i386/84860: certain FAST_IPSEC setup can cause panic
Mike Tancsa
mike at sentex.net
Sat Aug 13 05:00:35 GMT 2005
>Number: 84860
>Category: i386
>Synopsis: certain FAST_IPSEC setup can cause panic
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-i386
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Aug 13 05:00:33 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Mike Tancsa
>Release: FreeBSD 5.4-STABLE #3: Fri Aug 12 11:07:19 EDT 2005
>Organization:
Sentex Communications
>Environment:
System: FreeBSD shell1.sentex.ca FreeBSD 5.4-STABLE #3: Fri Aug 12 11:07:19 EDT 2005
>Description:
While testing out the padlock.ko on one side of a fast_ipsec setup, I discovered that
a certain bad config would immediately panic a RELENG_5 or RELENG_6 box depending on
where I added a invalid key (too big)
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0xc1e82000
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc05eddce
stack pointer = 0x10:0xde8e490c
frame pointer = 0x10:0xde8e4928
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 554 (ping)
trap number = 12
panic: page fault
Uptime: 4m10s
Dumping 510 MB
(backtrace below)
>How-To-Repeat:
I did it by accident. On the RELENG_5 side, I made the key one char larger than it should be. ie. add an A on the
end of the key ... Blamo as soon as I send a ping across from it or to it.
6.0 side
setkey -c <<EOF
add 172.16.1.4 172.16.1.3 esp 1044 -m any -E rijndael-cbc "1234567890123456" ;
add 172.16.1.3 172.16.1.4 esp 1044 -m any -E rijndael-cbc "1234567890123456" ;
spdadd 192.168.42.0/23 10.99.98.0/23 any -P out ipsec esp/tunnel/172.16.1.4-172.16.1.3/require ;
spdadd 10.99.98.0/23 192.168.42.0/23 any -P in ipsec esp/tunnel/172.16.1.3-172.16.1.4/require ;
EOF
RELENG_5 side
setkey -c <<EOF
add 172.16.1.3 172.16.1.4 esp 1044 -m any -E rijndael-cbc "1234567890123456A" ;
add 172.16.1.4 172.16.1.3 esp 1044 -m any -E rijndael-cbc "1234567890123456A" ;
spdadd 10.99.98.0/23 192.168.42.0/23 any -P out ipsec esp/tunnel/172.16.1.3-172.16.1.4/require ;
spdadd 192.168.42.0/23 10.99.98.0/23 any -P in ipsec esp/tunnel/172.16.1.4-172.16.1.3/require ;
EOF
>Fix:
Well, dont use a key that is too big :) However, its easy to make a typo like this. Perhaps
setkey should stop the user from doing it, or at least the kernel should handle it a little
better perhaps ? Not sure. Its not critical to me, but I thought perhaps best to report it in case
it exposes some other more serious buglet
# kgdb kernel.debug /var/crash/vmcore.92
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
#0 doadump () at pcpu.h:160
160 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt
#0 doadump () at pcpu.h:160
#1 0xc0505056 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:410
#2 0xc05052ec in panic (fmt=0xc06acb48 "%s") at /usr/src/sys/kern/kern_shutdown.c:566
#3 0xc0669ff8 in trap_fatal (frame=0xde8e48cc, eva=3253215232) at /usr/src/sys/i386/i386/trap.c:817
