panics on 6.3-RELEASE in IP stack

Petr Holub Mon, 07 Apr 2008 09:48:08 -0700

Hi all,

I started to play with RAT application (ports: mbone/rat + an SVN version)
and
it seems to crash my 6.3-RELEASE-p1 box in rather deterministic way. Crash
details are shown below. Has anyone seen a problem like this?


Thanks,
Petr

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x0
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc0713a7f
stack pointer           = 0x28:0xe8583b38
frame pointer           = 0x28:0xe8583b40
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 9460 (rat-4.4.01)
trap number             = 12
panic: page fault
Uptime: 35m41s
Dumping 1023 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 1023MB (261760 pages) 1007 991 975 959 943 927 911 895 879 863
847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559
543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255
239 223 207 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
        in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:165
#1  0xc06a4ad6 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2  0xc06a4d6c in panic (fmt=0xc096ba63 "%s")
    at /usr/src/sys/kern/kern_shutdown.c:565
#3  0xc090d0d4 in trap_fatal (frame=0xe8583af8, eva=0)
    at /usr/src/sys/i386/i386/trap.c:838
#4  0xc090ce3b in trap_pfault (frame=0xe8583af8, usermode=0, eva=0)
    at /usr/src/sys/i386/i386/trap.c:745
#5  0xc090ca79 in trap (frame=
      {tf_fs = 8, tf_es = 40, tf_ds = -983498712, tf_edi = -396870780,
tf_esi = -396870780, tf_ebp = -396870848, tf_isp = -396870876, tf_ebx =
-972494912, tf_edx = -975435904, tf_ecx = 0, tf_eax = 0, tf_trapno = 12,
tf_err = 0, tf_eip = -1066321281, tf_cs = 32, tf_eflags = 66183, tf_esp =
-396870780, tf_ss = -985987072}) at /usr/src/sys/i386/i386/trap.c:435
#6  0xc08f9f0a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc0713a7f in if_findmulti (ifp=0x0, sa=0xe8583b84)
    at /usr/src/sys/net/if.c:1893
#8  0xc0713c1f in if_addmulti (ifp=0xc53b0800, sa=0xe8583b84, 
    retifma=0xe8583b80) at /usr/src/sys/net/if.c:2001
#9  0xc073f6bb in in_addmulti (ap=0xe8583bb8, ifp=0xc53b0800)
    at /usr/src/sys/netinet/in.c:982
#10 0xc0748898 in ip_setmoptions (inp=0xc58a3d5c, sopt=0xc5dc0780)
    at /usr/src/sys/netinet/ip_output.c:1897
#11 0xc0747cc7 in ip_ctloutput_pcbinfo (so=0xc60469bc, sopt=0xe8583c90, 
    pcbinfo=0xc0a746a0) at /usr/src/sys/netinet/ip_output.c:1314
#12 0xc0747f74 in ip_ctloutput (so=0xc60469bc, sopt=0xe8583c90)
    at /usr/src/sys/netinet/ip_output.c:1516
#13 0xc06dfcf0 in sosetopt (so=0xc60469bc, sopt=0xe8583c90)
    at /usr/src/sys/kern/uipc_socket.c:1575
#14 0xc06e5071 in kern_setsockopt (td=0xc5dc0780, s=4, level=0, name=0, 
    val=0x0, valseg=UIO_USERSPACE, valsize=3319531392)
    at /usr/src/sys/kern/uipc_syscalls.c:1351
#15 0xc06e4f92 in setsockopt (td=0xc5dc0780, uap=0x0)
    at /usr/src/sys/kern/uipc_syscalls.c:1307
#16 0xc090d3eb in syscall (frame=
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134598976, tf_esi =
