panic while messing with dhclient on 6.0-RELEASE

joeldiaz at nc.rr.com joeldiaz at nc.rr.com
Mon Dec 19 12:04:36 PST 2005 

Using the Gnome applet for network interfaces, I checked DHCP for
interface em0.  It sucessfully got an IP address.  I then realized that
this would not be good (I use wireless at home with ath0), so I went
back and undid the changes in /etc/rc.conf.  Then I tried running
'dhclient em0' again a few times from the command line (it seemed like
it was taking forever) and eventually got a panic:

Unread portion of the kernel message buffer:
kernel trap 12 with interrupts disabled


Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x24
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc04c6238
stack pointer           = 0x28:0xd547cb60
frame pointer           = 0x28:0xd547cb74
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = resume, IOPL = 0
current process         = 27 (swi1: net)
trap number             = 12
panic: page fault
Uptime: 5m49s
Dumping 511 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 511MB (130656 pages) 495 479 463 447 431 415 399 383 367 351
335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47
31 15

#0  doadump () at pcpu.h:165
165             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) backtrace
#0  doadump () at pcpu.h:165
#1  0xc04a6432 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
#2  0xc04a66c8 in panic (fmt=0xc05befc2 "%s")
    at /usr/src/sys/kern/kern_shutdown.c:555
#3  0xc05a8d30 in trap_fatal (frame=0xd547cb20, eva=36)
    at /usr/src/sys/i386/i386/trap.c:831
#4  0xc05a8516 in trap (frame=
      {tf_fs = -716767224, tf_es = -1068826584, tf_ds = -1049952216,
tf_edi = -1050872656, tf_esi = -1038145184, tf_ebp = -716715148, tf_isp
= -716715188, tf_ebx = -1067400680, tf_edx = 40, tf_ecx = 0, tf_eax = 0,
tf_trapno = 12, tf_err = 0, tf_eip = -1068735944, tf_cs = 32, tf_eflags
= 589958, tf_esp = 40, tf_ss = 0}) at /usr/src/sys/i386/i386/trap.c:267
#5  0xc0598e7a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#6  0xc04c6238 in propagate_priority (td=0xc21f2960)
    at /usr/src/sys/kern/subr_turnstile.c:233
#7  0xc04c69e6 in turnstile_wait (lock=0xc16fa87c, owner=0xc1629640)
    at /usr/src/sys/kern/subr_turnstile.c:628
#8  0xc049dc9c in _mtx_lock_sleep (m=0xc16fa87c, tid=3244094640, opts=0,
    file=0x0, line=0) at /usr/src/sys/kern/kern_mutex.c:553
#9  0xc0516aa9 in rtalloc1 (dst=0xd547cc28, report=0, ignflags=0)
    at /usr/src/sys/net/route.c:148
#10 0xc051b88d in arplookup (addr=0, create=0, proxy=0)
    at /usr/src/sys/netinet/if_ether.c:913
#11 0xc051b1b9 in in_arpinput (m=0xc2333300)
    at /usr/src/sys/netinet/if_ether.c:692
#12 0xc051af0e in arpintr (m=0xc2333300) at
/usr/src/sys/netinet/if_ether.c:553
#13 0xc0514183 in netisr_processqueue (ni=0xc060d9f8)
    at /usr/src/sys/net/netisr.c:236
#14 0xc051437e in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:349
#15 0xc0492029 in ithread_loop (arg=0xc1585400)
    at /usr/src/sys/kern/kern_intr.c:547
#16 0xc04912b0 in fork_exit (callout=0xc0491ed0 <ithread_loop>,
    arg=0xc1585400, frame=0xd547cd38) at /usr/src/sys/kern/kern_fork.c:789
#17 0xc0598edc in fork_trampoline () at
/usr/src/sys/i386/i386/exception.s:208
(kgdb) frame 6
#6  0xc04c6238 in propagate_priority (td=0xc21f2960)
    at /usr/src/sys/kern/subr_turnstile.c:233
233                     ts = td->td_blocked;
(kgdb) list *0xc04c6238
0xc04c6238 is in propagate_priority
(/usr/src/sys/kern/subr_turnstile.c:235).
230                     /*
231                      * Pick up the lock that td is blocked on.
232                      */
233                     ts = td->td_blocked;
234                     MPASS(ts != NULL);
235                     tc = TC_LOOKUP(ts->ts_lockobj);
236                     mtx_lock_spin(&tc->tc_lock);
237
238                     /* Resort td on the list if needed. */
239                     if (!turnstile_adjust_thread(ts, td)) {
(kgdb) print td
$1 = (struct thread *) 0xc21f2960
(kgdb) print td->td_blocked
$2 = (struct turnstile *) 0x0
(kgdb)


This was on 6.0-RELEASE with a custom kernel.  Mostly just have things
set up as modules instead of compiling them direclty into the kernel
(if_em is a module BTW).  I hope I've captured all the relevant
information.  If not, I've still got the dump, and can do further analysis.

Joel

More information about the freebsd-stable mailing list