From nobody Mon Jan 9 12:14:03 2023 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NrCXq70vsz2qsyW for ; Mon, 9 Jan 2023 12:14:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NrCXq55g9z3jdY for ; Mon, 9 Jan 2023 12:14:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1673266443; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UXpxw1ks/dEjwjtQitvgOUUTJLCMYpzUIN5aW8OepQc=; b=OqhYUzMW5tcz6FUnjJY6rRftnxj++8NV1QYZooDEg8dO6JqFvIUU8zo0qNikBRmP/ZBJje wx8xvyf7pL+k5FWO/Si9JZ903sYOF3AFdXFBw6EvP/X4/stScooWkECJo8/QS+E2maL5wk FwfZwJIGghYBgTrBroIVMTnbHVBbQm17i4sPtH6dSzV5QX0Pztc+F/jQgj8YG0ELtdySYe rJQr+K3DRB/uHVAldjAMSTX/Ia73ddstqZyoJIocG5aoXjpLp8tDEnhn61m9KDIPpFzSTg dP9UFBzuYy6oq4qxWdmdO4+7sU0gIWx2Fy8tKiypNXPt/Rs9XOcpPpubhVLz2A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1673266443; a=rsa-sha256; cv=none; b=C9sJ4Kyhu++qLWiV8i7Xc81PFGfyWw6YY7phbFlLZt+CtsNnnlM1pHOP7C6GM1gUloVS4j NquC/AcOK0NM9w6EboQP3EKYXERD7XVsA0lInG+otVGeoM9AvwPqVniq79Rc+Z1dT6iSZQ cvQ1ZJtbwXAxtaL0wernNDgrBtXq3IMPh6cxYD2ZLpklamJIruGQfFfu00oFZZqGM67/ms LeW7jLp37O20ccu3YxOWvtF4x/qniVEHxDnJuPOx5c7gPtQQViQYEglRSwZj9yqbCsuOYA cbtadtlKX2NlWv7TwyjuQ1UtBksLO0iweDkgBir57Q/OFe33inZWgVjRsTwZgg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NrCXq47YrzSlF for ; Mon, 9 Jan 2023 12:14:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 309CE34I036288 for ; Mon, 9 Jan 2023 12:14:03 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 309CE3Ap036287 for bugs@FreeBSD.org; Mon, 9 Jan 2023 12:14:03 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 268840] tunnel interface destruction leads to a crash Date: Mon, 09 Jan 2023 12:14:03 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: eugene@zhegan.in X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268840 Bug ID: 268840 Summary: tunnel interface destruction leads to a crash Product: Base System Version: 13.1-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: eugene@zhegan.in Tunnel interface destruction leads to a crash. Reproducible with if_ipsec(4) and if_gre(4) at least. Workaround: down the interface with ifconfig. 13.1-RELEASE/amd64: =3D=3D=3DCut=3D=3D=3D [root@ronin:/var/crash]# kgdb /boot/kernel/kernel /var/crash/vmcore.1 GNU gdb (GDB) 12.1 [GDB v12.1 for FreeBSD] Copyright (C) 2022 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-portbld-freebsd13.1". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /boot/kernel/kernel... Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug... Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid =3D 0; apic id =3D 00 fault virtual address =3D 0x238 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff80db2c80 stack pointer =3D 0x28:0xfffffe001b1cecd0 frame pointer =3D 0x28:0xfffffe001b1ced00 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 0 (softirq_0) trap number =3D 12 panic: page fault cpuid =3D 0 time =3D 1670863158 KDB: stack backtrace: #0 0xffffffff80c69465 at kdb_backtrace+0x65 #1 0xffffffff80c1bb1f at vpanic+0x17f #2 0xffffffff80c1b993 at panic+0x43 #3 0xffffffff810afdf5 at trap_fatal+0x385 #4 0xffffffff810afe4f at trap_pfault+0x4f #5 0xffffffff81087528 at calltrap+0x8 #6 0xffffffff80dbb77f at in_leavegroup_locked+0x9f #7 0xffffffff80dbbab5 at inp_freemoptions+0x155 #8 0xffffffff80dc2095 at in_pcbfree_deferred+0x195 #9 0xffffffff80c6412a at epoch_call_task+0x16a #10 0xffffffff80c67e9d at gtaskqueue_run_locked+0x15d #11 0xffffffff80c67b12 at gtaskqueue_thread_loop+0xc2 #12 0xffffffff80bd8a5e at fork_exit+0x7e #13 0xffffffff8108859e at fork_trampoline+0xe Uptime: 1m22s Dumping 889 out of 16214 MB:..2%..11%..22%..31%..42%..51%..62%..71%..81%..9= 2% __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 55 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru= ct pcpu, (kgdb) bt #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 #1 doadump (textdump=3D) at /usr/src/sys/kern/kern_shutdown= .c:399 #2 0xffffffff80c1b71c in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:487 #3 0xffffffff80c1bb8e in vpanic (fmt=3D0xffffffff811b4fb9 "%s", ap=3D) at /usr/src/sys/kern/kern_shutdown.c:920 #4 0xffffffff80c1b993 in panic (fmt=3D) at /usr/src/sys/kern/kern_shutdown.c:844 #5 0xffffffff810afdf5 in trap_fatal (frame=3D0xfffffe001b1cec10, eva=3D568= ) at /usr/src/sys/amd64/amd64/trap.c:944 #6 0xffffffff810afe4f in trap_pfault (frame=3D0xfffffe001b1cec10, usermode=3Dfalse, signo=3D, ucode=3D) at /usr/src/sys/amd64/amd64/trap.c:763 #7 #8 igmp_change_state (inm=3Dinm@entry=3D0xfffff801a588a600) at /usr/src/sys/netinet/igmp.c:2340 #9 0xffffffff80dbb77f in in_leavegroup_locked (inm=3Dinm@entry=3D0xfffff801a588a600, imf=3Dimf@entry=3D0xfffff8002d857dc0) at /usr/src/sys/netinet/in_mcast.c:1355 #10 0xffffffff80dbbab5 in in_leavegroup (inm=3D0xfffff801a588a600, imf=3D0xfffff8002d857dc0) at /usr/src/sys/netinet/in_mcast.c:1297 #11 inp_gcmoptions (imo=3D) at /usr/src/sys/netinet/in_mcast.c:1634 #12 inp_freemoptions (imo=3D, imo@entry=3D0xfffff8002d71b8c0= ) at /usr/src/sys/netinet/in_mcast.c:1656 #13 0xffffffff80dc2095 in in_pcbfree_deferred (ctx=3D0xfffff80119ec27b0) at /usr/src/sys/netinet/in_pcb.c:1745 #14 0xffffffff80c6412a in epoch_call_task (arg=3D) at /usr/src/sys/kern/subr_epoch.c:819 #15 0xffffffff80c67e9d in gtaskqueue_run_locked (queue=3Dqueue@entry=3D0xfffff800031ec100) at /usr/src/sys/kern/subr_gtaskqueue.c:371 #16 0xffffffff80c67b12 in gtaskqueue_thread_loop (arg=3D, arg@entry=3D0xfffffe001dfe4008) at /usr/src/sys/kern/subr_gtaskqueue.c:547 #17 0xffffffff80bd8a5e in fork_exit (callout=3D0xffffffff80c67a50 , arg=3D0xfffffe001dfe4008, frame=3D0xfffffe001b1cef40) at /usr/src/sys/kern/kern_fork.c:1093 #18 #19 mi_startup () at /usr/src/sys/kern/init_main.c:322 Backtrace stopped: Cannot access memory at address 0x8 (kgdb) quit =3D=3D=3DCut=3D=3D=3D another one, same server: =3D=3D=3DCut=3D=3D=3D [root@ronin:/var/crash]# kgdb /boot/kernel/kernel /var/crash/vmcore.2 GNU gdb (GDB) 12.1 [GDB v12.1 for FreeBSD] Copyright (C) 2022 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-portbld-freebsd13.1". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /boot/kernel/kernel... Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug... Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid =3D 2; apic id =3D 04 fault virtual address =3D 0x238 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff80db2c80 stack pointer =3D 0x0:0xfffffe00c3ff4cd0 frame pointer =3D 0x0:0xfffffe00c3ff4d00 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 0 (softirq_2) trap number =3D 12 panic: page fault cpuid =3D 2 time =3D 1670863429 KDB: stack backtrace: #0 0xffffffff80c69465 at kdb_backtrace+0x65 #1 0xffffffff80c1bb1f at vpanic+0x17f #2 0xffffffff80c1b993 at panic+0x43 #3 0xffffffff810afdf5 at trap_fatal+0x385 #4 0xffffffff810afe4f at trap_pfault+0x4f #5 0xffffffff81087528 at calltrap+0x8 #6 0xffffffff80dbb77f at in_leavegroup_locked+0x9f #7 0xffffffff80dbbab5 at inp_freemoptions+0x155 #8 0xffffffff80dc2095 at in_pcbfree_deferred+0x195 #9 0xffffffff80c6412a at epoch_call_task+0x16a #10 0xffffffff80c67e9d at gtaskqueue_run_locked+0x15d #11 0xffffffff80c67b12 at gtaskqueue_thread_loop+0xc2 #12 0xffffffff80bd8a5e at fork_exit+0x7e #13 0xffffffff8108859e at fork_trampoline+0xe Uptime: 4m5s Dumping 1151 out of 16214 MB:..2%..12%..21%..31%..41%..51%..62%..71%..81%..= 91% __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 55 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru= ct pcpu, (kgdb) bt #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 #1 doadump (textdump=3D) at /usr/src/sys/kern/kern_shutdown= .c:399 #2 0xffffffff80c1b71c in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:487 #3 0xffffffff80c1bb8e in vpanic (fmt=3D0xffffffff811b4fb9 "%s", ap=3D) at /usr/src/sys/kern/kern_shutdown.c:920 #4 0xffffffff80c1b993 in panic (fmt=3D) at /usr/src/sys/kern/kern_shutdown.c:844 #5 0xffffffff810afdf5 in trap_fatal (frame=3D0xfffffe00c3ff4c10, eva=3D568= ) at /usr/src/sys/amd64/amd64/trap.c:944 #6 0xffffffff810afe4f in trap_pfault (frame=3D0xfffffe00c3ff4c10, usermode=3Dfalse, signo=3D, ucode=3D) at /usr/src/sys/amd64/amd64/trap.c:763 #7 #8 igmp_change_state (inm=3Dinm@entry=3D0xfffff801d1a0b000) at /usr/src/sys/netinet/igmp.c:2340 #9 0xffffffff80dbb77f in in_leavegroup_locked (inm=3Dinm@entry=3D0xfffff801d1a0b000, imf=3Dimf@entry=3D0xfffff801d0cc01c0) at /usr/src/sys/netinet/in_mcast.c:1355 #10 0xffffffff80dbbab5 in in_leavegroup (inm=3D0xfffff801d1a0b000, imf=3D0xfffff801d0cc01c0) at /usr/src/sys/netinet/in_mcast.c:1297 #11 inp_gcmoptions (imo=3D) at /usr/src/sys/netinet/in_mcast.c:1634 #12 inp_freemoptions (imo=3D, imo@entry=3D0xfffff801d561ba00= ) at /usr/src/sys/netinet/in_mcast.c:1656 #13 0xffffffff80dc2095 in in_pcbfree_deferred (ctx=3D0xfffff801d5d2d5c0) at /usr/src/sys/netinet/in_pcb.c:1745 #14 0xffffffff80c6412a in epoch_call_task (arg=3D) at /usr/src/sys/kern/subr_epoch.c:819 #15 0xffffffff80c67e9d in gtaskqueue_run_locked (queue=3Dqueue@entry=3D0xfffff800031ebc00) at /usr/src/sys/kern/subr_gtaskqueue.c:371 #16 0xffffffff80c67b12 in gtaskqueue_thread_loop (arg=3D, arg@entry=3D0xfffffe001dfe4038) at /usr/src/sys/kern/subr_gtaskqueue.c:547 #17 0xffffffff80bd8a5e in