amd64/184601: Panic on 10-BETA4 when using mpd5
Viktor Velichkin
avisom at yandex.ru
Sun Dec 8 19:20:01 UTC 2013
>Number: 184601
>Category: amd64
>Synopsis: Panic on 10-BETA4 when using mpd5
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-amd64
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Dec 08 19:20:01 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Viktor Velichkin
>Release: 10.0-BETA4
>Organization:
>Environment:
FreeBSD 10.0-BETA4 #1 r258815: Mon Dec 2 09:55:54 MSK 2013 /usr/obj/usr/src/sys/GENERIC amd64
>Description:
Problem appears when I installed mpd5 and try to use this host as PPtP concetrator. Problem appears stable, 5-10 minutes after start of accepting pptp connections. And after third panic I move service on another host.
There are backtrace and other information below:
root at bell:/usr/obj/usr/src/sys/GENERIC # kgdb kernel.debug /var/crash/vmcore.0
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 04
fault virtual address = 0x18
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff809180f0
stack pointer = 0x28:0xfffffe0121bca380
frame pointer = 0x28:0xfffffe0121bca3b0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 17876 (ng_queue2)
trap number = 12
panic: page fault
cpuid = 2
KDB: stack backtrace:
#0 0xffffffff808e7cc0 at kdb_backtrace+0x60
#1 0xffffffff808af7a5 at panic+0x155
#2 0xffffffff80c8e4c2 at trap_fatal+0x3a2
#3 0xffffffff80c8e799 at trap_pfault+0x2c9
#4 0xffffffff80c8df26 at trap+0x5e6
#5 0xffffffff80c751c2 at calltrap+0x8
#6 0xffffffff809d3655 at ip_forward+0x1d5
#7 0xffffffff809d345d at ip_input+0x63d
#8 0xffffffff80974cbe at netisr_dispatch_src+0x5e
#9 0xffffffff81a336c2 at ng_iface_rcvdata+0xf2
#10 0xffffffff81a1c040 at ng_apply_item+0x210
#11 0xffffffff81a1bc63 at ng_snd_item+0x383
#12 0xffffffff81a1c040 at ng_apply_item+0x210
#13 0xffffffff81a1bc63 at ng_snd_item+0x383
#14 0xffffffff81a3a0ea at ng_ppp_comp_recv+0xfa
#15 0xffffffff81a38edc at ng_ppp_rcvdata+0x22c
#16 0xffffffff81a1c040 at ng_apply_item+0x210
#17 0xffffffff81a1bc63 at ng_snd_item+0x383
Uptime: 49m29s
Dumping 413 out of 4064 MB:..4%..12%..24%..31%..43%..51%..62%..74%..82%..93%
Reading symbols from /boot/kernel/ums.ko.symbols...done.
Loaded symbols for /boot/kernel/ums.ko.symbols
Reading symbols from /boot/kernel/ng_socket.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_socket.ko.symbols
Reading symbols from /boot/kernel/netgraph.ko.symbols...done.
Loaded symbols for /boot/kernel/netgraph.ko.symbols
Reading symbols from /boot/kernel/ng_mppc.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_mppc.ko.symbols
Reading symbols from /boot/kernel/rc4.ko.symbols...done.
Loaded symbols for /boot/kernel/rc4.ko.symbols
Reading symbols from /boot/kernel/ng_tee.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_tee.ko.symbols
Reading symbols from /boot/kernel/ng_pptpgre.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_pptpgre.ko.symbols
Reading symbols from /boot/kernel/ng_ksocket.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_ksocket.ko.symbols
Reading symbols from /boot/kernel/ng_iface.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_iface.ko.symbols
Reading symbols from /boot/kernel/ng_ppp.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_ppp.ko.symbols
Reading symbols from /boot/kernel/ng_tcpmss.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_tcpmss.ko.symbols
Reading symbols from /boot/kernel/ng_l2tp.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_l2tp.ko.symbols
#0 doadump (textdump=<value optimized out>) at pcpu.h:219
219 __asm("movq %%gs:%1,%0" : "=r" (td)
(kgdb) list 0xffffffff809180f0
Function "0xffffffff809180f0" not defined.
(kgdb) list 0x20:0xffffffff809180f0
No source file named 0x20.