#4 0xc0669d63 in trap_pfault (frame=0xde8e48cc, usermode=0, eva=3253215232) at /usr/src/sys/i386/i386/trap.c:735
#5 0xc06699c5 in trap (frame=
{tf_fs = 24, tf_es = 16, tf_ds = -1056767984, tf_edi = 453292013, tf_esi = 1767783039, tf_ebp = -561100504, tf_isp = -561100552, tf_ebx = -295259752, tf_edx = -757961281, tf_ecx = -1766786356, tf_eax = -1041752088, tf_trapno = 12, tf_err = 0, tf_eip = -1067524658, tf_cs = 8, tf_eflags = 66182, tf_esp = -130111, tf_ss = -911978407}) at /usr/src/sys/i386/i386/trap.c:425
#6 0xc065ceaa in calltrap () at /usr/src/sys/i386/i386/exception.s:140
#7 0x00000018 in ?? ()
#8 0x00000010 in ?? ()
#9 0xc1030010 in ?? ()
#10 0x1b04afed in ?? ()
#11 0x695e3a7f in ?? ()
#12 0xde8e4928 in ?? ()
#13 0xde8e48f8 in ?? ()
#14 0xee66b198 in ?? ()
#15 0xd2d26dbf in ?? ()
#16 0x96b0facc in ?? ()
#17 0xc1e81fe8 in ?? ()
#18 0x0000000c in ?? ()
#19 0x00000000 in ?? ()
#20 0xc05eddce in rijndaelEncrypt (rk=0xc1e81fe8, Nr=0, pt=0x0, ct=0xc1c04418 "½\237.+ª\021Ñ^\215\235£\177\ncb\001À¨+¹\b")
at /usr/src/sys/opencrypto/rijndael.c:960
#21 0xc05ee58c in rijndael_encrypt (ctx=0x0, src=0xc1c04418 "½\237.+ª\021Ñ^\215\235£\177\ncb\001À¨+¹\b",
dst=0xc1c04418 "½\237.+ª\021Ñ^\215\235£\177\ncb\001À¨+¹\b") at /usr/src/sys/opencrypto/rijndael.c:1242
#22 0xc05ef9c4 in rijndael128_encrypt (key=0xc1a89800 "", blk=0x0) at /usr/src/sys/opencrypto/xform.c:500
#23 0xc05ead62 in swcr_encdec (crd=0xc1e81000, sw=0xc1c87760, buf=0xc1c04800 "", outtype=2)
at /usr/src/sys/opencrypto/cryptosoft.c:290
#24 0xc05ebb61 in swcr_process (arg=0x0, crp=0xc1e7e000, hint=0) at /usr/src/sys/opencrypto/cryptosoft.c:958
#25 0xc05e922a in crypto_invoke (crp=0xc1e7e000, hint=0) at /usr/src/sys/opencrypto/crypto.c:891
#26 0xc05e8d49 in crypto_dispatch (crp=0xc1e7e000) at /usr/src/sys/opencrypto/crypto.c:679
#27 0xc05b431e in esp_output (m=0xc1c04800, isr=0xc1e5f200, mp=0x0, skip=20, protoff=9) at /usr/src/sys/netipsec/xform_esp.c:848
#28 0xc05a7ffe in ipsec4_process_packet (m=0xc1c04800, isr=0xc1e5f200, flags=32, tunalready=0)
at /usr/src/sys/netipsec/ipsec_output.c:472
#29 0xc05938ef in ip_output (m=0xc1c04800, opt=0x0, ro=0xde8e4b38, flags=32, imo=0x0, inp=0xc1e7c000)
at /usr/src/sys/netinet/ip_output.c:610
#30 0xc0595d03 in rip_output (m=0xc1c04800, so=0x0, dst=0) at /usr/src/sys/netinet/raw_ip.c:320
#31 0xc0596b97 in rip_send (so=0xc1cc3510, flags=0, m=0xc1c04800, nam=0xc1a744c0, control=0x0, td=0xc1dfa480)
at /usr/src/sys/netinet/raw_ip.c:785
#32 0xc053acf3 in sosend (so=0xc1cc3510, addr=0xc1a744c0, uio=0xde8e4c44, top=0xc1c04800, control=0x0, flags=0, td=0xc1dfa480)
at /usr/src/sys/kern/uipc_socket.c:835
#33 0xc0540410 in kern_sendit (td=0xc1dfa480, s=3, mp=0xde8e4cbc, flags=0, control=0x0) at /usr/src/sys/kern/uipc_syscalls.c:750
#34 0xc05402cd in sendit (td=0xc1dfa480, s=3, mp=0xde8e4cbc, flags=0) at /usr/src/sys/kern/uipc_syscalls.c:691
#35 0xc054058d in sendto (td=0xc1dfa480, uap=0x0) at /usr/src/sys/kern/uipc_syscalls.c:807
