From owner-freebsd-net@FreeBSD.ORG Sat Oct 13 19:10:02 2007 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E7D9A16A540 for ; Sat, 13 Oct 2007 19:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D57BF13C45B for ; Sat, 13 Oct 2007 19:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l9DJA2K4023592 for ; Sat, 13 Oct 2007 19:10:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l9DJA2wH023591; Sat, 13 Oct 2007 19:10:02 GMT (envelope-from gnats) Date: Sat, 13 Oct 2007 19:10:02 GMT Message-Id: <200710131910.l9DJA2wH023591@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: Norbert Papke Cc: Subject: Re: kern/116077: 6.2-STABLE panic during use of multi-cast networking client X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Norbert Papke List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Oct 2007 19:10:03 -0000 The following reply was made to PR kern/116077; it has been noted by GNATS. From: Norbert Papke To: bug-followup@freebsd.org, rse@freebsd.org Cc: Subject: Re: kern/116077: 6.2-STABLE panic during use of multi-cast networking client Date: Sat, 13 Oct 2007 11:03:18 -0700 I am experiencing similar issues. In my case, they manifest themselves as a crash during system shut-down. I suspect that this is triggered when avahi stops. I don't believe that the suggested change will work -- at least in my case. The inm->inm_ifma pointer also appears to be invalid. ----------- FreeBSD proven.lan 6.2-STABLE FreeBSD 6.2-STABLE #0: Fri Oct 12 09:22:51 PDT 2007 npapke@proven.lan:/usr4/obj/usr/src/sys/NGP i386 ----------- kgdb: kvm_nlist(_stopped_cpus): kgdb: kvm_nlist(_stoppcbs): [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: <118>Oct 13 08:18:35 proven syslogd: exiting on signal 15 Fatal trap 12: page fault while in kernel mode fault virtual address = 0x69775fd0 fault code = supervisor read, page not present instruction pointer = 0x20:0xc05cca9e stack pointer = 0x28:0xe9523b08 frame pointer = 0x28:0xe9523b24 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 1222 (avahi-daemon) panic: from debugger Uptime: 14h50m58s Dumping 2047 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 2047MB (523968 pages) 2031 2015 1999 1983 1967 1951 1935 1919 1903 1887 1871 1855 1839 1823 1807 1791 1775 1759 1743 1727 1711 1695 1679 1663 1647 1631 1615 1599 1583 1567 1551 1535 1519 1503 1487 1471 1455 1439 1423 1407 1391 1375 1359 1343 1327 1311 1295 1279 1263 1247 1231 1215 1199 1183 1167 1151 1135 1119 1103 1087 1071 1055 1039 1023 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 #0 doadump () at pcpu.h:165 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) bt #0 doadump () at pcpu.h:165 #1 0xc052ad14 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409 #2 0xc052b06d in panic (fmt=0xc06d6b75 "from debugger") at /usr/src/sys/kern/kern_shutdown.c:565 #3 0xc044e012 in db_panic (addr=-1067660642, have_addr=0, count=-1, modif=0xe9523914 "") at /usr/src/sys/ddb/db_command.c:438 #4 0xc044df82 in db_command (last_cmdp=0xc0738dc4, cmd_table=0x0, aux_cmd_tablep=0xc0700a48, aux_cmd_tablep_end=0xc0700a4c) at /usr/src/sys/ddb/db_command.c:350 #5 0xc044e08a in db_command_loop () at /usr/src/sys/ddb/db_command.c:458 #6 0xc045016a in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:222 #7 0xc0549347 in kdb_trap (type=0, code=0, tf=0xe9523ac8) at /usr/src/sys/kern/subr_kdb.c:473 #8 0xc06b0c3b in trap_fatal (frame=0xe9523ac8, eva=0) at /usr/src/sys/i386/i386/trap.c:829 #9 0xc06b0942 in trap_pfault (frame=0xe9523ac8, usermode=0, eva=1769430992) at /usr/src/sys/i386/i386/trap.c:745 #10 0xc06b04bd in trap (frame= {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -1066114528, tf_esi = -955338656, tf_ebp = -380486876, tf_isp = -380486924, tf_ebx = 1769430902, tf_edx = -950849536, tf_ecx = 4, tf_eax = -955338656, tf_trapno = 12, tf_err = 0, tf_eip = -1067660642, tf_cs = 32, tf_eflags = 66178, tf_esp = -380486876, tf_ss = -1068381583}) at /usr/src/sys/i386/i386/trap.c:435 #11 0xc069aa5a in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #12 0xc05cca9e in in_delmulti (inm=0xc70eb060) at /usr/src/sys/netinet/in.c:1063 #13 0xc05d7afc in ip_freemoptions (imo=0xc7597980) at /usr/src/sys/netinet/ip_output.c:2064 #14 0xc05cea4b in in_pcbdetach (inp=0xc711aca8) at /usr/src/sys/netinet/in_pcb.c:714 #15 0xc05ec158 in udp_detach (so=0xc70eb060) at /usr/src/sys/netinet/udp_usrreq.c:1071 #16 0xc05705f2 in soclose (so=0xc759e000) at /usr/src/sys/kern/uipc_socket.c:459 #17 0xc055c92d in soo_close (fp=0xc7497a68, td=0xc7533000) at /usr/src/sys/kern/sys_socket.c:317 #18 0xc05017f0 in fdrop_locked (fp=0xc7497a68, td=0xc70eb060) at file.h:296 #19 0xc05016cf in fdrop (fp=0xc7497a68, td=0xc70eb060) at /usr/src/sys/kern/kern_descrip.c:2113 #20 0xc04ff652 in closef (fp=0xc7497a68, td=0xc7533000) at /usr/src/sys/kern/kern_descrip.c:1933 #21 0xc04fbe77 in kern_close (td=0xc7533000, fd=15) at /usr/src/sys/kern/kern_descrip.c:1023 #22 0xc04fbbda in close (td=0xc70eb060, uap=0xc70eb060) at /usr/src/sys/kern/kern_descrip.c:975 #23 0xc06b1052 in syscall (frame= {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134660096, tf_esi = 134622792, tf_ebp = -1077941832, tf_isp = -380486300, tf_ebx = 672482484, tf_edx = 0, tf_ecx = 0, tf_eax = 6, tf_trapno = 0, tf_err = 2, tf_eip = 673363703, tf_cs = 51, tf_eflags = 646, tf_esp = -1077941860, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:984 #24 0xc069aaaf in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200 #25 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) frame 12 #12 0xc05cca9e in in_delmulti (inm=0xc70eb060) at /usr/src/sys/netinet/in.c:1063 1063 ifp = inm->inm_ifp; (kgdb) list 1058 in_delmulti(inm) 1059 register struct in_multi *inm; 1060 { 1061 struct ifnet *ifp; 1062 1063 ifp = inm->inm_ifp; 1064 IFF_LOCKGIANT(ifp); 1065 IN_MULTI_LOCK(); 1066 in_delmulti_locked(inm, 0); 1067 IN_MULTI_UNLOCK(); (kgdb) p ifp $1 = (struct ifnet *) 0x69775f76 (kgdb) p *ifp Cannot access memory at address 0x69775f76 (kgdb) p inm $2 = (struct in_multi *) 0xc70eb060 (kgdb) p *inm $3 = {inm_link = {le_next = 0x73006d76, le_prev = 0x73746174}, inm_addr = {s_addr = 7173632}, inm_ifp = 0x69775f76, inm_ifma = 0x635f6572, inm_timer = 1953396079, inm_state = 3339549696, inm_rti = 0x1e86417} (kgdb) p *inm->inm_ifma Cannot access memory at address 0x635f6572