From nobody@FreeBSD.org  Thu May 10 08:39:52 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E3672106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 10 May 2012 08:39:52 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id CE8D58FC14
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 10 May 2012 08:39:52 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q4A8dqqv005493
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 10 May 2012 08:39:52 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q4A8dqTp005492;
	Thu, 10 May 2012 08:39:52 GMT
	(envelope-from nobody)
Message-Id: <201205100839.q4A8dqTp005492@red.freebsd.org>
Date: Thu, 10 May 2012 08:39:52 GMT
From: Marc <bsdbug@bospaling.nl>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Fatal trap in ipfilter/ipnat
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         167768
>Category:       kern
>Synopsis:       [ipfilter] Fatal trap in ipfilter/ipnat
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    cy
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu May 10 08:40:00 UTC 2012
>Closed-Date:    Sat Jul 27 16:33:14 UTC 2013
>Last-Modified:  Sat Jul 27 16:40:00 UTC 2013
>Originator:     Marc
>Release:        9.0-RELEASE
>Organization:
>Environment:
FreeBSD oblomow.-----.nl 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan  3 07:46:30 UTC 2012     root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
After installing the machine and rsyncing the data (no problem there), I connected the machine with both interfaces (re0 internet side, em0 internal network). Just after a few minutes I get a kernel panic. Repeatedly. 



Fatal trap 18: integer divide fault while in kernel mode
cpuid = 0; apic id = 00
instruction pointer	= 0x20:0xffffffff81415c68
stack pointer	        = 0x28:0xffffff800029f3f0
frame pointer	        = 0x28:0xffffff800029f510
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 12 (irq257: em0:rx 0)
trap number		= 18
panic: integer divide fault
cpuid = 0
KDB: stack backtrace:

>How-To-Repeat:

>Fix:
no fix, but browsing shows that similar problems have occurred in previous releases ( 149937 ?).


Patch attached with submission follows:

Fatal trap 18: integer divide fault while in kernel mode
cpuid = 0; apic id = 00
instruction pointer	= 0x20:0xffffffff81415c68
stack pointer	        = 0x28:0xffffff800029f3f0
frame pointer	        = 0x28:0xffffff800029f510
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 12 (irq257: em0:rx 0)
trap number		= 18
panic: integer divide fault
cpuid = 0
KDB: stack backtrace:
#0 0xffffffff808680fe at kdb_backtrace+0x5e
#1 0xffffffff80832cb7 at panic+0x187
#2 0xffffffff80b18400 at trap_fatal+0x290
#3 0xffffffff80b1893a at trap+0x10a
#4 0xffffffff80b0313f at calltrap+0x8
#5 0xffffffff81419b23 at fr_checknatout+0x403
#6 0xffffffff81433804 at fr_check+0xbc4
#7 0xffffffff808f2ade at pfil_run_hooks+0x9e
#8 0xffffffff8094a9d4 at ip_output+0x404
#9 0xffffffff80947183 at ip_forward+0x303
#10 0xffffffff8094881b at ip_input+0x5ab
#11 0xffffffff808f1dab at netisr_dispatch_src+0x20b
#12 0xffffffff808e77dd at ether_demux+0x14d
#13 0xffffffff808e7ab4 at ether_nh_input+0x1f4
#14 0xffffffff808f1dab at netisr_dispatch_src+0x20b
#15 0xffffffff8046ff5a at em_rxeof+0x1ca
#16 0xffffffff80470324 at em_msix_rx+0x24
#17 0xffffffff80809644 at intr_event_execute_handlers+0x104
Uptime: 8m15s
Dumping 610 out of 4068 MB:..3%..11%..21%..32%..42%..53%..61%..71%..82%..92%

