From owner-freebsd-stable@FreeBSD.ORG  Mon Apr  7 16:47:29 2008
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: stable@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CB57E1065675
	for <stable@FreeBSD.org>; Mon,  7 Apr 2008 16:47:29 +0000 (UTC)
	(envelope-from hopet@ics.muni.cz)
Received: from minas.ics.muni.cz (minas.ics.muni.cz [147.251.4.40])
	by mx1.freebsd.org (Postfix) with ESMTP id 329D98FC19
	for <stable@FreeBSD.org>; Mon,  7 Apr 2008 16:47:28 +0000 (UTC)
	(envelope-from hopet@ics.muni.cz)
Received: from KLOBOUCEK (kloboucek.ics.muni.cz [147.251.3.38])
	(authenticated user=hopet@ICS.MUNI.CZ bits=0)
	by minas.ics.muni.cz (8.13.8/8.13.8/SuSE Linux 0.8) with ESMTP id
	m37GGwBM019118
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO)
	for <stable@FreeBSD.org>; Mon, 7 Apr 2008 18:16:59 +0200
From: "Petr Holub" <hopet@ics.muni.cz>
To: <stable@FreeBSD.org>
Date: Mon, 7 Apr 2008 18:16:53 +0200
Message-ID: <01ab01c898ca$ce4763e0$6ad62ba0$@muni.cz>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AciYyqyLmht0PHSzRhi9UVsuSCFPVA==
Content-Language: cs
x-cr-hashedpuzzle: AbdL Adyg AzgN BU5x BaQk B3mK CVeC C4Lu FWzn F802 GY8E JafN
	K+9i LEPU LwN6 L7z0; 1;
	cwB0AGEAYgBsAGUAQABmAHIAZQBlAGIAcwBkAC4AbwByAGcA; Sosha1_v1; 7;
	{824230F2-88CB-4EE1-9FD1-F66233978EAD};
	aABvAHAAZQB0AEAAaQBjAHMALgBtAHUAbgBpAC4AYwB6AA==;
	Mon, 07 Apr 2008 16:16:13 GMT;
	cABhAG4AaQBjAHMAIABvAG4AIAA2AC4AMwAtAFIARQBMAEUAQQBTAEUAIABpAG4AIABJAFAAIABzAHQAYQBjAGsA
x-cr-puzzleid: {824230F2-88CB-4EE1-9FD1-F66233978EAD}
X-Muni-Spam-TestIP: 147.251.3.38
X-Muni-Envelope-From: hopet@ics.muni.cz
X-Muni-Virus-Test: Clean
X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by
	milter-greylist-3.0 (minas.ics.muni.cz [147.251.4.35]);
	Mon, 07 Apr 2008 18:16:59 +0200 (CEST)
Cc: 
Subject: panics on 6.3-RELEASE in IP stack
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Apr 2008 16:47:29 -0000

Hi all,

I started to play with RAT application (ports: mbone/rat + an SVN =
version)
and
it seems to crash my 6.3-RELEASE-p1 box in rather deterministic way. =
Crash
details are shown below. Has anyone seen a problem like this?

