From owner-freebsd-bugs@FreeBSD.ORG Thu Feb 28 18:00:02 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 38F891065672 for ; Thu, 28 Feb 2008 18:00:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 0AA148FC1E for ; Thu, 28 Feb 2008 18:00:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m1SI01I2065100 for ; Thu, 28 Feb 2008 18:00:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m1SI01ep065099; Thu, 28 Feb 2008 18:00:01 GMT (envelope-from gnats) Resent-Date: Thu, 28 Feb 2008 18:00:01 GMT Resent-Message-Id: <200802281800.m1SI01ep065099@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Oleksandr V. Typlyns'kyi" Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A92521065670 for ; Thu, 28 Feb 2008 17:52:32 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 8C97B8FC22 for ; Thu, 28 Feb 2008 17:52:32 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m1SHnhQ2090670 for ; Thu, 28 Feb 2008 17:49:43 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.2/8.14.1/Submit) id m1SHnhaZ090669; Thu, 28 Feb 2008 17:49:43 GMT (envelope-from nobody) Message-Id: <200802281749.m1SHnhaZ090669@www.freebsd.org> Date: Thu, 28 Feb 2008 17:49:43 GMT From: "Oleksandr V. Typlyns'kyi" To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/121181: Fatal trap 3: breakpoint instruction fault while in kernel mode, rtfree: NULL rnh X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2008 18:00:02 -0000 >Number: 121181 >Category: kern >Synopsis: Fatal trap 3: breakpoint instruction fault while in kernel mode, rtfree: NULL rnh >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Feb 28 18:00:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Oleksandr V. Typlyns'kyi >Release: 6.3-RELEASE >Organization: Bigmir-Internet >Environment: FreeBSD g1.sputnikmedia.net 6.3-RELEASE FreeBSD 6.3-RELEASE #1: Sun Jan 27 12:23:56 EET 2008 root@g1.sputnikmedia.net:/usr/obj/usr/src/sys/G1 i386 >Description: [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: panic: rtfree: NULL rnh cpuid = 7 Uptime: 21d5h5m43s Dumping 2046 MB (2 chunks) chunk 0: 1MB (156 pages) ... ok chunk 1: 2047MB (523872 pages) 2031 2015 1999 1983 1967 1951 1935 1919 1903 1887 1871 1855 1839 1823 1807 1791 1775 1759 1743 1727 1711 1695 1679 1663 1647 1631 1615 1599 1583 1567 1551 1535 1519 1503 1487 1471 1455 1439 1423 1407 1391 1375 1359 1343 1327 1311 1295 1279 1263 1247 1231 1215 1199 1183 1167 1151 1135 1119 1103 1087 1071 1055 1039 1023 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 #0 doadump () at pcpu.h:165 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) bt full #0 doadump () at pcpu.h:165 No locals. #1 0xc04f225a in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409 first_buf_printf = 1 #2 0xc04f260b in panic (fmt=0xc069b980 "rtfree: NULL rnh") at /usr/src/sys/kern/kern_shutdown.c:565 td = (struct thread *) 0xc6382600 bootopt = 260 newpanic = 0 ap = 0xc6382600 "" buf = "rtfree: NULL rnh", '\0' #3 0xc05808e7 in rtfree (rt=0xc6161c00) at /usr/src/sys/net/route.c:240 rnh = (struct radix_node_head *) 0x0 #4 0xc0598aa3 in ip_output (m=0xca97be00, opt=0xc6161c00, ro=0xe9753a80, flags=0, imo=0x0, inp=0xca17f168) at /usr/src/sys/netinet/ip_output.c:835 ip = (struct ip *) 0xca97be40 ifp = (struct ifnet *) 0xc6161c00 m0 = (struct mbuf *) 0x1 hlen = 20 len = -969398784 error = 0 dst = (struct sockaddr_in *) 0xe9753a84 ia = (struct in_ifaddr *) 0xc62af300 isbroadcast = 0 sw_csum = 1 iproute = {ro_rt = 0xc644a000, ro_dst = {sa_len = 16 '\020', sa_family = 2 '\002', sa_data = "\000\000\177\000\000\001\000\000\000\000\000\000\000"}} odst = {s_addr = 1} fwd_tag = (struct m_tag *) 0x0 #5 0xc05a2ce0 in tcp_output (tp=0xcc7d01d0) at /usr/src/sys/netinet/tcp_output.c:1080 so = (struct socket *) 0xccb2e2c8 len = 43 recwin = 71680 sendwin = -896025004 off = 0 flags = 24 error = 0 m = (struct mbuf *) 0xca97be00 ip = (struct ip *) 0xca97be40 th = (struct tcphdr *) 0xca97be54 opt = "\001\001\b\nm<\203╦m<\203f\220Ц╡л\000М╘м\000\000\000\000\220Ц╡л`;uИНаSю\220Ц╡л" ipoptlen = 0 optlen = 12 hdrlen = 52 idle = 1 sendalot = 0 i = -378193104 sack_rxmit = 0 sack_bytes_rxmt = 0 p = (struct sackhole *) 0x0 #6 0xc05a997f in tcp_usr_send (so=0xccb2e2c8, flags=0, m=0xcda9ed00, nam=0x0, control=0x0, td=0xc6382600) at /usr/src/sys/netinet/tcp_usrreq.c:698 error = 0 inp = (struct inpcb *) 0xca17f168 tp = (struct tcpcb *) 0xcc7d01d0 unlocked = 1 #7 0xc0538024 in sosend (so=0xccb2e2c8, addr=0x0, uio=0xe9753c34, top=0xcda9ed00, control=0x0, flags=128, td=0xc6382600) at /usr/src/sys/kern/uipc_socket.c:836 mp = (struct mbuf **) 0xcda9ed00 m = (struct mbuf *) 0xcda9ed00 space = 71637 len = 43 resid = 0 clen = -844501760 error = 0 dontroute = 0 atomic = 0 #8 0xc053eb94 in kern_sendit (td=0xc6382600, s=16, mp=0xe9753cb0, flags=128, control=0x0, segflg=UIO_USERSPACE) at /usr/src/sys/kern/uipc_syscalls.c:772 fp = (struct file *) 0xca7a18b8 auio = {uio_iov = 0xe9753ca8, uio_iovcnt = 1, uio_offset = 43, uio_resid = 0, uio_segflg = UIO_USERSPACE, uio_rw = UIO_WRITE, uio_td = 0xc6382600} iov = (struct iovec *) 0x0 so = (struct socket *) 0xccb2e2c8 i = 0 len = 43 error = 0 ktruio = (struct uio *) 0x0 #9 0xc053ea1d in sendit (td=0x0, s=0, mp=0xe9753cb0, flags=0) at /usr/src/sys/kern/uipc_syscalls.c:712 control = (struct mbuf *) 0x0 to = (struct sockaddr *) 0x0 error = -941752320 #10 0xc053ed8a in sendto (td=0x0, uap=0x0) at /usr/src/sys/kern/uipc_syscalls.c:830 msg = {msg_name = 0x0, msg_namelen = 0, msg_iov = 0xe9753ca8, msg_iovlen = 1, msg_control = 0x0, msg_controllen = 3353214976, msg_flags = 0} aiov = {iov_base = 0x81a4bc7, iov_len = 0} error = 0 #11 0xc06682db in syscall (frame= {tf_fs = 134873147, tf_es = 138805307, tf_ds = -1078001605, tf_edi = 137779712, tf_esi = 43, tf_ebp = -1077943256, tf_isp = -378192540, tf_ebx = 1748313312, tf_edx = 43, tf_ecx = 128, tf_eax = 133, tf_trapno = 22, tf_err = 2, tf_eip = 1748138419, tf_cs = 51, tf_eflags = 2097798, tf_esp = -1077943300, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:984 params = 0xbfbfe400
callp = (struct sysent *) 0xc06bbf1c td = (struct thread *) 0xc6382600 p = (struct proc *) 0xc7de0000 orig_tf_eflags = 2097798 sticks = 4670 error = 0 narg = 6 args = {16, 135941020, 43, 128, 0, 0, 4670, -941752320} code = 133 #12 0xc065074f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200 No locals. #13 0x00000033 in ?? () No symbol table info available. Previous frame inner to this frame (corrupt stack?) [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: pid 803 (nginx): trap 3 with interrupts disabled Fatal trap 3: breakpoint instruction fault while in kernel mode cpuid = 7; apic id = 07 instruction pointer = 0x20:0xc6161c02 stack pointer = 0x28:0xe8d02a48 frame pointer = 0x28:0xc057ae36 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, IOPL = 0 current process = 803 (nginx) trap number = 3 panic: breakpoint instruction fault cpuid = 7 Uptime: 3d0h51m43s Dumping 2046 MB (2 chunks) chunk 0: 1MB (156 pages) ... ok chunk 1: 2047MB (523872 pages) 2031 2015 1999 1983 1967 1951 1935 1919 1903 1887 1871 1855 1839 1823 1807 1791 1775 1759 1743 1727 1711 1695 1679 1663 1647 1631 1615 1599 1583 1567 1551 1535 1519 1503 1487 1471 1455 1439 1423 1407 1391 1375 1359 1343 1327 1311 1295 1279 1263 1247 1231 1215 1199 1183 1167 1151 1135 1119 1103 1087 1071 1055 1039 1023 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 #0 doadump () at pcpu.h:165 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) bt full #0 doadump () at pcpu.h:165 No locals. #1 0xc04f225a in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409 first_buf_printf = 1 #2 0xc04f260b in panic (fmt=0xc068bbeb "%s") at /usr/src/sys/kern/kern_shutdown.c:565 td = (struct thread *) 0xc6508a80 bootopt = 260 newpanic = 0 ap = 0xc6508a80 "`x║ф\200\207\022ф" buf = "breakpoint instruction fault", '\0' #3 0xc0667ef4 in trap_fatal (frame=0xe8d02a08, eva=0) at /usr/src/sys/i386/i386/trap.c:838 code = 40 ss = 40 esp = 0 type = 3 softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_xx = 0, ssd_xx1 = 0, ssd_def32 = 1, ssd_gran = 1} msg = 0x0 #4 0xc0667954 in trap (frame= {tf_fs = 8, tf_es = 40, tf_ds = -971636696, tf_edi = -921215424, tf_esi = 1, tf_ebp = -1067995594, tf_isp = -389010892, tf_ebx = -967585792, tf_edx = 33554432, tf_ecx = -921215488, tf_eax = -971661055, tf_trapno = 3, tf_err = 0, tf_eip = -971629566, tf_cs = 32, tf_eflags = 642, tf_esp = -967585792, tf_ss = -971661056}) at /usr/src/sys/i386/i386/trap.c:632 td = (struct thread *) 0xc6508a80 p = (struct proc *) 0xc6a17860 sticks = 3226981421 type = 3 i = 0 ucode = 0 code = 0 eva = 0 #5 0xc06506fa in calltrap () at /usr/src/sys/i386/i386/exception.s:139 No locals. #6 0xc6161c02 in ?? () No symbol table info available. Previous frame inner to this frame (corrupt stack?) >How-To-Repeat: Don'k know. System crash twice at this point: #0 doadump () at pcpu.h:165 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); >Fix: >Release-Note: >Audit-Trail: >Unformatted: