From owner-freebsd-stable@FreeBSD.ORG  Thu Jan 21 13:25:26 2010
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DF035106566B;
	Thu, 21 Jan 2010 13:25:26 +0000 (UTC) (envelope-from flo@smeets.im)
Received: from mail.solomo.de (mail.solomo.de [85.214.124.163])
	by mx1.freebsd.org (Postfix) with ESMTP id 7FE668FC0C;
	Thu, 21 Jan 2010 13:25:26 +0000 (UTC)
Received: from mail.solomo.de (localhost [127.0.0.1])
	by mail.solomo.de (Postfix) with ESMTP id 4FDD961C94;
	Thu, 21 Jan 2010 14:25:25 +0100 (CET)
X-Virus-Scanned: amavisd-new at vistream.de
Received: from mail.solomo.de ([127.0.0.1])
	by mail.solomo.de (mail.solomo.de [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id EuYkhX4dC22e; Thu, 21 Jan 2010 14:25:23 +0100 (CET)
Received: from nibbler.vistream.local (relay3.vistream.de [87.139.10.28])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.solomo.de (Postfix) with ESMTPSA id 0813D61C2E;
	Thu, 21 Jan 2010 14:25:23 +0100 (CET)
Message-ID: <4B5855C2.6000002@smeets.im>
Date: Thu, 21 Jan 2010 14:25:22 +0100
From: Florian Smeets <flo@smeets.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
	rv:1.9.2pre) Gecko/20100120 Lanikai/3.1b1pre
MIME-Version: 1.0
To: John Baldwin <jhb@freebsd.org>
References: <4B58280C.50602@smeets.im> <201001210801.48390.jhb@freebsd.org>
In-Reply-To: <201001210801.48390.jhb@freebsd.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Cc: freebsd-stable@freebsd.org
Subject: Re: 7.2-STABLE page fault with kernel from 12.01.2010 / crashinfo
 available
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jan 2010 13:25:27 -0000

On 1/21/10 2:01 PM, John Baldwin wrote:
> On Thursday 21 January 2010 5:10:20 am Florian Smeets wrote:
>> (kgdb) where
>> #0  doadump () at pcpu.h:196
>> #1  0xc0525703 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
>> #2  0xc052590e in panic (fmt=Variable "fmt" is not available.
>> ) at /usr/src/sys/kern/kern_shutdown.c:574
>> #3  0xc06f110c in trap_fatal (frame=0xc1f15ae4, eva=12) at
>> /usr/src/sys/i386/i386/trap.c:950
>> #4  0xc06f1390 in trap_pfault (frame=0xc1f15ae4, usermode=0, eva=12) at
>> /usr/src/sys/i386/i386/trap.c:863
>> #5  0xc06f1d65 in trap (frame=0xc1f15ae4) at
>> /usr/src/sys/i386/i386/trap.c:541
>> #6  0xc06d910b in calltrap () at /usr/src/sys/i386/i386/exception.s:166
>> #7  0xc0572e48 in m_copydata (m=0x0, off=0, len=40, cp=0xc23cced8
>> "\203??b??\237\f)h?M\220\224?\023?\205K(e??s?\"???k?oQ?~\223\020g\030")
>>       at /usr/src/sys/kern/uipc_mbuf.c:815
>> #8  0xc05f8b28 in ip_forward (m=0xc23dc900, srcrt=0) at
>> /usr/src/sys/netinet/ip_input.c:1307
>> #9  0xc05fa30c in ip_input (m=0xc23dc900) at
>> /usr/src/sys/netinet/ip_input.c:609
>> #10 0xc05c83d5 in netisr_dispatch (num=2, m=0xc23dc900) at
>> /usr/src/sys/net/netisr.c:185
>> #11 0xc05bf581 in ether_demux (ifp=0xc20a4800, m=0xc23dc900) at
>> /usr/src/sys/net/if_ethersubr.c:834
>> #12 0xc05bf973 in ether_input (ifp=0xc20a4800, m=0xc23dc900) at
>> /usr/src/sys/net/if_ethersubr.c:692
>> #13 0xc04b8749 in sis_rxeof (sc=0xc2093800) at
>> /usr/src/sys/dev/sis/if_sis.c:1476
>> #14 0xc04b8973 in sis_intr (arg=0xc2093800) at
>> /usr/src/sys/dev/sis/if_sis.c:1667
>> #15 0xc050344b in ithread_loop (arg=0xc20ab410) at
>> /usr/src/sys/kern/kern_intr.c:1126
>> #16 0xc04ffe36 in fork_exit (callout=0xc05032a0<ithread_loop>,
>> arg=0xc20ab410, frame=0xc1f15d38) at /usr/src/sys/kern/kern_fork.c:811
>> #17 0xc06d9180 in fork_trampoline () at
>> /usr/src/sys/i386/i386/exception.s:271
>> (kgdb) list *0xc0572e48
>> 0xc0572e48 is in m_copydata (libkern.h:61).
>> 56	static __inline int imax(int a, int b) { return (a>  b ? a : b); }
>> 57	static __inline int imin(int a, int b) { return (a<  b ? a : b); }
>> 58	static __inline long lmax(long a, long b) { return (a>  b ? a : b); }
>> 59	static __inline long lmin(long a, long b) { return (a<  b ? a : b); }
>> 60	static __inline u_int max(u_int a, u_int b) { return (a>  b ? a : b); }
>> 61	static __inline u_int min(u_int a, u_int b) { return (a<  b ? a : b); }
>> 62	static __inline quad_t qmax(quad_t a, quad_t b) { return (a>  b ? a :
>> b); }
>> 63	static __inline quad_t qmin(quad_t a, quad_t b) { return (a<  b ? a :
>> b); }
>> 64	static __inline u_long ulmax(u_long a, u_long b) { return (a>  b ? a
>> : b); }
>> 65	static __inline u_long ulmin(u_long a, u_long b) { return (a<  b ? a
>> : b); }
>> (kgdb) frame 7
>> #7  0xc0572e48 in m_copydata (m=0x0, off=0, len=40, cp=0xc23cced8
>> "\203??b??\237\f)h?M\220\224?\023?\205K(e??s?\"???k?oQ?~\223\020g\030")
>> at /usr/src/sys/kern/uipc_mbuf.c:815
>> 815			count = min(m->m_len - off, len);
>> (kgdb) l
>> 810			off -= m->m_len;
>> 811			m = m->m_next;
>> 812		}
>> 813		while (len>  0) {
>> 814			KASSERT(m != NULL, ("m_copydata, length>  size of mbuf chain"));
>
> I think you would have hit this assertion if INVARIANTS were enabled.  Can you
> go up to frame 8 and do an 'l'?  Maybe 'p *m' as well?
>