Reading symbols from /boot/kernel/ipl.ko...Reading symbols from /boot/kernel/ipl.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ipl.ko
#0  doadump (textdump=Variable "textdump" is not available.
) at pcpu.h:224
224		__asm("movq %%gs:0,%0" : "=r" (td));
(kgdb)  backtrace 
#0  doadump (textdump=Variable "textdump" is not available.
) at pcpu.h:224
#1  0xffffffff808327f5 in kern_reboot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:442
#2  0xffffffff80832ca1 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:607
#3  0xffffffff80b18400 in trap_fatal (frame=0x12, eva=Variable "eva" is not available.
)
    at /usr/src/sys/amd64/amd64/trap.c:819
#4  0xffffffff80b1893a in trap (frame=0xffffff800029f340)
    at /usr/src/sys/amd64/amd64/trap.c:617
#5  0xffffffff80b0313f in calltrap () at /usr/src/sys/amd64/amd64/exception.S:228
#6  0xffffffff81415c68 in nat_new (fin=0xffffff800029f5d0, np=0xfffffe000556ac00, 
    natsave=0x0, flags=2, direction=1)
    at /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_nat.c:2042
#7  0xffffffff81419b23 in fr_checknatout (fin=0xffffff800029f5d0, 
    passp=0xffffff800029f5cc)
    at /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_nat.c:3861
#8  0xffffffff81433804 in fr_check (ip=0x1, hlen=20, ifp=Variable "ifp" is not available.
)
    at /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/fil.c:2624
#9  0xffffffff808f2ade in pfil_run_hooks (ph=Variable "ph" is not available.
) at /usr/src/sys/net/pfil.c:82
#10 0xffffffff8094a9d4 in ip_output (m=0xfffffe00057a4700, opt=Variable "opt" is not available.
)
    at /usr/src/sys/netinet/ip_output.c:508
#11 0xffffffff80947183 in ip_forward (m=0xfffffe00057a4700, srcrt=Variable "srcrt" is not available.
)
    at /usr/src/sys/netinet/ip_input.c:1494
#12 0xffffffff8094881b in ip_input (m=0xfffffe00057a4700)
    at /usr/src/sys/netinet/ip_input.c:702
#13 0xffffffff808f1dab in netisr_dispatch_src (proto=1, source=Variable "source" is not available.
)
    at /usr/src/sys/net/netisr.c:1013
#14 0xffffffff808e77dd in ether_demux (ifp=0xfffffe0002ac5000, 
    m=0xfffffe00057a4700) at /usr/src/sys/net/if_ethersubr.c:937
#15 0xffffffff808e7ab4 in ether_nh_input (m=Variable "m" is not available.
)
    at /usr/src/sys/net/if_ethersubr.c:756
#16 0xffffffff808f1dab in netisr_dispatch_src (proto=9, source=Variable "source" is not available.
)
    at /usr/src/sys/net/netisr.c:1013
#17 0xffffffff8046ff5a in em_rxeof (rxr=0xfffffe0002b44000, count=99, done=0x0)
    at /usr/src/sys/dev/e1000/if_em.c:4340
#18 0xffffffff80470324 in em_msix_rx (arg=Variable "arg" is not available.
) at /usr/src/sys/dev/e1000/if_em.c:1577
#19 0xffffffff80809644 in intr_event_execute_handlers (p=Variable "p" is not available.
)
    at /usr/src/sys/kern/kern_intr.c:1257
#20 0xffffffff8080ae04 in ithread_loop (arg=0xfffffe0002b43720)
    at /usr/src/sys/kern/kern_intr.c:1270
#21 0xffffffff8080682f in fork_exit (callout=0xffffffff8080ad60 <ithread_loop>, 
    arg=0xfffffe0002b43720, frame=0xffffff800029fc50)
    at /usr/src/sys/kern/kern_fork.c:995
#22 0xffffffff80b0366e in fork_trampoline ()
    at /usr/src/sys/amd64/amd64/exception.S:602
#23 0x0000000000000000 in ?? ()
#24 0x0000000000000000 in ?? ()
#25 0x0000000000000001 in ?? ()
#26 0x0000000000000000 in ?? ()
#27 0x0000000000000000 in ?? ()
#28 0x0000000000000000 in ?? ()
#29 0x0000000000000000 in ?? ()
#30 0x0000000000000000 in ?? ()
#31 0x0000000000000000 in ?? ()
#32 0x0000000000000000 in ?? ()
#33 0x0000000000000000 in ?? ()
#34 0x0000000000000000 in ?? ()
#35 0x0000000000000000 in ?? ()
#36 0x0000000000000000 in ?? ()
#37 0x0000000000000000 in ?? ()
#38 0x0000000000000000 in ?? ()
#39 0x0000000000000000 in ?? ()
#40 0x0000000000000000 in ?? ()
#41 0x0000000000000000 in ?? ()
#42 0x0000000000000000 in ?? ()
#43 0x0000000000000000 in ?? ()
#44 0x0000000000000000 in ?? ()
#45 0x0000000000000000 in ?? ()
#46 0x0000000000000000 in ?? ()
#47 0xffffffff81119a80 in affinity ()
#48 0xfffffe0002aca000 in ?? ()
#49 0x0000000000000000 in ?? ()
#50 0xfffffe0002aca000 in ?? ()
#51 0xffffff800029fb40 in ?? ()
#52 0xffffff800029fae8 in ?? ()
#53 0xfffffe0107bf9000 in ?? ()
#54 0xffffffff8085acc2 in sched_switch (td=0xffffffff8080ad60, 
    newtd=0xfffffe0002b43720, flags=Variable "flags" is not available.
) at /usr/src/sys/kern/sched_ule.c:1848
Previous frame inner to this frame (corrupt stack?)



>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Thu May 10 15:01:32 UTC 2012 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=167768 

From: Marc Albers <marc@bospaling.nl>
To: bug-followup@FreeBSD.org,
 bsdbug@bospaling.nl
Cc:  
Subject: Re: kern/167768: [ipfilter] Fatal trap in ipfilter/ipnat
Date: Sun, 20 May 2012 18:58:01 +0200

 so I guess the alternative is to downgrade to FreeBSD 8.* ?

From: Marc Albers <marc@bospaling.nl>
To: bug-followup@FreeBSD.org,
 bsdbug@bospaling.nl
Cc:  
Subject: Re: kern/167768: [ipfilter] Fatal trap in ipfilter/ipnat
Date: Sat, 2 Jun 2012 19:30:48 +0200

 switching the external (re0) and internal (em0) interfaces does not =
 help. Still the same kernel panic.=
State-Changed-From-To: open->feedback 
State-Changed-By: darrenr 
State-Changed-When: Tue Jun 5 18:31:16 UTC 2012 
State-Changed-Why:  



Responsible-Changed-From-To: freebsd-net->darrenr 
Responsible-Changed-By: darrenr 
Responsible-Changed-When: Tue Jun 5 18:31:16 UTC 2012 
Responsible-Changed-Why:  


http://www.freebsd.org/cgi/query-pr.cgi?pr=167768 

From: Marc Albers <marc@bospaling.nl>
To: bug-followup@FreeBSD.org,
 bsdbug@bospaling.nl
Cc:  
Subject: Re: kern/167768: [ipfilter] Fatal trap in ipfilter/ipnat
Date: Thu, 7 Jun 2012 08:20:40 +0200

 Yes, the patch seems to work. System is up and running for more than 20 =
 hours. (jnstead of a few minutes before)
 
 

From: Marc Albers <marc@bospaling.nl>
To: bug-followup@FreeBSD.org,
 bsdbug@bospaling.nl
Cc:  
Subject: Re: kern/167768: [ipfilter] Fatal trap in ipfilter/ipnat
Date: Thu, 28 Jun 2012 19:15:05 +0200

 uptime 22 days and counting
State-Changed-From-To: feedback->feedback 
State-Changed-By: linimon 
State-Changed-When: Wed Jul 3 00:50:32 UTC 2013 
State-Changed-Why:  
commit bit has been taken in for safekeeping. 

To submitter: is this still a problem? 


Responsible-Changed-From-To: darrenr->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Jul 3 00:50:32 UTC 2013 
Responsible-Changed-Why:  

http://www.freebsd.org/cgi/query-pr.cgi?pr=167768 
Responsible-Changed-From-To: freebsd-net->cy 
Responsible-Changed-By: cy 
Responsible-Changed-When: Wed Jul 3 05:23:44 UTC 2013 
Responsible-Changed-Why:  
Mine. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=167768 

From: Marc Albers <marc@bospaling.nl>
To: bug-followup@FreeBSD.org,
 bsdbug@bospaling.nl
Cc:  
Subject: Re: kern/167768: [ipfilter] Fatal trap in ipfilter/ipnat
Date: Sat, 27 Jul 2013 17:35:47 +0200

 it's solved.
State-Changed-From-To: feedback->closed 
State-Changed-By: cy 
State-Changed-When: Sat Jul 27 16:32:35 UTC 2013 
State-Changed-Why:  
Submitter says this is not a problem any more. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=167768 

From: Cy Schubert <Cy.Schubert@komquats.com>
To: Marc Albers <marc@bospaling.nl>
Cc: cy@FreeBSD.org, bug-followup <bug-followup@freebsd.org>
Subject: Re: kern/167768: [ipfilter] Fatal trap in ipfilter/ipnat
Date: Sat, 27 Jul 2013 09:30:46 -0700

 In message <201307271550.r6RFo12r075992@freefall.freebsd.org>, Marc Albers 
 writ
 es:
 > The following reply was made to PR kern/167768; it has been noted by GNATS.
 > 
 > From: Marc Albers <marc@bospaling.nl>
 > To: bug-followup@FreeBSD.org,
 >  bsdbug@bospaling.nl
 > Cc:  
 > Subject: Re: kern/167768: [ipfilter] Fatal trap in ipfilter/ipnat
 > Date: Sat, 27 Jul 2013 17:35:47 +0200
 > 
 >  it's solved.
 > 
 
 Excellent! Thanks for letting me know. I'll close it then.
 
 
 -- 
 Cheers,
 Cy Schubert <Cy.Schubert@komquats.com>
 FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org
 
 	The need of the many outweighs the greed of the few.
 
 
>Unformatted:
