Date: Mon, 28 Nov 2005 18:50:05 GMT From: Stuart Weaver <sweaver@sweaver.net> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/89534: ifconfig causes page fault Message-ID: <200511281850.jASIo5j7064277@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/89534; it has been noted by GNATS.
From: Stuart Weaver <sweaver@sweaver.net>
To: Kris Kennaway <kris@obsecurity.org>
Cc: freebsd-gnats-submit@FreeBSD.org, bug-followup@FreeBSD.org
Subject: Re: misc/89534: ifconfig causes page fault
Date: Mon, 28 Nov 2005 13:38:49 -0500
Here you go.
[sweaver@zyon GENERIC]$ sudo kgdb kernel.debug /var/crash/vmcore.3
[GDB will not be able to debug user-mode threads:
/usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0xc1d6e024
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc06bc581
stack pointer = 0x28:0xdd6cd6d4
frame pointer = 0x28:0xdd6cd724
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 857 (ifconfig)
trap number = 12
panic: page fault
Uptime: 13m8s
Dumping 479 MB (2 chunks)
chunk 0: 1MB (159 pages) ... ok
chunk 1: 479MB (122608 pages) 463 447 431 415 399 383 367 351 335 319
303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) list *0xc06bc581
0xc06bc581 is in ieee80211_ioctl_getkey
(/usr/src/sys/net80211/ieee80211_ioctl.c:857).
852 wk = &ic->ic_nw_keys[kid];
853 IEEE80211_ADDR_COPY(&ik.ik_macaddr,
ic->ic_bss->ni_macaddr);
854 ni = NULL;
855 }
856 cip = wk->wk_cipher;
857 ik.ik_type = cip->ic_cipher;
858 ik.ik_keylen = wk->wk_keylen;
859 ik.ik_flags = wk->wk_flags & (IEEE80211_KEY_XMIT |
IEEE80211_KEY_RECV);
860 if (wk->wk_keyix == ic->ic_def_txkey)
861 ik.ik_flags |= IEEE80211_KEY_DEFAULT;
(kgdb) backtrace
#0 doadump () at pcpu.h:165
#1 0xc0638202 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
#2 0xc0638498 in panic (fmt=0xc084e5a2 "%s")
at /usr/src/sys/kern/kern_shutdown.c:555
#3 0xc0807c30 in trap_fatal (frame=0xdd6cd694, eva=3252084772)
at /usr/src/sys/i386/i386/trap.c:831
#4 0xc080799b in trap_pfault (frame=0xdd6cd694, usermode=0, eva=3252084772)
at /usr/src/sys/i386/i386/trap.c:742
#5 0xc08075d9 in trap (frame=
{tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = 0, tf_esi =
-1046446076, tf_ebp = -580069596, tf_isp = -580069696, tf_ebx =
-1046443464, tf_edx = 22, tf_ecx = 0, tf_eax = -1042882528, tf_trapno =
12, tf_err = 0, tf_eip = -1066678911, tf_cs = 32, tf_eflags = 66198,
tf_esp = -1042882528, tf_ss = 0})
at /usr/src/sys/i386/i386/trap.c:432
#6 0xc07f6dca in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7 0xc06bc581 in ieee80211_ioctl_getkey (ic=0xc1a08004, ireq=0xc1be5740)
at /usr/src/sys/net80211/ieee80211_ioctl.c:856
#8 0xc06bd37e in ieee80211_ioctl_get80211 (ic=0x0, cmd=3223087595,
ireq=0xc1be5740) at /usr/src/sys/net80211/ieee80211_ioctl.c:1434
#9 0xc06bed2e in ieee80211_ioctl (ic=0xc1a08004, cmd=3223087595,
data=0xc1be5740 "wi0") at /usr/src/sys/net80211/ieee80211_ioctl.c:2407
#10 0xc05e2999 in wi_ioctl (ifp=0xc1a04000, cmd=3223087595,
data=0xc1be5740 "wi0") at /usr/src/sys/dev/wi/if_wi.c:1233
#11 0xc06c912e in in_control (so=0xc1e39858, cmd=3223087595,
data=0xc1be5740 "wi0", ifp=0xc1a04000, td=0xc1cd5000)
at /usr/src/sys/netinet/in.c:470
#12 0xc06a23bc in ifioctl (so=0xc1e39858, cmd=3223087595,
data=0xc1be5740 "wi0", td=0xc1cd5000) at /usr/src/sys/net/if.c:1561
#13 0xc065fb73 in soo_ioctl (fp=0xc1d6e020, cmd=3223087595,
data=0xc1be5740,
active_cred=0xc1f97180, td=0xc1cd5000)
at /usr/src/sys/kern/sys_socket.c:214
#14 0xc0659d11 in ioctl (td=0xc1cd5000, uap=0xdd6cdd04) at file.h:258
#15 0xc0807f47 in syscall (frame=
{tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = -1077943988, tf_esi
= 2, tf_ebp = -1077943816, tf_isp = -580067996, tf_ebx = -1077944032,
tf_edx = -1077944048, tf_ecx = -1077943920, tf_eax = 54, tf_trapno = 12,
tf_err = 2, tf_eip = 671900563, tf_cs = 51, tf_eflags = 582, tf_esp =
-1077944100, tf_ss = 59})
at /usr/src/sys/i386/i386/trap.c:976
#16 0xc07f6e1f in Xint0x80_syscall () at
/usr/src/sys/i386/i386/exception.s:200
#17 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) q
Kris Kennaway wrote:
> On Fri, Nov 25, 2005 at 03:35:21PM +0000, Stuart Weaver wrote:
>
>
>>I manualy copied the following from the console, there may be errors:
>>
>>Fatal trap 12: page fault wile in kernel mode
>>fault virtual address = 0xc1d6e024
>>fault code = supervisor read, pate not present
>>instruction pointer = 0x20:0xc06bc581
>>stack pointer = 0x28:0xdd6cd6d4
>>frame pointer = 0x28:0xdd6cd724
>>code segmet = base 0x0, limit 0xfffff, type 0x1b
>> = DPL 0, pres 1, def32 1, gran 1
>>processor eflags = interrupt enabled, resume, IOPL = 0
>>current process = 857 (ifconfig)
>>trap number = 12
>>panic: page fault
>>Uptime: 13m8s
>>Dumping 459 MB (2 chunks)
>> chunk 0: 1MB (159 pages) ... ok
>> chunk 1: 479MB (122608 pages) 463 447 431 415 399 383 367 335 319 303 287 271
>>255 239 207 191 175 159 143 127 111 95 79 63 47 31 15 ... ok
>
>
> Please obtain a debugging backtrace as described in the developers
> handbook chapter on kernel debugging.
>
> Kris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200511281850.jASIo5j7064277>