panics on 6.3-RELEASE in IP stack

Petr Holub hopet at ics.muni.cz
Mon Apr 7 16:47:29 UTC 2008 

Hi all,

I started to play with RAT application (ports: mbone/rat + an SVN version)
and
it seems to crash my 6.3-RELEASE-p1 box in rather deterministic way. Crash
details are shown below. Has anyone seen a problem like this?

Thanks,
Petr

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0x0
fault code		= supervisor read, page not present
instruction pointer	= 0x20:0xc0713a7f
stack pointer	        = 0x28:0xe8583b38
frame pointer	        = 0x28:0xe8583b40
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 9460 (rat-4.4.01)
trap number		= 12
panic: page fault
Uptime: 35m41s
Dumping 1023 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 1023MB (261760 pages) 1007 991 975 959 943 927 911 895 879 863
847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559
543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255
239 223 207 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
	in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:165
#1  0xc06a4ad6 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2  0xc06a4d6c in panic (fmt=0xc096ba63 "%s")
    at /usr/src/sys/kern/kern_shutdown.c:565
#3  0xc090d0d4 in trap_fatal (frame=0xe8583af8, eva=0)
    at /usr/src/sys/i386/i386/trap.c:838
#4  0xc090ce3b in trap_pfault (frame=0xe8583af8, usermode=0, eva=0)
    at /usr/src/sys/i386/i386/trap.c:745
#5  0xc090ca79 in trap (frame=
      {tf_fs = 8, tf_es = 40, tf_ds = -983498712, tf_edi = -396870780,
tf_esi = -396870780, tf_ebp = -396870848, tf_isp = -396870876, tf_ebx =
-972494912, tf_edx = -975435904, tf_ecx = 0, tf_eax = 0, tf_trapno = 12,
tf_err = 0, tf_eip = -1066321281, tf_cs = 32, tf_eflags = 66183, tf_esp =
-396870780, tf_ss = -985987072}) at /usr/src/sys/i386/i386/trap.c:435
#6  0xc08f9f0a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc0713a7f in if_findmulti (ifp=0x0, sa=0xe8583b84)
    at /usr/src/sys/net/if.c:1893
#8  0xc0713c1f in if_addmulti (ifp=0xc53b0800, sa=0xe8583b84, 
    retifma=0xe8583b80) at /usr/src/sys/net/if.c:2001
#9  0xc073f6bb in in_addmulti (ap=0xe8583bb8, ifp=0xc53b0800)
    at /usr/src/sys/netinet/in.c:982
#10 0xc0748898 in ip_setmoptions (inp=0xc58a3d5c, sopt=0xc5dc0780)
    at /usr/src/sys/netinet/ip_output.c:1897
#11 0xc0747cc7 in ip_ctloutput_pcbinfo (so=0xc60469bc, sopt=0xe8583c90, 
    pcbinfo=0xc0a746a0) at /usr/src/sys/netinet/ip_output.c:1314
#12 0xc0747f74 in ip_ctloutput (so=0xc60469bc, sopt=0xe8583c90)
    at /usr/src/sys/netinet/ip_output.c:1516
#13 0xc06dfcf0 in sosetopt (so=0xc60469bc, sopt=0xe8583c90)
    at /usr/src/sys/kern/uipc_socket.c:1575
#14 0xc06e5071 in kern_setsockopt (td=0xc5dc0780, s=4, level=0, name=0, 
    val=0x0, valseg=UIO_USERSPACE, valsize=3319531392)
    at /usr/src/sys/kern/uipc_syscalls.c:1351
#15 0xc06e4f92 in setsockopt (td=0xc5dc0780, uap=0x0)