Thanks,
Petr

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you =
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for =
details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
fault virtual address	=3D 0x0
fault code		=3D supervisor read, page not present
instruction pointer	=3D 0x20:0xc0713a7f
stack pointer	        =3D 0x28:0xe8583b38
frame pointer	        =3D 0x28:0xe8583b40
code segment		=3D base 0x0, limit 0xfffff, type 0x1b
			=3D DPL 0, pres 1, def32 1, gran 1
processor eflags	=3D interrupt enabled, resume, IOPL =3D 0
current process		=3D 9460 (rat-4.4.01)
trap number		=3D 12
panic: page fault
Uptime: 35m41s
Dumping 1023 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 1023MB (261760 pages) 1007 991 975 959 943 927 911 895 879 =
863
847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 =
559
543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 =
255
239 223 207 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
	in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:165
#1  0xc06a4ad6 in boot (howto=3D260) at =
/usr/src/sys/kern/kern_shutdown.c:409
#2  0xc06a4d6c in panic (fmt=3D0xc096ba63 "%s")
    at /usr/src/sys/kern/kern_shutdown.c:565
#3  0xc090d0d4 in trap_fatal (frame=3D0xe8583af8, eva=3D0)
    at /usr/src/sys/i386/i386/trap.c:838
#4  0xc090ce3b in trap_pfault (frame=3D0xe8583af8, usermode=3D0, =
eva=3D0)
    at /usr/src/sys/i386/i386/trap.c:745
#5  0xc090ca79 in trap (frame=3D
      {tf_fs =3D 8, tf_es =3D 40, tf_ds =3D -983498712, tf_edi =3D =
-396870780,
tf_esi =3D -396870780, tf_ebp =3D -396870848, tf_isp =3D -396870876, =
tf_ebx =3D
-972494912, tf_edx =3D -975435904, tf_ecx =3D 0, tf_eax =3D 0, tf_trapno =
=3D 12,
tf_err =3D 0, tf_eip =3D -1066321281, tf_cs =3D 32, tf_eflags =3D 66183, =
tf_esp =3D
-396870780, tf_ss =3D -985987072}) at /usr/src/sys/i386/i386/trap.c:435
#6  0xc08f9f0a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc0713a7f in if_findmulti (ifp=3D0x0, sa=3D0xe8583b84)
    at /usr/src/sys/net/if.c:1893
#8  0xc0713c1f in if_addmulti (ifp=3D0xc53b0800, sa=3D0xe8583b84,=20
    retifma=3D0xe8583b80) at /usr/src/sys/net/if.c:2001
#9  0xc073f6bb in in_addmulti (ap=3D0xe8583bb8, ifp=3D0xc53b0800)
    at /usr/src/sys/netinet/in.c:982
#10 0xc0748898 in ip_setmoptions (inp=3D0xc58a3d5c, sopt=3D0xc5dc0780)
    at /usr/src/sys/netinet/ip_output.c:1897
#11 0xc0747cc7 in ip_ctloutput_pcbinfo (so=3D0xc60469bc, =
sopt=3D0xe8583c90,=20
    pcbinfo=3D0xc0a746a0) at /usr/src/sys/netinet/ip_output.c:1314
#12 0xc0747f74 in ip_ctloutput (so=3D0xc60469bc, sopt=3D0xe8583c90)
    at /usr/src/sys/netinet/ip_output.c:1516
#13 0xc06dfcf0 in sosetopt (so=3D0xc60469bc, sopt=3D0xe8583c90)
    at /usr/src/sys/kern/uipc_socket.c:1575
#14 0xc06e5071 in kern_setsockopt (td=3D0xc5dc0780, s=3D4, level=3D0, =
name=3D0,=20
    val=3D0x0, valseg=3DUIO_USERSPACE, valsize=3D3319531392)
    at /usr/src/sys/kern/uipc_syscalls.c:1351
#15 0xc06e4f92 in setsockopt (td=3D0xc5dc0780, uap=3D0x0)
    at /usr/src/sys/kern/uipc_syscalls.c:1307
#16 0xc090d3eb in syscall (frame=3D
      {tf_fs =3D 59, tf_es =3D 59, tf_ds =3D 59, tf_edi =3D 134598976, =
tf_esi =3D
47000, tf_ebp =3D -1077942872, tf_isp =3D -396870300, tf_ebx =3D =
-1077942896,
tf_edx =3D -270598176, tf_ecx =3D 23, tf_eax =3D 105, tf_trapno =3D 12, =
tf_err =3D 2,
tf_eip =3D 672253131, tf_cs =3D 51, tf_eflags =3D 658, tf_esp =3D =
-1077942980, tf_ss
=3D 59})
    at /usr/src/sys/i386/i386/trap.c:984
#17 0xc08f9f5f in Xint0x80_syscall ()
    at /usr/src/sys/i386/i386/exception.s:200
#18 0x00000033 in ?? ()
(kgdb) bt full
#0  doadump () at pcpu.h:165
No locals.
#1  0xc06a4ad6 in boot (howto=3D260) at =
/usr/src/sys/kern/kern_shutdown.c:409
	first_buf_printf =3D 1
#2  0xc06a4d6c in panic (fmt=3D0xc096ba63 "%s")
    at /usr/src/sys/kern/kern_shutdown.c:565
	td =3D (struct thread *) 0xc5dc0780
	bootopt =3D 260
	newpanic =3D 0
	ap =3D 0xc5dc0780 "H6=DC=C5=C0YE=C5"
	buf =3D "page fault", '\0' <repeats 245 times>
#3  0xc090d0d4 in trap_fatal (frame=3D0xe8583af8, eva=3D0)
    at /usr/src/sys/i386/i386/trap.c:838
	code =3D 40
	ss =3D 40
	esp =3D 0
	type =3D 12
	softseg =3D {ssd_base =3D 0, ssd_limit =3D 1048575, ssd_type =3D 27,=20
  ssd_dpl =3D 0, ssd_p =3D 1, ssd_xx =3D 6, ssd_xx1 =3D 3, ssd_def32 =3D =
1,=20
  ssd_gran =3D 1}
	msg =3D 0x0
#4  0xc090ce3b in trap_pfault (frame=3D0xe8583af8, usermode=3D0, =
eva=3D0)
    at /usr/src/sys/i386/i386/trap.c:745
	va =3D 0
	vm =3D (struct vmspace *) 0x0
	map =3D 0xc5fbc000
	rv =3D 1
	ftype =3D 1 '\001'
	td =3D (struct thread *) 0xc5dc0780
	p =3D (struct proc *) 0xc5dc3648
#5  0xc090ca79 in trap (frame=3D
      {tf_fs =3D 8, tf_es =3D 40, tf_ds =3D -983498712, tf_edi =3D =
-396870780,
tf_esi =3D -396870780, tf_ebp =3D -396870848, tf_isp =3D -396870876, =
tf_ebx =3D
-972494912, tf_edx =3D -975435904, tf_ecx =3D 0, tf_eax =3D 0, tf_trapno =
=3D 12,
tf_err =3D 0, tf_eip =3D -1066321281, tf_cs =3D 32, tf_eflags =3D 66183, =
tf_esp =3D
-396870780, tf_ss =3D -985987072}) at /usr/src/sys/i386/i386/trap.c:435
	td =3D (struct thread *) 0xc5dc0780
	p =3D (struct proc *) 0xc5dc3648
	sticks =3D 3314033776
	type =3D 12
	i =3D 0
	ucode =3D 0
	code =3D 0
	eva =3D 0
#6  0xc08f9f0a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
No locals.
#7  0xc0713a7f in if_findmulti (ifp=3D0x0, sa=3D0xe8583b84)
    at /usr/src/sys/net/if.c:1893
	ifma =3D (struct ifmultiaddr *) 0xc608e7c0
#8  0xc0713c1f in if_addmulti (ifp=3D0xc53b0800, sa=3D0xe8583b84,=20
    retifma=3D0xe8583b80) at /usr/src/sys/net/if.c:2001
	ifma =3D (struct ifmultiaddr *) 0xe8583b84
	ll_ifma =3D (struct ifmultiaddr *) 0xc5dc0780
	llsa =3D (struct sockaddr *) 0xe8583b64
	error =3D -987328256
#9  0xc073f6bb in in_addmulti (ap=3D0xe8583bb8, ifp=3D0xc53b0800)
    at /usr/src/sys/netinet/in.c:982
	inm =3D (struct in_multi *) 0xe8583b84
	error =3D 0
	sin =3D {sin_len =3D 16 '\020', sin_family =3D 2 '\002', sin_port =3D =
0,=20
  sin_addr =3D {s_addr =3D 4024369120}, sin_zero =3D
"\000\000\000\000\000\000\000"}
	ifma =3D (struct ifmultiaddr *) 0xc58a3d5c
#10 0xc0748898 in ip_setmoptions (inp=3D0xc58a3d5c, sopt=3D0xc5dc0780)
    at /usr/src/sys/netinet/ip_output.c:1897
	error =3D 0
	i =3D 0
	addr =3D {s_addr =3D 0}
	mreq =3D {imr_multiaddr =3D {s_addr =3D 4024369120}, imr_interface =3D =
{
    s_addr =3D 0}}
	ifp =3D (struct ifnet *) 0xc53b0800
	imo =3D (struct ip_moptions *) 0xc552c200
	ro =3D {ro_rt =3D 0x0, ro_dst =3D {sa_len =3D 16 '\020',=20
    sa_family =3D 2 '\002',=20
    sa_data =3D "\000\000=E0=FF=DE=EF\000\000\000\000\000\000\000"}}
	ifindex =3D -975435904
#11 0xc0747cc7 in ip_ctloutput_pcbinfo (so=3D0xc60469bc, =
sopt=3D0xe8583c90,=20
    pcbinfo=3D0xc0a746a0) at /usr/src/sys/netinet/ip_output.c:1314
	inp =3D (struct inpcb *) 0xc58a3d5c
	error =3D 0
	optval =3D 0
#12 0xc0747f74 in ip_ctloutput (so=3D0xc60469bc, sopt=3D0xe8583c90)
    at /usr/src/sys/netinet/ip_output.c:1516
No locals.
