kern/121181: Fatal trap 3: breakpoint instruction fault while in
kernel mode, rtfree: NULL rnh
Oleksandr V. Typlyns'kyi
astral at sputnikmedia.net
Thu Feb 28 18:00:02 UTC 2008
>Number: 121181
>Category: kern
>Synopsis: Fatal trap 3: breakpoint instruction fault while in kernel mode, rtfree: NULL rnh
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Feb 28 18:00:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Oleksandr V. Typlyns'kyi
>Release: 6.3-RELEASE
>Organization:
Bigmir-Internet
>Environment:
FreeBSD g1.sputnikmedia.net 6.3-RELEASE FreeBSD 6.3-RELEASE #1: Sun Jan 27 12:23:56 EET 2008 root at g1.sputnikmedia.net:/usr/obj/usr/src/sys/G1 i386
>Description:
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
panic: rtfree: NULL rnh
cpuid = 7
Uptime: 21d5h5m43s
Dumping 2046 MB (2 chunks)
chunk 0: 1MB (156 pages) ... ok
chunk 1: 2047MB (523872 pages) 2031 2015 1999 1983 1967 1951 1935 1919 1903 1887 1871 1855 1839 1823 1807 1791 1775 1759 1743 1727 1711 1695 1679 1663 1647 1631 1615 1599 1583 1567 1551 1535 1519 1503 1487 1471 1455 1439 1423 1407 1391 1375 1359 1343 1327 1311 1295 1279 1263 1247 1231 1215 1199 1183 1167 1151 1135 1119 1103 1087 1071 1055 1039 1023 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc04f225a in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
first_buf_printf = 1
#2 0xc04f260b in panic (fmt=0xc069b980 "rtfree: NULL rnh") at /usr/src/sys/kern/kern_shutdown.c:565
td = (struct thread *) 0xc6382600
bootopt = 260
newpanic = 0
ap = 0xc6382600 ""
buf = "rtfree: NULL rnh", '\0' <repeats 239 times>
#3 0xc05808e7 in rtfree (rt=0xc6161c00) at /usr/src/sys/net/route.c:240
rnh = (struct radix_node_head *) 0x0
#4 0xc0598aa3 in ip_output (m=0xca97be00, opt=0xc6161c00, ro=0xe9753a80, flags=0, imo=0x0, inp=0xca17f168) at /usr/src/sys/netinet/ip_output.c:835
ip = (struct ip *) 0xca97be40
ifp = (struct ifnet *) 0xc6161c00
m0 = (struct mbuf *) 0x1
hlen = 20
len = -969398784
error = 0
dst = (struct sockaddr_in *) 0xe9753a84
ia = (struct in_ifaddr *) 0xc62af300
isbroadcast = 0
sw_csum = 1
iproute = {ro_rt = 0xc644a000, ro_dst = {sa_len = 16 '\020', sa_family = 2 '\002', sa_data = "\000\000\177\000\000\001\000\000\000\000\000\000\000"}}
odst = {s_addr = 1}
fwd_tag = (struct m_tag *) 0x0
#5 0xc05a2ce0 in tcp_output (tp=0xcc7d01d0) at /usr/src/sys/netinet/tcp_output.c:1080
so = (struct socket *) 0xccb2e2c8
len = 43
recwin = 71680
sendwin = -896025004
off = 0
flags = 24
error = 0
m = (struct mbuf *) 0xca97be00
ip = (struct ip *) 0xca97be40
th = (struct tcphdr *) 0xca97be54
opt = "\001\001\b\nm<\203╦m<\203f\220Ц╡л\000М╘м\000\000\000\000\220Ц╡л`;uИНаSю\220Ц╡л"
ipoptlen = 0
optlen = 12
hdrlen = 52
idle = 1
sendalot = 0
i = -378193104
sack_rxmit = 0
sack_bytes_rxmt = 0
p = (struct sackhole *) 0x0
#6 0xc05a997f in tcp_usr_send (so=0xccb2e2c8, flags=0, m=0xcda9ed00, nam=0x0, control=0x0, td=0xc6382600) at /usr/src/sys/netinet/tcp_usrreq.c:698
error = 0
inp = (struct inpcb *) 0xca17f168
tp = (struct tcpcb *) 0xcc7d01d0
unlocked = 1
#7 0xc0538024 in sosend (so=0xccb2e2c8, addr=0x0, uio=0xe9753c34, top=0xcda9ed00, control=0x0, flags=128, td=0xc6382600)
at /usr/src/sys/kern/uipc_socket.c:836
mp = (struct mbuf **) 0xcda9ed00
m = (struct mbuf *) 0xcda9ed00
space = 71637
len = 43
resid = 0
clen = -844501760
error = 0
dontroute = 0
atomic = 0
#8 0xc053eb94 in kern_sendit (td=0xc6382600, s=16, mp=0xe9753cb0, flags=128, control=0x0, segflg=UIO_USERSPACE) at /usr/src/sys/kern/uipc_syscalls.c:772
fp = (struct file *) 0xca7a18b8
auio = {uio_iov = 0xe9753ca8, uio_iovcnt = 1, uio_offset = 43, uio_resid = 0, uio_segflg = UIO_USERSPACE, uio_rw = UIO_WRITE, uio_td = 0xc6382600}
iov = (struct iovec *) 0x0
so = (struct socket *) 0xccb2e2c8