fork_exit (callout=3D0xffffffff80c67a50 , arg=3D0xfffffe001dfe4038, frame=3D0xfffffe00c3ff4f40) at /usr/src/sys/kern/kern_fork.c:1093 #18 #19 mi_startup () at /usr/src/sys/kern/init_main.c:322 Backtrace stopped: Cannot access memory at address 0xe (kgdb) =3D=3D=3DCut=3D=3D=3D older versions (I realize nobody is interrested in seeing older stuff by probably this will help to understand how old the bug is): 13.0-RELEASE/amd64: =3D=3D=3DCut=3D=3D=3D [root@shogun:/var/crash]# kgdb /boot/kernel/kernel vmcore.0=20 GNU gdb (GDB) 11.1 [GDB v11.1 for FreeBSD] Copyright (C) 2021 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-portbld-freebsd13.0". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /boot/kernel/kernel... Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug... Unread portion of the kernel message buffer: gw sdl_len too small Fatal trap 12: page fault while in kernel mode cpuid =3D 0; apic id =3D 00 fault virtual address =3D 0x238 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff80d9e3f0 stack pointer =3D 0x0:0xfffffe000e18dad0 frame pointer =3D 0x0:0xfffffe000e18db00 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 0 (softirq_0) trap number =3D 12 panic: page fault cpuid =3D 0 time =3D 1670864052 KDB: stack backtrace: #0 0xffffffff80c58345 at kdb_backtrace+0x65 #1 0xffffffff80c0ad21 at vpanic+0x181 #2 0xffffffff80c0ab93 at panic+0x43 #3 0xffffffff81097187 at trap_fatal+0x387 #4 0xffffffff810971df at trap_pfault+0x4f #5 0xffffffff8109683d at trap+0x27d #6 0xffffffff8106d888 at calltrap+0x8 #7 0xffffffff80da6aef at in_leavegroup_locked+0x9f #8 0xffffffff80da6e28 at inp_freemoptions+0x148 #9 0xffffffff80dadd99 at in_pcbfree_deferred+0x199 #10 0xffffffff80c530ba at epoch_call_task+0x16a #11 0xffffffff80c56dad at gtaskqueue_run_locked+0x15d #12 0xffffffff80c56a4c at gtaskqueue_thread_loop+0xac #13 0xffffffff80bc8c5e at fork_exit+0x7e #14 0xffffffff8106e90e at fork_trampoline+0xe Uptime: 114d13h59m39s Dumping 2218 out of 8148 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..9= 1% __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 55 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru= ct pcpu, (kgdb) bt #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 #1 doadump (textdump=3D) at /usr/src/sys/kern/kern_shutdown= .c:399 #2 0xffffffff80c0a916 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:486 #3 0xffffffff80c0ad90 in vpanic (fmt=3D, ap=3D) at /usr/src/sys/kern/kern_shutdown.c:919 #4 0xffffffff80c0ab93 in panic (fmt=3D) at /usr/src/sys/kern/kern_shutdown.c:843 #5 0xffffffff81097187 in trap_fatal (frame=3D0xfffffe000e18da10, eva=3D568= ) at /usr/src/sys/amd64/amd64/trap.c:915 #6 0xffffffff810971df in trap_pfault (frame=3Dframe@entry=3D0xfffffe000e18= da10, usermode=3Dfalse, signo=3D, signo@entry=3D0x0, ucode=3D, ucode@entry=3D0x0) at /usr/src/sys/amd64/amd64/trap.c:732 #7 0xffffffff8109683d in trap (frame=3D0xfffffe000e18da10) at /usr/src/sys/amd64/amd64/trap.c:398 #8 #9 igmp_change_state (inm=3Dinm@entry=3D0xfffff8009835c800) at /usr/src/sys/netinet/igmp.c:2340 #10 0xffffffff80da6aef in in_leavegroup_locked (inm=3Dinm@entry=3D0xfffff8009835c800, imf=3Dimf@entry=3D0xfffff8003e1d6380) at /usr/src/sys/netinet/in_mcast.c:1355 #11 0xffffffff80da6e28 in in_leavegroup (inm=3D0xfffff8009835c800, imf=3D0xfffff8003e1d6380) at /usr/src/sys/netinet/in_mcast.c:1297 #12 inp_gcmoptions (imo=3D) at /usr/src/sys/netinet/in_mcast.c:1634 #13 inp_freemoptions (imo=3D, imo@entry=3D0xfffff800150ffb00= ) at /usr/src/sys/netinet/in_mcast.c:1656 #14 0xffffffff80dadd99 in in_pcbfree_deferred (ctx=3D0xfffff80098b3bf30) at /usr/src/sys/netinet/in_pcb.c:1740 #15 0xffffffff80c530ba in epoch_call_task (arg=3D) at /usr/src/sys/kern/subr_epoch.c:816 #16 0xffffffff80c56dad in gtaskqueue_run_locked (queue=3Dqueue@entry=3D0xfffff80003613900) at /usr/src/sys/kern/subr_gtaskqueue.c:371 #17 0xffffffff80c56a4c in gtaskqueue_thread_loop (arg=3D, arg@entry=3D0xfffffe000f9af008) at /usr/src/sys/kern/subr_gtaskqueue.c:547 #18 0xffffffff80bc8c5e in fork_exit (callout=3D0xffffffff80c569a0 , arg=3D0xfffffe000f9af008, frame=3D0xfffffe000e18dd40) at /usr/src/sys/kern/kern_fork.c:1069 #19 (kgdb) =3D=3D=3DCut=3D=3D=3D 12.0-STABLE/amd64: =3D=3D=3DCut=3D=3D=3D [root@gw:/boot]# kgdb /boot/kernel.old/kernel /var/crash/vmcore.0 GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain condition= s. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid =3D 2; apic id =3D 04 fault virtual address =3D 0x218 fault code =3D supervisor read data , page not present instruction pointer =3D 0x20:0xffffffff80d41c57 stack pointer =3D 0x0:0xfffffe0025177860 frame pointer =3D 0x0:0xfffffe0025177890 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 0 (softirq_2) trap number =3D 12 panic: page fault cpuid =3D 2 time =3D 1670863725 KDB: stack backtrace: #0 0xffffffff80c15f97 at kdb_backtrace+0x67 #1 0xffffffff80bc9e6d at vpanic+0x19d #2 0xffffffff80bc9cc3 at panic+0x43 #3 0xffffffff810a6544 at trap_fatal+0x394 #4 0xffffffff810a65a9 at trap_pfault+0x49 #5 0xffffffff810a5b8f at trap+0x29f #6 0xffffffff8107ff55 at calltrap+0x8 #7 0xffffffff80d4a146 at in_leavegroup_locked+0x96 #8 0xffffffff80d4a508 at inp_freemoptions+0x1b8 #9 0xffffffff80d50fda at in_pcbfree_deferred+0x15a #10 0xffffffff80c1089a at epoch_call_task+0x1ca #11 0xffffffff80c14864 at gtaskqueue_run_locked+0x144 #12 0xffffffff80c144c8 at gtaskqueue_thread_loop+0x98 #13 0xffffffff80b8ab03 at fork_exit+0x83 #14 0xffffffff81080f4e at fork_trampoline+0xe Uptime: 207d6h2m4s Dumping 1636 out of 3945 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..9= 1% Reading symbols from /boot/kernel.old/fuse.ko...Reading symbols from /usr/lib/debug//boot/kernel.old/fuse.ko.debug...done. done. Loaded symbols for /boot/kernel.old/fuse.ko Reading symbols from /boot/kernel.old/ipfw_nat.ko...Reading symbols from /usr/lib/debug//boot/kernel.old/ipfw_nat.ko.debug...done. done. Loaded symbols for /boot/kernel.old/ipfw_nat.ko Reading symbols from /boot/kernel.old/ipfw.ko...Reading symbols from /usr/lib/debug//boot/kernel.old/ipfw.ko.debug...done. done. Loaded