#13 0xc06dfcf0 in sosetopt (so=3D0xc60469bc, sopt=3D0xe8583c90)
    at /usr/src/sys/kern/uipc_socket.c:1575
	error =3D -975435904
	optval =3D -1048225976
	l =3D {l_onoff =3D -396870524, l_linger =3D 0}
	tv =3D {tv_sec =3D -1066137227, tv_usec =3D -1048309760}
	val =3D 0
#14 0xc06e5071 in kern_setsockopt (td=3D0xc5dc0780, s=3D4, level=3D0, =
name=3D0,=20
    val=3D0x0, valseg=3DUIO_USERSPACE, valsize=3D3319531392)
    at /usr/src/sys/kern/uipc_syscalls.c:1351
	error =3D 0
	fp =3D (struct file *) 0xc5d77c60
	sopt =3D {sopt_dir =3D SOPT_SET, sopt_level =3D 0, sopt_name =3D 12,=20
  sopt_val =3D 0xbfbfe584, sopt_valsize =3D 8, sopt_td =3D 0xc5dc0780}
#15 0xc06e4f92 in setsockopt (td=3D0xc5dc0780, uap=3D0x0)
    at /usr/src/sys/kern/uipc_syscalls.c:1307
No locals.
#16 0xc090d3eb in syscall (frame=3D
      {tf_fs =3D 59, tf_es =3D 59, tf_ds =3D 59, tf_edi =3D 134598976, =
tf_esi =3D
47000, tf_ebp =3D -1077942872, tf_isp =3D -396870300, tf_ebx =3D =
-1077942896,
tf_edx =3D -270598176, tf_ecx =3D 23, tf_eax =3D 105, tf_trapno =3D 12, =
tf_err =3D 2,
tf_eip =3D 672253131, tf_cs =3D 51, tf_eflags =3D 658, tf_esp =3D =
-1077942980, tf_ss
=3D 59})
    at /usr/src/sys/i386/i386/trap.c:984
	params =3D 0xbfbfe540 <Address 0xbfbfe540 out of bounds>
	callp =3D (struct sysent *) 0xc09fca4c
	td =3D (struct thread *) 0xc5dc0780
	p =3D (struct proc *) 0xc5dc3648
	orig_tf_eflags =3D 658
	sticks =3D 0
	error =3D 0
	narg =3D 5
	args =3D {4, 0, 12, -1077942908, 8, 0, 0, -975423928}
	code =3D 105
#17 0xc08f9f5f in Xint0x80_syscall ()
    at /usr/src/sys/i386/i386/exception.s:200
No locals.
#18 0x00000033 in ?? ()
No symbol table info available.
(kgdb) up 7
#7  0xc0713a7f in if_findmulti (ifp=3D0x0, sa=3D0xe8583b84)
    at /usr/src/sys/net/if.c:1893
1893				if (sa_equal(ifma->ifma_addr, sa))
(kgdb) p ifma->ifma_addr
$1 =3D (struct sockaddr *) 0x0
(kgdb) p *ifma
$2 =3D {ifma_link =3D {tqe_next =3D 0x306d65, tqe_prev =3D 0x0}, =
ifma_addr =3D 0x0,=20
  ifma_lladdr =3D 0x0, ifma_ifp =3D 0x8843, ifma_refcount =3D 0,=20
  ifma_protospec =3D 0x0}
$3 =3D (struct sockaddr *) 0xe8583b84
(kgdb) p *sa
$4 =3D {sa_len =3D 16 '\020', sa_family =3D 2 '\002',=20
  sa_data =3D "\000\000=E0=FF=DE=EF\000\000\000\000\000\000\000"}
(kgdb) q