---Type <return> to continue, or q <return> to quit---
#36 0xc066a303 in syscall (frame=
{tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 134540116, tf_esi = 134540180, tf_ebp = -1078007800, tf_isp = -561099420, tf_ebx = 64, tf_edx = 134540116, tf_ecx = 134540180, tf_eax = 133, tf_trapno = 12, tf_err = 2, tf_eip = 672039375, tf_cs = 31, tf_eflags = 658, tf_esp = -1078007892, tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1009
#37 0xc065ceff in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:201
#38 0x0000002f in ?? ()
#39 0x0000002f in ?? ()
#40 0x0000002f in ?? ()
#41 0x0804eb54 in ?? ()
#42 0x0804eb94 in ?? ()
#43 0xbfbee808 in ?? ()
#44 0xde8e4d64 in ?? ()
#45 0x00000040 in ?? ()
#46 0x0804eb54 in ?? ()
#47 0x0804eb94 in ?? ()
#48 0x00000085 in ?? ()
#49 0x0000000c in ?? ()
#50 0x00000002 in ?? ()
#51 0x280e81cf in ?? ()
#52 0x0000001f in ?? ()
#53 0x00000292 in ?? ()
#54 0xbfbee7ac in ?? ()
#55 0x0000002f in ?? ()
#56 0x00000000 in ?? ()
#57 0x00000000 in ?? ()
#58 0x00000000 in ?? ()
#59 0x00000000 in ?? ()
#60 0x16d63000 in ?? ()
#61 0xc1df954c in ?? ()
#62 0xc1dfa480 in ?? ()
#63 0xde8e4860 in ?? ()
#64 0xde8e4848 in ?? ()
#65 0xc19b4000 in ?? ()
#66 0xc0514c8b in sched_switch (td=0x804eb94, newtd=0x40, flags=Cannot access memory at address 0xbfbee818
) at /usr/src/sys/kern/sched_4bsd.c:881
Previous frame inner to this frame (corrupt stack?)
(kgdb) bt full
#0 doadump () at pcpu.h:160
No locals.
#1 0xc0505056 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:410
first_buf_printf = 1
#2 0xc05052ec in panic (fmt=0xc06acb48 "%s") at /usr/src/sys/kern/kern_shutdown.c:566
td = (struct thread *) 0xc1dfa480
bootopt = 260
newpanic = 0
ap = 0xc1dfa480 "L\225ßÁ°ü¢Á"
buf = "page fault", '\0' <repeats 245 times>
#3 0xc0669ff8 in trap_fatal (frame=0xde8e48cc, eva=3253215232) at /usr/src/sys/i386/i386/trap.c:817
code = 16
type = 12
ss = 16
esp = 0
softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_xx = 5, ssd_xx1 = 1,
ssd_def32 = 1, ssd_gran = 1}
#4 0xc0669d63 in trap_pfault (frame=0xde8e48cc, usermode=0, eva=3253215232) at /usr/src/sys/i386/i386/trap.c:735
va = 3253215232
vm = (struct vmspace *) 0x0
map = 0xc103b000
rv = 1
ftype = 1 '\001'
td = (struct thread *) 0xc1dfa480
p = (struct proc *) 0xc1df954c
#5 0xc06699c5 in trap (frame=
{tf_fs = 24, tf_es = 16, tf_ds = -1056767984, tf_edi = 453292013, tf_esi = 1767783039, tf_ebp = -561100504, tf_isp = -561100552, tf_ebx = -295259752, tf_edx = -757961281, tf_ecx = -1766786356, tf_eax = -1041752088, tf_trapno = 12, tf_err = 0, tf_eip = -1067524658, tf_cs = 8, tf_eflags = 66182, tf_esp = -130111, tf_ss = -911978407}) at /usr/src/sys/i386/i386/trap.c:425
td = (struct thread *) 0xc1dfa480
p = (struct proc *) 0xc1df954c
sticks = 3733866696
i = 0
ucode = 0
type = 12
code = 0
eva = 3253215232
#6 0xc065ceaa in calltrap () at /usr/src/sys/i386/i386/exception.s:140
No locals.
#7 0x00000018 in ?? ()
No symbol table info available.
#8 0x00000010 in ?? ()
No symbol table info available.
#9 0xc1030010 in ?? ()
No symbol table info available.
#10 0x1b04afed in ?? ()
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#11 0x695e3a7f in ?? ()
No symbol table info available.
#12 0xde8e4928 in ?? ()
No symbol table info available.
#13 0xde8e48f8 in ?? ()
No symbol table info available.
#14 0xee66b198 in ?? ()
No symbol table info available.
#15 0xd2d26dbf in ?? ()
No symbol table info available.
#16 0x96b0facc in ?? ()
No symbol table info available.
#17 0xc1e81fe8 in ?? ()
No symbol table info available.
#18 0x0000000c in ?? ()
No symbol table info available.
#19 0x00000000 in ?? ()
No symbol table info available.
#20 0xc05eddce in rijndaelEncrypt (rk=0xc1e81fe8, Nr=0, pt=0x0, ct=0xc1c04418 "½\237.+ª\021Ñ^\215\235£\177\ncb\001À¨+¹\b")
at /usr/src/sys/opencrypto/rijndael.c:960
s0 = 453292013
s1 = 1767783039
s2 = 3999707544
s3 = 0
t0 = 773300716
t1 = 3300749220
t2 = 3382988889
t3 = 0
r = -130111
#21 0xc05ee58c in rijndael_encrypt (ctx=0x0, src=0xc1c04418 "½\237.+ª\021Ñ^\215\235£\177\ncb\001À¨+¹\b",
dst=0xc1c04418 "½\237.+ª\021Ñ^\215\235£\177\ncb\001À¨+¹\b") at /usr/src/sys/opencrypto/rijndael.c:1242
No locals.
#22 0xc05ef9c4 in rijndael128_encrypt (key=0xc1a89800 "", blk=0x0) at /usr/src/sys/opencrypto/xform.c:500
No locals.
#23 0xc05ead62 in swcr_encdec (crd=0xc1e81000, sw=0xc1c87760, buf=0xc1c04800 "", outtype=2)
at /usr/src/sys/opencrypto/cryptosoft.c:290
m = (struct mbuf *) 0xc1c04400
iv = "ø\237.\177«KÑ^Í\234\203õ\000\000\000"
blk = "8\000\000\000\001\001\000\000\000\020èÁØ\036èÁ"
idat = (unsigned char *) 0xc1c04418 "½\237.+ª\021Ñ^\215\235£\177\ncb\001À¨+¹\b"
ivp = (unsigned char *) 0xde8e49b0 "ø\237.\177«KÑ^Í\234\203õ"
piv = "8\000\000\000ÀI\216ÞªRcÀp\036èÁ"
exf = (struct enc_xform *) 0xc06f7600
i = 96
k = 0
---Type <return> to continue, or q <return> to quit---
j = 0
blks = 16
#24 0xc05ebb61 in swcr_process (arg=0x0, crp=0xc1e7e000, hint=0) at /usr/src/sys/opencrypto/cryptosoft.c:958
crd = (struct cryptodesc *) 0xc1e81000
sw = (struct swcr_data *) 0xc1c87760
lid = 1
type = 2
#25 0xc05e922a in crypto_invoke (crp=0xc1e7e000, hint=0) at /usr/src/sys/opencrypto/crypto.c:891
hid = 0
process = (int (*)(void *, struct cryptop *, int)) 0
#26 0xc05e8d49 in crypto_dispatch (crp=0xc1e7e000) at /usr/src/sys/opencrypto/crypto.c:679
hid = 0
result = -1041768448
#27 0xc05b431e in esp_output (m=0xc1c04800, isr=0xc1e5f200, mp=0x0, skip=20, protoff=9) at /usr/src/sys/netipsec/xform_esp.c:848
espx = (struct enc_xform *) 0xc1e011e4
esph = (struct auth_hash *) 0x0
hlen = 24
rlen = 0
padding = -1041768448
blks = 44
alen = 0
i = 0
roff = 20
mo = (struct mbuf *) 0x2c
tc = (struct tdb_crypto *) 0x0
sav = (struct secasvar *) 0xc1e02300
saidx = (struct secasindex *) 0xc1e5f508
pad = (unsigned char *) 0x2c <Address 0x2c out of bounds>
prot = 50 '2'
error = 44
crde = (struct cryptodesc *) 0x0
crda = (struct cryptodesc *) 0x0
crp = (struct cryptop *) 0xc1e7e000
__func__ = "esp_output"
#28 0xc05a7ffe in ipsec4_process_packet (m=0xc1c04800, isr=0xc1e5f200, flags=32, tunalready=0)
at /usr/src/sys/netipsec/ipsec_output.c:472
saidx = {src = {sa = {sa_len = 16 '\020', sa_family = 2 '\002',
sa_data = "\000\000Î3\031\003\000\000\000\000\000\000\000"}, sin = {sin_len = 16 '\020', sin_family = 2 '\002',
sin_port = 0, sin_addr = {s_addr = 51983310}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_len = 16 '\020',
sin6_family = 2 '\002', sin6_port = 0, sin6_flowinfo = 51983310, sin6_addr = {__u6_addr = {
__u6_addr8 = '\0' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}},
sin6_scope_id = 0}}, dst = {sa = {sa_len = 16 '\020', sa_family = 2 '\002',
sa_data = "\000\000Î3\031\004\000\000\000\000\000\000\000"}, sin = {sin_len = 16 '\020', sin_family = 2 '\002',
sin_port = 0, sin_addr = {s_addr = 68760526}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_len = 16 '\020',
sin6_family = 2 '\002', sin6_port = 0, sin6_flowinfo = 68760526, sin6_addr = {__u6_addr = {
__u6_addr8 = '\0' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}},
---Type <return> to continue, or q <return> to quit---
sin6_scope_id = 0}}, proto = 50, mode = 2 '\002', reqid = 0}
sav = (struct secasvar *) 0xc1e02300
ip = (struct ip *) 0xc1c04898
error = 0
i = 0
__func__ = "ipsec4_process_packet"
#29 0xc05938ef in ip_output (m=0xc1c04800, opt=0x0, ro=0xde8e4b38, flags=32, imo=0x0, inp=0xc1e7c000)
at /usr/src/sys/netinet/ip_output.c:610
ip = (struct ip *) 0xc1c048ac
ifp = (struct ifnet *) 0xc1a1d800
m0 = (struct mbuf *) 0x0
hlen = 20
len = -561099976
error = 0
dst = (struct sockaddr_in *) 0xc1c877f0
ia = (struct in_ifaddr *) 0xc1c8a300
isbroadcast = 0
sw_csum = 0
iproute = {ro_rt = 0xc1cc7ce4, ro_dst = {sa_len = 16 '\020', sa_family = 2 '\002',
sa_data = "\000\000À¨+¹\000\000\000\000\000\000\000"}}
odst = {s_addr = 0}
fwd_tag = (struct m_tag *) 0x0
sp = (struct secpolicy *) 0xc1e02e00
tdbi = (struct tdb_ident *) 0x0
mtag = (struct m_tag *) 0x0
#30 0xc0595d03 in rip_output (m=0xc1c04800, so=0x0, dst=0) at /usr/src/sys/netinet/raw_ip.c:320
ip = (struct ip *) 0xc1c048ac
error = -1044363092
inp = (struct inpcb *) 0xc1e7c000
flags = 32
#31 0xc0596b97 in rip_send (so=0xc1cc3510, flags=0, m=0xc1c04800, nam=0xc1a744c0, control=0x0, td=0xc1dfa480)
at /usr/src/sys/netinet/raw_ip.c:785
inp = (struct inpcb *) 0x0
dst = 0
ret = -1043581680
#32 0xc053acf3 in sosend (so=0xc1cc3510, addr=0xc1a744c0, uio=0xde8e4c44, top=0xc1c04800, control=0x0, flags=0, td=0xc1dfa480)
at /usr/src/sys/kern/uipc_socket.c:835
mp = (struct mbuf **) 0xc1c04800
m = (struct mbuf *) 0xc1c04800
space = 65599
len = 64
resid = 0
clen = 64
error = 0
dontroute = 0
atomic = 1
---Type <return> to continue, or q <return> to quit---
#33 0xc0540410 in kern_sendit (td=0xc1dfa480, s=3, mp=0xde8e4cbc, flags=0, control=0x0) at /usr/src/sys/kern/uipc_syscalls.c:750
fp = (struct file *) 0xc1c60594
auio = {uio_iov = 0xde8e4cb4, uio_iovcnt = 1, uio_offset = 64, uio_resid = 0, uio_segflg = UIO_USERSPACE,
