Site Navigation

Date:      Mon, 18 Mar 2002 21:37:16 +0000 (GMT)
From:      Michael Allman <allman@maths.ox.ac.uk>
To:        <freebsd-stable@freebsd.org>
Subject:   4.5-RELEASE kernel panic
Message-ID:  <Pine.OSF.4.33.0203182119250.2438-100000@cream-puff.maths.ox.ac.uk>

---

next in thread | raw e-mail | index | archive | help

---

Hello All,

Below is an abbreviated kernel debugging session from a kernel panic.  I
suspect this is due to a bug in the network routing code.  Somehow, a null
pointer got thrown in the works.  Could someone more knowledgable of these
things have a look?  I can provide more information as requested.
Thanks!

Michael

My system:  FreeBSD 4.5-RELEASE on an AMD Athlon 1 GHz, 512 MB RAM, Intel
Etherexpress PRO 100S.

What I found with gdb -k:

panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x303031f
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc01b9049
stack pointer           = 0x10:0xc030cf78
frame pointer           = 0x10:0xc030cfc8
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = Idle
interrupt mask          =
trap number             = 12

****************

(kgdb) bt
#0  dumpsys () at ../../kern/kern_shutdown.c:474
#1  0xc016fbfb in boot (howto=260) at ../../kern/kern_shutdown.c:313
#2  0xc016fff5 in panic (fmt=0xc030574c "%s") at
../../kern/kern_shutdown.c:582
#3  0xc02b2faf in trap_fatal (frame=0xc030cd64, eva=48)
    at ../../i386/i386/trap.c:956
#4  0xc02b2c5d in trap_pfault (frame=0xc030cd64, usermode=0, eva=48)
    at ../../i386/i386/trap.c:849
#5  0xc02b2803 in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16,
      tf_edi = -1070166208, tf_esi = 0, tf_ebp = -1070543444,
      tf_isp = -1070543472, tf_ebx = -1070432644, tf_edx = 6832192,
      tf_ecx = 8, tf_eax = 0, tf_trapno = 12, tf_err = 0,
      tf_eip = -1071357192, tf_cs = 8, tf_eflags = 66050, tf_esp = 0,
      tf_ss = 0}) at ../../i386/i386/trap.c:448
#6  0xc02462f8 in acquire_lock (lk=0xc0327e7c)
    at ../../ufs/ffs/ffs_softdep.c:271
#7  0xc024a896 in softdep_fsync_mountdev (vp=0xe36db540)
    at ../../ufs/ffs/ffs_softdep.c:3986
#8  0xc024ec5a in ffs_fsync (ap=0xc030ce20) at
../../ufs/ffs/ffs_vnops.c:134
#9  0xc024d8e7 in ffs_sync (mp=0xc198ec00, waitfor=2, cred=0xc1474500,
    p=0xc0368f40) at vnode_if.h:558
#10 0xc019ffd3 in sync (p=0xc0368f40, uap=0x0) at
../../kern/vfs_syscalls.c:547
#11 0xc016f9ae in boot (howto=256) at ../../kern/kern_shutdown.c:234
#12 0xc016fff5 in panic (fmt=0xc030574c "%s") at
../../kern/kern_shutdown.c:582
#13 0xc02b2faf in trap_fatal (frame=0xc030cf38, eva=50529055)
    at ../../i386/i386/trap.c:956
#14 0xc02b2c5d in trap_pfault (frame=0xc030cf38, usermode=0, eva=50529055)
    at ../../i386/i386/trap.c:849
#15 0xc02b2803 in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16,
      tf_edi = -1047960544, tf_esi = 0, tf_ebp = -1070542904,
      tf_isp = -1070543004, tf_ebx = 50529027, tf_edx = 0,
      tf_ecx = -1048122492, tf_eax = 6424576, tf_trapno = 12, tf_err = 0,
      tf_eip = -1071935415, tf_cs = 8, tf_eflags = 66054,
      tf_esp = -1047960544, tf_ss = 50529027}) at
../../i386/i386/trap.c:448
#16 0xc01b9049 in rtalloc1 (dst=0xc1896420, report=0, ignflags=65792)
    at ../../net/route.c:135
#17 0xc01c53e5 in in_addroute (v_arg=0xc1896420, n_arg=0x0,
head=0xc186ea80,
    treenodes=0xc1e95c00) at ../../netinet/in_rmx.c:121
#18 0xc01b98e8 in rtrequest1 (req=11, info=0xc030d054, ret_nrt=0xc030d0b8)
    at ../../net/route.c:692
#19 0xc01b9518 in rtrequest (req=11, dst=0xc030d130, gateway=0x0,
netmask=0x0,
    flags=0, ret_nrt=0xc030d0b8) at ../../net/route.c:489
#20 0xc01b9097 in rtalloc1 (dst=0xc030d130, report=1, ignflags=256)
    at ../../net/route.c:149
#21 0xc01b9004 in rtalloc_ign (ro=0xc030d12c, ignore=256)
    at ../../net/route.c:111
#22 0xc1a22019 in ?? ()
#23 0xc1a22b73 in ?? ()
#24 0xc01c73b7 in ip_input (m=0xc1476600) at ../../netinet/ip_input.c:419
#25 0xc01c793b in ipintr () at ../../netinet/ip_input.c:843
#26 0xc02a7d95 in swi_net_next ()
(kgdb) up 16
#16 0xc01b9049 in rtalloc1 (dst=0xc1896420, report=0, ignflags=65792)
    at ../../net/route.c:135
135             if (rnh && (rn = rnh->rnh_matchaddr((caddr_t)dst, rnh)) &&
(kgdb) list
130             int  s = splnet(), err = 0, msgtype = RTM_MISS;
131
132             /*
133              * Look up the address in the table for that Address
Family
134              */
135             if (rnh && (rn = rnh->rnh_matchaddr((caddr_t)dst, rnh)) &&
136                 ((rn->rn_flags & RNF_ROOT) == 0)) {
137                     /*
138                      * If we find it and it's not the root node, then
139                      * get a refernce on the rtentry associated.
(kgdb) print rnh
$1 = (struct radix_node_head *) 0x620800
(kgdb) print dst
$2 = (struct sockaddr *) 0xc1896420
(kgdb) print rn
$3 = (struct radix_node *) 0x0
(kgdb) print *rnh
cannot read proc at 0
(kgdb) print *dst
$4 = {sa_len = 0 '\000', sa_family = 97 'a',
  sa_data = "\211Á\020\002\000\000£\001\177\236\000\000\000"}



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.4.33.0203182119250.2438-100000>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact