FreeBSD Mail Archives

Date:      Thu, 10 May 2012 08:39:52 GMT
From:      Marc <bsdbug@bospaling.nl>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/167768: Fatal trap in ipfilter/ipnat
Message-ID:  <201205100839.q4A8dqTp005492@red.freebsd.org>
Resent-Message-ID: <201205100840.q4A8e00u073686@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help


>Number:         167768
>Category:       kern
>Synopsis:       Fatal trap in ipfilter/ipnat
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu May 10 08:40:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Marc
>Release:        9.0-RELEASE
>Organization:
>Environment:
FreeBSD oblomow.-----.nl 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan  3 07:46:30 UTC 2012     root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
After installing the machine and rsyncing the data (no problem there), I connected the machine with both interfaces (re0 internet side, em0 internal network). Just after a few minutes I get a kernel panic. Repeatedly. 



Fatal trap 18: integer divide fault while in kernel mode
cpuid = 0; apic id = 00
instruction pointer	= 0x20:0xffffffff81415c68
stack pointer	        = 0x28:0xffffff800029f3f0
frame pointer	        = 0x28:0xffffff800029f510
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 12 (irq257: em0:rx 0)
trap number		= 18
panic: integer divide fault
cpuid = 0
KDB: stack backtrace:

>How-To-Repeat:

>Fix:
no fix, but browsing shows that similar problems have occurred in previous releases ( 149937 ?).


Patch attached with submission follows:

Fatal trap 18: integer divide fault while in kernel mode
cpuid = 0; apic id = 00
instruction pointer	= 0x20:0xffffffff81415c68
stack pointer	        = 0x28:0xffffff800029f3f0
frame pointer	        = 0x28:0xffffff800029f510
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 12 (irq257: em0:rx 0)
trap number		= 18
panic: integer divide fault
cpuid = 0
KDB: stack backtrace:
#0 0xffffffff808680fe at kdb_backtrace+0x5e
#1 0xffffffff80832cb7 at panic+0x187
#2 0xffffffff80b18400 at trap_fatal+0x290
#3 0xffffffff80b1893a at trap+0x10a
#4 0xffffffff80b0313f at calltrap+0x8
#5 0xffffffff81419b23 at fr_checknatout+0x403
#6 0xffffffff81433804 at fr_check+0xbc4
#7 0xffffffff808f2ade at pfil_run_hooks+0x9e
#8 0xffffffff8094a9d4 at ip_output+0x404
#9 0xffffffff80947183 at ip_forward+0x303
#10 0xffffffff8094881b at ip_input+0x5ab
#11 0xffffffff808f1dab at netisr_dispatch_src+0x20b
#12 0xffffffff808e77dd at ether_demux+0x14d
#13 0xffffffff808e7ab4 at ether_nh_input+0x1f4
#14 0xffffffff808f1dab at netisr_dispatch_src+0x20b
#15 0xffffffff8046ff5a at em_rxeof+0x1ca
#16 0xffffffff80470324 at em_msix_rx+0x24
#17 0xffffffff80809644 at intr_event_execute_handlers+0x104
Uptime: 8m15s
Dumping 610 out of 4068 MB:..3%..11%..21%..32%..42%..53%..61%..71%..82%..92%

Reading symbols from /boot/kernel/ipl.ko...Reading symbols from /boot/kernel/ipl.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ipl.ko
#0  doadump (textdump=Variable "textdump" is not available.
) at pcpu.h:224
224		__asm("movq %%gs:0,%0" : "=r" (td));
(kgdb)  backtrace 
#0  doadump (textdump=Variable "textdump" is not available.
) at pcpu.h:224
#1  0xffffffff808327f5 in kern_reboot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:442
#2  0xffffffff80832ca1 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:607
#3  0xffffffff80b18400 in trap_fatal (frame=0x12, eva=Variable "eva" is not available.
)
    at /usr/src/sys/amd64/amd64/trap.c:819
#4  0xffffffff80b1893a in trap (frame=0xffffff800029f340)
    at /usr/src/sys/amd64/amd64/trap.c:617
#5  0xffffffff80b0313f in calltrap () at /usr/src/sys/amd64/amd64/exception.S:228
#6  0xffffffff81415c68 in nat_new (fin=0xffffff800029f5d0, np=0xfffffe000556ac00, 
    natsave=0x0, flags=2, direction=1)
    at /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_nat.c:2042
#7  0xffffffff81419b23 in fr_checknatout (fin=0xffffff800029f5d0, 
    passp=0xffffff800029f5cc)
    at /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_nat.c:3861
#8  0xffffffff81433804 in fr_check (ip=0x1, hlen=20, ifp=Variable "ifp" is not available.
)
    at /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/fil.c:2624
#9  0xffffffff808f2ade in pfil_run_hooks (ph=Variable "ph" is not available.
) at /usr/src/sys/net/pfil.c:82
#10 0xffffffff8094a9d4 in ip_output (m=0xfffffe00057a4700, opt=Variable "opt" is not available.
)
    at /usr/src/sys/netinet/ip_output.c:508
#11 0xffffffff80947183 in ip_forward (m=0xfffffe00057a4700, srcrt=Variable "srcrt" is not available.
)
    at /usr/src/sys/netinet/ip_input.c:1494
#12 0xffffffff8094881b in ip_input (m=0xfffffe00057a4700)
    at /usr/src/sys/netinet/ip_input.c:702
#13 0xffffffff808f1dab in netisr_dispatch_src (proto=1, source=Variable "source" is not available.
)
    at /usr/src/sys/net/netisr.c:1013
#14 0xffffffff808e77dd in ether_demux (ifp=0xfffffe0002ac5000, 
    m=0xfffffe00057a4700) at /usr/src/sys/net/if_ethersubr.c:937
#15 0xffffffff808e7ab4 in ether_nh_input (m=Variable "m" is not available.
)
    at /usr/src/sys/net/if_ethersubr.c:756
#16 0xffffffff808f1dab in netisr_dispatch_src (proto=9, source=Variable "source" is not available.
)
    at /usr/src/sys/net/netisr.c:1013
#17 0xffffffff8046ff5a in em_rxeof (rxr=0xfffffe0002b44000, count=99, done=0x0)
    at /usr/src/sys/dev/e1000/if_em.c:4340
#18 0xffffffff80470324 in em_msix_rx (arg=Variable "arg" is not available.
) at /usr/src/sys/dev/e1000/if_em.c:1577
#19 0xffffffff80809644 in intr_event_execute_handlers (p=Variable "p" is not available.
)
    at /usr/src/sys/kern/kern_intr.c:1257
#20 0xffffffff8080ae04 in ithread_loop (arg=0xfffffe0002b43720)
    at /usr/src/sys/kern/kern_intr.c:1270
#21 0xffffffff8080682f in fork_exit (callout=0xffffffff8080ad60 <ithread_loop>, 
    arg=0xfffffe0002b43720, frame=0xffffff800029fc50)
    at /usr/src/sys/kern/kern_fork.c:995
#22 0xffffffff80b0366e in fork_trampoline ()
    at /usr/src/sys/amd64/amd64/exception.S:602
#23 0x0000000000000000 in ?? ()
#24 0x0000000000000000 in ?? ()
#25 0x0000000000000001 in ?? ()
#26 0x0000000000000000 in ?? ()
#27 0x0000000000000000 in ?? ()
#28 0x0000000000000000 in ?? ()
#29 0x0000000000000000 in ?? ()
#30 0x0000000000000000 in ?? ()
#31 0x0000000000000000 in ?? ()
#32 0x0000000000000000 in ?? ()
#33 0x0000000000000000 in ?? ()
#34 0x0000000000000000 in ?? ()
#35 0x0000000000000000 in ?? ()
#36 0x0000000000000000 in ?? ()
#37 0x0000000000000000 in ?? ()
#38 0x0000000000000000 in ?? ()
#39 0x0000000000000000 in ?? ()
#40 0x0000000000000000 in ?? ()
#41 0x0000000000000000 in ?? ()
#42 0x0000000000000000 in ?? ()
#43 0x0000000000000000 in ?? ()
#44 0x0000000000000000 in ?? ()
#45 0x0000000000000000 in ?? ()
#46 0x0000000000000000 in ?? ()
#47 0xffffffff81119a80 in affinity ()
#48 0xfffffe0002aca000 in ?? ()
#49 0x0000000000000000 in ?? ()
#50 0xfffffe0002aca000 in ?? ()
#51 0xffffff800029fb40 in ?? ()
#52 0xffffff800029fae8 in ?? ()
#53 0xfffffe0107bf9000 in ?? ()
#54 0xffffffff8085acc2 in sched_switch (td=0xffffffff8080ad60, 
    newtd=0xfffffe0002b43720, flags=Variable "flags" is not available.
) at /usr/src/sys/kern/sched_ule.c:1848
Previous frame inner to this frame (corrupt stack?)



>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201205100839.q4A8dqTp005492>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation