From owner-freebsd-bugs@FreeBSD.ORG  Tue Aug  3 07:40:11 2010
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D84341065674
	for <freebsd-bugs@hub.freebsd.org>;
	Tue,  3 Aug 2010 07:40:11 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id C72868FC1C
	for <freebsd-bugs@hub.freebsd.org>;
	Tue,  3 Aug 2010 07:40:11 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o737eBHf070905
	for <freebsd-bugs@freefall.freebsd.org>; Tue, 3 Aug 2010 07:40:11 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o737eBfO070891;
	Tue, 3 Aug 2010 07:40:11 GMT (envelope-from gnats)
Date: Tue, 3 Aug 2010 07:40:11 GMT
Message-Id: <201008030740.o737eBfO070891@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Valentin Nechayev <netch@netch.kiev.ua>
Cc: 
Subject: Re: kern/149097: [panic] cdpd causes kernel panic
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Valentin Nechayev <netch@netch.kiev.ua>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Aug 2010 07:40:12 -0000

The following reply was made to PR kern/149097; it has been noted by GNATS.

From: Valentin Nechayev <netch@netch.kiev.ua>
To: bug-followup@FreeBSD.org, vvv@lucky.net
Cc:  
Subject: Re: kern/149097: [panic] cdpd causes kernel panic
Date: Tue, 3 Aug 2010 10:24:58 +0300

 The same problem, 8.1-RELEASE. Data from kernel core file:
 
 kgdb report:
 
 This GDB was configured as "i386-marcel-freebsd"...(no debugging symbols found).
 ..
 Attempt to extract a component of a value that is not a structure pointer.
 Attempt to extract a component of a value that is not a structure pointer.
 Attempt to extract a component of a value that is not a structure pointer.
 Attempt to extract a component of a value that is not a structure pointer.
 #0  0xc05a247c in doadump ()
 (kgdb) bt
 #0  0xc05a247c in doadump ()
 #1  0xc05a2b63 in boot ()
 #2  0xc05a2e05 in panic ()
 #3  0xc0844893 in trap_fatal ()
 #4  0xc0844af0 in trap_pfault ()
 #5  0xc0845473 in trap ()
 #6  0xc082792b in calltrap ()
 #7  0xc0842c24 in bcmp ()
 #8  0x000000be in ?? ()
 #9  0x00000000 in ?? ()
 #10 0x00000000 in ?? ()
 #11 0x00000000 in ?? ()
 #12 0x00000001 in ?? ()
 #13 0xc635d280 in ?? ()
 #14 0xbfbfe5c5 in ?? ()
 #15 0x00000000 in ?? ()
 #16 0xe7a9fd2c in ?? ()
 #17 0xc0844de3 in syscall ()
 Previous frame inner to this frame (corrupt stack?)
 
 Strings from core file:
 
 Fatal trap 12: page fault while in kernel mode
 cpuid = 0; apic id = 00
 fault virtual address   = 0x0
 fault code              = supervisor read, page not present
 instruction pointer     = 0x20:0xc0842c24
 stack pointer           = 0x28:0xe7a9fb54
 frame pointer           = 0x28:0xe7a9fbb8
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = 4533 (cdpd)
 trap number             = 12
 panic: page fault
 cpuid = 0
 KDB: stack backtrace:
 db_trace_self_wrapper(c089ba2e,e7a9f9f4,c05a2dc9,c08bcf13,0,...) at db_trace_sel
 f_wrapper+0x26
 kdb_backtrace(c08bcf13,0,c08853c6,e7a9fa00,0,...) at kdb_backtrace+0x29
 panic(c08853c6,c08be2b9,c635d3e8,1,1,...) at panic+0x119
 trap_fatal(c5156cb0,0,1,0,0,...) at trap_fatal+0x333
 trap_pfault(0,0,0,0,c637c7f8,...) at trap_pfault+0x250
 trap(e7a9fb14) at trap+0x453
 calltrap() at calltrap+0x6
 --- trap 0xc, eip = 0xc0842c24, esp = 0xe7a9fb54, ebp = 0xe7a9fbb8 ---
 bcmp(c5191c00,e7a9fc58,0,0,0,...) at bcmp+0x14
 devfs_write_f(c5b98770,e7a9fc58,c608fd00,0,c635d280,...) at devfs_write_f+0x7c
 dofilewrite(e7a9fc58,ffffffff,ffffffff,0,c5b98770,...) at dofilewrite+0x97
 kern_writev(c635d280,5,e7a9fc58,e7a9fc78,1,...) at kern_writev+0x58
 write(c635d280,e7a9fcf8,e7a9fcbc,c05ab716,c635d280,...) at write+0x4f
 syscall(e7a9fd38) at syscall+0x2d3
 Xint0x80_syscall() at Xint0x80_syscall+0x20
 --- syscall (4, FreeBSD ELF32, write), eip = 0x281b50d3, esp = 0xbfbfe36c, ebp =
  0xbfbfe398 ---
 Uptime: 11m3s
 Physical memory: 2006 MB
 Dumping 128 MB:
 
 Seems devfs is crash place?
 
 This isn't security issue because root is needed to start cdpd.
 
 - - - -
 
 While I have enough resources to debug and test, please prompt
 how to deal with it when stack is destroyed.
 
 
 -netch-