Date: Tue, 27 Jun 2006 15:13:35 +0400 From: Yar Tikhiy <yar@comp.chem.msu.su> To: Denis Shaposhnikov <dsh@vlink.ru> Cc: freebsd-current@freebsd.org, Gleb Smirnoff <glebius@freebsd.org> Subject: Re: carp kernel trap Message-ID: <20060627111334.GE36941@comp.chem.msu.su> In-Reply-To: <87fyhwf6z0.fsf@neva.vlink.ru> References: <87fyhwf6z0.fsf@neva.vlink.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 23, 2006 at 03:26:43PM +0400, Denis Shaposhnikov wrote:
> Hi!
>
> I've got a kernel panic on yesterday's current:
>
> # ifconfig carp3 vhid 3 advskew 100 pass XXXXXXXX 10.10.8.7/26
>
> Fatal trap 12: page fault while in kernel mode
> cpuid = 1; apic id = 06
> fault virtual address = 0x0
> fault code = supervisor write, page not present
> instruction pointer = 0x20:0xc0546fb3
> stack pointer = 0x28:0xe4b38ae8
> cframe pointer = 0x28:0xe4b38b14
> code segment = base 0x0, limit 0xfffff, type 0x1b
> = DPL 0, pres 1, def32 1, gran 1
> processor eflags = interrupt enabled, resume, IOPL = 0
> current process = 53 (ifconfig)
> trap number = 12
> panic: page fault
> cpuid = 1
> arp_input: packet received on non-carp interface: lan0
> carp_input: packet received on non-carp interface: lan0
> carp_input: packet received on non-carp interface: lan0
> Uptime: 2m52s
> Cannot dump. No dump device defined.
> Automatic reboot in 15 seconds - press a key on the console to abort
Acknowledged. Let's notify Gleb Smirnoff about this; adding him to Cc:.
More info on the panic attached.
--
Yar
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x0
fault code = supervisor write, page not present
instruction pointer = 0x20:0xc054733a
stack pointer = 0x28:0xc76fdad4
frame pointer = 0x28:0xc76fdb04
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 39 (ifconfig)
panic: from debugger
Uptime: 6s
Physical memory: 121 MB
Dumping 13 MB:
#0 doadump () at pcpu.h:166
166 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) bt full
#0 doadump () at pcpu.h:166
No locals.
#1 0xc04c8454 in boot (howto=260) at ../../../kern/kern_shutdown.c:409
first_buf_printf = 1
#2 0xc04c86ff in panic (fmt=0xc060d52b "from debugger") at ../../../kern/kern_shutdown.c:565
td = (struct thread *) 0xc1165780
bootopt = 260
newpanic = 1
ap = 0xc76fd88c "<ÙoÇl£EÀ:sTÀ"
buf = "from debugger", '\0' <repeats 242 times>
#3 0xc045a3d5 in db_panic (addr=-1068207302, have_addr=0, count=-1, modif=0xc76fd8b0 "") at ../../../ddb/db_command.c:426
No locals.
#4 0xc045a36c in db_command (last_cmdp=0xc066a824, cmd_table=0x0) at ../../../ddb/db_command.c:395
cmd = (struct command *) 0xc0602f80
t = 0
modif = "\000ØoÇÄØoÇ\211\a\000\000\211\a\000\000Ï\a\000\000\000\000\000\000\000ÈmÀ\r\000\000\000\000ÈmÀ\000ÈmÀ\r\000\000\000\001\000\000\000\000ÙoÇ\v]À\000ÙoÇ$]À@\227lÀÀ\233kÀx\000\000\000 ±fÀ\f\000\000\000 ÙoÇüÃEÀ¬\221aÀÔÀEÀ\f\000\000\000 ±fÀ\206¸EÀ ±fÀ`¨fÀ"
addr = -1068207302
count = -1
have_addr = 0
result = 0
#5 0xc045a42a in db_command_loop () at ../../../ddb/db_command.c:446
No locals.
