From owner-freebsd-stable Mon Mar 18 13:37:40 2002 Delivered-To: freebsd-stable@freebsd.org Received: from kidney-bean.maths.ox.ac.uk (kidney-bean.maths.ox.ac.uk [163.1.3.112]) by hub.freebsd.org (Postfix) with ESMTP id 6546D37B400 for ; Mon, 18 Mar 2002 13:37:17 -0800 (PST) Received: from cream-puff.maths.ox.ac.uk (cream-puff.maths.ox.ac.uk [163.1.3.3]) by kidney-bean.maths.ox.ac.uk (Postfix) with ESMTP id 616D46205 for ; Mon, 18 Mar 2002 21:37:16 +0000 (GMT) Received: (from allman@localhost) by cream-puff.maths.ox.ac.uk (8.8.6/8.8.6) id VAA05307; Mon, 18 Mar 2002 21:37:16 GMT Date: Mon, 18 Mar 2002 21:37:16 +0000 (GMT) From: Michael Allman To: Subject: 4.5-RELEASE kernel panic Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello All, Below is an abbreviated kernel debugging session from a kernel panic. I suspect this is due to a bug in the network routing code. Somehow, a null pointer got thrown in the works. Could someone more knowledgable of these things have a look? I can provide more information as requested. Thanks! Michael My system: FreeBSD 4.5-RELEASE on an AMD Athlon 1 GHz, 512 MB RAM, Intel Etherexpress PRO 100S. What I found with gdb -k: panic messages: --- Fatal trap 12: page fault while in kernel mode fault virtual address =3D 0x303031f fault code =3D supervisor read, page not present instruction pointer =3D 0x8:0xc01b9049 stack pointer =3D 0x10:0xc030cf78 frame pointer =3D 0x10:0xc030cfc8 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, def32 1, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D Idle interrupt mask =3D trap number =3D 12 **************** (kgdb) bt #0 dumpsys () at ../../kern/kern_shutdown.c:474 #1 0xc016fbfb in boot (howto=3D260) at ../../kern/kern_shutdown.c:313 #2 0xc016fff5 in panic (fmt=3D0xc030574c "%s") at =2E./../kern/kern_shutdown.c:582 #3 0xc02b2faf in trap_fatal (frame=3D0xc030cd64, eva=3D48) at ../../i386/i386/trap.c:956 #4 0xc02b2c5d in trap_pfault (frame=3D0xc030cd64, usermode=3D0, eva=3D48) at ../../i386/i386/trap.c:849 #5 0xc02b2803 in trap (frame=3D{tf_fs =3D 16, tf_es =3D 16, tf_ds =3D 16, tf_edi =3D -1070166208, tf_esi =3D 0, tf_ebp =3D -1070543444, tf_isp =3D -1070543472, tf_ebx =3D -1070432644, tf_edx =3D 6832192, tf_ecx =3D 8, tf_eax =3D 0, tf_trapno =3D 12, tf_err =3D 0, tf_eip =3D -1071357192, tf_cs =3D 8, tf_eflags =3D 66050, tf_esp =3D = 0, tf_ss =3D 0}) at ../../i386/i386/trap.c:448 #6 0xc02462f8 in acquire_lock (lk=3D0xc0327e7c) at ../../ufs/ffs/ffs_softdep.c:271 #7 0xc024a896 in softdep_fsync_mountdev (vp=3D0xe36db540) at ../../ufs/ffs/ffs_softdep.c:3986 #8 0xc024ec5a in ffs_fsync (ap=3D0xc030ce20) at =2E./../ufs/ffs/ffs_vnops.c:134 #9 0xc024d8e7 in ffs_sync (mp=3D0xc198ec00, waitfor=3D2, cred=3D0xc1474500= , p=3D0xc0368f40) at vnode_if.h:558 #10 0xc019ffd3 in sync (p=3D0xc0368f40, uap=3D0x0) at =2E./../kern/vfs_syscalls.c:547 #11 0xc016f9ae in boot (howto=3D256) at ../../kern/kern_shutdown.c:234 #12 0xc016fff5 in panic (fmt=3D0xc030574c "%s") at =2E./../kern/kern_shutdown.c:582 #13 0xc02b2faf in trap_fatal (frame=3D0xc030cf38, eva=3D50529055) at ../../i386/i386/trap.c:956 #14 0xc02b2c5d in trap_pfault (frame=3D0xc030cf38, usermode=3D0, eva=3D5052= 9055) at ../../i386/i386/trap.c:849 #15 0xc02b2803 in trap (frame=3D{tf_fs =3D 16, tf_es =3D 16, tf_ds =3D 16, tf_edi =3D -1047960544, tf_esi =3D 0, tf_ebp =3D -1070542904, tf_isp =3D -1070543004, tf_ebx =3D 50529027, tf_edx =3D 0, tf_ecx =3D -1048122492, tf_eax =3D 6424576, tf_trapno =3D 12, tf_err = =3D 0, tf_eip =3D -1071935415, tf_cs =3D 8, tf_eflags =3D 66054, tf_esp =3D -1047960544, tf_ss =3D 50529027}) at =2E./../i386/i386/trap.c:448 #16 0xc01b9049 in rtalloc1 (dst=3D0xc1896420, report=3D0, ignflags=3D65792) at ../../net/route.c:135 #17 0xc01c53e5 in in_addroute (v_arg=3D0xc1896420, n_arg=3D0x0, head=3D0xc186ea80, treenodes=3D0xc1e95c00) at ../../netinet/in_rmx.c:121 #18 0xc01b98e8 in rtrequest1 (req=3D11, info=3D0xc030d054, ret_nrt=3D0xc030= d0b8) at ../../net/route.c:692 #19 0xc01b9518 in rtrequest (req=3D11, dst=3D0xc030d130, gateway=3D0x0, netmask=3D0x0, flags=3D0, ret_nrt=3D0xc030d0b8) at ../../net/route.c:489 #20 0xc01b9097 in rtalloc1 (dst=3D0xc030d130, report=3D1, ignflags=3D256) at ../../net/route.c:149 #21 0xc01b9004 in rtalloc_ign (ro=3D0xc030d12c, ignore=3D256) at ../../net/route.c:111 #22 0xc1a22019 in ?? () #23 0xc1a22b73 in ?? () #24 0xc01c73b7 in ip_input (m=3D0xc1476600) at ../../netinet/ip_input.c:419 #25 0xc01c793b in ipintr () at ../../netinet/ip_input.c:843 #26 0xc02a7d95 in swi_net_next () (kgdb) up 16 #16 0xc01b9049 in rtalloc1 (dst=3D0xc1896420, report=3D0, ignflags=3D65792) at ../../net/route.c:135 135 if (rnh && (rn =3D rnh->rnh_matchaddr((caddr_t)dst, rnh)) &= & (kgdb) list 130 int s =3D splnet(), err =3D 0, msgtype =3D RTM_MISS; 131 132 /* 133 * Look up the address in the table for that Address Family 134 */ 135 if (rnh && (rn =3D rnh->rnh_matchaddr((caddr_t)dst, rnh)) &= & 136 ((rn->rn_flags & RNF_ROOT) =3D=3D 0)) { 137 /* 138 * If we find it and it's not the root node, then 139 * get a refernce on the rtentry associated. (kgdb) print rnh $1 =3D (struct radix_node_head *) 0x620800 (kgdb) print dst $2 =3D (struct sockaddr *) 0xc1896420 (kgdb) print rn $3 =3D (struct radix_node *) 0x0 (kgdb) print *rnh cannot read proc at 0 (kgdb) print *dst $4 =3D {sa_len =3D 0 '\000', sa_family =3D 97 'a', sa_data =3D "\211=C1\020\002\000\000=A3\001\177\236\000\000\000"} To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message