Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 21 Jan 2010 12:58:40 -0500
From:      John Baldwin <jhb@freebsd.org>
To:        Florian Smeets <flo@smeets.im>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: 7.2-STABLE page fault with kernel from 12.01.2010 / crashinfo available
Message-ID:  <201001211258.40316.jhb@freebsd.org>
In-Reply-To: <4B5855C2.6000002@smeets.im>
References:  <4B58280C.50602@smeets.im> <201001210801.48390.jhb@freebsd.org> <4B5855C2.6000002@smeets.im>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 21 January 2010 8:25:22 am Florian Smeets wrote:
> On 1/21/10 2:01 PM, John Baldwin wrote:
> > On Thursday 21 January 2010 5:10:20 am Florian Smeets wrote:
> >> (kgdb) where
> >> #0  doadump () at pcpu.h:196
> >> #1  0xc0525703 in boot (howto=3D260) at=20
/usr/src/sys/kern/kern_shutdown.c:418
> >> #2  0xc052590e in panic (fmt=3DVariable "fmt" is not available.
> >> ) at /usr/src/sys/kern/kern_shutdown.c:574
> >> #3  0xc06f110c in trap_fatal (frame=3D0xc1f15ae4, eva=3D12) at
> >> /usr/src/sys/i386/i386/trap.c:950
> >> #4  0xc06f1390 in trap_pfault (frame=3D0xc1f15ae4, usermode=3D0, eva=
=3D12) at
> >> /usr/src/sys/i386/i386/trap.c:863
> >> #5  0xc06f1d65 in trap (frame=3D0xc1f15ae4) at
> >> /usr/src/sys/i386/i386/trap.c:541
> >> #6  0xc06d910b in calltrap () at /usr/src/sys/i386/i386/exception.s:166
> >> #7  0xc0572e48 in m_copydata (m=3D0x0, off=3D0, len=3D40, cp=3D0xc23cc=
ed8
> >> "\203??b??\237\f)h?M\220\224?\023?\205K(e??s?\"???k?oQ?~\223\020g\030")
> >>       at /usr/src/sys/kern/uipc_mbuf.c:815
> >> #8  0xc05f8b28 in ip_forward (m=3D0xc23dc900, srcrt=3D0) at
> >> /usr/src/sys/netinet/ip_input.c:1307
> >> #9  0xc05fa30c in ip_input (m=3D0xc23dc900) at
> >> /usr/src/sys/netinet/ip_input.c:609
> >> #10 0xc05c83d5 in netisr_dispatch (num=3D2, m=3D0xc23dc900) at
> >> /usr/src/sys/net/netisr.c:185
> >> #11 0xc05bf581 in ether_demux (ifp=3D0xc20a4800, m=3D0xc23dc900) at
> >> /usr/src/sys/net/if_ethersubr.c:834
> >> #12 0xc05bf973 in ether_input (ifp=3D0xc20a4800, m=3D0xc23dc900) at
> >> /usr/src/sys/net/if_ethersubr.c:692
> >> #13 0xc04b8749 in sis_rxeof (sc=3D0xc2093800) at
> >> /usr/src/sys/dev/sis/if_sis.c:1476
> >> #14 0xc04b8973 in sis_intr (arg=3D0xc2093800) at
> >> /usr/src/sys/dev/sis/if_sis.c:1667
> >> #15 0xc050344b in ithread_loop (arg=3D0xc20ab410) at
> >> /usr/src/sys/kern/kern_intr.c:1126
> >> #16 0xc04ffe36 in fork_exit (callout=3D0xc05032a0<ithread_loop>,
> >> arg=3D0xc20ab410, frame=3D0xc1f15d38) at /usr/src/sys/kern/kern_fork.c=
:811
> >> #17 0xc06d9180 in fork_trampoline () at
> >> /usr/src/sys/i386/i386/exception.s:271
> >> (kgdb) list *0xc0572e48
> >> 0xc0572e48 is in m_copydata (libkern.h:61).
> >> 56	static __inline int imax(int a, int b) { return (a>  b ? a : b); }
> >> 57	static __inline int imin(int a, int b) { return (a<  b ? a : b); }
> >> 58	static __inline long lmax(long a, long b) { return (a>  b ? a : b);=
 }
> >> 59	static __inline long lmin(long a, long b) { return (a<  b ? a : b);=
 }
> >> 60	static __inline u_int max(u_int a, u_int b) { return (a>  b ? a : b=
);=20
}
> >> 61	static __inline u_int min(u_int a, u_int b) { return (a<  b ? a : b=
);=20
}
