crash in networking code (with bt and debug kernel)
Mike Tancsa
mike at sentex.net
Fri Jun 6 19:37:37 PDT 2003
While I was tying down a supernet to the discard interface, the box crashed
on me. Its a STABLE box from June 4th. I was in zebra at the time and
thought I would route a /24 to ds0 instead of to the IP on ds0 (which I had
done for a number of other aggregate routes). The only other "strange"
thing about the box is that ds0 is loaded via kld. I will see if I can
reproduce it on a non production box.
---Mike
IdlePTD at phsyical address 0x0032e000
initial pcb at physical address 0x002a3d80
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x4
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc019a569
stack pointer = 0x10:0xdf0b1d28
frame pointer = 0x10:0xdf0b1d34
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 2528 (zebra)
interrupt mask =
trap number = 12
panic: page fault
(kgdb) where
#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1 0xc0150bec in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:316
#2 0xc0151020 in poweroff_wait (junk=0xc02794ec, howto=-1071149073) at
/usr/src/sys/kern/kern_shutdown.c:595
#3 0xc0242283 in trap_fatal (frame=0xdf0b1ce8, eva=4) at
/usr/src/sys/i386/i386/trap.c:974
#4 0xc0241f3d in trap_pfault (frame=0xdf0b1ce8, usermode=0, eva=4) at
/usr/src/sys/i386/i386/trap.c:867
#5 0xc0241b13 in trap (frame={tf_fs = -1041694704, tf_es = -1040056304,
tf_ds = -1071120368, tf_edi = -1010457600,
tf_esi = -1039998416, tf_ebp = -552919756, tf_isp = -552919788,
tf_ebx = 0, tf_edx = -1010457600, tf_ecx = 1, tf_eax = 0,
tf_trapno = 12, tf_err = 0, tf_eip = -1072061079, tf_cs = 8,
tf_eflags = 66118, tf_esp = -552919644, tf_ss = -1040745984})
at /usr/src/sys/i386/i386/trap.c:466
#6 0xc019a569 in arp_rtrequest (req=1, rt=0xc3c5a400, info=0xdf0b1da4) at
/usr/src/sys/netinet/if_ether.c:186
#7 0xc01980be in rtrequest1 (req=1, info=0xdf0b1da4, ret_nrt=0xdf0b1da0)
at /usr/src/sys/net/route.c:750
#8 0xc0198b21 in route_output (m=0xc11ae200, so=0xdd8e5080) at
/usr/src/sys/net/rtsock.c:341
#9 0xc01974ee in raw_usend (so=0xdd8e5080, flags=0, m=0xc11ae200, nam=0x0,
control=0x0, p=0xdf0bfc60)
at /usr/src/sys/net/raw_usrreq.c:258
#10 0xc01988b0 in rts_send (so=0xdd8e5080, flags=0, m=0xc11ae200, nam=0x0,
control=0x0, p=0xdf0bfc60)
at /usr/src/sys/net/rtsock.c:236
#11 0xc017042f in sosend (so=0xdd8e5080, addr=0x0, uio=0xdf0b1ee0,
top=0xc11ae200, control=0x0, flags=0, p=0xdf0bfc60)
at /usr/src/sys/kern/uipc_socket.c:609
#12 0xc0163876 in soo_write (fp=0xc1fe1a40, uio=0xdf0b1ee0,
cred=0xc1fb3d80, flags=0, p=0xdf0bfc60)
at /usr/src/sys/kern/sys_socket.c:81
#13 0xc0160342 in dofilewrite (p=0xdf0bfc60, fp=0xc1fe1a40, fd=5,
buf=0xbfbff298, nbyte=128, offset=-1, flags=0)
at /usr/src/sys/sys/file.h:163
#14 0xc01601f3 in write (p=0xdf0bfc60, uap=0xdf0b1f80) at
/usr/src/sys/kern/sys_generic.c:329
#15 0xc02424e9 in syscall2 (frame={tf_fs = 47, tf_es = -1078001617, tf_ds =
-1078001617, tf_edi = 128, tf_esi = 134902316,
tf_ebp = -1077938912, tf_isp = -552919084, tf_ebx = 16, tf_edx =
-1077939560, tf_ecx = 0, tf_eax = 4, tf_trapno = 7,
tf_err = 2, tf_eip = 673833116, tf_cs = 31, tf_eflags = 663, tf_esp
= -1077939612, tf_ss = 47})
at /usr/src/sys/i386/i386/trap.c:1175
#16 0xc0236595 in Xint0x80_syscall ()
#17 0x8069138 in ?? ()
#18 0x8069187 in ?? ()
#19 0x804fea2 in ?? ()
#20 0x80500bf in ?? ()
#21 0x80507bb in ?? ()
#22 0x8050b16 in ?? ()
#23 0x80543b7 in ?? ()
#24 0x805440a in ?? ()
#25 0x805d913 in ?? ()
#26 0x8058324 in ?? ()
#27 0x8059539 in ?? ()
#28 0x8059989 in ?? ()
#29 0x8061456 in ?? ()
#30 0x804c929 in ?? ()
#31 0x8049c3e in ?? ()
(kgdb) list
482 dumpsys(void)
483 {
484 int error;
485
486 savectx(&dumppcb);
487 if (dumping++) {
488 printf("Dump already in progress, bailing...\n");
489 return;
490 }
491 if (!dodump)
(kgdb) up 1
#1 0xc0150bec in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:316
316 dumpsys();
(kgdb) list
311 * been completed.
312 */
313 EVENTHANDLER_INVOKE(shutdown_post_sync, howto);
314 splhigh();
315 if ((howto & (RB_HALT|RB_DUMP)) == RB_DUMP && !cold)
316 dumpsys();
317
318 /* Now that we're going to really halt the system... */
319 EVENTHANDLER_INVOKE(shutdown_final, howto);
320
(kgdb) up
#2 0xc0151020 in poweroff_wait (junk=0xc02794ec, howto=-1071149073) at
/usr/src/sys/kern/kern_shutdown.c:595
595 boot(bootopt);
(kgdb) list
590
591 #if defined(DDB)
592 if (debugger_on_panic)
593 Debugger ("panic");
594 #endif
595 boot(bootopt);
596 }
597
598 /*
599 * Support for poweroff delay.
(kgdb) up 1
#3 0xc0242283 in trap_fatal (frame=0xdf0b1ce8, eva=4) at
/usr/src/sys/i386/i386/trap.c:974
974 panic("%s", trap_msg[type]);
(kgdb) list
969 if ((debugger_on_panic || db_active) && kdb_trap(type, 0,
frame))
970 return;
971 #endif
972 printf("trap number = %d\n", type);
973 if (type <= MAX_TRAP_MSG)
974 panic("%s", trap_msg[type]);
975 else
976 panic("unknown/reserved trap");
977 }
978
(kgdb) up 1
#4 0xc0241f3d in trap_pfault (frame=0xdf0b1ce8, usermode=0, eva=4) at
/usr/src/sys/i386/i386/trap.c:867
867 trap_fatal(frame, eva);
(kgdb) list
862 if (!usermode) {
863 if (intr_nesting_level == 0 && curpcb &&
curpcb->pcb_onfault) {
864 frame->tf_eip = (int)curpcb->pcb_onfault;
865 return (0);
866 }
867 trap_fatal(frame, eva);
868 return (-1);
869 }
870
871 /* kludge to pass faulting virtual address to sendsig */
(kgdb) up 1
#5 0xc0241b13 in trap (frame={tf_fs = -1041694704, tf_es = -1040056304,
tf_ds = -1071120368, tf_edi = -1010457600,
tf_esi = -1039998416, tf_ebp = -552919756, tf_isp = -552919788,
tf_ebx = 0, tf_edx = -1010457600, tf_ecx = 1, tf_eax = 0,
tf_trapno = 12, tf_err = 0, tf_eip = -1072061079, tf_cs = 8,
tf_eflags = 66118, tf_esp = -552919644, tf_ss = -1040745984})
at /usr/src/sys/i386/i386/trap.c:466
466 (void) trap_pfault(&frame, FALSE, eva);
(kgdb) list
461 kernel_trap:
462 /* kernel trap */
463
464 switch (type) {
465 case T_PAGEFLT: /* page fault */
466 (void) trap_pfault(&frame, FALSE, eva);
467 return;
468
469 case T_DNA:
470 #if NNPX > 0
(kgdb) up 1
#6 0xc019a569 in arp_rtrequest (req=1, rt=0xc3c5a400, info=0xdf0b1da4) at
/usr/src/sys/netinet/if_ether.c:186
186 if ((rt->rt_flags & RTF_HOST) == 0 &&
(kgdb) list
181 /*
182 * XXX: If this is a manually added route to interface
183 * such as older version of routed or gated might
provide,
184 * restore cloning bit.
185 */
186 if ((rt->rt_flags & RTF_HOST) == 0 &&
187 SIN(rt_mask(rt))->sin_addr.s_addr != 0xffffffff)
188 rt->rt_flags |= RTF_CLONING;
189 if (rt->rt_flags & RTF_CLONING) {
190 /*
(kgdb)
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
More information about the freebsd-stable
mailing list