symbols for /boot/kernel.old/ipfw.ko Reading symbols from /boot/kernel.old/libalias.ko...Reading symbols from /usr/lib/debug//boot/kernel.old/libalias.ko.debug...done. done. Loaded symbols for /boot/kernel.old/libalias.ko Reading symbols from /boot/kernel.old/if_lagg.ko...Reading symbols from /usr/lib/debug//boot/kernel.old/if_lagg.ko.debug...done. done. Loaded symbols for /boot/kernel.old/if_lagg.ko Reading symbols from /boot/kernel.old/speaker.ko...Reading symbols from /usr/lib/debug//boot/kernel.old/speaker.ko.debug...done. done. Loaded symbols for /boot/kernel.old/speaker.ko Reading symbols from /boot/kernel.old/accf_data.ko...Reading symbols from /usr/lib/debug//boot/kernel.old/accf_data.ko.debug...done. done. Loaded symbols for /boot/kernel.old/accf_data.ko Reading symbols from /boot/kernel.old/zfs.ko...Reading symbols from /usr/lib/debug//boot/kernel.old/zfs.ko.debug...done. done. Loaded symbols for /boot/kernel.old/zfs.ko Reading symbols from /boot/kernel.old/opensolaris.ko...Reading symbols from /usr/lib/debug//boot/kernel.old/opensolaris.ko.debug...done. done. Loaded symbols for /boot/kernel.old/opensolaris.ko Reading symbols from /boot/kernel.old/coretemp.ko...Reading symbols from /usr/lib/debug//boot/kernel.old/coretemp.ko.debug...done. done. Loaded symbols for /boot/kernel.old/coretemp.ko Reading symbols from /boot/kernel.old/if_gre.ko...Reading symbols from /usr/lib/debug//boot/kernel.old/if_gre.ko.debug...done. done. Loaded symbols for /boot/kernel.old/if_gre.ko Reading symbols from /boot/kernel.old/mac_ntpd.ko...Reading symbols from /usr/lib/debug//boot/kernel.old/mac_ntpd.ko.debug...done. done. Loaded symbols for /boot/kernel.old/mac_ntpd.ko Reading symbols from /boot/kernel.old/smbfs.ko...Reading symbols from /usr/lib/debug//boot/kernel.old/smbfs.ko.debug...done. done. Loaded symbols for /boot/kernel.old/smbfs.ko Reading symbols from /boot/kernel.old/libiconv.ko...Reading symbols from /usr/lib/debug//boot/kernel.old/libiconv.ko.debug...done. done. Loaded symbols for /boot/kernel.old/libiconv.ko Reading symbols from /boot/kernel.old/libmchain.ko...Reading symbols from /usr/lib/debug//boot/kernel.old/libmchain.ko.debug...done. done. Loaded symbols for /boot/kernel.old/libmchain.ko #0 0xffffffff8121d3df in cpustop_handler () at /usr/src/sys/x86/x86/mp_x86.c:1394 warning: Source file is more recent than executable. 1394 */ (kgdb) bt #0 0xffffffff8121d3df in cpustop_handler () at /usr/src/sys/x86/x86/mp_x86.c:1394 #1 0xffffffff8121d3a0 in ipi_nmi_handler () at /usr/src/sys/x86/x86/mp_x86.c:1355 #2 0xffffffff810a5938 in trap (frame=3D0xffffffff81fb47b0) at /usr/src/sys/amd64/amd64/trap.c:206 #3 0xffffffff81080c6d in nmi_calltrap () at /usr/src/sys/amd64/amd64/exception.S:778 #4 0xffffffff8120e060 in acpi_cpu_idle_mwait (mwait_hint=3D0) at src/sys/amd64/include/cpufunc.h:627 Previous frame inner to this frame (corrupt stack?) Current language: auto; currently minimal (kgdb) =3D=3D=3DCut=3D=3D=3D --=20 You are receiving this mail because: You are the assignee for the bug.=