Sure, thanks for taking a look John!

(kgdb) frame 8
#8  0xc05f8b28 in ip_forward (m=0xc23dc900, srcrt=0) at 
/usr/src/sys/netinet/ip_input.c:1307
1307			m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t));
(kgdb) l
1302			mcopy = NULL;
1303		}
1304		if (mcopy != NULL) {
1305			mcopy->m_len = min(ip->ip_len, M_TRAILINGSPACE(mcopy));
1306			mcopy->m_pkthdr.len = mcopy->m_len;
1307			m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t));
1308		}
1309	
1310	#ifdef IPSTEALTH
1311		if (!ipstealth) {
(kgdb) p *m
$1 = {m_hdr = {mh_next = 0x0, mh_nextpkt = 0x0, mh_data = 0xc271e80e 
"E\020", mh_len = 164, mh_flags = 3, mh_type = 1, pad = "\000"}, M_dat = 
{MH = {MH_pkthdr = {rcvif = 0xc20a4800, header = 0x0, len = 164, 
csum_flags = 3072,
         csum_data = 65535, tso_segsz = 0, ether_vtag = 0, tags = 
{slh_first = 0xc35bc380}}, MH_dat = {MH_ext = {ext_buf = 0xc271e800 "", 
ext_free = 0, ext_args = 0x0, ext_size = 2048, ref_cnt = 0xc2703ab4, 
ext_type = 6},
         MH_databuf = 
"\000?q?\000\000\000\000\000\000\000\000\000\b\000\000?:p?\006\000\000\000dL?\t<+?\202\200\020 
O/\207\000\000\001\001\b\n-?b\230qms?\000\000\004\001?l?\000\000\001%r???\200\000????\034?Ot?\b?{sr\000\034org.jboss.mq.ConnectionToken?\b߼&?\237N\002\000\005I\000\004hashZ\000\asameJVML\000\bclientIDt\000\022Ljava/l\000\220\032Ae\207\000\002?36@\210d\021\000\001?\001B\000!E\000\001@bV\000\000@2\032$W\213\n\034"...}}, 

     M_databuf = 
"\000H\n?\000\000\000\000?\000\000\000\000\f\000\000??\000\000\000\000\000\000\200?[?\000?q?\000\000\000\000\000\000\000\000\000\b\000\000?:p?\006\000\000\000dL?\t<+?\202\200\020 
O/\207\000\000\001\001\b\n-?b\230qms?\000\000\004\001?l?\000\000\001%r???\200\000????\034?Ot?\b?{sr\000\034org.jboss.mq.ConnectionToken?\b߼&?\237N\002\000\005I\000\004hashZ\000\asameJVML\000\bclientIDt\000\022Ljava/l\000\220\032Ae\207\000\002?3"...}}

Cheers,
Florian