From owner-freebsd-net@FreeBSD.ORG  Mon Jun 29 12:03:09 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 085D41065741
	for <net@freebsd.org>; Mon, 29 Jun 2009 12:03:08 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
	by mx1.freebsd.org (Postfix) with ESMTP id BFE2B8FC1C
	for <net@freebsd.org>; Mon, 29 Jun 2009 12:03:08 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41])
	by cyrus.watson.org (Postfix) with ESMTPS id 610B346B35;
	Mon, 29 Jun 2009 08:03:08 -0400 (EDT)
Date: Mon, 29 Jun 2009 13:03:08 +0100 (BST)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: Jerry Toung <jrytoung@gmail.com>
In-Reply-To: <86068e730906221718o7b37660ei640fe85085624e06@mail.gmail.com>
Message-ID: <alpine.BSF.2.00.0906291259420.27566@fledge.watson.org>
References: <86068e730906221718o7b37660ei640fe85085624e06@mail.gmail.com>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="621616949-595102064-1246276988=:27566"
Cc: net@freebsd.org
Subject: Re: in_pcb crash on 7.2 RELEASE 64bits
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jun 2009 12:03:22 -0000

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--621616949-595102064-1246276988=:27566
Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8BIT


On Mon, 22 Jun 2009, Jerry Toung wrote:

> may be someone has seen this  already before I dig into the issue myself. A 
> consistent crash with the following trace.       Unread portion of the 
> kernel message buffer:

This is a NULL pointer dereference -- could you tell me what specific version 
of in_pcb.c ($FreeBSD$) you're running with?  This seems like an unlikely 
panic to me, as the code in in_pcb.c is fairly careful about walking off the 
ends of address lists.  However, we have a fairly large number of changes in 
8.x (and even slightly later 7.x) to address known race conditions in address 
list management, so that could be related.

