kern/104569: panic w/zebra

Mark Kamichoff prox at prolixium.com
Sun Mar 11 12:50:07 UTC 2007 

The following reply was made to PR kern/104569; it has been noted by GNATS.

From: Mark Kamichoff <prox at prolixium.com>
To: Kris Kennaway <kris at obsecurity.org>
Cc: freebsd-gnats-submit at FreeBSD.org
Subject: Re: kern/104569: panic w/zebra
Date: Sun, 11 Mar 2007 08:30:17 -0400

 --TB36FDmn/VVEgNH/
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 On Sun, Mar 11, 2007 at 05:27:09AM -0400, Kris Kennaway wrote:
 > On Tue, Mar 06, 2007 at 06:20:08PM +0000, Mark Kamichoff wrote:
 >=20
 > >  This happens with zebra-0.95a, too, same thing:
 > > =20
 > >  Fatal trap 12: page fault while in kernel mode
 > >  fault virtual address   =3D3D 0x78
 > >  fault code              =3D3D supervisor read, page not present
 > >  instruction pointer     =3D3D 0x20:0xc0555579
 > >  stack pointer           =3D3D 0x28:0xdea4ba64
 > >  frame pointer           =3D3D 0x28:0xdea4ba68
 > >  code segment            =3D3D base 0x0, limit 0xfffff, type 0x1b
 > >                          =3D3D DPL 0, pres 1, def32 1, gran 1
 > >  processor eflags        =3D3D resume, IOPL =3D3D 0
 > >  current process         =3D3D 9454 (zebra)
 > >  trap number             =3D3D 12
 > >  panic: page fault
 >=20
 > Please obtain a debugging traceback as documented in the developers
 > handbook chapter on kernel debugging.  This information is required to
 > proceed further.
 
 http://www.freebsd.org/cgi/query-pr.cgi?pr=3D104569
 
 I have included several tracebacks in the PR.  Here is the most current
 one:
 
 Fatal trap 12: page fault while in kernel mode
 fault virtual address =3D 0x78
 fault code =3D supervisor read, page not present
 instruction pointer =3D 0x20:0xc0554bcb
 stack pointer =3D 0x28:0xdea8ea64
 frame pointer =3D 0x28:0xdea8ea68
 code segment =3D base 0x0, limit 0xfffff, type 0x1b
 =3D DPL 0, pres 1, def32 1, gran 1
 processor eflags =3D resume, IOPL =3D 0
 current process =3D 1548 (zebra)
 trap number =3D 12
 panic: page fault
 Uptime: 2d5h52m33s
 Dumping 510 MB (2 chunks)
 chunk 0: 1MB (159 pages) ... ok
 chunk 1: 510MB (130544 pages) 494 478 462 446 430 414 398 382 366 350 334 3=
 18 302 286 270 254 238 222 206 190 174 158 142 126 110 94 78 62 46 30 14
 
 #0 doadump () at pcpu.h:165
 165 __asm __volatile("movl %%fs:0,%0" : "=3Dr" (td));
 (kgdb) bt
 #0 doadump () at pcpu.h:165
 #1 0xc052f46e in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:409
 #2 0xc052f778 in panic (fmt=3D0xc0709d51 "%s") at /usr/src/sys/kern/kern_sh=
 utdown.c:565
 #3 0xc06e5d2d in trap_fatal (frame=3D0xdea8ea24, eva=3D0) at /usr/src/sys/i=
 386/i386/trap.c:837
 #4 0xc06e5445 in trap (frame=3D
 {tf_fs =3D -629538808, tf_es =3D -1066139608, tf_ds =3D 40, tf_edi =3D -101=
 5486796, tf_esi =3D -1014488704, tf_ebp =3D -559355288, tf_isp =3D -5593553=
 12, tf_ebx =3D -1015492032, tf_edx =3D -1014488704, tf_ecx =3D 4, tf_eax =
 =3D 4, tf_trapno =3D 12, tf_err =3D 0, tf_eip =3D -1068151861, tf_cs =3D 32=
 , tf_eflags =3D 65543, tf_esp =3D -1014488704, tf_ss =3D -559355252}) at /u=
 sr/src/sys/i386/i386/trap.c:270
 #5 0xc06d27ca in calltrap () at /usr/src/sys/i386/i386/exception.s:139
 #6 0xc0554bcb in turnstile_setowner (ts=3D0xc378d240, owner=3D0x4)
 at /usr/src/sys/kern/subr_turnstile.c:432
 #7 0xc0554ef7 in turnstile_wait (lock=3D0xc38c6504, owner=3D0x4)
 at /usr/src/sys/kern/subr_turnstile.c:591
 #8 0xc0524ddb in _mtx_lock_sleep (m=3D0xc38c6504, tid=3D3280478592, opts=3D=
 0, file=3D0x0, line=3D0)
 at /usr/src/sys/kern/kern_mutex.c:579
 #9 0xc05bcb44 in rtrequest1 (req=3D2, info=3D0xdea8eb24, ret_nrt=3D0xdea8eb=
 10)
 at /usr/src/sys/net/route.c:703
 #10 0xc05be7e5 in route_output (m=3D0xc55fa800, so=3D0xc3553164) at /usr/sr=
 c/sys/net/rtsock.c:391
 #11 0xc05bbb12 in raw_usend (so=3D0x4, flags=3D0, m=3D0xc3882180, nam=3D0x0=
 , control=3D0x4,
 td=3D0xc3882180) at /usr/src/sys/net/raw_usrreq.c:263
 #12 0xc05be457 in rts_send (so=3D0x4, flags=3D4, m=3D0x4, nam=3D0x4, contro=
 l=3D0x4, td=3D0x4)
 at /usr/src/sys/net/rtsock.c:269
 #13 0xc057136c in sosend (so=3D0xc3553164, addr=3D0x0, uio=3D0xdea8ecb0, to=
 p=3D0xc55fa800,
 control=3D0x0, flags=3D0, td=3D0xc3882180) at /usr/src/sys/kern/uipc_socket=
 =2Ec:836
 #14 0xc055d2b8 in soo_write (fp=3D0x4, uio=3D0xdea8ecb0, active_cred=3D0xc3=
 3d2c00, flags=3D0,
 td=3D0xc3882180) at /usr/src/sys/kern/sys_socket.c:118
 #15 0xc05569e0 in dofilewrite (td=3D0xc3882180, fd=3D4, fp=3D0xc37b0c18, au=
 io=3D0xdea8ecb0, offset=3DUnhandled dwarf expression opcode 0x93
 )
 at file.h:252
 #16 0xc0556817 in kern_writev (td=3D0xc3882180, fd=3D6, auio=3D0x4)
 at /usr/src/sys/kern/sys_generic.c:402
 ---Type <return> to continue, or q <return> to quit---
 #17 0xc05566e9 in write (td=3D0x4, uap=3D0x4) at /usr/src/sys/kern/sys_gene=
 ric.c:326
 #18 0xc06e60e3 in syscall (frame=3D
 {tf_fs =3D 672006203, tf_es =3D 672006203, tf_ds =3D -1078001605, tf_edi =
 =3D -1077941792, tf_esi =3D -1077942328, tf_ebp =3D -1077941864, tf_isp =3D=
  -559354524, tf_ebx =3D 20, tf_edx =3D -1077942496, tf_ecx =3D 0, tf_eax =
 =3D 4, tf_trapno =3D 0, tf_err =3D 2, tf_eip =3D 673045383, tf_cs =3D 51, t=
 f_eflags =3D 514, tf_esp =3D -1077942516, tf_ss =3D 59}) at /usr/src/sys/i3=
 86/i386/trap.c:983
 #19 0xc06d281f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s=
 :200
 #20 0x00000033 in ?? ()
 Previous frame inner to this frame (corrupt stack?)
 (kgdb)
 
 - Mark
 
 --=20
 Mark Kamichoff
 prox at prolixium.com
 http://prolixium.com/
 Rensselaer Polytechnic Institute, Class of 2004
 
 --TB36FDmn/VVEgNH/
 Content-Type: application/pgp-signature; name="signature.asc"
 Content-Description: Digital signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.6 (GNU/Linux)
 
 iD8DBQFF8/ZZ0TYC9KtF8BMRAle4AJ94XjxVJ2w/164irMiKWBNAn/BUWACbBQoH
 CQHZdEJuPB3PFXHKttUxBfo=
 =jORy
 -----END PGP SIGNATURE-----
 
 --TB36FDmn/VVEgNH/--

More information about the freebsd-bugs mailing list