i = 0
len = 43
error = 0
ktruio = (struct uio *) 0x0
#9 0xc053ea1d in sendit (td=0x0, s=0, mp=0xe9753cb0, flags=0) at /usr/src/sys/kern/uipc_syscalls.c:712
control = (struct mbuf *) 0x0
to = (struct sockaddr *) 0x0
error = -941752320
#10 0xc053ed8a in sendto (td=0x0, uap=0x0) at /usr/src/sys/kern/uipc_syscalls.c:830
msg = {msg_name = 0x0, msg_namelen = 0, msg_iov = 0xe9753ca8, msg_iovlen = 1, msg_control = 0x0, msg_controllen = 3353214976, msg_flags = 0}
aiov = {iov_base = 0x81a4bc7, iov_len = 0}
error = 0
#11 0xc06682db in syscall (frame=
{tf_fs = 134873147, tf_es = 138805307, tf_ds = -1078001605, tf_edi = 137779712, tf_esi = 43, tf_ebp = -1077943256, tf_isp = -378192540, tf_ebx = 1748313312, tf_edx = 43, tf_ecx = 128, tf_eax = 133, tf_trapno = 22, tf_err = 2, tf_eip = 1748138419, tf_cs = 51, tf_eflags = 2097798, tf_esp = -1077943300, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:984
params = 0xbfbfe400 <Address 0xbfbfe400 out of bounds>
callp = (struct sysent *) 0xc06bbf1c
td = (struct thread *) 0xc6382600
p = (struct proc *) 0xc7de0000
orig_tf_eflags = 2097798
sticks = 4670
error = 0
narg = 6
args = {16, 135941020, 43, 128, 0, 0, 4670, -941752320}
code = 133
#12 0xc065074f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200
No locals.
#13 0x00000033 in ?? ()
No symbol table info available.
Previous frame inner to this frame (corrupt stack?)
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
pid 803 (nginx): trap 3 with interrupts disabled
Fatal trap 3: breakpoint instruction fault while in kernel mode
cpuid = 7; apic id = 07
instruction pointer = 0x20:0xc6161c02
stack pointer = 0x28:0xe8d02a48
frame pointer = 0x28:0xc057ae36
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, IOPL = 0
current process = 803 (nginx)
trap number = 3
panic: breakpoint instruction fault
cpuid = 7
Uptime: 3d0h51m43s
Dumping 2046 MB (2 chunks)
chunk 0: 1MB (156 pages) ... ok
chunk 1: 2047MB (523872 pages) 2031 2015 1999 1983 1967 1951 1935 1919 1903 1887 1871 1855 1839 1823 1807 1791 1775 1759 1743 1727 1711 1695 1679 1663 1647 1631 1615 1599 1583 1567 1551 1535 1519 1503 1487 1471 1455 1439 1423 1407 1391 1375 1359 1343 1327 1311 1295 1279 1263 1247 1231 1215 1199 1183 1167 1151 1135 1119 1103 1087 1071 1055 1039 1023 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc04f225a in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
first_buf_printf = 1
#2 0xc04f260b in panic (fmt=0xc068bbeb "%s") at /usr/src/sys/kern/kern_shutdown.c:565
td = (struct thread *) 0xc6508a80
bootopt = 260
newpanic = 0
ap = 0xc6508a80 "`x║ф\200\207\022ф"
buf = "breakpoint instruction fault", '\0' <repeats 227 times>
#3 0xc0667ef4 in trap_fatal (frame=0xe8d02a08, eva=0) at /usr/src/sys/i386/i386/trap.c:838
code = 40
ss = 40
esp = 0
type = 3
softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_xx = 0, ssd_xx1 = 0, ssd_def32 = 1, ssd_gran = 1}
msg = 0x0
#4 0xc0667954 in trap (frame=
{tf_fs = 8, tf_es = 40, tf_ds = -971636696, tf_edi = -921215424, tf_esi = 1, tf_ebp = -1067995594, tf_isp = -389010892, tf_ebx = -967585792, tf_edx = 33554432, tf_ecx = -921215488, tf_eax = -971661055, tf_trapno = 3, tf_err = 0, tf_eip = -971629566, tf_cs = 32, tf_eflags = 642, tf_esp = -967585792, tf_ss = -971661056}) at /usr/src/sys/i386/i386/trap.c:632
td = (struct thread *) 0xc6508a80
p = (struct proc *) 0xc6a17860
sticks = 3226981421
type = 3
i = 0
ucode = 0
code = 0
eva = 0
#5 0xc06506fa in calltrap () at /usr/src/sys/i386/i386/exception.s:139
No locals.
#6 0xc6161c02 in ?? ()
No symbol table info available.
Previous frame inner to this frame (corrupt stack?)
>How-To-Repeat:
Don'k know.
System crash twice at this point:
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list