Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 14 Jan 2007 23:50:24 GMT
From:      Mark Kamichoff <prox@prolixium.com>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: kern/104569: panic w/zebra
Message-ID:  <200701142350.l0ENoOYw079893@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR kern/104569; it has been noted by GNATS.

From: Mark Kamichoff <prox@prolixium.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/104569: panic w/zebra
Date: Sun, 14 Jan 2007 18:25:24 -0500

 This is *almost* reproducible, now.  If I cause a number of OSPFv2/v3
 adjacencies to time out (by unplugging cables, etc.), FreeBSD has a
 50-60% chance of panicking on the spot.  I assume this is due to the
 zebra process changing around routes.
 
 - Mark
 
 On Mon, Dec 11, 2006 at 08:23:33AM -0500,  wrote:
 > Is there anything else I can provide that will help tracking this down?
 > It is still happening:
 > 
 > Unread portion of the kernel message buffer:
 > kernel trap 12 with interrupts disabled
 > 
 > 
 > Fatal trap 12: page fault while in kernel mode
 > fault virtual address   = 0x78
 > fault code              = supervisor read, page not present
 > instruction pointer     = 0x20:0xc0554bcb
 > stack pointer           = 0x28:0xdea8ea64
 > frame pointer           = 0x28:0xdea8ea68
 > code segment            = base 0x0, limit 0xfffff, type 0x1b
 >                         = DPL 0, pres 1, def32 1, gran 1
 > processor eflags        = resume, IOPL = 0
 > current process         = 1548 (zebra)
 > trap number             = 12
 > panic: page fault
 > Uptime: 2d5h52m33s
 > Dumping 510 MB (2 chunks)
 >   chunk 0: 1MB (159 pages) ... ok
 >   chunk 1: 510MB (130544 pages) 494 478 462 446 430 414 398 382 366 350 334 318 302 286 270 254 238 222 206 190 174 158 142 126 110 94 78 62 46 30 14
 > 
 > #0  doadump () at pcpu.h:165
 > 165             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
 > (kgdb) bt
 > #0  doadump () at pcpu.h:165
 > #1  0xc052f46e in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
 > #2  0xc052f778 in panic (fmt=0xc0709d51 "%s") at /usr/src/sys/kern/kern_shutdown.c:565
 > #3  0xc06e5d2d in trap_fatal (frame=0xdea8ea24, eva=0) at /usr/src/sys/i386/i386/trap.c:837
 > #4  0xc06e5445 in trap (frame=
 >       {tf_fs = -629538808, tf_es = -1066139608, tf_ds = 40, tf_edi = -1015486796, tf_esi = -1014488704, tf_ebp = -559355288, tf_isp = -559355312, tf_ebx = -1015492032, tf_edx = -1014488704, tf_ecx = 4, tf_eax = 4, tf_trapno = 12, tf_err = 0, tf_eip = -1068151861, tf_cs = 32, tf_eflags = 65543, tf_esp = -1014488704, tf_ss = -559355252}) at /usr/src/sys/i386/i386/trap.c:270
 > #5  0xc06d27ca in calltrap () at /usr/src/sys/i386/i386/exception.s:139
 > #6  0xc0554bcb in turnstile_setowner (ts=0xc378d240, owner=0x4)
 >     at /usr/src/sys/kern/subr_turnstile.c:432
 > #7  0xc0554ef7 in turnstile_wait (lock=0xc38c6504, owner=0x4)
 >     at /usr/src/sys/kern/subr_turnstile.c:591
 > #8  0xc0524ddb in _mtx_lock_sleep (m=0xc38c6504, tid=3280478592, opts=0, file=0x0, line=0)
 >     at /usr/src/sys/kern/kern_mutex.c:579
 > #9  0xc05bcb44 in rtrequest1 (req=2, info=0xdea8eb24, ret_nrt=0xdea8eb10)
 >     at /usr/src/sys/net/route.c:703
 > #10 0xc05be7e5 in route_output (m=0xc55fa800, so=0xc3553164) at /usr/src/sys/net/rtsock.c:391
 > #11 0xc05bbb12 in raw_usend (so=0x4, flags=0, m=0xc3882180, nam=0x0, control=0x4, 
 >     td=0xc3882180) at /usr/src/sys/net/raw_usrreq.c:263
 > #12 0xc05be457 in rts_send (so=0x4, flags=4, m=0x4, nam=0x4, control=0x4, td=0x4)
 >     at /usr/src/sys/net/rtsock.c:269
 > #13 0xc057136c in sosend (so=0xc3553164, addr=0x0, uio=0xdea8ecb0, top=0xc55fa800, 
 >     control=0x0, flags=0, td=0xc3882180) at /usr/src/sys/kern/uipc_socket.c:836
 > #14 0xc055d2b8 in soo_write (fp=0x4, uio=0xdea8ecb0, active_cred=0xc33d2c00, flags=0, 
 >     td=0xc3882180) at /usr/src/sys/kern/sys_socket.c:118
 > #15 0xc05569e0 in dofilewrite (td=0xc3882180, fd=4, fp=0xc37b0c18, auio=0xdea8ecb0, offset=Unhandled dwarf expression opcode 0x93
 > )
 >     at file.h:252
 > #16 0xc0556817 in kern_writev (td=0xc3882180, fd=6, auio=0x4)
 >     at /usr/src/sys/kern/sys_generic.c:402
 > ---Type <return> to continue, or q <return> to quit---
 > #17 0xc05566e9 in write (td=0x4, uap=0x4) at /usr/src/sys/kern/sys_generic.c:326
 > #18 0xc06e60e3 in syscall (frame=
 >       {tf_fs = 672006203, tf_es = 672006203, tf_ds = -1078001605, tf_edi = -1077941792, tf_esi = -1077942328, tf_ebp = -1077941864, tf_isp = -559354524, tf_ebx = 20, tf_edx = -1077942496, tf_ecx = 0, tf_eax = 4, tf_trapno = 0, tf_err = 2, tf_eip = 673045383, tf_cs = 51, tf_eflags = 514, tf_esp = -1077942516, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:983
 > #19 0xc06d281f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200
 > #20 0x00000033 in ?? ()
 > Previous frame inner to this frame (corrupt stack?)
 > (kgdb) 
 > 
 > Thanks!
 > 
 > - Mark
 > 
 > -- 
 > Mark Kamichoff
 > prox@prolixium.com
 > http://prolixium.com/
 > Rensselaer Polytechnic Institute, Class of 2004
 
 
 -- 
 Mark Kamichoff
 prox@prolixium.com
 http://prolixium.com/
 Rensselaer Polytechnic Institute, Class of 2004

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701142350.l0ENoOYw079893>