#6 0xc045c041 in db_trap (type=12, code=0) at ../../../ddb/db_main.c:221
jb = {{_jb = {-948971168, -948971188, -948971116, -948970860, 12, -1069170726, 12, -948971092, -1068608069,
-1067229443, -1068607936, -948971112}}}
prev_jb = (void *) 0x0
bkpt = 0
#7 0xc04e3b59 in kdb_trap (type=12, code=0, tf=0x0) at ../../../kern/subr_kdb.c:502
handled = 0
#8 0xc05f55d1 in trap_fatal (frame=0xc76fda94, eva=0) at ../../../i386/i386/trap.c:860
code = 2
type = 12
ss = 40
esp = 0
softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_xx = 0, ssd_xx1 = 3,
ssd_def32 = 1, ssd_gran = 1}
msg = 0x0
#9 0xc05f5333 in trap_pfault (frame=0xc76fda94, usermode=0, eva=0) at ../../../i386/i386/trap.c:778
va = 0
vm = (struct vmspace *) 0x0
map = 0xc1167a28
rv = 1
ftype = 1 '\001'
td = (struct thread *) 0xc1165780
p = (struct proc *) 0xc1293000
#10 0xc05f4f51 in trap (frame=
{tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -1055540224, tf_esi = -1054194432, tf_ebp = -948970748, tf_isp = -948970816, tf_ebx = -1054273536, tf_edx = 0, tf_ecx = -1055540212, tf_eax = -1053789472, tf_trapno = 12, tf_err = 0, tf_eip = -1068207302, tf_cs = 32, tf_eflags = 66118, tf_esp = -948970764, tf_ss = -1054273536}) at ../../../i386/i386/trap.c:463
td = (struct thread *) 0xc1165780
p = (struct proc *) 0xc1293000
i = 0
ucode = 0
type = 12
code = 2
addr = -948970932
eva = 0
ksi = {ksi_link = {tqe_next = 0xc061cf41, tqe_prev = 0x6b5}, ksi_info = {si_signo = -1066976812, si_errno = 0,
si_code = -1067331775, si_pid = 1714, si_uid = 3228277308, si_status = -948970900, si_addr = 0xc04ef542, si_value = {
sival_int = -1066689992, sival_ptr = 0xc06b9a38}, _reason = {_fault = {_trapno = 582}, _timer = {_timerid = 582,
_overrun = -1067153852}, _mesgq = {_mqd = 582}, _poll = {_band = 582}, __spare__ = {__spare1__ = 582, __spare2__ = {
-1067153852, -1066684056, 1016, -1067298956, -948970864, -1068760600, -1066684056}}}}, ksi_flags = 1,
ksi_sigq = 0xc061821a}
#11 0xc05e5f1a in calltrap () at ../../../i386/i386/exception.s:138
No locals.
#12 0xc054733a in carp_set_addr (sc=0xc115bc00, sin=0x0) at ../../../netinet/ip_carp.c:1439
ifp = (struct ifnet *) 0xc1291000
cif = (struct carp_if *) 0x6b5
ia = (struct in_ifaddr *) 0xc12a4500
ia_if = (struct in_ifaddr *) 0xc1291000
imo = (struct ip_moptions *) 0xc115bc0c
addr = {s_addr = 301990112}
iaddr = 3239427084
own = 0
error = -1066976812
#13 0xc0547e08 in carp_ioctl (ifp=0xc13072e0, cmd=0, addr=0xc12b4400 "¸D+ÁÈD+ÁØD+Á") at ../../../netinet/ip_carp.c:1770
sc = (struct carp_softc *) 0xc115bc00
vr = (struct carp_softc *) 0x0
carpr = {carpr_state = 582, carpr_vhid = -1066976812, carpr_advskew = -948970688, carpr_advbase = -1068760204,
carpr_key = "\b×gÀdÛoÇî÷NÀÔ9gÀ\000\000\000"}
ifa = (struct ifaddr *) 0xc12b4400
ifr = (struct ifreq *) 0xc12b4400
ifra = (struct ifaliasreq *) 0xc12b4400
locked = 0
error = 0
#14 0xc05447b9 in in_ifinit (ifp=0xc121d000, ia=0xc12b4400, sin=0xc115bc0c, scrub=0) at ../../../netinet/in.c:708
i = 168430180
oldaddr = {sin_len = 0 '\0', sin_family = 0 '\0', sin_port = 0, sin_addr = {s_addr = 0},
