Date: Mon, 27 Feb 2006 19:05:10 GMT From: Justinas <mixmanteam@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: i386/93910: Kernel bug (Crash) Message-ID: <200602271905.k1RJ5AYV026192@www.freebsd.org> Resent-Message-ID: <200602271910.k1RJA1eI089398@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 93910
>Category: i386
>Synopsis: Kernel bug (Crash)
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-i386
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Feb 27 19:10:01 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Justinas
>Release: FreeBSD 6.0 Stable
>Organization:
EofNET Networks
>Environment:
FreeBSD diablo 6.0-RELEASE-p4 FreeBSD 6.0-RELEASE-p4 #5: Wed Feb 22 16:00:21 EET 2006 mixman@diablo:/usr/src/sys/i386/compile/w00t i386
>Description:
FreeBSD 6.0 System crashes two times in a 3 days i was worried that it is seriaus problem so i turn debuging on and then crash dump was saved i tried to analyse it. And i have this:
diablo# kgdb kernel.debug /var/crash/vmcore.0
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Unde fined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x34
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc057bb3f
stack pointer = 0x28:0xcd6f78a0
frame pointer = 0x28:0xcd6f78e0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 42487 (eggdrop-1.6.15)
trap number = 12
panic: page fault
Uptime: 2d5h42m3s
Dumping 255 MB (2 chunks)
chunk 0: 1MB (160 pages) ... ok
chunk 1: 255MB (65264 pages) 239 223 207 191 175 159 143 127 111 95 79 63 47 3 1 15
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) backtrace
#0 doadump () at pcpu.h:165
#1 0xc04f35ba in boot (howto=260) at ../../../kern/kern_shutdown.c:399
#2 0xc04f3880 in panic (fmt=0xc067ee79 "%s")
at ../../../kern/kern_shutdown.c:555
#3 0xc065fc3a in trap_fatal (frame=0xcd6f7860, eva=52)
at ../../../i386/i386/trap.c:831
#4 0xc065f96f in trap_pfault (frame=0xcd6f7860, usermode=0, eva=52)
at ../../../i386/i386/trap.c:742
#5 0xc065f569 in trap (frame=
{tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -1054391456, tf_esi = -105446 4532, tf_ebp = -848332576, tf_isp = -848332660, tf_ebx = -1055094784, tf_edx = - 1052479860, tf_ecx = -1052214704, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1067992257, tf_cs = 32, tf_eflags = 66050, tf_esp = -1047629568, tf_ss = -10 51169872}) at ../../../i386/i386/trap.c:432
#6 0xc064ecea in calltrap () at ../../../i386/i386/exception.s:139
#7 0xc057bb3f in ip_output (m=0xc1262500, opt=0xc11c8800, ro=0xc1446e8c,
flags=0, imo=0x0, inp=0x0) at ../../../netinet/ip_output.c:248
#8 0xc056e7ec in in_gif_output (ifp=0xc11e2c00, family=0, m=0xc1262500)
at ../../../netinet/in_gif.c:211
#9 0xc05613e9 in gif_output (ifp=0xc11e2c00, m=0xc18d0000, dst=0xc14598dc,
rt=0xc14685ac) at ../../../net/if_gif.c:429
#10 0xc05a6f76 in nd6_output (ifp=0xc11e2c00, origifp=0xc11e2c00,
m0=0xc18d0000, dst=0xc14598dc, rt0=0x41) at ../../../netinet6/nd6.c:1982
---Type <return> to continue, or q <return> to quit---
#11 0xc05a13f9 in ip6_output (m0=0xc18d0000, opt=0x0, ro=0xcd6f7a8c, flags=0,
im6o=0x0, ifpp=0x0, inp=0xc1f744ec) at ../../../netinet6/ip6_output.c:1042
#12 0xc0584d1e in tcp_output (tp=0xc18c8000)
at ../../../netinet/tcp_output.c:1059
#13 0xc058bea1 in tcp_usr_send (so=0xc18c2000, flags=0, m=0xc125ed00, nam=0x0,
control=0x0, td=0xc18b4900) at ../../../netinet/tcp_usrreq.c:697
#14 0xc052bbd3 in sosend (so=0xc18c2000, addr=0x0, uio=0xcd6f7cbc,
top=0xc125ed00, control=0x0, flags=0, td=0xc18b4900)
at ../../../kern/uipc_socket.c:829
#15 0xc051a9ee in soo_write (fp=0x0, uio=0xcd6f7cbc, active_cred=0xc18a8300,
flags=0, td=0xc18b4900) at ../../../kern/sys_socket.c:118
#16 0xc0514bef in dofilewrite (td=0xc18b4900, fd=4, fp=0xc18ca7e0,
auio=0xcd6f7cbc, offset=Unhandled dwarf expression opcode 0x93
) at file.h:246
#17 0xc0514a93 in kern_writev (td=0xc18b4900, fd=4, auio=0xcd6f7cbc)
at ../../../kern/sys_generic.c:402
#18 0xc05149b9 in write (td=0xc18b4900, uap=0xc1487a50)
at ../../../kern/sys_generic.c:326
#19 0xc065ff4f in syscall (frame=
{tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 18, tf_esi = 673643195, tf_e bp = -1077945064, tf_isp = -848331420, tf_ebx = 134940672, tf_edx = 0, tf_ecx = 0, tf_eax = 4, tf_trapno = 0, tf_err = 2, tf_eip = 672866411, tf_cs = 51, tf_efl ags = 582, tf_esp = -1077945140, tf_ss = 59}) at ../../../i386/i386/trap.c:976
#20 0xc064ed3f in Xint0x80_syscall () at ../../../i386/i386/exception.s:200
---Type <return> to continue, or q <return> to quit---
#21 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) up 10
#10 0xc05a6f76 in nd6_output (ifp=0xc11e2c00, origifp=0xc11e2c00,
m0=0xc18d0000, dst=0xc14598dc, rt0=0x41) at ../../../netinet6/nd6.c:1982
1982 return ((*ifp->if_output)(ifp, m, (struct sockaddr *)dst, rt));
(kgdb)
I think the problem is on ../../../netinet6/nd6.c:1982 file or in ipv6 stack that runs on freebsd.
>How-To-Repeat:
Problem repeats itself none i can do to call it.
>Fix:
Dont know.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602271905.k1RJ5AYV026192>