47000, tf_ebp = -1077942872, tf_isp = -396870300, tf_ebx = -1077942896,
tf_edx = -270598176, tf_ecx = 23, tf_eax = 105, tf_trapno = 12, tf_err = 2,
tf_eip = 672253131, tf_cs = 51, tf_eflags = 658, tf_esp = -1077942980, tf_ss
= 59})
    at /usr/src/sys/i386/i386/trap.c:984
#17 0xc08f9f5f in Xint0x80_syscall ()
    at /usr/src/sys/i386/i386/exception.s:200
#18 0x00000033 in ?? ()
(kgdb) bt full
#0  doadump () at pcpu.h:165
No locals.
#1  0xc06a4ad6 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
        first_buf_printf = 1
#2  0xc06a4d6c in panic (fmt=0xc096ba63 "%s")
    at /usr/src/sys/kern/kern_shutdown.c:565
        td = (struct thread *) 0xc5dc0780
        bootopt = 260
        newpanic = 0
        ap = 0xc5dc0780 "H6ÜĹŔYEĹ"
        buf = "page fault", '\0' <repeats 245 times>
#3  0xc090d0d4 in trap_fatal (frame=0xe8583af8, eva=0)
    at /usr/src/sys/i386/i386/trap.c:838
        code = 40
        ss = 40
        esp = 0
        type = 12
        softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, 
  ssd_dpl = 0, ssd_p = 1, ssd_xx = 6, ssd_xx1 = 3, ssd_def32 = 1, 
  ssd_gran = 1}
        msg = 0x0
#4  0xc090ce3b in trap_pfault (frame=0xe8583af8, usermode=0, eva=0)
    at /usr/src/sys/i386/i386/trap.c:745
        va = 0
        vm = (struct vmspace *) 0x0
        map = 0xc5fbc000
        rv = 1
        ftype = 1 '\001'
        td = (struct thread *) 0xc5dc0780
        p = (struct proc *) 0xc5dc3648
#5  0xc090ca79 in trap (frame=
      {tf_fs = 8, tf_es = 40, tf_ds = -983498712, tf_edi = -396870780,
tf_esi = -396870780, tf_ebp = -396870848, tf_isp = -396870876, tf_ebx =
-972494912, tf_edx = -975435904, tf_ecx = 0, tf_eax = 0, tf_trapno = 12,
tf_err = 0, tf_eip = -1066321281, tf_cs = 32, tf_eflags = 66183, tf_esp =
-396870780, tf_ss = -985987072}) at /usr/src/sys/i386/i386/trap.c:435
        td = (struct thread *) 0xc5dc0780
        p = (struct proc *) 0xc5dc3648
        sticks = 3314033776
        type = 12
        i = 0
        ucode = 0
        code = 0
        eva = 0
#6  0xc08f9f0a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
No locals.
#7  0xc0713a7f in if_findmulti (ifp=0x0, sa=0xe8583b84)
    at /usr/src/sys/net/if.c:1893
        ifma = (struct ifmultiaddr *) 0xc608e7c0
#8  0xc0713c1f in if_addmulti (ifp=0xc53b0800, sa=0xe8583b84, 
    retifma=0xe8583b80) at /usr/src/sys/net/if.c:2001
        ifma = (struct ifmultiaddr *) 0xe8583b84
        ll_ifma = (struct ifmultiaddr *) 0xc5dc0780
        llsa = (struct sockaddr *) 0xe8583b64
        error = -987328256
#9  0xc073f6bb in in_addmulti (ap=0xe8583bb8, ifp=0xc53b0800)
    at /usr/src/sys/netinet/in.c:982
        inm = (struct in_multi *) 0xe8583b84
        error = 0
        sin = {sin_len = 16 '\020', sin_family = 2 '\002', sin_port = 0, 
  sin_addr = {s_addr = 4024369120}, sin_zero =
"\000\000\000\000\000\000\000"}
        ifma = (struct ifmultiaddr *) 0xc58a3d5c
#10 0xc0748898 in ip_setmoptions (inp=0xc58a3d5c, sopt=0xc5dc0780)
    at /usr/src/sys/netinet/ip_output.c:1897
        error = 0
        i = 0
        addr = {s_addr = 0}
        mreq = {imr_multiaddr = {s_addr = 4024369120}, imr_interface = {
    s_addr = 0}}
        ifp = (struct ifnet *) 0xc53b0800
        imo = (struct ip_moptions *) 0xc552c200
        ro = {ro_rt = 0x0, ro_dst = {sa_len = 16 '\020', 
    sa_family = 2 '\002', 
    sa_data = "\000\000ŕ˙Ţď\000\000\000\000\000\000\000"}}
        ifindex = -975435904
#11 0xc0747cc7 in ip_ctloutput_pcbinfo (so=0xc60469bc, sopt=0xe8583c90, 
    pcbinfo=0xc0a746a0) at /usr/src/sys/netinet/ip_output.c:1314
        inp = (struct inpcb *) 0xc58a3d5c
        error = 0
        optval = 0
#12 0xc0747f74 in ip_ctloutput (so=0xc60469bc, sopt=0xe8583c90)
    at /usr/src/sys/netinet/ip_output.c:1516
No locals.
#13 0xc06dfcf0 in sosetopt (so=0xc60469bc, sopt=0xe8583c90)
    at /usr/src/sys/kern/uipc_socket.c:1575
        error = -975435904
        optval = -1048225976
        l = {l_onoff = -396870524, l_linger = 0}
        tv = {tv_sec = -1066137227, tv_usec = -1048309760}
        val = 0
#14 0xc06e5071 in kern_setsockopt (td=0xc5dc0780, s=4, level=0, name=0, 
    val=0x0, valseg=UIO_USERSPACE, valsize=3319531392)
    at /usr/src/sys/kern/uipc_syscalls.c:1351
        error = 0
        fp = (struct file *) 0xc5d77c60
        sopt = {sopt_dir = SOPT_SET, sopt_level = 0, sopt_name = 12, 
  sopt_val = 0xbfbfe584, sopt_valsize = 8, sopt_td = 0xc5dc0780}
#15 0xc06e4f92 in setsockopt (td=0xc5dc0780, uap=0x0)
    at /usr/src/sys/kern/uipc_syscalls.c:1307
No locals.
#16 0xc090d3eb in syscall (frame=
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134598976, tf_esi =
47000, tf_ebp = -1077942872, tf_isp = -396870300, tf_ebx = -1077942896,
tf_edx = -270598176, tf_ecx = 23, tf_eax = 105, tf_trapno = 12, tf_err = 2,
tf_eip = 672253131, tf_cs = 51, tf_eflags = 658, tf_esp = -1077942980, tf_ss
= 59})
    at /usr/src/sys/i386/i386/trap.c:984
        params = 0xbfbfe540 <Address 0xbfbfe540 out of bounds>
        callp = (struct sysent *) 0xc09fca4c
        td = (struct thread *) 0xc5dc0780
        p = (struct proc *) 0xc5dc3648
        orig_tf_eflags = 658
        sticks = 0
        error = 0
        narg = 5
        args = {4, 0, 12, -1077942908, 8, 0, 0, -975423928}
        code = 105
#17 0xc08f9f5f in Xint0x80_syscall ()
    at /usr/src/sys/i386/i386/exception.s:200
No locals.
#18 0x00000033 in ?? ()
No symbol table info available.
(kgdb) up 7
#7  0xc0713a7f in if_findmulti (ifp=0x0, sa=0xe8583b84)
    at /usr/src/sys/net/if.c:1893
1893                            if (sa_equal(ifma->ifma_addr, sa))
(kgdb) p ifma->ifma_addr
$1 = (struct sockaddr *) 0x0
(kgdb) p *ifma
$2 = {ifma_link = {tqe_next = 0x306d65, tqe_prev = 0x0}, ifma_addr = 0x0, 
  ifma_lladdr = 0x0, ifma_ifp = 0x8843, ifma_refcount = 0, 
  ifma_protospec = 0x0}
$3 = (struct sockaddr *) 0xe8583b84
(kgdb) p *sa
$4 = {sa_len = 16 '\020', sa_family = 2 '\002', 
  sa_data = "\000\000ŕ˙Ţď\000\000\000\000\000\000\000"}
(kgdb) q

_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

panics on 6.3-RELEASE in IP stack

Reply via email to