From owner-freebsd-current@FreeBSD.ORG Mon Apr 3 17:35:59 2006 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E35BF16A400 for ; Mon, 3 Apr 2006 17:35:59 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5880343D45 for ; Mon, 3 Apr 2006 17:35:59 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 867D846C40; Mon, 3 Apr 2006 13:35:58 -0400 (EDT) Date: Mon, 3 Apr 2006 18:35:58 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: David Wolfskill , dhw@mail-abuse.org In-Reply-To: <20060403172611.GA83741@bunrab.catwhisker.org> Message-ID: <20060403183158.O76562@fledge.watson.org> References: <20060403172611.GA83741@bunrab.catwhisker.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: current@freebsd.org Subject: Re: Panic "div_bind: inp == NULL" on -CURRENT from 02 Apr 2006 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 17:36:00 -0000 On Mon, 3 Apr 2006, David Wolfskill wrote: > [I'm at least a week behind on mail -- just got back in town over the > weekend -- so if this has been covered, I apologize for the duplication.] > > I've been tracking both RELENG_6 & HEAD on my laptop on a daily basis for a > while; I also try to track them on a weekly basis on my desktop at work. > On 25 March, I had no problem doing that; on 02 April, RELENG_6 was fine, > but HEAD hit a panic during the transition from single-user mode to > multi-user mode -- but only on my work desktop (my laptop doesn't exhibit > the problem at all). > > I *suspect* -- based on the sequence of events -- that the initial panic may > well be associated with a NIC, and that the kbd driver gets a secondary > panic; regardless of what I suspect, the keyboard isn't usable once the > panic message spits out, but a serial console does work. > > The nice thing is that the panic appears to be 100% reproducible; here is a > cut/paste from the serial console: You'll want to pick up ip_divert.c:1.117, which I committed earlier today: revision 1.117 date: 2006/04/03 09:01:17; author: rwatson; state: Exp; lines: +1 -1 Correct incorrect assertion in div_bind(): inp must not be NULL here. Reported by: tegge MFC after: 3 months This was fallout from my network stack related commits over the weekend, which I'm in the process of sweeping up. Robert N M Watson > > /boot/kernel/acpi.ko text=0x43b18 data=0x24a0+0xff0 syms=[0x4+0x7c10+0x4+0xa8bb] > GDB: no debug ports present > KDB: debugger backends: ddb > KDB: current backend: ddb > Copyright (c) 1992-2006 The FreeBSD Project. > Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 > The Regents of the University of California. All rights reserved. > FreeBSD 7.0-CURRENT #41: Sun Apr 2 16:10:36 PDT 2006 > root@catmint.mail-abuse.org:/common/S3/obj/usr/src/sys/CATMINT > WARNING: WITNESS option enabled, expect reduced performance. > ACPI APIC Table: > Timecounter "i8254" frequency 1193182 Hz quality 0 > CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz (2793.02-MHz 686-class CPU) > Origin = "GenuineIntel" Id = 0xf41 Stepping = 1 > Features=0xbfebfbff > Features2=0x441d> > real memory = 535232512 (510 MB) > avail memory = 514162688 (490 MB) > ioapic0: Changing APIC ID to 1 > ioapic0 irqs 0-23 on motherboard > kbd1 at kbdmux0 > npx0: [FAST] > npx0: on motherboard > npx0: INT 16 interface > acpi0: on motherboard > acpi0: Power Button (fixed) > Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 > acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0 > cpu0: on acpi0 > acpi_button0: on acpi0 > pcib0: port 0xcf8-0xcff on acpi0 > pci0: on pcib0 > vgapci0: port 0xed98-0xed9f mem 0xe8000000-0xefffffff,0xfeb80000-0xfebfffff irq 16 at device 2.0 on pci0 > agp0: on vgapci0 > agp0: detected 892k stolen memory > agp0: aperture size is 128M > uhci0: port 0xff80-0xff9f irq 16 at device 29.0 on pci0 > uhci0: [GIANT-LOCKED] > usb0: on uhci0 > usb0: USB revision 1.0 > uhub0: on usb0 > uhub0: 2 ports with 2 removable, self powered > uhci1: port 0xff60-0xff7f irq 19 at device 29.1 on pci0 > uhci1: [GIANT-LOCKED] > usb1: on uhci1 > usb1: USB revision 1.0 > uhub1: on usb1 > uhub1: 2 ports with 2 removable, self powered > uhci2: port 0xff20-0xff3f irq 16 at device 29.3 on pci0 > uhci2: [GIANT-LOCKED] > usb2: on uhci2 > usb2: USB revision 1.0 > uhub2: on usb2 > uhub2: 2 ports with 2 removable, self powered > ehci0: mem 0xffa80800-0xffa80bff irq 23 at device 29.7 on pci0 > ehci0: [GIANT-LOCKED] > usb3: EHCI version 1.0 > usb3: wrong number of companions (4 != 3) > usb3: companion controllers, 2 ports each: usb0 usb1 usb2 > usb3: on ehci0 > usb3: USB revision 2.0 > uhub3: on usb3 > uhub3: 8 ports with 8 removable, self powered > pcib1: at device 30.0 on pci0 > pci1: on pcib1 > dc0: port 0xdf00-0xdf7f mem 0xfe9fec00-0xfe9fefff irq 21 at device 0.0 on pci1 > miibus0: on dc0 > ukphy0: on miibus0 > ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto > dc0: Ethernet address: 00:c0:f0:3b:ea:b7 > fxp0: port 0xdec0-0xdeff mem 0xfe9ff000-0xfe9fffff irq 20 at device 8.0 on pci1 > miibus1: on fxp0 > inphy0: on miibus1 > inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto > fxp0: Ethernet address: 00:13:20:2d:f5:b7 > isab0: at device 31.0 on pci0 > isa0: on isab0 > atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf mem 0xfeb7fc00-0xfeb7ffff irq 18 at device 31.1 on pci0 > ata0: on atapci0 > ata1: on atapci0 > pci0: at device 31.3 (no driver attached) > pcm0: port 0xee00-0xeeff,0xedc0-0xedff mem 0xfeb7fa00-0xfeb7fbff,0xfeb7f900-0xfeb7f9ff irq 17 at device 31.5 on pci0 > pcm0: primary codec not ready! > pcm0: > speaker0: port 0x61 on acpi0 > atkbdc0: port 0x60,0x64 irq 1 on acpi0 > atkbd0: irq 1 on atkbdc0 > kbd0 at atkbd0 > atkbd0: [GIANT-LOCKED] > psm0: irq 12 on atkbdc0 > psm0: [GIANT-LOCKED] > psm0: model Generic PS/2 mouse, device ID 0 > sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 > sio0: type 16550A, console > sio0: [FAST] > ppc0: port 0x378-0x37f,0x778-0x77f irq 7 on acpi0 > ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode > ppc0: FIFO with 16/16/8 bytes threshold > ppbus0: on ppc0 > plip0: on ppbus0 > lpt0: on ppbus0 > lpt0: Interrupt-driven port > ppi0: on ppbus0 > ppc0: [GIANT-LOCKED] > pmtimer0 on isa0 > orm0: at iomem 0xc0000-0xca7ff,0xca800-0xcbfff pnpid ORM0000 on isa0 > sc0: at flags 0x100 on isa0 > sc0: VGA <16 virtual consoles, flags=0x300> > sio1: configured irq 3 not in bitmap of probed irqs 0 > sio1: port may not be enabled > vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 > Timecounter "TSC" frequency 2793016905 Hz quality 800 > Timecounters tick every 1.000 msec > IPv6 packet filtering initialized, unlimited logging > ipfw2 (+ipv6) initialized, divert loadable, rule-based forwarding enabled, default to deny, logging unlimited > ad0: 38146MB at ata0-master UDMA100 > acd0: CDROM at ata1-master UDMA33 > Trying to mount root from ufs:/dev/ad0s3a > dc0: link state changed to UP > fxp0: link state changed to UP > panic: div_bind: inp == NULL > cpuid = 0 > KDB: enter: panic > [thread pid 254 tid 100056 ] > Stopped at kdb_enter+0x2b: nop > db> bt > Tracing pid 254 tid 100056 td 0xc34236c0 > kdb_enter(c0866a2c) at kdb_enter+0x2b > panic(c08758c6,0,c34236c0,c3680240,d568dc44) at panic+0x127 > div_bind(c367abac,c3680240,c34236c0,d568dc68,c0685f87) at div_bind+0x1d > sobind(c367abac,c3680240,c34236c0,c35d0b40,d568dd04) at sobind+0x16 > kern_bind(c34236c0,3,c3680240,c3680240,0) at kern_bind+0x5b > bind(c34236c0,d568dd04,c0928080,c32e4a00,0) at bind+0x2f > syscall(3b,3b,3b,8210150,bfbfee20) at syscall+0x27e > Xint0x80_syscall() at Xint0x80_syscall+0x1f > --- syscall (104, FreeBSD ELF32, bind), eip = 0x28103d37, esp = 0xbfbeeb9c, ebp = 0xbfbfee48 --- > db> panic > panic: from debugger > cpuid = 0 > Uptime: 5s > Dumping 510 MB (2 chunks) > chunk 0: 1MB (159 pages) ... ok > chunk 1: 510MB (130416 pages) 494 478 462 446 430 414 398 382 366 350 334 318 302 286 270 254 238 222 206 190 174 158 142 126 110 94 78 62 46 30 14 ... ok > > Dump complete > Automatic reboot in 15 seconds - press a key on the console to abort > > > At this point, I'll await suggestions. I can make the dump available, I > expect, should that be useful. I'm not sure how soon I will be able to > do much with my email backlog (which was at around 1K messages), so I've > set Reply-To to add an address for which I'll be monitoring mail more > closely during the workday. > > Oh: the local mirror from which /usr/src was updated had last been > updated a bit before 0400 hrs US/Pacific on 02 Apr 2006. > > Peace, > david > -- > David H. Wolfskill david@catwhisker.org > Mail filters, like sewers, need to be most restrictive at the point of entry. > > See http://www.catwhisker.org/~david/publickey.gpg for my public key. > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >