7.2-STABLE page fault with kernel from 12.01.2010 / crashinfo available

Florian Smeets flo at smeets.im
Thu Jan 21 13:25:27 UTC 2010 

On 1/21/10 2:01 PM, John Baldwin wrote:
> On Thursday 21 January 2010 5:10:20 am Florian Smeets wrote:
>> (kgdb) where
>> #0  doadump () at pcpu.h:196
>> #1  0xc0525703 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
>> #2  0xc052590e in panic (fmt=Variable "fmt" is not available.
>> ) at /usr/src/sys/kern/kern_shutdown.c:574
>> #3  0xc06f110c in trap_fatal (frame=0xc1f15ae4, eva=12) at
>> /usr/src/sys/i386/i386/trap.c:950
>> #4  0xc06f1390 in trap_pfault (frame=0xc1f15ae4, usermode=0, eva=12) at
>> /usr/src/sys/i386/i386/trap.c:863
>> #5  0xc06f1d65 in trap (frame=0xc1f15ae4) at
>> /usr/src/sys/i386/i386/trap.c:541
>> #6  0xc06d910b in calltrap () at /usr/src/sys/i386/i386/exception.s:166
>> #7  0xc0572e48 in m_copydata (m=0x0, off=0, len=40, cp=0xc23cced8
>> "\203??b??\237\f)h?M\220\224?\023?\205K(e??s?\"???k?oQ?~\223\020g\030")
>>       at /usr/src/sys/kern/uipc_mbuf.c:815
>> #8  0xc05f8b28 in ip_forward (m=0xc23dc900, srcrt=0) at
>> /usr/src/sys/netinet/ip_input.c:1307
>> #9  0xc05fa30c in ip_input (m=0xc23dc900) at
>> /usr/src/sys/netinet/ip_input.c:609
>> #10 0xc05c83d5 in netisr_dispatch (num=2, m=0xc23dc900) at
>> /usr/src/sys/net/netisr.c:185
>> #11 0xc05bf581 in ether_demux (ifp=0xc20a4800, m=0xc23dc900) at
>> /usr/src/sys/net/if_ethersubr.c:834
>> #12 0xc05bf973 in ether_input (ifp=0xc20a4800, m=0xc23dc900) at
>> /usr/src/sys/net/if_ethersubr.c:692
>> #13 0xc04b8749 in sis_rxeof (sc=0xc2093800) at
>> /usr/src/sys/dev/sis/if_sis.c:1476
>> #14 0xc04b8973 in sis_intr (arg=0xc2093800) at
>> /usr/src/sys/dev/sis/if_sis.c:1667
>> #15 0xc050344b in ithread_loop (arg=0xc20ab410) at
>> /usr/src/sys/kern/kern_intr.c:1126
>> #16 0xc04ffe36 in fork_exit (callout=0xc05032a0<ithread_loop>,
>> arg=0xc20ab410, frame=0xc1f15d38) at /usr/src/sys/kern/kern_fork.c:811
>> #17 0xc06d9180 in fork_trampoline () at
>> /usr/src/sys/i386/i386/exception.s:271
>> (kgdb) list *0xc0572e48
>> 0xc0572e48 is in m_copydata (libkern.h:61).
>> 56	static __inline int imax(int a, int b) { return (a>  b ? a : b); }
>> 57	static __inline int imin(int a, int b) { return (a<  b ? a : b); }
>> 58	static __inline long lmax(long a, long b) { return (a>  b ? a : b); }
>> 59	static __inline long lmin(long a, long b) { return (a<  b ? a : b); }
>> 60	static __inline u_int max(u_int a, u_int b) { return (a>  b ? a : b); }
>> 61	static __inline u_int min(u_int a, u_int b) { return (a<  b ? a : b); }
>> 62	static __inline quad_t qmax(quad_t a, quad_t b) { return (a>  b ? a :
>> b); }
>> 63	static __inline quad_t qmin(quad_t a, quad_t b) { return (a<  b ? a :
>> b); }
>> 64	static __inline u_long ulmax(u_long a, u_long b) { return (a>  b ? a
>> : b); }
>> 65	static __inline u_long ulmin(u_long a, u_long b) { return (a<  b ? a
>> : b); }
>> (kgdb) frame 7
>> #7  0xc0572e48 in m_copydata (m=0x0, off=0, len=40, cp=0xc23cced8
>> "\203??b??\237\f)h?M\220\224?\023?\205K(e??s?\"???k?oQ?~\223\020g\030")
>> at /usr/src/sys/kern/uipc_mbuf.c:815
>> 815			count = min(m->m_len - off, len);
>> (kgdb) l
>> 810			off -= m->m_len;
>> 811			m = m->m_next;
>> 812		}
>> 813		while (len>  0) {
>> 814			KASSERT(m != NULL, ("m_copydata, length>  size of mbuf chain"));
>
> I think you would have hit this assertion if INVARIANTS were enabled.  Can you
> go up to frame 8 and do an 'l'?  Maybe 'p *m' as well?
>

Sure, thanks for taking a look John!

(kgdb) frame 8
#8  0xc05f8b28 in ip_forward (m=0xc23dc900, srcrt=0) at 
/usr/src/sys/netinet/ip_input.c:1307
1307			m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t));
(kgdb) l
1302			mcopy = NULL;
1303		}
1304		if (mcopy != NULL) {
1305			mcopy->m_len = min(ip->ip_len, M_TRAILINGSPACE(mcopy));
1306			mcopy->m_pkthdr.len = mcopy->m_len;
1307			m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t));
1308		}
1309	
1310	#ifdef IPSTEALTH
1311		if (!ipstealth) {
(kgdb) p *m
$1 = {m_hdr = {mh_next = 0x0, mh_nextpkt = 0x0, mh_data = 0xc271e80e 
"E\020", mh_len = 164, mh_flags = 3, mh_type = 1, pad = "\000"}, M_dat = 
{MH = {MH_pkthdr = {rcvif = 0xc20a4800, header = 0x0, len = 164, 
csum_flags = 3072,
         csum_data = 65535, tso_segsz = 0, ether_vtag = 0, tags = 
{slh_first = 0xc35bc380}}, MH_dat = {MH_ext = {ext_buf = 0xc271e800 "", 
ext_free = 0, ext_args = 0x0, ext_size = 2048, ref_cnt = 0xc2703ab4, 
ext_type = 6},
         MH_databuf = 
"\000?q?\000\000\000\000\000\000\000\000\000\b\000\000?:p?\006\000\000\000dL?\t<+?\202\200\020 
O/\207\000\000\001\001\b\n-?b\230qms?\000\000\004\001?l?\000\000\001%r???\200\000????\034?Ot?\b?{sr\000\034org.jboss.mq.ConnectionToken?\b߼&?\237N\002\000\005I\000\004hashZ\000\asameJVML\000\bclientIDt\000\022Ljava/l\000\220\032Ae\207\000\002?36@\210d\021\000\001?\001B\000!E\000\001 at bV\000\000 at 2\032$W\213\n\034"...}}, 

     M_databuf = 
"\000H\n?\000\000\000\000?\000\000\000\000\f\000\000??\000\000\000\000\000\000\200?[?\000?q?\000\000\000\000\000\000\000\000\000\b\000\000?:p?\006\000\000\000dL?\t<+?\202\200\020 
O/\207\000\000\001\001\b\n-?b\230qms?\000\000\004\001?l?\000\000\001%r???\200\000????\034?Ot?\b?{sr\000\034org.jboss.mq.ConnectionToken?\b߼&?\237N\002\000\005I\000\004hashZ\000\asameJVML\000\bclientIDt\000\022Ljava/l\000\220\032Ae\207\000\002?3"...}}

Cheers,
Florian

More information about the freebsd-stable mailing list