    at /usr/src/sys/kern/uipc_syscalls.c:1307
#16 0xc090d3eb in syscall (frame=
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134598976, tf_esi =
47000, tf_ebp = -1077942872, tf_isp = -396870300, tf_ebx = -1077942896,
tf_edx = -270598176, tf_ecx = 23, tf_eax = 105, tf_trapno = 12, tf_err = 2,
tf_eip = 672253131, tf_cs = 51, tf_eflags = 658, tf_esp = -1077942980, tf_ss
= 59})
    at /usr/src/sys/i386/i386/trap.c:984
#17 0xc08f9f5f in Xint0x80_syscall ()
    at /usr/src/sys/i386/i386/exception.s:200
#18 0x00000033 in ?? ()
(kgdb) bt full
#0  doadump () at pcpu.h:165
No locals.
#1  0xc06a4ad6 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
	first_buf_printf = 1
#2  0xc06a4d6c in panic (fmt=0xc096ba63 "%s")
    at /usr/src/sys/kern/kern_shutdown.c:565
	td = (struct thread *) 0xc5dc0780
	bootopt = 260
	newpanic = 0
	ap = 0xc5dc0780 "H6ÜĹŔYEĹ"
	buf = "page fault", '\0' <repeats 245 times>
#3  0xc090d0d4 in trap_fatal (frame=0xe8583af8, eva=0)
    at /usr/src/sys/i386/i386/trap.c:838
	code = 40
	ss = 40
	esp = 0
	type = 12
	softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, 
  ssd_dpl = 0, ssd_p = 1, ssd_xx = 6, ssd_xx1 = 3, ssd_def32 = 1, 
  ssd_gran = 1}
	msg = 0x0
#4  0xc090ce3b in trap_pfault (frame=0xe8583af8, usermode=0, eva=0)
    at /usr/src/sys/i386/i386/trap.c:745
	va = 0
	vm = (struct vmspace *) 0x0
	map = 0xc5fbc000
	rv = 1
	ftype = 1 '\001'
	td = (struct thread *) 0xc5dc0780
	p = (struct proc *) 0xc5dc3648
#5  0xc090ca79 in trap (frame=
      {tf_fs = 8, tf_es = 40, tf_ds = -983498712, tf_edi = -396870780,
tf_esi = -396870780, tf_ebp = -396870848, tf_isp = -396870876, tf_ebx =
-972494912, tf_edx = -975435904, tf_ecx = 0, tf_eax = 0, tf_trapno = 12,
tf_err = 0, tf_eip = -1066321281, tf_cs = 32, tf_eflags = 66183, tf_esp =
-396870780, tf_ss = -985987072}) at /usr/src/sys/i386/i386/trap.c:435
	td = (struct thread *) 0xc5dc0780
	p = (struct proc *) 0xc5dc3648
	sticks = 3314033776
	type = 12
	i = 0
	ucode = 0
	code = 0
	eva = 0
#6  0xc08f9f0a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
No locals.
#7  0xc0713a7f in if_findmulti (ifp=0x0, sa=0xe8583b84)
    at /usr/src/sys/net/if.c:1893
	ifma = (struct ifmultiaddr *) 0xc608e7c0
#8  0xc0713c1f in if_addmulti (ifp=0xc53b0800, sa=0xe8583b84, 
    retifma=0xe8583b80) at /usr/src/sys/net/if.c:2001
	ifma = (struct ifmultiaddr *) 0xe8583b84
	ll_ifma = (struct ifmultiaddr *) 0xc5dc0780
	llsa = (struct sockaddr *) 0xe8583b64
	error = -987328256
#9  0xc073f6bb in in_addmulti (ap=0xe8583bb8, ifp=0xc53b0800)
    at /usr/src/sys/netinet/in.c:982
	inm = (struct in_multi *) 0xe8583b84
	error = 0
	sin = {sin_len = 16 '\020', sin_family = 2 '\002', sin_port = 0, 
  sin_addr = {s_addr = 4024369120}, sin_zero =
"\000\000\000\000\000\000\000"}
	ifma = (struct ifmultiaddr *) 0xc58a3d5c
#10 0xc0748898 in ip_setmoptions (inp=0xc58a3d5c, sopt=0xc5dc0780)
