From owner-freebsd-current@FreeBSD.ORG Tue Jun 27 11:13:46 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE19C16A40F; Tue, 27 Jun 2006 11:13:46 +0000 (UTC) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (comp.chem.msu.su [158.250.32.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C5C843D62; Tue, 27 Jun 2006 11:13:42 +0000 (GMT) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (localhost [127.0.0.1]) by comp.chem.msu.su (8.13.4/8.13.3) with ESMTP id k5RBDa0d039813; Tue, 27 Jun 2006 15:13:37 +0400 (MSD) (envelope-from yar@comp.chem.msu.su) Received: (from yar@localhost) by comp.chem.msu.su (8.13.4/8.13.3/Submit) id k5RBDZZa039811; Tue, 27 Jun 2006 15:13:36 +0400 (MSD) (envelope-from yar) Date: Tue, 27 Jun 2006 15:13:35 +0400 From: Yar Tikhiy To: Denis Shaposhnikov Message-ID: <20060627111334.GE36941@comp.chem.msu.su> References: <87fyhwf6z0.fsf@neva.vlink.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-u Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87fyhwf6z0.fsf@neva.vlink.ru> User-Agent: Mutt/1.5.9i Cc: freebsd-current@freebsd.org, Gleb Smirnoff Subject: Re: carp kernel trap X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jun 2006 11:13:46 -0000 On Fri, Jun 23, 2006 at 03:26:43PM +0400, Denis Shaposhnikov wrote: > Hi! > > I've got a kernel panic on yesterday's current: > > # ifconfig carp3 vhid 3 advskew 100 pass XXXXXXXX 10.10.8.7/26 > > Fatal trap 12: page fault while in kernel mode > cpuid = 1; apic id = 06 > fault virtual address = 0x0 > fault code = supervisor write, page not present > instruction pointer = 0x20:0xc0546fb3 > stack pointer = 0x28:0xe4b38ae8 > cframe pointer = 0x28:0xe4b38b14 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 53 (ifconfig) > trap number = 12 > panic: page fault > cpuid = 1 > arp_input: packet received on non-carp interface: lan0 > carp_input: packet received on non-carp interface: lan0 > carp_input: packet received on non-carp interface: lan0 > Uptime: 2m52s > Cannot dump. No dump device defined. > Automatic reboot in 15 seconds - press a key on the console to abort Acknowledged. Let's notify Gleb Smirnoff about this; adding him to Cc:. More info on the panic attached. -- Yar Fatal trap 12: page fault while in kernel mode fault virtual address = 0x0 fault code = supervisor write, page not present instruction pointer = 0x20:0xc054733a stack pointer = 0x28:0xc76fdad4 frame pointer = 0x28:0xc76fdb04 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 39 (ifconfig) panic: from debugger Uptime: 6s Physical memory: 121 MB Dumping 13 MB: #0 doadump () at pcpu.h:166 166 pcpu.h: No such file or directory. in pcpu.h (kgdb) bt full #0 doadump () at pcpu.h:166 No locals. #1 0xc04c8454 in boot (howto=260) at ../../../kern/kern_shutdown.c:409 first_buf_printf = 1 #2 0xc04c86ff in panic (fmt=0xc060d52b "from debugger") at ../../../kern/kern_shutdown.c:565 td = (struct thread *) 0xc1165780 bootopt = 260 newpanic = 1 ap = 0xc76fd88c "<ÙoÇl£EÀ:sTÀ" buf = "from debugger", '\0' #3 0xc045a3d5 in db_panic (addr=-1068207302, have_addr=0, count=-1, modif=0xc76fd8b0 "") at ../../../ddb/db_command.c:426 No locals. #4 0xc045a36c in db_command (last_cmdp=0xc066a824, cmd_table=0x0) at ../../../ddb/db_command.c:395 cmd = (struct command *) 0xc0602f80 t = 0 modif = "\000ØoÇÄØoÇ\211\a\000\000\211\a\000\000Ï\a\000\000\000\000\000\000\000ÈmÀ\r\000\000\000\000ÈmÀ\000ÈmÀ\r\000\000\000\001\000\000\000\000ÙoÇ\v­]À\000ÙoÇ$­]À@\227lÀÀ\233kÀx\000\000\000 ±fÀ\f\000\000\000 ÙoÇüÃEÀ¬\221aÀÔÀEÀ\f\000\000\000 ±fÀ\206¸EÀ ±fÀ`¨fÀ" addr = -1068207302 count = -1 have_addr = 0 result = 0 #5 0xc045a42a in db_command_loop () at ../../../ddb/db_command.c:446 No locals. #6 0xc045c041 in db_trap (type=12, code=0) at ../../../ddb/db_main.c:221 jb = {{_jb = {-948971168, -948971188, -948971116, -948970860, 12, -1069170726, 12, -948971092, -1068608069, -1067229443, -1068607936, -948971112}}} prev_jb = (void *) 0x0 bkpt = 0 #7 0xc04e3b59 in kdb_trap (type=12, code=0, tf=0x0) at ../../../kern/subr_kdb.c:502 handled = 0 #8 0xc05f55d1 in trap_fatal (frame=0xc76fda94, eva=0) at ../../../i386/i386/trap.c:860 code = 2 type = 12 ss = 40 esp = 0 softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_xx = 0, ssd_xx1 = 3, ssd_def32 = 1, ssd_gran = 1} msg = 0x0 #9 0xc05f5333 in trap_pfault (frame=0xc76fda94, usermode=0, eva=0) at ../../../i386/i386/trap.c:778 va = 0 vm = (struct vmspace *) 0x0 map = 0xc1167a28 rv = 1 ftype = 1 '\001' td = (struct thread *) 0xc1165780 p = (struct proc *) 0xc1293000 #10 0xc05f4f51 in trap (frame= {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -1055540224, tf_esi = -1054194432, tf_ebp = -948970748, tf_isp = -948970816, tf_ebx = -1054273536, tf_edx = 0, tf_ecx = -1055540212, tf_eax = -1053789472, tf_trapno = 12, tf_err = 0, tf_eip = -1068207302, tf_cs = 32, tf_eflags = 66118, tf_esp = -948970764, tf_ss = -1054273536}) at ../../../i386/i386/trap.c:463 td = (struct thread *) 0xc1165780 p = (struct proc *) 0xc1293000 i = 0 ucode = 0 type = 12 code = 2 addr = -948970932 eva = 0 ksi = {ksi_link = {tqe_next = 0xc061cf41, tqe_prev = 0x6b5}, ksi_info = {si_signo = -1066976812, si_errno = 0, si_code = -1067331775, si_pid = 1714, si_uid = 3228277308, si_status = -948970900, si_addr = 0xc04ef542, si_value = { sival_int = -1066689992, sival_ptr = 0xc06b9a38}, _reason = {_fault = {_trapno = 582}, _timer = {_timerid = 582, _overrun = -1067153852}, _mesgq = {_mqd = 582}, _poll = {_band = 582}, __spare__ = {__spare1__ = 582, __spare2__ = { -1067153852, -1066684056, 1016, -1067298956, -948970864, -1068760600, -1066684056}}}}, ksi_flags = 1, ksi_sigq = 0xc061821a} #11 0xc05e5f1a in calltrap () at ../../../i386/i386/exception.s:138 No locals. #12 0xc054733a in carp_set_addr (sc=0xc115bc00, sin=0x0) at ../../../netinet/ip_carp.c:1439 ifp = (struct ifnet *) 0xc1291000 cif = (struct carp_if *) 0x6b5 ia = (struct in_ifaddr *) 0xc12a4500 ia_if = (struct in_ifaddr *) 0xc1291000 imo = (struct ip_moptions *) 0xc115bc0c addr = {s_addr = 301990112} iaddr = 3239427084 own = 0 error = -1066976812 #13 0xc0547e08 in carp_ioctl (ifp=0xc13072e0, cmd=0, addr=0xc12b4400 "¸D+ÁÈD+ÁØD+Á") at ../../../netinet/ip_carp.c:1770 sc = (struct carp_softc *) 0xc115bc00 vr = (struct carp_softc *) 0x0 carpr = {carpr_state = 582, carpr_vhid = -1066976812, carpr_advskew = -948970688, carpr_advbase = -1068760204, carpr_key = "\b×gÀdÛoÇî÷NÀÔ9gÀ\000\000\000"} ifa = (struct ifaddr *) 0xc12b4400 ifr = (struct ifreq *) 0xc12b4400 ifra = (struct ifaliasreq *) 0xc12b4400 locked = 0 error = 0 #14 0xc05447b9 in in_ifinit (ifp=0xc121d000, ia=0xc12b4400, sin=0xc115bc0c, scrub=0) at ../../../netinet/in.c:708 i = 168430180 oldaddr = {sin_len = 0 '\0', sin_family = 0 '\0', sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"} flags = 1 error = -1054129028 #15 0xc0543c56 in in_control (so=0xc1308a60, cmd=1, data=0xc1305900 "carp3", ifp=0xc121d000, td=0xc1165780) at ../../../netinet/in.c:439 ifr = (struct ifreq *) 0xc1305900 ia = (struct in_ifaddr *) 0xc12b4400 iap = (struct in_ifaddr *) 0x0 ifa = (struct ifaddr *) 0x0 dst = {s_addr = 1678379530} ifra = (struct in_aliasreq *) 0xc1305900 oldaddr = {sin_len = 0 '\0', sin_family = 208 'Ð', sin_port = 49441, sin_addr = {s_addr = 3241171200}, sin_zero = "\000Y0Á\bÜoÇ"} error = 0 hostIsNew = 1 iaIsNew = 1 maskIsNew = 0 #16 0xc0537d30 in ifioctl (so=0xc1308a60, cmd=2151704858, data=0xc1305900 "carp3", td=0xc1165780) at ../../../net/if.c:1777 ifp = (struct ifnet *) 0xc121d000 ifr = (struct ifreq *) 0xc121d000 error = -3 oif_flags = 8 #17 0xc04f6147 in soo_ioctl (fp=0xc13072e0, cmd=2151704858, data=0xc1305900, active_cred=0xc115dd00, td=0xc1165780) at ../../../kern/sys_socket.c:214 so = (struct socket *) 0xc1308a60 error = 0 #18 0xc04f0e10 in ioctl (td=0xc1165780, uap=0xc76fdd04) at file.h:265 fp = (struct file *) 0xc12be558 fdp = (struct filedesc *) 0x0 com = 2151704858 error = 0 size = 64 data = 0xc1305900 "carp3" memp = 0xc1305900 "carp3" tmp = 49 #19 0xc05f58ee in syscall (frame= {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134571648, tf_esi = 134580800, tf_ebp = -1077940760, tf_isp = -948970140, tf_ebx = -2143262438, tf_edx = 134583582, tf_ecx = 134571648, tf_eax = 54, tf_trapno = 0, tf_err = 2, tf_eip = 672494519, tf_cs = 51, tf_eflags = 646, tf_esp = -1077942884, tf_ss = 59}) at ../../../i386/i386/trap.c:1015 params = 0xbfbfe5a0
callp = (struct sysent *) 0xc0643e48 td = (struct thread *) 0xc1165780 p = (struct proc *) 0xc1293000 orig_tf_eflags = 646 error = 0 narg = 3 args = {3, -2143262438, 134580800, -948970196, -1067483570, -1067038688, -948970184, 671596824} code = 54 ksi = {ksi_link = {tqe_next = 0xc0664820, tqe_prev = 0xc115dc80}, ksi_info = {si_signo = -1055500416, si_errno = -948970292, si_code = 70, si_pid = -1066543480, si_uid = 3239466880, si_status = -1067038688, si_addr = 0xc115dc80, si_value = {sival_int = -948970252, sival_ptr = 0xc76fdcf4}, _reason = {_fault = { _trapno = -1068644505}, _timer = {_timerid = -1068644505, _overrun = -1066998992}, _mesgq = {_mqd = -1068644505}, _poll = {_band = -1068644505}, __spare__ = {__spare1__ = -1068644505, __spare2__ = {-1066998992, 2, -1067341680, 625, 0, -948970224, -1067539996}}}}, ksi_flags = 0, ksi_sigq = 0xc1165780} #20 0xc05e5f6f in Xint0x80_syscall () at ../../../i386/i386/exception.s:191 No locals. #21 0x00000033 in ?? () No symbol table info available. Previous frame inner to this frame (corrupt stack?) (kgdb) frame 12 #12 0xc054733a in carp_set_addr (sc=0xc115bc00, sin=0x0) at ../../../netinet/ip_carp.c:1439 1439 if ((imo->imo_membership[0] = in_addmulti(&addr, ifp)) == NULL) %%% END %%%