Date: Mon, 7 Apr 2008 18:16:53 +0200 From: "Petr Holub" <hopet@ics.muni.cz> To: <stable@FreeBSD.org> Subject: panics on 6.3-RELEASE in IP stack Message-ID: <01ab01c898ca$ce4763e0$6ad62ba0$@muni.cz>
next in thread | raw e-mail | index | archive | help
Hi all,
I started to play with RAT application (ports: mbone/rat + an SVN =
version)
and
it seems to crash my 6.3-RELEASE-p1 box in rather deterministic way. =
Crash
details are shown below. Has anyone seen a problem like this?
Thanks,
Petr
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you =
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for =
details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
fault virtual address =3D 0x0
fault code =3D supervisor read, page not present
instruction pointer =3D 0x20:0xc0713a7f
stack pointer =3D 0x28:0xe8583b38
frame pointer =3D 0x28:0xe8583b40
code segment =3D base 0x0, limit 0xfffff, type 0x1b
=3D DPL 0, pres 1, def32 1, gran 1
processor eflags =3D interrupt enabled, resume, IOPL =3D 0
current process =3D 9460 (rat-4.4.01)
trap number =3D 12
panic: page fault
Uptime: 35m41s
Dumping 1023 MB (2 chunks)
chunk 0: 1MB (159 pages) ... ok
chunk 1: 1023MB (261760 pages) 1007 991 975 959 943 927 911 895 879 =
863
847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 =
559
543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 =
255
239 223 207 191 175 159 143 127 111 95 79 63 47 31 15
#0 doadump () at pcpu.h:165
in pcpu.h
(kgdb) bt
#0 doadump () at pcpu.h:165
#1 0xc06a4ad6 in boot (howto=3D260) at =
/usr/src/sys/kern/kern_shutdown.c:409
#2 0xc06a4d6c in panic (fmt=3D0xc096ba63 "%s")
at /usr/src/sys/kern/kern_shutdown.c:565
#3 0xc090d0d4 in trap_fatal (frame=3D0xe8583af8, eva=3D0)
at /usr/src/sys/i386/i386/trap.c:838
#4 0xc090ce3b in trap_pfault (frame=3D0xe8583af8, usermode=3D0, =
eva=3D0)
at /usr/src/sys/i386/i386/trap.c:745
#5 0xc090ca79 in trap (frame=3D
{tf_fs =3D 8, tf_es =3D 40, tf_ds =3D -983498712, tf_edi =3D =
-396870780,
tf_esi =3D -396870780, tf_ebp =3D -396870848, tf_isp =3D -396870876, =
tf_ebx =3D
-972494912, tf_edx =3D -975435904, tf_ecx =3D 0, tf_eax =3D 0, tf_trapno =
=3D 12,
tf_err =3D 0, tf_eip =3D -1066321281, tf_cs =3D 32, tf_eflags =3D 66183, =
tf_esp =3D
-396870780, tf_ss =3D -985987072}) at /usr/src/sys/i386/i386/trap.c:435
#6 0xc08f9f0a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7 0xc0713a7f in if_findmulti (ifp=3D0x0, sa=3D0xe8583b84)
at /usr/src/sys/net/if.c:1893
#8 0xc0713c1f in if_addmulti (ifp=3D0xc53b0800, sa=3D0xe8583b84,=20
retifma=3D0xe8583b80) at /usr/src/sys/net/if.c:2001
#9 0xc073f6bb in in_addmulti (ap=3D0xe8583bb8, ifp=3D0xc53b0800)
at /usr/src/sys/netinet/in.c:982
#10 0xc0748898 in ip_setmoptions (inp=3D0xc58a3d5c, sopt=3D0xc5dc0780)
at /usr/src/sys/netinet/ip_output.c:1897
#11 0xc0747cc7 in ip_ctloutput_pcbinfo (so=3D0xc60469bc, =
sopt=3D0xe8583c90,=20
pcbinfo=3D0xc0a746a0) at /usr/src/sys/netinet/ip_output.c:1314
#12 0xc0747f74 in ip_ctloutput (so=3D0xc60469bc, sopt=3D0xe8583c90)
at /usr/src/sys/netinet/ip_output.c:1516
#13 0xc06dfcf0 in sosetopt (so=3D0xc60469bc, sopt=3D0xe8583c90)
at /usr/src/sys/kern/uipc_socket.c:1575
#14 0xc06e5071 in kern_setsockopt (td=3D0xc5dc0780, s=3D4, level=3D0, =
name=3D0,=20
val=3D0x0, valseg=3DUIO_USERSPACE, valsize=3D3319531392)
at /usr/src/sys/kern/uipc_syscalls.c:1351
#15 0xc06e4f92 in setsockopt (td=3D0xc5dc0780, uap=3D0x0)
at /usr/src/sys/kern/uipc_syscalls.c:1307
#16 0xc090d3eb in syscall (frame=3D
{tf_fs =3D 59, tf_es =3D 59, tf_ds =3D 59, tf_edi =3D 134598976, =
tf_esi =3D
47000, tf_ebp =3D -1077942872, tf_isp =3D -396870300, tf_ebx =3D =
-1077942896,
tf_edx =3D -270598176, tf_ecx =3D 23, tf_eax =3D 105, tf_trapno =3D 12, =
tf_err =3D 2,
tf_eip =3D 672253131, tf_cs =3D 51, tf_eflags =3D 658, tf_esp =3D =
-1077942980, tf_ss
=3D 59})
at /usr/src/sys/i386/i386/trap.c:984
#17 0xc08f9f5f in Xint0x80_syscall ()
at /usr/src/sys/i386/i386/exception.s:200
#18 0x00000033 in ?? ()
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc06a4ad6 in boot (howto=3D260) at =
/usr/src/sys/kern/kern_shutdown.c:409
first_buf_printf =3D 1
#2 0xc06a4d6c in panic (fmt=3D0xc096ba63 "%s")
at /usr/src/sys/kern/kern_shutdown.c:565
td =3D (struct thread *) 0xc5dc0780
bootopt =3D 260
newpanic =3D 0
ap =3D 0xc5dc0780 "H6=DC=C5=C0YE=C5"
buf =3D "page fault", '\0' <repeats 245 times>
#3 0xc090d0d4 in trap_fatal (frame=3D0xe8583af8, eva=3D0)
at /usr/src/sys/i386/i386/trap.c:838
code =3D 40
ss =3D 40
esp =3D 0
type =3D 12
softseg =3D {ssd_base =3D 0, ssd_limit =3D 1048575, ssd_type =3D 27,=20
ssd_dpl =3D 0, ssd_p =3D 1, ssd_xx =3D 6, ssd_xx1 =3D 3, ssd_def32 =3D =
1,=20
ssd_gran =3D 1}
msg =3D 0x0
#4 0xc090ce3b in trap_pfault (frame=3D0xe8583af8, usermode=3D0, =
eva=3D0)
at /usr/src/sys/i386/i386/trap.c:745
va =3D 0
vm =3D (struct vmspace *) 0x0
map =3D 0xc5fbc000
rv =3D 1
ftype =3D 1 '\001'
td =3D (struct thread *) 0xc5dc0780
p =3D (struct proc *) 0xc5dc3648
#5 0xc090ca79 in trap (frame=3D
{tf_fs =3D 8, tf_es =3D 40, tf_ds =3D -983498712, tf_edi =3D =
-396870780,
tf_esi =3D -396870780, tf_ebp =3D -396870848, tf_isp =3D -396870876, =
tf_ebx =3D
-972494912, tf_edx =3D -975435904, tf_ecx =3D 0, tf_eax =3D 0, tf_trapno =
=3D 12,
tf_err =3D 0, tf_eip =3D -1066321281, tf_cs =3D 32, tf_eflags =3D 66183, =
tf_esp =3D
-396870780, tf_ss =3D -985987072}) at /usr/src/sys/i386/i386/trap.c:435
td =3D (struct thread *) 0xc5dc0780
p =3D (struct proc *) 0xc5dc3648
sticks =3D 3314033776
type =3D 12
i =3D 0
ucode =3D 0
code =3D 0
eva =3D 0
#6 0xc08f9f0a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
No locals.
#7 0xc0713a7f in if_findmulti (ifp=3D0x0, sa=3D0xe8583b84)
at /usr/src/sys/net/if.c:1893
ifma =3D (struct ifmultiaddr *) 0xc608e7c0
#8 0xc0713c1f in if_addmulti (ifp=3D0xc53b0800, sa=3D0xe8583b84,=20
retifma=3D0xe8583b80) at /usr/src/sys/net/if.c:2001
ifma =3D (struct ifmultiaddr *) 0xe8583b84
ll_ifma =3D (struct ifmultiaddr *) 0xc5dc0780
llsa =3D (struct sockaddr *) 0xe8583b64
error =3D -987328256
#9 0xc073f6bb in in_addmulti (ap=3D0xe8583bb8, ifp=3D0xc53b0800)
at /usr/src/sys/netinet/in.c:982
inm =3D (struct in_multi *) 0xe8583b84
error =3D 0
sin =3D {sin_len =3D 16 '\020', sin_family =3D 2 '\002', sin_port =3D =
0,=20
sin_addr =3D {s_addr =3D 4024369120}, sin_zero =3D
"\000\000\000\000\000\000\000"}
ifma =3D (struct ifmultiaddr *) 0xc58a3d5c
#10 0xc0748898 in ip_setmoptions (inp=3D0xc58a3d5c, sopt=3D0xc5dc0780)
at /usr/src/sys/netinet/ip_output.c:1897
error =3D 0
i =3D 0
addr =3D {s_addr =3D 0}
mreq =3D {imr_multiaddr =3D {s_addr =3D 4024369120}, imr_interface =3D =
{
s_addr =3D 0}}
ifp =3D (struct ifnet *) 0xc53b0800
imo =3D (struct ip_moptions *) 0xc552c200
ro =3D {ro_rt =3D 0x0, ro_dst =3D {sa_len =3D 16 '\020',=20
sa_family =3D 2 '\002',=20
sa_data =3D "\000\000=E0=FF=DE=EF\000\000\000\000\000\000\000"}}
ifindex =3D -975435904
#11 0xc0747cc7 in ip_ctloutput_pcbinfo (so=3D0xc60469bc, =
sopt=3D0xe8583c90,=20
pcbinfo=3D0xc0a746a0) at /usr/src/sys/netinet/ip_output.c:1314
inp =3D (struct inpcb *) 0xc58a3d5c
error =3D 0
optval =3D 0
#12 0xc0747f74 in ip_ctloutput (so=3D0xc60469bc, sopt=3D0xe8583c90)
at /usr/src/sys/netinet/ip_output.c:1516
No locals.
#13 0xc06dfcf0 in sosetopt (so=3D0xc60469bc, sopt=3D0xe8583c90)
at /usr/src/sys/kern/uipc_socket.c:1575
error =3D -975435904
optval =3D -1048225976
l =3D {l_onoff =3D -396870524, l_linger =3D 0}
tv =3D {tv_sec =3D -1066137227, tv_usec =3D -1048309760}
val =3D 0
#14 0xc06e5071 in kern_setsockopt (td=3D0xc5dc0780, s=3D4, level=3D0, =
name=3D0,=20
val=3D0x0, valseg=3DUIO_USERSPACE, valsize=3D3319531392)
at /usr/src/sys/kern/uipc_syscalls.c:1351
error =3D 0
fp =3D (struct file *) 0xc5d77c60
sopt =3D {sopt_dir =3D SOPT_SET, sopt_level =3D 0, sopt_name =3D 12,=20
sopt_val =3D 0xbfbfe584, sopt_valsize =3D 8, sopt_td =3D 0xc5dc0780}
#15 0xc06e4f92 in setsockopt (td=3D0xc5dc0780, uap=3D0x0)
at /usr/src/sys/kern/uipc_syscalls.c:1307
No locals.
#16 0xc090d3eb in syscall (frame=3D
{tf_fs =3D 59, tf_es =3D 59, tf_ds =3D 59, tf_edi =3D 134598976, =
tf_esi =3D
47000, tf_ebp =3D -1077942872, tf_isp =3D -396870300, tf_ebx =3D =
-1077942896,
tf_edx =3D -270598176, tf_ecx =3D 23, tf_eax =3D 105, tf_trapno =3D 12, =
tf_err =3D 2,
tf_eip =3D 672253131, tf_cs =3D 51, tf_eflags =3D 658, tf_esp =3D =
-1077942980, tf_ss
=3D 59})
at /usr/src/sys/i386/i386/trap.c:984
params =3D 0xbfbfe540 <Address 0xbfbfe540 out of bounds>
callp =3D (struct sysent *) 0xc09fca4c
td =3D (struct thread *) 0xc5dc0780
p =3D (struct proc *) 0xc5dc3648
orig_tf_eflags =3D 658
sticks =3D 0
error =3D 0
narg =3D 5
args =3D {4, 0, 12, -1077942908, 8, 0, 0, -975423928}
code =3D 105
#17 0xc08f9f5f in Xint0x80_syscall ()
at /usr/src/sys/i386/i386/exception.s:200
No locals.
#18 0x00000033 in ?? ()
No symbol table info available.
(kgdb) up 7
#7 0xc0713a7f in if_findmulti (ifp=3D0x0, sa=3D0xe8583b84)
at /usr/src/sys/net/if.c:1893
1893 if (sa_equal(ifma->ifma_addr, sa))
(kgdb) p ifma->ifma_addr
$1 =3D (struct sockaddr *) 0x0
(kgdb) p *ifma
$2 =3D {ifma_link =3D {tqe_next =3D 0x306d65, tqe_prev =3D 0x0}, =
ifma_addr =3D 0x0,=20
ifma_lladdr =3D 0x0, ifma_ifp =3D 0x8843, ifma_refcount =3D 0,=20
ifma_protospec =3D 0x0}
$3 =3D (struct sockaddr *) 0xe8583b84
(kgdb) p *sa
$4 =3D {sa_len =3D 16 '\020', sa_family =3D 2 '\002',=20
sa_data =3D "\000\000=E0=FF=DE=EF\000\000\000\000\000\000\000"}
(kgdb) q
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01ab01c898ca$ce4763e0$6ad62ba0$>