    at /usr/src/sys/netinet/ip_output.c:1897
	error = 0
	i = 0
	addr = {s_addr = 0}
	mreq = {imr_multiaddr = {s_addr = 4024369120}, imr_interface = {
    s_addr = 0}}
	ifp = (struct ifnet *) 0xc53b0800
	imo = (struct ip_moptions *) 0xc552c200
	ro = {ro_rt = 0x0, ro_dst = {sa_len = 16 '\020', 
    sa_family = 2 '\002', 
    sa_data = "\000\000ŕ˙Ţď\000\000\000\000\000\000\000"}}
	ifindex = -975435904
#11 0xc0747cc7 in ip_ctloutput_pcbinfo (so=0xc60469bc, sopt=0xe8583c90, 
    pcbinfo=0xc0a746a0) at /usr/src/sys/netinet/ip_output.c:1314
	inp = (struct inpcb *) 0xc58a3d5c
	error = 0
	optval = 0
#12 0xc0747f74 in ip_ctloutput (so=0xc60469bc, sopt=0xe8583c90)
    at /usr/src/sys/netinet/ip_output.c:1516
No locals.
#13 0xc06dfcf0 in sosetopt (so=0xc60469bc, sopt=0xe8583c90)
    at /usr/src/sys/kern/uipc_socket.c:1575
	error = -975435904
	optval = -1048225976
	l = {l_onoff = -396870524, l_linger = 0}
	tv = {tv_sec = -1066137227, tv_usec = -1048309760}
	val = 0
#14 0xc06e5071 in kern_setsockopt (td=0xc5dc0780, s=4, level=0, name=0, 
    val=0x0, valseg=UIO_USERSPACE, valsize=3319531392)
    at /usr/src/sys/kern/uipc_syscalls.c:1351
	error = 0
	fp = (struct file *) 0xc5d77c60
	sopt = {sopt_dir = SOPT_SET, sopt_level = 0, sopt_name = 12, 
  sopt_val = 0xbfbfe584, sopt_valsize = 8, sopt_td = 0xc5dc0780}
#15 0xc06e4f92 in setsockopt (td=0xc5dc0780, uap=0x0)
    at /usr/src/sys/kern/uipc_syscalls.c:1307
No locals.
#16 0xc090d3eb in syscall (frame=
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134598976, tf_esi =
47000, tf_ebp = -1077942872, tf_isp = -396870300, tf_ebx = -1077942896,
tf_edx = -270598176, tf_ecx = 23, tf_eax = 105, tf_trapno = 12, tf_err = 2,
tf_eip = 672253131, tf_cs = 51, tf_eflags = 658, tf_esp = -1077942980, tf_ss
= 59})
    at /usr/src/sys/i386/i386/trap.c:984
	params = 0xbfbfe540 <Address 0xbfbfe540 out of bounds>
	callp = (struct sysent *) 0xc09fca4c
	td = (struct thread *) 0xc5dc0780
	p = (struct proc *) 0xc5dc3648
	orig_tf_eflags = 658
	sticks = 0
	error = 0
	narg = 5
	args = {4, 0, 12, -1077942908, 8, 0, 0, -975423928}
	code = 105
#17 0xc08f9f5f in Xint0x80_syscall ()
    at /usr/src/sys/i386/i386/exception.s:200
No locals.
#18 0x00000033 in ?? ()
No symbol table info available.
(kgdb) up 7
#7  0xc0713a7f in if_findmulti (ifp=0x0, sa=0xe8583b84)
    at /usr/src/sys/net/if.c:1893
1893				if (sa_equal(ifma->ifma_addr, sa))
(kgdb) p ifma->ifma_addr
$1 = (struct sockaddr *) 0x0
(kgdb) p *ifma
$2 = {ifma_link = {tqe_next = 0x306d65, tqe_prev = 0x0}, ifma_addr = 0x0, 
  ifma_lladdr = 0x0, ifma_ifp = 0x8843, ifma_refcount = 0, 
  ifma_protospec = 0x0}
$3 = (struct sockaddr *) 0xe8583b84
(kgdb) p *sa
$4 = {sa_len = 16 '\020', sa_family = 2 '\002', 
  sa_data = "\000\000ŕ˙Ţď\000\000\000\000\000\000\000"}
(kgdb) q

More information about the freebsd-stable mailing list