From owner-freebsd-bugs Wed Jun 28 7:40: 9 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id A261B37B55D for ; Wed, 28 Jun 2000 07:40:05 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id HAA64847; Wed, 28 Jun 2000 07:40:05 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Date: Wed, 28 Jun 2000 07:40:05 -0700 (PDT) Message-Id: <200006281440.HAA64847@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Mikhail Teterin Subject: Re: kern/19551: panic when enabling bridge_ipfw Reply-To: Mikhail Teterin Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR kern/19551; it has been noted by GNATS. From: Mikhail Teterin To: freebsd-gnats-submit@FreeBSD.org Cc: luigi@iet.unipi.it Subject: Re: kern/19551: panic when enabling bridge_ipfw Date: Wed, 28 Jun 2000 10:32:52 -0400 (EDT) (See the end of this message for the location of the debuggable kernel and two vmcores). I decided to try giving the unconfigured interface an IP address and got another panic: Fatal trap 12: page fault while in kernel mode fault virtual address = 0x30 fault code = supervisor read, page not present instruction pointer = 0x8:0xc01df0a4 stack pointer = 0x10:0xc025e3b4 frame pointer = 0x10:0xc025e3b8 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = Idle interrupt mask = net bio cam trap number = 12 panic: page fault Uptime: 21s dumping to dev #ad/1, offset 216 dump ata0: resetting devices .. ata0: mask=01 status0=50 status1=00 ata0-master: success setting up PIO4 mode on generic chip done 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 --- #0 boot (howto=260) at /opt/src/sys/kern/kern_shutdown.c:302 302 dumppcb.pcb_cr3 = rcr3(); (kgdb) where #0 boot (howto=260) at /opt/src/sys/kern/kern_shutdown.c:302 #1 0xc0138358 in poweroff_wait (junk=0xc025842f, howto=0) at /opt/src/sys/kern/kern_shutdown.c:552 #2 0xc0226ed2 in trap_fatal (frame=0xc025e374, eva=48) at /opt/src/sys/i386/i386/trap.c:927 #3 0xc0226b91 in trap_pfault (frame=0xc025e374, usermode=0, eva=48) at /opt/src/sys/i386/i386/trap.c:820 #4 0xc022677b in trap (frame={tf_fs = 1074135056, tf_es = -1071316976, tf_ds = -966393840, tf_edi = 0, tf_esi = -966347776, tf_ebp = -1071258696, tf_isp = -1071258720, tf_ebx = -1071180740, tf_edx = 1074315328, tf_ecx = -827104320, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1071779676, tf_cs = 8, tf_eflags = 66050, tf_esp = -966347776, tf_ss = -1071258664}) at /opt/src/sys/i386/i386/trap.c:426 #5 0xc01df0a4 in acquire_lock (lk=0xc027143c) at /opt/src/sys/ufs/ffs/ffs_softdep.c:265 #6 0xc01e2ebc in softdep_update_inodeblock (ip=0xc666b400, bp=0xc7a298c8, waitfor=0) at /opt/src/sys/ufs/ffs/ffs_softdep.c:3585 #7 0xc01de34e in ffs_update (vp=0xceb363c0, waitfor=0) at /opt/src/sys/ufs/ffs/ffs_inode.c:105 #8 0xc01e6110 in ffs_sync (mp=0xc65e3800, waitfor=2, cred=0xc05cb680, p=0xc029eee0) at /opt/src/sys/ufs/ffs/ffs_vfsops.c:987 #9 0xc016471f in sync (p=0xc029eee0, uap=0x0) at /opt/src/sys/kern/vfs_syscalls.c:549 #10 0xc0137d9f in boot (howto=256) at /opt/src/sys/kern/kern_shutdown.c:224 #11 0xc0138358 in poweroff_wait (junk=0xc025842f, howto=0) at /opt/src/sys/kern/kern_shutdown.c:552 #12 0xc0226ed2 in trap_fatal (frame=0xc025e540, eva=3227829326) at /opt/src/sys/i386/i386/trap.c:927 #13 0xc0226b91 in trap_pfault (frame=0xc025e540, usermode=0, eva=3227829326) at /opt/src/sys/i386/i386/trap.c:820 #14 0xc022677b in trap (frame={tf_fs = 16, tf_es = -1072234480, tf_ds = 1074135056, tf_edi = 1073872896, tf_esi = 0, tf_ebp = -1071258228, tf_isp = -1071258260, tf_ebx = -966216256, tf_edx = 521294, tf_ecx = 0, tf_eax = -1067659264, tf_trapno = 12, tf_err = 2, tf_eip = -1072359149, tf_cs = 8, tf_eflags = 66054, tf_esp = -1067170816, tf_ss = 0}) at /opt/src/sys/i386/i386/trap.c:426 #15 0xc0151913 in m_free (m=0xc668b5c0) at /opt/src/sys/kern/uipc_mbuf.c:509 #16 0xc01526f5 in m_pullup (n=0xc668b5c0, len=14) at /opt/src/sys/kern/uipc_mbuf.c:966 #17 0xc017df87 in transmit_event (pipe=0xc665f400) at /opt/src/sys/netinet/ip_dummynet.c:407 #18 0xc017e1cf in ready_event (q=0xc6684380) at /opt/src/sys/netinet/ip_dummynet.c:525 #19 0xc017e60b in dummynet (unused=0x0) at /opt/src/sys/netinet/ip_dummynet.c:660 #20 0xc013d839 in softclock () at /opt/src/sys/kern/kern_timeout.c:131 (kgdb) up 15 #15 0xc0151913 in m_free (m=0xc668b5c0) at /opt/src/sys/kern/uipc_mbuf.c:509 509 MFREE(m, n); (kgdb) p m $1 = (struct mbuf *) 0x40060e00 (kgdb) p n $2 = (struct mbuf *) 0x0 Somewhere in the depth of MFREE maze, I guess, the following happens: (kgdb) p _mm $7 = (struct mbuf *) 0x0 The kernel (with all debug symbols) and the two vmcores are available at: http://virtual-estates.com/kernel.ip_icmp.bz2 http://virtual-estates.com/vmcore.ip_icmp.bz2 http://virtual-estates.com/vmcore.m_free.bz2 -mi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message