uio_rw = UIO_WRITE, uio_td = 0xc1dfa480}
iov = (struct iovec *) 0x0
so = (struct socket *) 0xc1cc3510
i = 0
len = 64
error = 0
ktruio = (struct uio *) 0x0
#34 0xc05402cd in sendit (td=0xc1dfa480, s=3, mp=0xde8e4cbc, flags=0) at /usr/src/sys/kern/uipc_syscalls.c:691
control = (struct mbuf *) 0x0
to = (struct sockaddr *) 0xc1a744c0
error = 0
#35 0xc054058d in sendto (td=0xc1dfa480, uap=0x0) at /usr/src/sys/kern/uipc_syscalls.c:807
msg = {msg_name = 0xc1a744c0, msg_namelen = 16, msg_iov = 0xde8e4cb4, msg_iovlen = 1, msg_control = 0x0,
msg_controllen = 3733867772, msg_flags = 0}
aiov = {iov_base = 0x804eb94, iov_len = 0}
error = 0
#36 0xc066a303 in syscall (frame=
{tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 134540116, tf_esi = 134540180, tf_ebp = -1078007800, tf_isp = -561099420, tf_ebx = 64, tf_edx = 134540116, tf_ecx = 134540180, tf_eax = 133, tf_trapno = 12, tf_err = 2, tf_eip = 672039375, tf_cs = 31, tf_eflags = 658, tf_esp = -1078007892, tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1009
params = 0xbfbee7b0 <Address 0xbfbee7b0 out of bounds>
callp = (struct sysent *) 0xc06e3ee8
td = (struct thread *) 0xc1dfa480
p = (struct proc *) 0xc1df954c
orig_tf_eflags = 658
sticks = 1
error = 0
narg = 6
args = {3, 134540116, 64, 0, 134605808, 16, 1, -1042311860}
code = 133
#37 0xc065ceff in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:201
No locals.
#38 0x0000002f in ?? ()
No symbol table info available.
#39 0x0000002f in ?? ()
No symbol table info available.
#40 0x0000002f in ?? ()
No symbol table info available.
#41 0x0804eb54 in ?? ()
No symbol table info available.
#42 0x0804eb94 in ?? ()
No symbol table info available.
#43 0xbfbee808 in ?? ()
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#44 0xde8e4d64 in ?? ()
No symbol table info available.
#45 0x00000040 in ?? ()
No symbol table info available.
#46 0x0804eb54 in ?? ()
No symbol table info available.
#47 0x0804eb94 in ?? ()
No symbol table info available.
#48 0x00000085 in ?? ()
No symbol table info available.
#49 0x0000000c in ?? ()
No symbol table info available.
#50 0x00000002 in ?? ()
No symbol table info available.
#51 0x280e81cf in ?? ()
No symbol table info available.
#52 0x0000001f in ?? ()
No symbol table info available.
#53 0x00000292 in ?? ()
No symbol table info available.
#54 0xbfbee7ac in ?? ()
No symbol table info available.
#55 0x0000002f in ?? ()
No symbol table info available.
#56 0x00000000 in ?? ()
No symbol table info available.
#57 0x00000000 in ?? ()
No symbol table info available.
#58 0x00000000 in ?? ()
No symbol table info available.
#59 0x00000000 in ?? ()
No symbol table info available.
#60 0x16d63000 in ?? ()
No symbol table info available.
#61 0xc1df954c in ?? ()
No symbol table info available.
#62 0xc1dfa480 in ?? ()
No symbol table info available.
#63 0xde8e4860 in ?? ()
No symbol table info available.
#64 0xde8e4848 in ?? ()
No symbol table info available.
#65 0xc19b4000 in ?? ()
No symbol table info available.
#66 0xc0514c8b in sched_switch (td=0x804eb94, newtd=0x40, flags=Cannot access memory at address 0xbfbee818
) at /usr/src/sys/kern/sched_4bsd.c:881
---Type <return> to continue, or q <return> to quit---
kg = (struct ksegrp *) 0x0
p = (struct proc *) 0x804eb54
(kgdb)
# cat /var/run/dmesg.boot
Copyright (c) 1992-2005 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 5.4-STABLE #5: Sat Aug 13 00:29:58 EDT 2005
mdtancsa at adi.sentex.ca:/usr/obj/usr/src/sys/gas
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Pentium(R) 4 CPU 2.40GHz (2400.41-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0xf33 Stepping = 3
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
real memory = 535756800 (510 MB)
avail memory = 514609152 (490 MB)
npx0: <math processor> on motherboard
npx0: INT 16 interface
acpi0: <AOpen AWRDACPI> on motherboard
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0
cpu0: <ACPI CPU> on acpi0
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
agp0: <Intel 82865G (865G GMCH) SVGA controller> port 0xd000-0xd007 mem 0xfa000000-0xfa07ffff,0xf0000000-0xf7ffffff irq 15 at device 2.0 on pci0
agp0: detected 892k stolen memory
agp0: aperture size is 128M
uhci0: <Intel 82801EB (ICH5) USB controller USB-A> port 0xc000-0xc01f irq 15 at device 29.0 on pci0
usb0: <Intel 82801EB (ICH5) USB controller USB-A> on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1: <Intel 82801EB (ICH5) USB controller USB-B> port 0xc400-0xc41f irq 7 at device 29.1 on pci0
usb1: <Intel 82801EB (ICH5) USB controller USB-B> on uhci1
usb1: USB revision 1.0
uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2: <Intel 82801EB (ICH5) USB controller USB-C> port 0xc800-0xc81f irq 12 at device 29.2 on pci0
usb2: <Intel 82801EB (ICH5) USB controller USB-C> on uhci2
usb2: USB revision 1.0
uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3: <Intel 82801EB (ICH5) USB controller USB-D> port 0xcc00-0xcc1f irq 15 at device 29.3 on pci0
usb3: <Intel 82801EB (ICH5) USB controller USB-D> on uhci3
usb3: USB revision 1.0
uhub3: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
pci0: <serial bus, USB> at device 29.7 (no driver attached)
pcib1: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci1: <ACPI PCI bus> on pcib1
rl0: <RealTek 8139 10/100BaseTX> port 0xb000-0xb0ff mem 0xf9000000-0xf90000ff irq 15 at device 4.0 on pci1
miibus0: <MII bus> on rl0
rlphy0: <RealTek internal media interface> on miibus0
rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl0: Ethernet address: 00:50:fc:99:28:1a
rl1: <RealTek 8139 10/100BaseTX> port 0xb400-0xb4ff mem 0xf9001000-0xf90010ff irq 10 at device 5.0 on pci1
miibus1: <MII bus> on rl1
rlphy1: <RealTek internal media interface> on miibus1
rlphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl1: Ethernet address: 00:50:fc:97:77:be
fxp0: <Intel 82801BA (D865) Pro/100 VE Ethernet> port 0xb800-0xb83f mem 0xf9002000-0xf9002fff irq 11 at device 8.0 on pci1
miibus2: <MII bus> on fxp0
inphy0: <i82562ET 10/100 media interface> on miibus2
inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp0: Ethernet address: 00:01:80:54:b6:e9
puc0: <SmartLink 5634PCV SurfRider> port 0xbc00-0xbc07 irq 12 at device 10.0 on pci1
sio4: <SmartLink 5634PCV SurfRider> on puc0
sio4: type 16550A
sio4: unable to activate interrupt in fast mode - using normal mode
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel ICH5 UDMA100 controller> port 0xf000-0xf00f,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at device 31.1 on pci0
ata0: channel #0 on atapci0
ata1: channel #1 on atapci0
ichsmb0: <Intel 82801EB (ICH5) SMBus controller> port 0x5000-0x501f irq 10 at device 31.3 on pci0
smbus0: <System Management Bus> on ichsmb0
smb0: <SMBus generic I/O> on smbus0
acpi_tz0: <Thermal Zone> on acpi0
fdc0: <floppy drive controller> port 0x3f7,0x3f0-0x3f5 irq 6 drq 2 on acpi0
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A, console
sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550A
atkbdc0: <Keyboard controller (i8042)> port 0x64,0x60 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
orm0: <ISA Option ROM> at iomem 0xc0000-0xc9fff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 2400413517 Hz quality 800
Timecounters tick every 10.000 msec
Fast IPsec: Initialized Security Association Processing.
ipfw2 initialized, divert enabled, rule-based forwarding enabled, default to accept, logging limited to 9100 packets/entry by default
ad0: 38166MB <ST340014A/3.06> [77545/16/63] at ata0-master UDMA100
Mounting root from ufs:/dev/ad0s1a
WARNING: / was not properly dismounted
# strings gas | grep -v ^#
machine i386
cpu I686_CPU
ident rapids
makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols
options SCHED_4BSD # 4BSD scheduler
options INET # InterNETworking
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options MD_ROOT # MD is a potential root device
options NFSCLIENT # Network Filesystem Client
options NFSSERVER # Network Filesystem Server
options NFS_ROOT # NFS usable as /, requires NFSCLIENT
options MSDOSFS # MSDOS Filesystem
options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_GPT # GUID Partition Tables.
options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!]
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options SCSI_DELAY=15000 # Delay (in ms) before probing SCSI
options KTRACE # ktrace(1) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.
options ADAPTIVE_GIANT # Giant mutex is adaptive.
device isa
device pci
device fdc
device ata
device atadisk # ATA disk drives
device ataraid # ATA RAID drives
device atapicd # ATAPI CDROM drives
device atapifd # ATAPI floppy drives
device atapist # ATAPI tape drives
options ATA_STATIC_ID # Static device numbering
device scbus # SCSI bus (required for SCSI)
device ch # SCSI media changers
device da # Direct Access (disks)
device sa # Sequential Access (tape etc)
device cd # CD
device pass # Passthrough device (direct SCSI access)
device ses # SCSI Environmental Services (and SAF-TE)
device arcmsr # Areca SATA II RAID
device twa # 3ware 9000 series PATA/SATA RAID
device twe # 3ware ATA RAID
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
device vga # VGA video card driver
device splash # Splash screen and screen saver support
device sc
device agp # support several AGP chipsets
device npx
device sio # 8250, 16[45]50 based serial ports
device puc # 8250, 16[45]50 based serial ports
device em # Intel PRO/1000 adapter Gigabit Ethernet Card
device miibus # MII bus support
device bge # Broadcom BCM570xx Gigabit Ethernet
device fxp # Intel EtherExpress PRO/100B (82557, 82558)
device re # RealTek 8139C+/8169/8169S/8110S
device rl # RealTek 8129/8139
device cs # Crystal Semiconductor CS89x0 NIC
device loop # Network loopback
device mem # Memory and kernel memory devices
device io # I/O device
device random # Entropy device
device ether # Ethernet support
device vlan # Kernel SLIP
device ppp # Kernel PPP
device tun # Packet tunnel.
device pty # Pseudo-ttys (telnet etc)
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
device faith # IPv6-to-IPv4 relaying (translation)
device bpf # Berkeley packet filter
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device usb # USB Bus (required)
device ugen # Generic
device ukbd # Keyboard
device ulpt # Printer
device umass # Disks/Mass storage - Requires scbus and da
device ums # Mouse
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
options IPFIREWALL_FORWARD #enable transparent proxy support
options IPFIREWALL_FORWARD_EXTENDED #enable transparent proxy support
options IPFIREWALL_VERBOSE_LIMIT=9100 #limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
options IPDIVERT
options INCLUDE_CONFIG_FILE
options FAST_IPSEC
device crypto
device cryptodev
device ichsmb
device smb
device smbus
device intpm
options TCP_DROP_SYNFIN
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-i386
mailing list