Kernel Fatal Trap 12

Thomas SOETE thomas at soete.info
Wed Apr 19 17:46:13 UTC 2006 

Hi everybody
Since a little time I began to have some kernel fatal trap 12
I had FreeBSD 5.3 and I decided to install 6.0 to avoid this problem 
(thinking that the bug was patched between these versions)
But after installing all, the kernel panic is still there

uname -a output :
FreeBSD freebsd 6.0-RELEASE-p6 FreeBSD 6.0-RELEASE-p6 #0: Mon Apr 17 
19:27:35 CEST 2006     root at freebsd:/usr/src/sys/i386/compile/TOMS  i386

where kgdb :
#0  doadump () at pcpu.h:165
#1  0xc04b4c76 in boot (howto=260) at ../../../kern/kern_shutdown.c:399
#2  0xc04b4f0c in panic (fmt=0xc05e963d "%s")
    at ../../../kern/kern_shutdown.c:555
#3  0xc05cce40 in trap_fatal (frame=0xd5cf9ad8, eva=88)
    at ../../../i386/i386/trap.c:831
#4  0xc05ccbab in trap_pfault (frame=0xd5cf9ad8, usermode=0, eva=88)
    at ../../../i386/i386/trap.c:742
#5  0xc05cc7e9 in trap (frame=
      {tf_fs = -1067712504, tf_es = -1048772568, tf_ds = 40, tf_edi = 0, 
tf_esi = 0, tf_ebp = -707814604, tf_isp = -707814652, tf_ebx = 
-707814256, tf_edx = -707814000, tf_ecx = 0, tf_eax = 8, tf_trapno = 12, 
tf_err = 2, tf_eip = -1068217761, tf_cs = 32, tf_eflags = 66183, tf_esp 
= -707814612, tf_ss = 8})
    at ../../../i386/i386/trap.c:432
#6  0xc05bbfda in calltrap () at ../../../i386/i386/exception.s:139
#7  0xc0544a5f in ip_ctloutput (so=0x8, sopt=0xd5cf9c90)
    at ../../../netinet/ip_output.c:1208
#8  0xc0552c03 in tcp_ctloutput (so=0xc16ca164, sopt=0xd5cf9c90)
    at ../../../netinet/tcp_usrreq.c:1036
#9  0xc04ee3cc in sosetopt (so=0xc16ca164, sopt=0xd5cf9c90)
    at ../../../kern/uipc_socket.c:1553
#10 0xc04f3629 in kern_setsockopt (td=0xc17d2d80, s=14, level=8, name=8,
    val=0xd5cf9d90, valseg=UIO_USERSPACE, valsize=0)
    at ../../../kern/uipc_syscalls.c:1331
#11 0xc04f355a in setsockopt (td=0xc17d2d80, uap=0x8)
    at ../../../kern/uipc_syscalls.c:1287
#12 0xc05cd157 in syscall (frame=
      {tf_fs = 139264059, tf_es = 59, tf_ds = -1078001605, tf_edi = 39, 
tf_esi = 139367520, tf_ebp = -1077941204, tf_isp = -707814044, tf_ebx = 
138942556, tf_edx = 14, tf_ecx = 139367616, tf_eax = 105, tf_trapno = 
22, tf_err = 2, tf_eip = 677011411, tf_cs = 51, tf_eflags = 518, tf_esp 
= -1077941248, tf_ss = 59})
    at ../../../i386/i386/trap.c:976
#13 0xc05bc02f in Xint0x80_syscall () at ../../../i386/i386/exception.s:200
#14 0x00000033 in ?? ()

I tried to investigate a little and I found that :
*#7  0xc0544a5f in ip_ctloutput (so=0x8, sopt=0xd5cf9c90)
    at ../../../netinet/ip_output.c:1208
1208                                    inp->inp_ip_tos = optval;
*and
(kgdb) p inp
$12 = (struct inpcb *) 0x0

ok ... p null pointer :-/
inp is : struct  inpcb *inp = sotoinpcb(so);
and so is : (kgdb) p so $13 = (struct socket *) 0x8
hum strange, a pointer with value as 8 ...
and so was passed as parameter : #7  0xc0544a5f in ip_ctloutput 
(so=0x8.... , let see where it was called :

#8  0xc0552c03 in tcp_ctloutput (so=0xc16ca164, sopt=0xd5cf9c90)
    at ../../../netinet/tcp_usrreq.c:1036
1036                    error = ip_ctloutput(so, sopt);
and between the call of tcp_ctloutput and ip_ctloutput so wasn't 
changed, so it's value should be 0xc16ca164
(kgdb) p so
$14 = (struct socket *) 0xc16ca164

So why the value passed by the caller is different with the value in the 
called function ?

If you could help me to find why my gateway crash allmost each time the 
adsl connection drop it'll be nice :)

Thanks,

-- 
Thomas SOETE
Etudiant Ingénieur Télécom - Enic Télécom Lille 1
Etudiant Master Recherche, Conception de Systèmes Embarqués - LIFL

WWW : http://toms.netcv.org/
Mail & MSN : thomas at soete.info
GTalk : toms2809 at gmail.com

More information about the freebsd-hackers mailing list