> >> 62	static __inline quad_t qmax(quad_t a, quad_t b) { return (a>  b ? a=
 :
> >> b); }
> >> 63	static __inline quad_t qmin(quad_t a, quad_t b) { return (a<  b ? a=
 :
> >> b); }
> >> 64	static __inline u_long ulmax(u_long a, u_long b) { return (a>  b ? a
> >> : b); }
> >> 65	static __inline u_long ulmin(u_long a, u_long b) { return (a<  b ? a
> >> : b); }
> >> (kgdb) frame 7
> >> #7  0xc0572e48 in m_copydata (m=3D0x0, off=3D0, len=3D40, cp=3D0xc23cc=
ed8
> >> "\203??b??\237\f)h?M\220\224?\023?\205K(e??s?\"???k?oQ?~\223\020g\030")
> >> at /usr/src/sys/kern/uipc_mbuf.c:815
> >> 815			count =3D min(m->m_len - off, len);
> >> (kgdb) l
> >> 810			off -=3D m->m_len;
> >> 811			m =3D m->m_next;
> >> 812		}
> >> 813		while (len>  0) {
> >> 814			KASSERT(m !=3D NULL, ("m_copydata, length>  size of mbuf chain")=
);
> >
> > I think you would have hit this assertion if INVARIANTS were enabled.  =
Can=20
you
> > go up to frame 8 and do an 'l'?  Maybe 'p *m' as well?
> >
>=20
> Sure, thanks for taking a look John!
>=20
> (kgdb) frame 8
> #8  0xc05f8b28 in ip_forward (m=3D0xc23dc900, srcrt=3D0) at=20
> /usr/src/sys/netinet/ip_input.c:1307
> 1307			m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t));
> (kgdb) l
> 1302			mcopy =3D NULL;
> 1303		}
> 1304		if (mcopy !=3D NULL) {
> 1305			mcopy->m_len =3D min(ip->ip_len, M_TRAILINGSPACE(mcopy));
> 1306			mcopy->m_pkthdr.len =3D mcopy->m_len;
> 1307			m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t));
> 1308		}
> 1309=09
> 1310	#ifdef IPSTEALTH
> 1311		if (!ipstealth) {
> (kgdb) p *m
> $1 =3D {m_hdr =3D {mh_next =3D 0x0, mh_nextpkt =3D 0x0, mh_data =3D 0xc27=
1e80e=20
> "E\020", mh_len =3D 164, mh_flags =3D 3, mh_type =3D 1, pad =3D "\000"}, =
M_dat =3D=20
> {MH =3D {MH_pkthdr =3D {rcvif =3D 0xc20a4800, header =3D 0x0, len =3D 164=
,=20
> csum_flags =3D 3072,
>          csum_data =3D 65535, tso_segsz =3D 0, ether_vtag =3D 0, tags =3D=
=20
> {slh_first =3D 0xc35bc380}}, MH_dat =3D {MH_ext =3D {ext_buf =3D 0xc271e8=
00 "",=20
> ext_free =3D 0, ext_args =3D 0x0, ext_size =3D 2048, ref_cnt =3D 0xc2703a=
b4,=20
> ext_type =3D 6},
>          MH_databuf =3D=20
> "\000?q?\000\000\000\000\000\000\000\000\000\b\000\000?:p?
\006\000\000\000dL?\t<+?\202\200\020=20
> O/\207\000\000\001\001\b\n-?b\230qms?\000\000\004\001?l?\000\000\001%r???
\200\000????\034?Ot?\b?{sr\000\034org.jboss.mq.ConnectionToken?\b=DF=BC&?
\237N\002\000\005I\000\004hashZ\000\asameJVML\000\bclientIDt\000\022Ljava/l=
\000\220\032Ae\207\000\002?
36@\210d\021\000\001?\001B\000!E\000\001@bV\000\000@2\032$W\213\n\034"...}}=
,=20
>=20
>      M_databuf =3D=20
> "\000H\n?\000\000\000\000?\000\000\000\000\f\000\000??
\000\000\000\000\000\000\200?[?\000?q?
\000\000\000\000\000\000\000\000\000\b\000\000?:p?\006\000\000\000dL?\t<+?
\202\200\020=20
> O/\207\000\000\001\001\b\n-?b\230qms?\000\000\004\001?l?\000\000\001%r???
\200\000????\034?Ot?\b?{sr\000\034org.jboss.mq.ConnectionToken?\b=DF=BC&?
\237N\002\000\005I\000\004hashZ\000\asameJVML\000\bclientIDt\000\022Ljava/l=
\000\220\032Ae\207\000\002?
3"...}}

Ok, can you do 'p *m_copy'?

=2D-=20
John Baldwin



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001211258.40316.jhb>