sin_zero = "\000\000\000\000\000\000\000"}
flags = 1
error = -1054129028
#15 0xc0543c56 in in_control (so=0xc1308a60, cmd=1, data=0xc1305900 "carp3", ifp=0xc121d000, td=0xc1165780)
at ../../../netinet/in.c:439
ifr = (struct ifreq *) 0xc1305900
ia = (struct in_ifaddr *) 0xc12b4400
iap = (struct in_ifaddr *) 0x0
ifa = (struct ifaddr *) 0x0
dst = {s_addr = 1678379530}
ifra = (struct in_aliasreq *) 0xc1305900
oldaddr = {sin_len = 0 '\0', sin_family = 208 'Ð', sin_port = 49441, sin_addr = {s_addr = 3241171200},
sin_zero = "\000Y0Á\bÜoÇ"}
error = 0
hostIsNew = 1
iaIsNew = 1
maskIsNew = 0
#16 0xc0537d30 in ifioctl (so=0xc1308a60, cmd=2151704858, data=0xc1305900 "carp3", td=0xc1165780) at ../../../net/if.c:1777
ifp = (struct ifnet *) 0xc121d000
ifr = (struct ifreq *) 0xc121d000
error = -3
oif_flags = 8
#17 0xc04f6147 in soo_ioctl (fp=0xc13072e0, cmd=2151704858, data=0xc1305900, active_cred=0xc115dd00, td=0xc1165780)
at ../../../kern/sys_socket.c:214
so = (struct socket *) 0xc1308a60
error = 0
#18 0xc04f0e10 in ioctl (td=0xc1165780, uap=0xc76fdd04) at file.h:265
fp = (struct file *) 0xc12be558
fdp = (struct filedesc *) 0x0
com = 2151704858
error = 0
size = 64
data = 0xc1305900 "carp3"
memp = 0xc1305900 "carp3"
tmp = 49
#19 0xc05f58ee in syscall (frame=
{tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134571648, tf_esi = 134580800, tf_ebp = -1077940760, tf_isp = -948970140, tf_ebx = -2143262438, tf_edx = 134583582, tf_ecx = 134571648, tf_eax = 54, tf_trapno = 0, tf_err = 2, tf_eip = 672494519, tf_cs = 51, tf_eflags = 646, tf_esp = -1077942884, tf_ss = 59}) at ../../../i386/i386/trap.c:1015
params = 0xbfbfe5a0 <Address 0xbfbfe5a0 out of bounds>
callp = (struct sysent *) 0xc0643e48
td = (struct thread *) 0xc1165780
p = (struct proc *) 0xc1293000
orig_tf_eflags = 646
error = 0
narg = 3
args = {3, -2143262438, 134580800, -948970196, -1067483570, -1067038688, -948970184, 671596824}
code = 54
ksi = {ksi_link = {tqe_next = 0xc0664820, tqe_prev = 0xc115dc80}, ksi_info = {si_signo = -1055500416,
si_errno = -948970292, si_code = 70, si_pid = -1066543480, si_uid = 3239466880, si_status = -1067038688,
si_addr = 0xc115dc80, si_value = {sival_int = -948970252, sival_ptr = 0xc76fdcf4}, _reason = {_fault = {
_trapno = -1068644505}, _timer = {_timerid = -1068644505, _overrun = -1066998992}, _mesgq = {_mqd = -1068644505},
_poll = {_band = -1068644505}, __spare__ = {__spare1__ = -1068644505, __spare2__ = {-1066998992, 2, -1067341680, 625,
0, -948970224, -1067539996}}}}, ksi_flags = 0, ksi_sigq = 0xc1165780}
#20 0xc05e5f6f in Xint0x80_syscall () at ../../../i386/i386/exception.s:191
No locals.
#21 0x00000033 in ?? ()
No symbol table info available.
Previous frame inner to this frame (corrupt stack?)
(kgdb) frame 12
#12 0xc054733a in carp_set_addr (sc=0xc115bc00, sin=0x0) at ../../../netinet/ip_carp.c:1439
1439 if ((imo->imo_membership[0] = in_addmulti(&addr, ifp)) == NULL)
%%% END %%%
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060627111334.GE36941>