(kgdb) backtrace
#0 doadump (textdump=<value optimized out>) at pcpu.h:219
#1 0xffffffff808af420 in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:447
#2 0xffffffff808af7e4 in panic (fmt=<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:754
#3 0xffffffff80c8e4c2 in trap_fatal (frame=<value optimized out>, eva=<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:882
#4 0xffffffff80c8e799 in trap_pfault (frame=0xfffffe0121bca2d0, usermode=0) at /usr/src/sys/amd64/amd64/trap.c:699
#5 0xffffffff80c8df26 in trap (frame=0xfffffe0121bca2d0) at /usr/src/sys/amd64/amd64/trap.c:463
#6 0xffffffff80c751c2 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:232
#7 0xffffffff809180f0 in m_copydata (m=<value optimized out>, off=<value optimized out>, len=<value optimized out>, cp=<value optimized out>)
at /usr/src/sys/kern/uipc_mbuf.c:881
#8 0xffffffff809d3655 in ip_forward (m=0xfffff8001ca37700, srcrt=0) at /usr/src/sys/netinet/ip_input.c:1437
#9 0xffffffff809d345d in ip_input (m=0xfffff8001ca37700) at /usr/src/sys/netinet/ip_input.c:710
#10 0xffffffff80974cbe in netisr_dispatch_src (proto=<value optimized out>, source=<value optimized out>, m=0x0)
at /usr/src/sys/net/netisr.c:972
#11 0xffffffff81a336c2 in ng_iface_rcvdata (hook=<value optimized out>, item=<value optimized out>)
at /usr/src/sys/modules/netgraph/iface/../../../netgraph/ng_iface.c:780
#12 0xffffffff81a1c040 in ng_apply_item (node=0xfffff800909eb500, item=0xfffff8012062be00, rw=0)
at /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2397
#13 0xffffffff81a1bc63 in ng_snd_item (item=0xfffff8012062be00, flags=<value optimized out>)
at /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2314
#14 0xffffffff81a1c040 in ng_apply_item (node=0xfffff8004f7cac00, item=0xfffff8012062be00, rw=0)
at /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2397
#15 0xffffffff81a1bc63 in ng_snd_item (item=0xfffff8012062be00, flags=<value optimized out>)
at /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2314
#16 0xffffffff81a3a0ea in ng_ppp_comp_recv (node=<value optimized out>, item=<value optimized out>, proto=<value optimized out>,
linkNum=<value optimized out>) at /usr/src/sys/modules/netgraph/ppp/../../../netgraph/ng_ppp.c:1047
#17 0xffffffff81a38edc in ng_ppp_rcvdata (hook=<value optimized out>, item=0xfffff8012062be00)
at /usr/src/sys/modules/netgraph/ppp/../../../netgraph/ng_ppp.c:1522
#18 0xffffffff81a1c040 in ng_apply_item (node=0xfffff80090159500, item=0xfffff8012062be00, rw=0)
at /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2397
#19 0xffffffff81a1bc63 in ng_snd_item (item=0xfffff8012062be00, flags=<value optimized out>)
at /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2314
#20 0xffffffff81a1c040 in ng_apply_item (node=0xfffff8004ff0a700, item=0xfffff8012062be00, rw=0)
at /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2397
#21 0xffffffff81a1bc63 in ng_snd_item (item=0xfffff8012062be00, flags=<value optimized out>)
---Type <return> to continue, or q <return> to quit---
at /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2314
#22 0xffffffff81a2c26f in ng_pptpgre_rcvdata_lower (hook=<value optimized out>, item=0xfffff8001c9188d5)
at /usr/src/sys/modules/netgraph/pptpgre/../../../netgraph/ng_pptpgre.c:811
#23 0xffffffff81a1c040 in ng_apply_item (node=0xfffff8004f7ed100, item=0xfffff8012062be00, rw=0)
at /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2397
#24 0xffffffff81a1bc63 in ng_snd_item (item=0xfffff8012062be00, flags=<value optimized out>)
at /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2314
#25 0xffffffff81a2f3f9 in ng_ksocket_incoming2 (node=0xfffff8004fd71a00, hook=<value optimized out>, arg1=0xfffff801206ce828, arg2=0)
at /usr/src/sys/modules/netgraph/ksocket/../../../netgraph/ng_ksocket.c:1158
#26 0xffffffff81a1bee6 in ng_apply_item (node=0xfffff8004fd71a00, item=0xfffff801206bd300, rw=1)
at /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2468
#27 0xffffffff81a1db9d in ngthread (arg=<value optimized out>) at /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:3432
#28 0xffffffff808819fa in fork_exit (callout=0xffffffff81a1d9e0 <ngthread>, arg=0x0, frame=0xfffffe0121bcac00)
at /usr/src/sys/kern/kern_fork.c:995
#29 0xffffffff80c756fe in fork_trampoline () at /usr/src/sys/amd64/amd64/exception.S:606
#30 0x0000000000000000 in ?? ()
(kgdb) frame 8
#8 0xffffffff809d3655 in ip_forward (m=0xfffff8001ca37700, srcrt=0) at /usr/src/sys/netinet/ip_input.c:1437
1437 m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t));
Current language: auto; currently minimal
(kgdb) l
1432 mcopy = NULL;
1433 }
1434 if (mcopy != NULL) {
1435 mcopy->m_len = min(ntohs(ip->ip_len), M_TRAILINGSPACE(mcopy));
1436 mcopy->m_pkthdr.len = mcopy->m_len;
1437 m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t));
1438 }
1439
1440 #ifdef IPSTEALTH
1441 if (!V_ipstealth) {
(kgdb) p m
$1 = (struct mbuf *) 0xfffff8001ca37700
(kgdb) p *m
$2 = {m_hdr = {mh_next = 0xfffff8001cbe8400, mh_nextpkt = 0x0, mh_data = 0xfffff8001ca377a4 "E", mh_len = 92, mh_type = 1, mh_flags = 2},
M_dat = {MH = {MH_pkthdr = {rcvif = 0xfffff80120723000, tags = {slh_first = 0x0}, len = 1450, flowid = 0, csum_flags = 50331648, fibnum = 0,
cosqos = 0 '\0', rsstype = 0 '\0', l2hlen = 0 '\0', l3hlen = 0 '\0', l4hlen = 0 '\0', l5hlen = 0 '\0', PH_per = {
eigth = "\000\000\000\000\000\000\000", sixteen = {0, 0, 0, 0}, thirtytwo = {0, 0}, sixtyfour = {0}, unintptr = {0}, ptr = 0x0},
PH_loc = {eigth = "\000\000\000\000\000\000\000", sixteen = {0, 0, 0, 0}, thirtytwo = {0, 0}, sixtyfour = {0}, unintptr = {0},
ptr = 0x0}}, MH_dat = {MH_ext = {ref_cnt = 0x1d0130000045, ext_buf = 0x200002207 <Address 0x200002207 out of bounds>,
ext_size = 98566144, ext_type = 0, ext_flags = 16776960, ext_free = 0xd071836facb80000, ext_arg1 = 0x8f358d8230400,
ext_arg2 = 0x66f905ce0045},
MH_databuf = "E\000\0000\001\035\000\000\a\"\000\000\002\000\000\000\000\000▒\005\000\000▒▒\000\000▒▒o\203q▒\000\004#▒X▒\b\000E\000▒\005▒f\000\000?/S▒\n\f\n▒\n\n\n\0030\001\210\v\005▒\033▒\000\003B▒▒\003\000!E\000\005▒r▒@\000?\006▒▒[▒\tpW▒\016\231\000P\004|▒y▒\006▒\f\0055P\020yp▒\027\000\000m▒\032▒o▒arZz▒▒d▒▒y\212#9CG#▒W\217\023\211pk▒b\224!▒▒\220+\202V0\210\016pZ▒ڮ▒\a\027▒"}},
M_databuf = "\0000r \001▒▒▒\000\000\000\000\000\000\000\000▒\005\000\000\000\000\000\000\000\000\000\003", '\0' <repeats 28 times>, "E\000\0000\001\035\000\000\a\"\000\000\002\000\000\000\000\000▒\005\000\000▒▒\000\000▒▒o\203q▒\000\004#▒X▒\b\000E\000▒\005▒f\000\000?/S▒\n\f\n▒\n\n\n\0030\001\210\v\005▒\033▒\000\003B▒▒\003\000!E\000\005▒r▒@\000?\006▒▒[▒\tpW▒\016\231\000P\004|▒y▒\006▒\f\0055P\020yp▒\027\000\000m▒\032▒o▒arZz▒▒d▒▒y\212#9CG#▒W\217\023\211pk▒b\224!▒▒\220+\202V0\210\016pZ▒"...}}
(kgdb) p m->M_dat.MH.MH_pkthdr.rcvif
$3 = (struct ifnet *) 0xfffff80120723000
(kgdb) p *m->M_dat.MH.MH_pkthdr.rcvif
$4 = {if_softc = 0xfffff80090e62780, if_l2com = 0x0, if_vnet = 0x0, if_link = {tqe_next = 0xfffff8012073a000, tqe_prev = 0xfffff801207be018},
if_xname = "ng28", '\0' <repeats 11 times>, if_dname = 0xffffffff81a34020 "ng", if_dunit = 28, if_refcount = 1, if_addrhead = {
tqh_first = 0xfffff800909e8800, tqh_last = 0xfffff8004fc0f0c0}, if_pcount = 0, if_carp = 0x0, if_bpf = 0xfffff80090417a80, if_index = 32,
if_index_reserved = 0, if_vlantrunk = 0x0, if_flags = 34961, if_capabilities = 0, if_capenable = 0, if_linkmib = 0x0, if_linkmiblen = 0,
if_data = {ifi_type = 53 '5', ifi_physical = 0 '\0', ifi_addrlen = 0 '\0', ifi_hdrlen = 0 '\0', ifi_link_state = 0 '\0', ifi_vhid = 0 '\0',
ifi_baudrate_pf = 0 '\0', ifi_datalen = 152 '\230', ifi_mtu = 1460, ifi_metric = 0, ifi_baudrate = 64000, ifi_ipackets = 213659,
ifi_ierrors = 0, ifi_opackets = 135695, ifi_oerrors = 0, ifi_collisions = 0, ifi_ibytes = 289518603, ifi_obytes = 6084398, ifi_imcasts = 0,
ifi_omcasts = 0, ifi_iqdrops = 0, ifi_noproto = 0, ifi_hwassist = 0, ifi_epoch = 2785, ifi_lastchange = {tv_sec = 1386521104,
tv_usec = 983942}}, if_multiaddrs = {tqh_first = 0xfffff8008f99e240, tqh_last = 0xfffff8009a1a0d40}, if_amcount = 0,
if_output = 0xffffffff81a33760 <ng_iface_output>, if_input = 0, if_start = 0xffffffff81a33980 <ng_iface_start>,
if_ioctl = 0xffffffff81a33ba0 <ng_iface_ioctl>, if_init = 0, if_resolvemulti = 0, if_qflush = 0xffffffff80967780 <if_qflush>,
if_transmit = 0xffffffff8096a260 <if_transmit>, if_reassign = 0, if_home_vnet = 0x0, if_addr = 0xfffff800909e8800, if_llsoftc = 0x0,
if_drv_flags = 64, if_snd = {ifq_head = 0x0, ifq_tail = 0x0, ifq_len = 0, ifq_maxlen = 50, ifq_drops = 0, ifq_mtx = {lock_object = {
lo_name = 0xfffff80120723028 "ng28", lo_flags = 16973824, lo_data = 0, lo_witness = 0x0}, mtx_lock = 4}, ifq_drv_head = 0x0,
ifq_drv_tail = 0x0, ifq_drv_len = 0, ifq_drv_maxlen = 50, altq_type = 0, altq_flags = 1, altq_disc = 0x0, altq_ifp = 0xfffff80120723000,
altq_enqueue = 0, altq_dequeue = 0, altq_request = 0, altq_clfier = 0x0, altq_classify = 0, altq_tbr = 0x0, altq_cdnr = 0x0},
if_broadcastaddr = 0x0, if_bridge = 0x0, if_label = 0x0, if_unused = {0x0, 0x0}, if_afdata = {0x0, 0x0, 0xfffff80120753e00,
0x0 <repeats 25 times>, 0xfffff8009a0274c0, 0x0 <repeats 13 times>}, if_afdata_initialized = 2, if_afdata_lock = {lock_object = {
lo_name = 0xffffffff80eeea00 "if_afdata", lo_flags = 86179840, lo_data = 0, lo_witness = 0x0}, rw_lock = 1}, if_linktask = {ta_link = {
stqe_next = 0x0}, ta_pending = 0, ta_priority = 0, ta_func = 0xffffffff80964a80 <do_link_state_change>, ta_context = 0xfffff80120723000},
if_addr_lock = {lock_object = {lo_name = 0xffffffff80eee9f3 "if_addr_lock", lo_flags = 86179840, lo_data = 0, lo_witness = 0x0},
rw_lock = 1}, if_clones = {le_next = 0x0, le_prev = 0x0}, if_groups = {tqh_first = 0xfffff8001c3516c0, tqh_last = 0xfffff8001c3516c8},
if_pf_kif = 0x0, if_lagg = 0x0, if_description = 0x0, if_fib = 0, if_alloctype = 53 '5', if_hw_tsomax = 65535, if_cspare = "\000\000",
if_ispare = {0, 0, 0, 0}, if_pspare = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
(kgdb)
>How-To-Repeat:
Try to use mpd5/PPtP on 10.0-BETA4 ? I don't actually now.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-amd64
mailing list