Robert N M Watson
Computer Laboratory
University of Cambridge

> 
> Fatal trap 12: page fault while in kernel mode
> cpuid = 4; apic id = 04
> fault virtual address   = 0x164
> fault code              = supervisor read data, page not present
> instruction pointer     = 0x8:0xffffffff806016c8
> stack pointer           = 0x10:0xfffffffefc079840
> frame pointer           = 0x10:0xc0000000
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 1352 (gated)
> trap number             = 12
> panic: page fault
> cpuid = 4
> Uptime: 5m37s
> Dumping 4093 MB (4 chunks)
>   chunk 0: 1MB (156 pages) ... ok
>   chunk 1: 3326MB (851284 pages) 3310 3294 3278 3262 3246 3230 3214 3198
> 3182 3166 3150 3134 3118 3102 3086 3070 3054 3038 3022 3006 2990 2974 2958
> 2942 2926 2910 2894 2878 2862 2846 2830 2814 2798 2782 2766 2750 2734 2718
> 2702 2686 2670 2654 2638 2622 2606 2590 2574 2558 2542 2526 2510 2494 2478
> 2462 2446 2430 2414 2398 2382 2366 2350 2334 2318 2302 2286 2270 2254 2238
> 2222 2206 2190 2174 2158 2142 2126 2110 2094 2078 2062 2046 2030 2014 1998
> 1982 1966 1950 1934 1918 1902 1886 1870 1854 1838 1822 1806 1790 1774 1758
> 1742 1726 1710 1694 1678 1662 1646 1630 1614 1598 1582 1566 1550 1534 1518
> 1502 1486 1470 1454 1438 1422 1406 1390 1374 1358 1342 1326 1310 1294 1278
> 1262 1246 1230 1214 1198 1182 1166 1150 1134 1118 1102 1086 1070 1054 1038
> 1022 1006 990 974 958 942 926 910 894 878 862 846 830 814 798 782 766 750
> 734 718 702 686 670 654 638 622 606 590 574 558 542 526 510 494 478 462 446
> 430 414 398 382 366 350 334 318 302 286 270 254 238 222 206 190 174 158 142
> 126 110 94 78 62 46 30 14 ... ok
>   chunk 2: 1MB (1 pages) ... ok
>   chunk 3: 768MB (196607 pages) 753 737 721 705 689 673 657 641 625 609 593
> 577 561 545 529 513 497 481 465 449 433 417 401 385 369 353 337 321 305 289
> 273 257 241 225 209 193 177 161 145 129 113 97 81 65 49 33 17
> #0  doadump () at pcpu.h:195
> 195     pcpu.h: No such file or directory.
>         in pcpu.h
> (kgdb) bt
> #0  doadump () at pcpu.h:195
> #1  0x0000000000000004 in ?? ()
> #2  0xffffffff80521d59 in boot (howto=260) at
> /usr/src/sys/kern/kern_shutdown.c:418
> #3  0xffffffff80522162 in panic (fmt=0x104 <Address 0x104 out of bounds>)
>     at /usr/src/sys/kern/kern_shutdown.c:574
> #4  0xffffffff807e6a93 in trap_fatal (frame=0xffffff00038a06e0, eva=Variable
> "eva" is not available.
> )
>     at /usr/src/sys/amd64/amd64/trap.c:757
> #5  0xffffffff807e6e65 in trap_pfault (frame=0xfffffffefc079790, usermode=0)
>     at /usr/src/sys/amd64/amd64/trap.c:673
> #6  0xffffffff807e77a4 in trap (frame=0xfffffffefc079790)
>     at /usr/src/sys/amd64/amd64/trap.c:444
> #7  0xffffffff807cb90e in calltrap () at
> /usr/src/sys/amd64/amd64/exception.S:209
> #8  0xffffffff806016c8 in in_pcbconnect_setup (inp=0xffffff001439d6c0,
> nam=Variable "nam" is not available.
> )
>     at /usr/src/sys/netinet/in_pcb.c:833
> #9  0xffffffff806795a1 in udp_send (so=Variable "so" is not available.
> ) at /usr/src/sys/netinet/udp_usrreq.c:961
> #10 0xffffffff8057d1a1 in sosend_dgram (so=0xffffff00143442d0,
> addr=0xffffff0003b6e530, uio=Variable "uio" is not available.
> )
>     at /usr/src/sys/kern/uipc_socket.c:1059
> #11 0xffffffff80581d77 in kern_sendit (td=0xffffff00038a06e0, s=22,
> mp=0xfffffffefc079af0,
>     flags=4, control=0x0, segflg=Variable "segflg" is not available.
> ) at /usr/src/sys/kern/uipc_syscalls.c:805
> #12 0xffffffff80584d4f in sendit (td=0xffffff00038a06e0, s=22,
> mp=0xfffffffefc079af0, flags=4)
>     at /usr/src/sys/kern/uipc_syscalls.c:742
> #13 0xffffffff80584de9 in sendmsg (td=0xffffff00038a06e0,
> uap=0xfffffffefc079bf0)
>     at /usr/src/sys/kern/uipc_syscalls.c:938
> #14 0xffffffff807e70e7 in syscall (frame=0xfffffffefc079c80)
>     at /usr/src/sys/amd64/amd64/trap.c:900
> #15 0xffffffff807cbb1b in Xfast_syscall () at
> /usr/src/sys/amd64/amd64/exception.S:330
> #16 0x0000000801c1a00c in ?? ()
> Previous frame inner to this frame (corrupt stack?)
> (kgdb) f 8
> #8  0xffffffff806016c8 in in_pcbconnect_setup (inp=0xffffff001439d6c0,
> nam=Variable "nam" is not available.
> )
>     at /usr/src/sys/netinet/in_pcb.c:833
> 833     /usr/src/sys/netinet/in_pcb.c: No such file or directory.
>         in /usr/src/sys/netinet/in_pcb.c
> (kgdb) p *ia
> Cannot access memory at address 0x0
> (kgdb) i loc
> ia = (struct in_ifaddr *) 0x0
> oinp = Variable "oinp" is not available.
> (kgdb)
>  
>  
> thanks,
> Jerry
> 
>
--621616949-595102064-1246276988=:27566--