kern/96413: FreeBSD 6.1-RC Kernel Panic

Andrew Kolchoogin andrew at rinet.ru
Wed May 10 15:30:48 UTC 2006 

The following reply was made to PR kern/96413; it has been noted by GNATS.

From: Andrew Kolchoogin <andrew at rinet.ru>
To: bug-followup at FreeBSD.org
Cc:  
Subject: Re: kern/96413: FreeBSD 6.1-RC Kernel Panic
Date: Wed, 10 May 2006 19:22:50 +0400

 6.1-RELEASE also affected with this bug:
 
 ===
 (kgdb) bt
 #0  doadump () at pcpu.h:165
 #1  0xc06a24f5 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:402
 #2  0xc06a27ff in panic (fmt=0xc092e22e "%s") at /usr/src/sys/kern/kern_shutdown.c:558
 #3  0xc08e0b8d in trap_fatal (frame=0xe3599ac8, eva=0) at /usr/src/sys/i386/i386/trap.c:836
 #4  0xc08e08ad in trap_pfault (frame=0xe3599ac8, usermode=0, eva=172) at /usr/src/sys/i386/i386/trap.c:744
 #5  0xc08e0477 in trap (frame=
       {tf_fs = 8, tf_es = 40, tf_ds = -985595864, tf_edi = -990918620, tf_esi = -977145856, tf_ebp = -480666832, tf_isp = -480666892, tf_ebx = 4, tf_edx = 0, tf_ecx = -995464960, tf_eax = -995464960, tf_trapno = 12, tf_err = 2, tf_eip = -1066003983, tf_cs
   = 32, tf_eflags = 66194, tf_esp = -977145856, tf_ss = 16}) at /usr/src/sys/i386/i386/trap.c:434
 #6  0xc08cdbda in calltrap () at /usr/src/sys/i386/i386/exception.s:139
 #7  0xc07611f1 in tcp_timewait (tw=0xc5c1f000, to=0xe3599bf8, th=0xc4efc824, m=0xc4aa6900, tlen=0) at atomic.h:149
 #8  0xc075def8 in tcp_input (m=0xc4ed1900, off0=20) at /usr/src/sys/netinet/tcp_input.c:762
 #9  0xc0755cf7 in ip_input (m=0xc4ed1900) at /usr/src/sys/netinet/ip_input.c:786
 #10 0xc072ce87 in netisr_processqueue (ni=0xc0a23758) at /usr/src/sys/net/netisr.c:236
 #11 0xc072d0d4 in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:349
 #12 0xc0689ac0 in ithread_execute_handlers (p=0xc4aa5830, ie=0xc4aa4580) at /usr/src/sys/kern/kern_intr.c:684
 #13 0xc0689c0a in ithread_loop (arg=0xc4a896a0) at /usr/src/sys/kern/kern_intr.c:767
 #14 0xc06886e4 in fork_exit (callout=0xc0689ba7 <ithread_loop>, arg=0xc4aa6900, frame=0xc4aa6900) at /usr/src/sys/kern/kern_fork.c:805
 #15 0xc08cdc3c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208
 (kgdb) x/a 0xc5c1f000
 0xc5c1f000:     0x0
 (kgdb)
 ===
 
     The first element of struct tcptw is a pointer to struct inpcb. As we
 could see, it is NULL in our case. Null pointer dereference => kernel panic.
 -- 
     Yours
         Andrew Kolchoogin.                              [DREW-RIPE, AKOL-RIPN]
 
 GOD#killall -KILL lifed && dd if=/dev/zero of=/dev/world; cd /src/world && make deinstall && make distclean && cat /patches/world0.01-0.59.patch | patch -p0 && make world && make installworld && /etc/rc.d/lifed start (C) someoneelse

More information about the freebsd-bugs mailing list