpu.h:165 165 pcpu.h: No such file or directory. in pcpu.h (kgdb) backtrace #0 doadump () at pcpu.h:165 #1 0xc05000c2 in boot (howto=260) at ../../../kern/kern_shutdown.c:409 #2 0xc0500388 in panic (fmt=0xc0679b4b "%s") at ../../../kern/kern_shutdown.c:565 #3 0xc0650946 in trap_fatal (frame=0xcbfa8990, eva=3284033537) at ../../../i386/i386/trap.c:837 #4 0xc0650677 in trap_pfault (frame=0xcbfa8990, usermode=0, eva=3284033537) at ../../../i386/i386/trap.c:745 #5 0xc0650271 in trap (frame= {tf_fs = -1027211256, tf_es = 40, tf_ds = -1038942168, tf_edi = -1010935808, tf_esi = -1010929584, tf_ebp = -872773160, tf_isp = -872773188, tf_ebx = 0, tf_edx = -1010933759, tf_ecx = -1010933759, tf_eax = 12, tf_trapno = 12, tf_err = 0, tf_eip = -1067698347, tf_cs = 32, tf_eflags = 590406, tf_esp = 29080, tf_ss = -1010929584}) at ../../../i386/i386/trap.c:435 #6 0xc063d53a in calltrap () at ../../../i386/i386/exception.s:139 #7 0xc05c3755 in AliasHandleName (p=0xc3be6001
, pmax=0xc3be7050 "\225я)P\020ЪЪs╬") at ../../../netinet/libalias/alias_nbt.c:187 #8 0xc05c38af in AliasHandleQuestion (count=29080, q=0xc3be6001, pmax=0xc3be7050 "\225я)P\020ЪЪs╬", nbtarg=0xcbfa8a08) at ../../../netinet/libalias/alias_nbt.c:310 #9 0xc05c3cf7 in AliasHandleUdpNbtNS (la=0xc289c000, pip=0xc3be6001, lnk=0xc2c64180, alias_address=0xc, alias_port=0xc, original_address=0xc, original_port=0xc) at endian.h:151 #10 0xc05bf955 in UdpAliasIn (la=0xc289c000, pip=0xc3be5800) at ../../../netinet/libalias/alias.c:744 #11 0xc05c0723 in LibAliasIn (la=0xc289c000, ptr=0xc3be5800 "E", maxpacketsize=2048) at ../../../netinet/libalias/alias.c:1206 #12 0xc258dbc9 in ?? () #13 0xc289c000 in ?? () #14 0xc3be5800 in ?? () #15 0x00000800 in ?? () #16 0x0000000c in ?? () #17 0x000005dc in ?? () #18 0x00000002 in ?? () #19 0xe6dc0001 in ?? () #20 0xc2568db0 in ?? () #21 0xc2679300 in ?? () #22 0x00000000 in ?? () #23 0xcbfa8ae4 in ?? () #24 0xc058510c in ng_apply_item (node=0xc2679300, item=0xc3be5800, rw=0) at ../../../netgraph/ng_base.c:2372 Previous frame identical to this frame (corrupt stack?) >How-To-Repeat: Unknown. >Fix: Unknown. >Release-Note: >Audit-Trail: >Unformatted: