From nobody@FreeBSD.org  Thu Jul 17 05:37:10 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 46985106567A
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 17 Jul 2008 05:37:10 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 2486B8FC20
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 17 Jul 2008 05:37:10 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m6H5b94Q014315
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 17 Jul 2008 05:37:09 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m6H5b9JE014314;
	Thu, 17 Jul 2008 05:37:09 GMT
	(envelope-from nobody)
Message-Id: <200807170537.m6H5b9JE014314@www.freebsd.org>
Date: Thu, 17 Jul 2008 05:37:09 GMT
From: Roman Mamontov <mr.xanto@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [ng_nat] kernel libalias: repeatable panic
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         125704
>Category:       kern
>Synopsis:       [ng_nat] kernel libalias: repeatable panic
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 17 05:40:01 UTC 2008
>Closed-Date:    
>Last-Modified:  Thu Dec 11 16:00:05 UTC 2008
>Originator:     Roman Mamontov
>Release:        6.2-STABLE i386
>Organization:
>Environment:
FreeBSD solution 6.2-STABLE FreeBSD 6.2-STABLE #4: Wed Mar  5 11:31:30 MSK 2008     root@solution:/usr/src/sys/i386/compile/mlt  i386
>Description:
My router panices unexpectedly. 
Here is kgdb's output:

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0xc3660000
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc05c38c8
stack pointer           = 0x28:0xcbfa89e8
frame pointer           = 0x28:0xcbfa89f0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 13 (swi1: net)
trap number             = 12
panic: page fault
KDB: stack backtrace:
kdb_backtrace(100,c2177a80,28,cbfa89a8,c,...) at kdb_backtrace+0x29
panic(c0679b4b,c069ea13,0,fffff,c217e69b,...) at panic+0xa8
trap_fatal(cbfa89a8,c3660000,c2177a80,c3660000,c,...) at trap_fatal+0x2a6
trap_pfault(cbfa89a8,0,c3660000) at trap_pfault+0x1f3
trap(cbfa0008,28,c3650028,c365e800,c3660050,...) at trap+0x325
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0xc05c38c8, esp = 0xcbfa89e8, ebp = 0xcbfa89f0 ---
AliasHandleQuestion(7474,c365e828,c3660050,cbfa8a08) at AliasHandleQuestion+0x34
AliasHandleUdpNbtNS(c27fc000,c365e800,c36c4b00,cbfa8a58,cbfa8a5e,...) at AliasHandleUdpNbtNS+0x7f
UdpAliasIn(c27fc000,c365e800) at UdpAliasIn+0x101
LibAliasIn(c27fc000,c365e800,800,db3,5dc,...) at LibAliasIn+0xb7
ng_nat_rcvdata(c2694280,c225b5a0) at ng_nat_rcvdata+0x1d1
ng_apply_item(c263ba00,c225b5a0,1,c225b5a0,cbfa8b14,...) at ng_apply_item+0xb4
ng_snd_item(c225b5a0,0,c2694b80,cbfa8c54,0,...) at ng_snd_item+0x3cc
ng_ipfw_input(cbfa8c54,1,cbfa8b4c,0,c22c2700,...) at ng_ipfw_input+0x11c
ipfw_check_in(0,cbfa8c54,c221b400,1,0,...) at ipfw_check_in+0x217
pfil_run_hooks(c06ec300,cbfa8ca8,c221b400,1,0) at pfil_run_hooks+0xef
ip_input(c22c2700) at ip_input+0x20f
netisr_processqueue(c06eb278) at netisr_processqueue+0x9f
swi_net(0) at swi_net+0xaa
ithread_execute_handlers(c2176648,c2174380) at ithread_execute_handlers+0x121
ithread_loop(c215f6f0,cbfa8d38) at ithread_loop+0x54
fork_exit(c04e9bb8,c215f6f0,cbfa8d38) at fork_exit+0x70
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip = 0, esp = 0xcbfa8d6c, ebp = 0 ---
Uptime: 23d17h42m8s
Dumping 255 MB (2 chunks)
  chunk 0: 1MB (160 pages) ... ok
  chunk 1: 255MB (65259 pages) 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
165             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) backtrace
#0  doadump () at pcpu.h:165
#1  0xc05000c2 in boot (howto=260) at ../../../kern/kern_shutdown.c:409
#2  0xc0500388 in panic (fmt=0xc0679b4b "%s") at ../../../kern/kern_shutdown.c:565
#3  0xc0650946 in trap_fatal (frame=0xcbfa89a8, eva=3278241792) at ../../../i386/i386/trap.c:837
#4  0xc0650677 in trap_pfault (frame=0xcbfa89a8, usermode=0, eva=3278241792) at ../../../i386/i386/trap.c:745
#5  0xc0650271 in trap (frame=
      {tf_fs = -872808440, tf_es = 40, tf_ds = -1016791000, tf_edi = -1016731648, tf_esi = -1016725424, tf_ebp = -872773136, tf_isp = -872773164, tf_ebx = 27451, tf_edx = -1016725505, tf_ecx = -1016725505, tf_eax = -1016725501, tf_trapno = 12, tf_err = 0, tf_eip = -1067697976, tf_cs = 32, tf_eflags = 590467, tf_esp = -1016731620, tf_ss = -1016725424}) at ../../../i386/i386/trap.c:435
#6  0xc063d53a in calltrap () at ../../../i386/i386/exception.s:139
#7  0xc05c38c8 in AliasHandleQuestion (count=27451, q=0xc365ffff, pmax=0xc3660050 <Address 0xc3660050 out of bounds>, nbtarg=0xcbfa8a08)
    at ../../../netinet/libalias/alias_nbt.c:314
#8  0xc05c3cf7 in AliasHandleUdpNbtNS (la=0xc27fc000, pip=0xc365ffff, lnk=0xc36c4b00, alias_address=0xc3660003, alias_port=0xc3660003,
    original_address=0xc3660003, original_port=0xc3660003) at endian.h:151
#9  0xc05bf955 in UdpAliasIn (la=0xc27fc000, pip=0xc365e800) at ../../../netinet/libalias/alias.c:744
#10 0xc05c0723 in LibAliasIn (la=0xc27fc000, ptr=0xc365e800 "E", maxpacketsize=2048) at ../../../netinet/libalias/alias.c:1206
#11 0xc25cebc9 in ?? ()
#12 0xc27fc000 in ?? ()
#13 0xc365e800 in ?? ()
#14 0x00000800 in ?? ()
#15 0x00000db3 in ?? ()
#16 0x000005dc in ?? ()
#17 0x00000002 in ?? ()
#18 0xe6dc0001 in ?? ()
#19 0xc225b5a0 in ?? ()
#20 0xc2694280 in ?? ()
#21 0x00000000 in ?? ()
#22 0xcbfa8ae4 in ?? ()
#23 0xc058510c in ng_apply_item (node=0xc2694280, item=0xc365e800, rw=0) at ../../../netgraph/ng_base.c:2372
Previous frame identical to this frame (corrupt stack?)

########################################################################################################################################

kgdb: kvm_nlist(_stopped_cpus):
kgdb: kvm_nlist(_stoppcbs):
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0xc3be6001
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc05c3755
stack pointer           = 0x28:0xcbfa89d0
frame pointer           = 0x28:0xcbfa89d8
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 13 (swi1: net)
trap number             = 12
panic: page fault
KDB: stack backtrace:
kdb_backtrace(100,c2177a80,28,cbfa8990,c,...) at kdb_backtrace+0x29
panic(c0679b4b,c069ea13,0,fffff,c217e69b,...) at panic+0xa8
trap_fatal(cbfa8990,c3be6001,c2177a80,c3be6000,c,...) at trap_fatal+0x2a6
trap_pfault(cbfa8990,0,c3be6001) at trap_pfault+0x1f3
trap(c2c60008,28,c2130028,c3be5800,c3be7050,...) at trap+0x325
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0xc05c3755, esp = 0xcbfa89d0, ebp = 0xcbfa89d8 ---
AliasHandleName(c3be5de0,c3be7050) at AliasHandleName+0x6d
AliasHandleQuestion(7474,c3be5828,c3be7050,cbfa8a08) at AliasHandleQuestion+0x1b
AliasHandleUdpNbtNS(c289c000,c3be5800,c2c64180,cbfa8a58,cbfa8a5e,...) at AliasHandleUdpNbtNS+0x7f
UdpAliasIn(c289c000,c3be5800) at UdpAliasIn+0x101
LibAliasIn(c289c000,c3be5800,800,c,5dc,...) at LibAliasIn+0xb7
ng_nat_rcvdata(c2679300,c2568db0) at ng_nat_rcvdata+0x1d1
ng_apply_item(c27cec00,c2568db0,1,c2568db0,cbfa8b14,...) at ng_apply_item+0xb4
ng_snd_item(c2568db0,0,c2679200,cbfa8c54,0,...) at ng_snd_item+0x3cc
ng_ipfw_input(cbfa8c54,1,cbfa8b4c,0,c3d94a00,...) at ng_ipfw_input+0x11c
ipfw_check_in(0,cbfa8c54,c221b400,1,0,...) at ipfw_check_in+0x217
pfil_run_hooks(c06ec300,cbfa8ca8,c221b400,1,0) at pfil_run_hooks+0xef
ip_input(c3d94a00) at ip_input+0x20f
netisr_processqueue(c06eb278) at netisr_processqueue+0x9f
swi_net(0) at swi_net+0xf2
ithread_execute_handlers(c2176648,c2174380) at ithread_execute_handlers+0x121
ithread_loop(c215f6f0,cbfa8d38) at ithread_loop+0x54
fork_exit(c04e9bb8,c215f6f0,cbfa8d38) at fork_exit+0x70
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip = 0, esp = 0xcbfa8d6c, ebp = 0 ---
Uptime: 23h5m58s
Dumping 255 MB (2 chunks)
  chunk 0: 1MB (160 pages) ... ok
  chunk 1: 255MB (65259 pages) 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
165     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) backtrace
#0  doadump () at pcpu.h:165
#1  0xc05000c2 in boot (howto=260) at ../../../kern/kern_shutdown.c:409
#2  0xc0500388 in panic (fmt=0xc0679b4b "%s") at ../../../kern/kern_shutdown.c:565
#3  0xc0650946 in trap_fatal (frame=0xcbfa8990, eva=3284033537) at ../../../i386/i386/trap.c:837
#4  0xc0650677 in trap_pfault (frame=0xcbfa8990, usermode=0, eva=3284033537) at ../../../i386/i386/trap.c:745
#5  0xc0650271 in trap (frame=
      {tf_fs = -1027211256, tf_es = 40, tf_ds = -1038942168, tf_edi = -1010935808, tf_esi = -1010929584, tf_ebp = -872773160, tf_isp = -872773188, tf_ebx = 0, tf_edx = -1010933759, tf_ecx = -1010933759, tf_eax = 12, tf_trapno = 12, tf_err = 0, tf_eip = -1067698347, tf_cs = 32, tf_eflags = 590406, tf_esp = 29080, tf_ss = -1010929584}) at ../../../i386/i386/trap.c:435
#6  0xc063d53a in calltrap () at ../../../i386/i386/exception.s:139
#7  0xc05c3755 in AliasHandleName (p=0xc3be6001 <Address 0xc3be6001 out of bounds>, pmax=0xc3be7050 "\225&#1103;)P\020&#1066;&#1066;s&#9580;")
    at ../../../netinet/libalias/alias_nbt.c:187
#8  0xc05c38af in AliasHandleQuestion (count=29080, q=0xc3be6001, pmax=0xc3be7050 "\225&#1103;)P\020&#1066;&#1066;s&#9580;", nbtarg=0xcbfa8a08)
    at ../../../netinet/libalias/alias_nbt.c:310
#9  0xc05c3cf7 in AliasHandleUdpNbtNS (la=0xc289c000, pip=0xc3be6001, lnk=0xc2c64180, alias_address=0xc, alias_port=0xc, original_address=0xc,
    original_port=0xc) at endian.h:151
#10 0xc05bf955 in UdpAliasIn (la=0xc289c000, pip=0xc3be5800) at ../../../netinet/libalias/alias.c:744
#11 0xc05c0723 in LibAliasIn (la=0xc289c000, ptr=0xc3be5800 "E", maxpacketsize=2048) at ../../../netinet/libalias/alias.c:1206
#12 0xc258dbc9 in ?? ()
#13 0xc289c000 in ?? ()
#14 0xc3be5800 in ?? ()
#15 0x00000800 in ?? ()
#16 0x0000000c in ?? ()
#17 0x000005dc in ?? ()
#18 0x00000002 in ?? ()
#19 0xe6dc0001 in ?? ()
#20 0xc2568db0 in ?? ()
#21 0xc2679300 in ?? ()
#22 0x00000000 in ?? ()
#23 0xcbfa8ae4 in ?? ()
#24 0xc058510c in ng_apply_item (node=0xc2679300, item=0xc3be5800, rw=0) at ../../../netgraph/ng_base.c:2372
Previous frame identical to this frame (corrupt stack?)
>How-To-Repeat:
Unknown.
>Fix:
Unknown.

>Release-Note:
>Audit-Trail:

From: Gleb Smirnoff <glebius@FreeBSD.org>
To: Roman Mamontov <mr.xanto@gmail.com>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/125704: [ng_nat] kernel libalias: repeatable panic
Date: Tue, 22 Jul 2008 17:57:51 +0400

   Roman,
 
   can you please obtain backtrace with loadable modules loaded into
 kgdb? The process described here:
 
 http://www.freebsd.org/doc/en/books/developers-handbook/kerneldebug-kld.html
 
 Then it'll be interesting to look at contents of "*m" in the
 ng_nat_rcvdata() function.
 
 -- 
 Totus tuus, Glebius.
 GLEBIUS-RIPN GLEB-RIPE

From: Mamontov Roman <mr.xanto@gmail.com>
To: bug-followup@FreeBSD.org, glebius@FreeBSD.org
Cc:  
Subject: Re: kern/125704: [ng_nat] kernel libalias: repeatable panic
Date: Thu, 11 Dec 2008 18:25:28 +0300

 =C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, bug-followup.
 
 > Roman,
 >  can you please obtain backtrace with loadable modules loaded into
 >kgdb? The process described here:
 >
 >http://www.freebsd.org/doc/en/books/developers-handbook/kerneldebug-kld.ht=
 ml
 >
 >Then it'll be interesting to look at contents of "*m" in the
 >ng_nat_rcvdata() function.
 
 Gleb, now I have 6.4-STABLE, but this bug still life.
 I have new full backtrace this crash:
 
 solution# kgdb kernel.debug /var/crash/vmcore.3
 GNU gdb 6.1.1 [FreeBSD]
 Copyright 2004 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and you are
 welcome to change it and/or distribute copies of it under certain condition=
 s.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for details.
 This GDB was configured as "i386-marcel-freebsd"...
 
 Unread portion of the kernel message buffer:
 
 
 Fatal trap 12: page fault while in kernel mode
 fault virtual address   =3D 0xc2ebf00f
 fault code              =3D supervisor read, page not present
 instruction pointer     =3D 0x20:0xc05ce9ad
 stack pointer           =3D 0x28:0xcbfa89cc
 frame pointer           =3D 0x28:0xcbfa89d4
 code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                         =3D DPL 0, pres 1, def32 1, gran 1
 processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
 current process         =3D 13 (swi1: net)
 trap number             =3D 12
 panic: page fault
 KDB: stack backtrace:
 kdb_backtrace(100,c217aa80,28,cbfa898c,c,...) at kdb_backtrace+0x29
 panic(c06874b9,c06acbed,0,fffff,c217d69b,...) at panic+0xa8
 trap_fatal(cbfa898c,c2ebf00f,c217aa80,c2ebf000,c,...) at trap_fatal+0x2a6
 trap_pfault(cbfa898c,0,c2ebf00f) at trap_pfault+0x1f3
 trap(c30f0008,28,c2130028,c2ebd000,c2ebf061,...) at trap+0x325
 calltrap() at calltrap+0x5
 --- trap 0xc, eip =3D 0xc05ce9ad, esp =3D 0xcbfa89cc, ebp =3D 0xcbfa89d4 ---
 AliasHandleName(c2ebe012,c2ebf061) at AliasHandleName+0x6d
 AliasHandleQuestion(7474,c2ebd028,c2ebf061,cbfa8a04) at AliasHandleQuestion=
 +0x1b
 AliasHandleUdpNbtNS(c2771000,c2ebd000,c30f9e80,cbfa8a54,cbfa8a5a,...) at Al=
 iasHandleUdpNbtNS+0x7f
 UdpAliasIn(c2771000,c2ebd000) at UdpAliasIn+0x101
 LibAliasIn(c2771000,c2ebd000,800,0,5dc,...) at LibAliasIn+0xb7
 ng_nat_rcvdata(c269cc80,c2507c30,1,0,c267f200,...) at ng_nat_rcvdata+0x1d1
 ng_apply_item(c267f200,c2507c30,1,cbfa8c54,cbfa8b4c,...) at ng_apply_item+0=
 x98
 ng_snd_item(c2507c30,0,c263da00,cbfa8c54,0,...) at ng_snd_item+0x413
 ng_ipfw_input(cbfa8c54,1,cbfa8b4c,0,c2e16b00,...) at ng_ipfw_input+0x11c
 ipfw_check_in(0,cbfa8c54,c222e400,1,0,...) at ipfw_check_in+0x217
 pfil_run_hooks(c06fb5a0,cbfa8ca8,c222e400,1,0) at pfil_run_hooks+0xef
 ip_input(c2e16b00) at ip_input+0x20f
 netisr_processqueue(c06fa178) at netisr_processqueue+0x9f
 swi_net(0) at swi_net+0xf2
 ithread_execute_handlers(c2179648,c2177380) at ithread_execute_handlers+0x1=
 21
 ithread_loop(c21436e0,cbfa8d38) at ithread_loop+0x54
 fork_exit(c04f0648,c21436e0,cbfa8d38) at fork_exit+0x70
 fork_trampoline() at fork_trampoline+0x8
 --- trap 0x1, eip =3D 0, esp =3D 0xcbfa8d6c, ebp =3D 0 ---
 Uptime: 4h46m50s
 Dumping 255 MB (2 chunks)
   chunk 0: 1MB (160 pages) ... ok
   chunk 1: 255MB (65259 pages) 239 223 207 191 175 159 143 127 111 95 79 63=
  47 31 15
 
 Reading symbols from /boot/kernel/geom_mirror.ko...done.
 Loaded symbols for /boot/kernel/geom_mirror.ko
 Reading symbols from /boot/kernel/acpi.ko...done.
 Loaded symbols for /boot/kernel/acpi.ko
 Reading symbols from /boot/kernel/ng_ipfw.ko...done.
 Loaded symbols for /boot/kernel/ng_ipfw.ko
 Reading symbols from /boot/kernel/ng_nat.ko...done.
 Loaded symbols for /boot/kernel/ng_nat.ko
 #0  doadump () at pcpu.h:165
 165             __asm __volatile("movl %%fs:0,%0" : "=3Dr" (td));
 (kgdb) bt full
 #0  doadump () at pcpu.h:165
 No locals.
 #1  0xc050926a in boot (howto=3D260) at ../../../kern/kern_shutdown.c:410
         first_buf_printf =3D 1
 #2  0xc0509530 in panic (fmt=3D0xc06874b9 "%s") at ../../../kern/kern_shutd=
 own.c:566
         td =3D (struct thread *) 0xc217aa80
         bootopt =3D 260
         newpanic =3D 1
         ap =3D 0xc217aa80 "H\226\027=E1=DE=EC\027=E1"
         buf =3D "page fault", '\0' <repeats 245 times>
 #3  0xc065e5ca in trap_fatal (frame=3D0xcbfa898c, eva=3D3270242319) at ../.=
 ./../i386/i386/trap.c:838
         code =3D 40
         ss =3D 40
         esp =3D 0
         type =3D 12
         softseg =3D {ssd_base =3D 0, ssd_limit =3D 1048575, ssd_type =3D 27=
 , ssd_dpl =3D 0, ssd_p =3D 1, ssd_xx =3D 6, ssd_xx1 =3D 1, ssd_def32 =3D 1,=
  ssd_gran =3D 1}
         msg =3D 0x0
 #4  0xc065e2fb in trap_pfault (frame=3D0xcbfa898c, usermode=3D0, eva=3D3270=
 242319) at ../../../i386/i386/trap.c:745
         va =3D 3270242304
         vm =3D (struct vmspace *) 0x0
         map =3D 0xc104b000
         rv =3D 1
         ftype =3D 1 '\001'
         td =3D (struct thread *) 0xc217aa80
         p =3D (struct proc *) 0xc2179648
 #5  0xc065def5 in trap (frame=3D
       {tf_fs =3D -1022427128, tf_es =3D 40, tf_ds =3D -1038942168, tf_edi =
 =3D -1024733184, tf_esi =3D -1024724895, tf_ebp =3D -872773164, tf_isp =3D =
 -872773192, tf_ebx =3D 0, tf_edx =3D -1024724977, tf_ecx =3D -1024724977, t=
 f_eax =3D 42, tf_trapno =3D 12, tf_err =3D 0, tf_eip =3D -1067652691, tf_cs=
  =3D 32, tf_eflags =3D 590406, tf_esp =3D 29080, tf_ss =3D -1024724895}) at=
  ../../../i386/i386/trap.c:435
         td =3D (struct thread *) 0xc217aa80
         p =3D (struct proc *) 0xc2179648
         sticks =3D 3226579559
         type =3D 12
         i =3D 0
         ucode =3D 0
         code =3D 0
         eva =3D 3270242319
 #6  0xc064ad1a in calltrap () at ../../../i386/i386/exception.s:139
 No locals.
 #7  0xc05ce9ad in AliasHandleName (p=3D0xc2ebf00f <Address 0xc2ebf00f out o=
 f bounds>, pmax=3D0xc2ebf061 <Address 0xc2ebf061 out of bounds>)
     at ../../../netinet/libalias/alias_nbt.c:187
         s =3D (u_char *) 0xc2ebf00f <Address 0xc2ebf00f out of bounds>
         compress =3D 0
 #8  0xc05ceb07 in AliasHandleQuestion (count=3D29080, q=3D0xc2ebf00f, pmax=
 =3D0xc2ebf061 <Address 0xc2ebf061 out of bounds>, nbtarg=3D0xcbfa8a04)
     at ../../../netinet/libalias/alias_nbt.c:310
 No locals.
 #9  0xc05cef4f in AliasHandleUdpNbtNS (la=3D0xc2771000, pip=3D0xc2ebf00f, l=
 nk=3D0xc30f9e80, alias_address=3D0x2a, alias_port=3D0x2a, original_address=
 =3D0x2a,
     original_port=3D0x2a) at endian.h:151
         uh =3D (struct udphdr *) 0xc2ebf00f
         nsh =3D (NbtNSHeader *) 0xc2ebd01c
         p =3D (u_char *) 0xc2ebf00f <Address 0xc2ebf00f out of bounds>
         pmax =3D 0xc2ebf061 <Address 0xc2ebf061 out of bounds>
         nbtarg =3D {oldaddr =3D {s_addr =3D 169134683}, oldport =3D 35072, =
 newaddr =3D {s_addr =3D 169134683}, newport =3D 35072, uh_sum =3D 0xc2ebd01=
 a}
 #10 0xc05cabfd in UdpAliasIn (la=3D0xc2771000, pip=3D0xc2ebd000) at ../../.=
 ./netinet/libalias/alias.c:744
         alias_address =3D {s_addr =3D 169134683}
         original_address =3D {s_addr =3D 169134683}
         alias_port =3D 35072
         accumulate =3D -1022386560
         r =3D 0
         ud =3D (struct udphdr *) 0xc2ebd014
         lnk =3D (struct alias_link *) 0xc30f9e80
 #11 0xc05cb9cb in LibAliasIn (la=3D0xc2771000, ptr=3D0xc2ebd000 "E", maxpac=
 ketsize=3D2048) at ../../../netinet/libalias/alias.c:1206
         alias_addr =3D {s_addr =3D 169134683}
         pip =3D (struct ip *) 0xc2ebd000
         iresult =3D 2048
 #12 0xc276dadd in ng_nat_rcvdata () from /boot/kernel/ng_nat.ko
 No symbol table info available.
 #13 0xc058f200 in ng_apply_item (node=3D0xc267f200, item=3D0xc2507c30, rw=
 =3D1) at ../../../netgraph/ng_base.c:2398
         hook =3D 0xc269cc80
         rcvdata =3D (ng_rcvdata_t *) 0x2a
         rcvmsg =3D (ng_rcvmsg_t *) 0x2a
         apply =3D (struct ng_apply_info *) 0x0
         error =3D 0
         depth =3D 1
 #14 0xc058f073 in ng_snd_item (item=3D0xc2507c30, flags=3D0) at ../../../ne=
 tgraph/ng_base.c:2317
         hook =3D 0xc2ebf00f
         node =3D 0xc267f200
         queue =3D 0
         rw =3D 1
         ngq =3D (struct ng_queue *) 0xc267f254
         error =3D -872772788
 #15 0xc276ac5c in ng_ipfw_input () from /boot/kernel/ng_ipfw.ko
 No symbol table info available.
 #16 0xc05b4d5f in ipfw_check_in (arg=3D0x0, m0=3D0xcbfa8c54, ifp=3D0xc222e4=
 00, dir=3D1, inp=3D0x0) at ../../../netinet/ip_fw_pfil.c:190
         args =3D {m =3D 0xc2e16b00, oif =3D 0x0, next_hop =3D 0x0, rule =3D=
  0xc269d580, eh =3D 0x0, f_id =3D {dst_ip =3D 1539970058, src_ip =3D 328348=
 6750, dst_port =3D 137,
     src_port =3D 65403, proto =3D 17 '\021', flags =3D 0 '\0', addr_type =
 =3D 4 '\004', dst_ip6 =3D {__u6_addr =3D {__u6_addr8 =3D '\0' <repeats 15 t=
 imes>, __u6_addr16 =3D {
           0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 =3D {0, 0, 0, 0}}}, src_ip6 =
 =3D {__u6_addr =3D {__u6_addr8 =3D '\0' <repeats 15 times>, __u6_addr16 =3D=
  {0, 0, 0, 0, 0,
           0, 0, 0}, __u6_addr32 =3D {0, 0, 0, 0}}}, flow_id6 =3D 0, frag_id=
 6 =3D 0}, cookie =3D 61, inp =3D 0x0, dummypar =3D {opt_or =3D 0x0, ro_or =
 =3D {ro_rt =3D 0x0,
       ro_dst =3D {sin6_len =3D 0 '\0', sin6_family =3D 0 '\0', sin6_port =
 =3D 0, sin6_flowinfo =3D 0, sin6_addr =3D {__u6_addr =3D {__u6_addr8 =3D '\=
 0' <repeats 15 times>,
             __u6_addr16 =3D {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 =3D {0, 0=
 , 0, 0}}}, sin6_scope_id =3D 0}}, flags_or =3D 0, im6o_or =3D 0x0, origifp_=
 or =3D 0x0,
     ifp_or =3D 0x0, dst_or =3D {sin6_len =3D 0 '\0', sin6_family =3D 0 '\0'=
 , sin6_port =3D 0, sin6_flowinfo =3D 0, sin6_addr =3D {__u6_addr =3D {
           __u6_addr8 =3D '\0' <repeats 15 times>, __u6_addr16 =3D {0, 0, 0,=
  0, 0, 0, 0, 0}, __u6_addr32 =3D {0, 0, 0, 0}}}, sin6_scope_id =3D 0}, mtu_=
 or =3D 0,
     ro_pmtu_or =3D {ro_rt =3D 0x0, ro_dst =3D {sin6_len =3D 0 '\0', sin6_fa=
 mily =3D 0 '\0', sin6_port =3D 0, sin6_flowinfo =3D 0, sin6_addr =3D {__u6_=
 addr =3D {
             __u6_addr8 =3D '\0' <repeats 15 times>, __u6_addr16 =3D {0, 0, =
 0, 0, 0, 0, 0, 0}, __u6_addr32 =3D {0, 0, 0, 0}}}, sin6_scope_id =3D 0}}}, =
 hopstore =3D {
     sin_len =3D 0 '\0', sin_family =3D 0 '\0', sin_port =3D 0, sin_addr =3D=
  {s_addr =3D 0}, sin_zero =3D "\000\000\000\000\000\000\000"}}
         ng_tag =3D (struct ng_ipfw_tag *) 0xc2ebf00f
         ipfw =3D -1024724977
         divert =3D -1033643520
         tee =3D -1033643520
 #17 0xc05842cf in pfil_run_hooks (ph=3D0xc06fb5a0, mp=3D0xcbfa8ca8, ifp=3D0=
 xc222e400, dir=3D1, inp=3D0x0) at ../../../net/pfil.c:139
         pfh =3D (struct packet_filter_hook *) 0xc2341ae0
         m =3D (struct mbuf *) 0x0
         rv =3D 0
 #18 0xc05b63af in ip_input (m=3D0xc2e16b00) at ../../../netinet/ip_input.c:=
 468
         ip =3D (struct ip *) 0xc259f020
         ia =3D (struct in_ifaddr *) 0x0
         ifa =3D (struct ifaddr *) 0xc2ebf00f
         checkif =3D -1913050015
         hlen =3D 20
         sum =3D 55808
         dchg =3D 0
 #19 0xc0582e3f in netisr_processqueue (ni=3D0xc06fa178) at ../../../net/net=
 isr.c:236
         m =3D (struct mbuf *) 0xc2e16b00
 #20 0xc058303a in swi_net (dummy=3D0x0) at ../../../net/netisr.c:349
         ni =3D (struct netisr *) 0xc06fa178
         bits =3D 0
         i =3D -1024724977
 #21 0xc04f0581 in ithread_execute_handlers (p=3D0xc2179648, ie=3D0xc2177380=
 ) at ../../../kern/kern_intr.c:682
         ih =3D (struct intr_handler *) 0xc2170900
         ihn =3D (struct intr_handler *) 0x0
 #22 0xc04f069c in ithread_loop (arg=3D0xc21436e0) at ../../../kern/kern_int=
 r.c:766
         intr_event =3D (struct intr_thread *) 0xc21436e0
 ---Type <return> to continue, or q <return> to quit---
         ie =3D (struct intr_event *) 0xc2177380
         td =3D (struct thread *) 0xc217aa80
         p =3D (struct proc *) 0xc2179648
 #23 0xc04ef508 in fork_exit (callout=3D0xc04f0648 <ithread_loop>, arg=3D0xc=
 21436e0, frame=3D0xcbfa8d38) at ../../../kern/kern_fork.c:788
         p =3D (struct proc *) 0xc2179648
         td =3D (struct thread *) 0xc2ebf00f
 #24 0xc064ad7c in fork_trampoline () at ../../../i386/i386/exception.s:208
 No locals.
 
 --=20
 =D1 =F3=E2=E0=E6=E5=ED=E8=E5=EC,
  Mamontov Roman                          mailto:mr.xanto@gmail.com
 
>Unformatted:
