Date: Wed, 27 Nov 1996 18:00:26 +0200 (EET) From: stesin@gu.net To: FreeBSD-gnats-submit@freebsd.org Subject: kern/2113: Report on "gated+OSPF" crashes with June 2.2-SNAP Message-ID: <199611271600.SAA00869@beast.gu.net> Resent-Message-ID: <199611271610.IAA26862@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 2113
>Category: kern
>Synopsis: 2-ether router crashes almost immediately after Gated starts with OSPF
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Nov 27 08:10:02 PST 1996
>Last-Modified:
>Originator: Andrew Stesin
>Organization:
GU.net
>Release: FreeBSD 2.2-960612-SNAP i386
>Environment:
Generic Amd5x86 133 PC, two ethernets: ep0 and ed0.
Pretty complex network topology around, OSPF IGP used.
>Description:
Machine crashes almost immediately after Gated starts with OSPF.
Though under some circumstances (under uncommonly low
network load) 2 or 3 times it was up for 10-20 minutes with
OSPF kinda-of-working. Problem showed up both with Gated 3.6a2 and
3.5b3.
Machine now stands in production network (a single FreeBSD among
AIXes, Solarises, linuces, bsdis, ciscos) and routing is a bit crazy
here now because it's the single box which demands to run RIPv2.
Though with RIPv2 (note: it also uses multicasts!) it's stable.
I neither want to kill freebsd on this box, nor I am able to
play with it, upgrade, take down, reboot often and so on.
Upgrade to 2.2-BETA is being considered. I built a '-g' kernel
and rebooted the box today, and provoced a single crash, dump
is available as like as nm /kernel | sort output.
kgdb -k kernel.notstrip vmcore.0 | tee OUT.kgdb
OUT.kgdb follows:
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.13 (i386-unknown-freebsd),
Copyright 1994 Free Software Foundation, Inc...
IdlePTD 1f7000
current pcb at 1e2420
panic: page fault
#0 boot (howto=256) at ../../i386/i386/machdep.c:940
940 dumppcb.pcb_cr3 = rcr3();
(kgdb) bt
#0 boot (howto=256) at ../../i386/i386/machdep.c:940
#1 0xf01161f6 in panic (fmt=0xf01af30c "page fault")
at ../../kern/subr_prf.c:127
#2 0xf01afe66 in trap_fatal (frame=0xefbffd38) at ../../i386/i386/trap.c:737
#3 0xf01af958 in trap_pfault (frame=0xefbffd38, usermode=0)
at ../../i386/i386/trap.c:648
#4 0xf01af63b in trap (frame={tf_es = -249036784, tf_ds = 16,
tf_edi = -272630324, tf_esi = -249912736, tf_ebp = -272630388,
tf_isp = -272630432, tf_ebx = -248947456, tf_edx = 0,
tf_ecx = -253083904, tf_eax = -249063756, tf_trapno = 12,
tf_err = -253100032, tf_eip = -267075922, tf_cs = -267124728,
tf_eflags = 66182, tf_esp = -249063756, tf_ss = -266455048})
at ../../i386/i386/trap.c:319
#5 0xf01a7501 in calltrap ()
#6 0xf01410fe in ether_output (ifp=0xf01e3754, m0=0xf0ea3f00, dst=0xf12796b0,
rt0=0x0) at ../../net/if_ethersubr.c:161
#7 0xf01511df in ip_output (m0=0xf0ea3f00, opt=0x0, ro=0xf12796ac, flags=48,
imo=0xf1282d80) at ../../netinet/ip_output.c:354
#8 0xf0152614 in rip_output (m=0xf0ea3f00, so=0xf1293600, dst=96361922)
at ../../netinet/raw_ip.c:191
#9 0xf0152a1f in rip_usrreq (so=0xf1293600, req=9, m=0xf0ea3f00,
nam=0xf0ea3e80, control=0x0) at ../../netinet/raw_ip.c:415
#10 0xf0125126 in sosend (so=0xf1293600, addr=0xf0ea3e80, uio=0xefbffee8,
top=0xf0ea3f00, control=0x0, flags=4) at ../../kern/uipc_socket.c:475
#11 0xf01277f3 in sendit (p=0xf128d600, s=11, mp=0xefbfff2c, flags=4,
retsize=0xefbfff84) at ../../kern/uipc_syscalls.c:467
#12 0xf01278d0 in sendto (p=0xf128d600, uap=0xefbfff94, retval=0xefbfff84)
at ../../kern/uipc_syscalls.c:518
#13 0xf01b0111 in syscall (frame={tf_es = 135462951, tf_ds = -272695257,
tf_edi = 0, tf_esi = 5, tf_ebp = -272641036, tf_isp = -272629788,
tf_ebx = 536870912, tf_edx = 0, tf_ecx = 887256, tf_eax = 133,
tf_trapno = 7, tf_err = 7, tf_eip = 135328769, tf_cs = 31,
tf_eflags = 662, tf_esp = -272641096, tf_ss = 39})
at ../../i386/i386/trap.c:887
#14 0xf01a7555 in Xsyscall ()
#15 0x7510a in ?? ()
#16 0x8ce3f in ?? ()
#17 0x88f85 in ?? ()
#18 0x73101 in ?? ()
#19 0x8a164 in ?? ()
#20 0x8444b in ?? ()
#21 0x84fff in ?? ()
#22 0x749c4 in ?? ()
#23 0x2dce0 in ?? ()
#24 0x3317d in ?? ()
#25 0x1095 in ?? ()
(kgdb) frame 6
#6 0xf01410fe in ether_output (ifp=0xf01e3754, m0=0xf0ea3f00, dst=0xf12796b0,
rt0=0x0) at ../../net/if_ethersubr.c:161
161 if (!arpresolve(ac, rt, m, dst, edst, rt0))
(kgdb) list
156 }
157 switch (dst->sa_family) {
158
159 #ifdef INET
160 case AF_INET:
161 if (!arpresolve(ac, rt, m, dst, edst, rt0))
162 return (0); /* if not yet resolved */
163 /* If broadcasting on a simplex interface, loopback a copy */
164 if ((m->m_flags & M_BCAST) && (ifp->if_flags & IFF_SIMPLEX))
165 mcopy = m_copy(m, 0, (int)M_COPYALL);
(kgdb)
166 off = m->m_pkthdr.len - m->m_len;
167 type = ETHERTYPE_IP;
168 break;
169 #endif
170 #ifdef IPX
171 case AF_IPX:
172 type = ETHERTYPE_IPX;
173 bcopy((caddr_t)&(((struct sockaddr_ipx *)dst)->sipx_addr.x_host),
174 (caddr_t)edst, sizeof (edst));
175 if (!bcmp((caddr_t)edst, (caddr_t)&ipx_thishost, sizeof(edst)))
(kgdb) print ifp
$1 = (struct ifnet *) 0xefbffdcc
(kgdb) print *ifp
$2 = {if_softc = 0xf11ce25d, if_name = 0xf12796b2 "", if_next = 0xefbffe24,
if_addrlist = 0xf01511df, if_pcount = -266455212, if_bpf = 0xf0ea3f00,
if_index = 38576, if_unit = -3801, if_timer = 0, if_flags = 0,
if_recvquota = 128 '\200', if_sendquota = 150 '\226', if_ipending = 39 '\'',
if_data = {ifi_type = 48 '0', ifi_physical = 0 '\000',
ifi_addrlen = 0 '\000', ifi_hdrlen = 0 '\000', ifi_mtu = 96361922,
ifi_metric = 4078769492, ifi_baudrate = 4022337320,
ifi_ipackets = 4045058048, ifi_ierrors = 4045903536, ifi_opackets = 0,
ifi_oerrors = 4045987072, ifi_collisions = 20, ifi_ibytes = 4028512084,
ifi_obytes = 4041883392, ifi_imcasts = 4041883468,
ifi_omcasts = 4022337208, ifi_iqdrops = 4022337100,
ifi_noproto = 4027917844, ifi_lastchange = {tv_sec = -253083904,
tv_usec = 0}}, if_output = 0xf12796ac <end+17351540>, if_start = 0x30,
if_done = 0xf1282d80 <end+17390152>, if_ioctl = 0,
if_watchdog = 0xf1293600 <end+17457864>,
if_poll_recv = 0xf1279680 <end+17351496>, if_poll_xmit = 0xefbffe6c,
if_poll_intren = 0xf0152a1f <rip_usrreq+547>,
if_poll_slowinput = 0xf0ea3f00 <end+13331400>, if_snd = {
ifq_head = 0xf1293600, ifq_tail = 0x5be5dc2, ifq_len = -2147483648,
ifq_maxlen = 32, ifq_drops = -248957440}, if_poll_slowq = 0xefbffeac}
(kgdb) print *m0
$3 = {m_hdr = {mh_next = 0x0, mh_nextpkt = 0x0, mh_data = 0xf0ea3f4c "E",
mh_len = 52, mh_type = 1, mh_flags = 2}, M_dat = {MH = {MH_pkthdr = {
rcvif = 0x0, len = 52}, MH_dat = {MH_ext = {ext_buf = 0x170b9 "o\001",
ext_free = 0x500005e, ext_size = 3434029056},
MH_databuf = "¹p\001\000^\000\000\005\000 ¯Ì}z\b\000E\0004\000M|\000\000\001Y\000\000Â]¾\005à\000\000\005\002\001\0004Â]¾\005Â]¾\000E\000\0004\024h\000\000\001Y¤AÂ]¾\aÂ]¾\005\002\002\000 Â]¾\aÂ]¾\000û\a", '\000' <repeats 12 times>, "\002\a\000\000\000\013"}},
M_databuf = "\000\000\000\0004\000\000\000¹p\001\000^\000\000\005\000 ¯Ì}z\b\000E\0004\000M|\000\000\001Y\000\000Â]¾\005à\000\000\005\002\001\0004Â]¾\005Â]¾\000E\000\0004\024h\000\000\001Y¤AÂ]¾\aÂ]¾\005\002\002\000 Â]¾\aÂ]¾\000û\a", '\000' <repeats 12 times>, "\002\a\000\000\000\013"}}
(kgdb) print *dst
$4 = {sa_len = 16 '\020', sa_family = 2 '\002',
sa_data = "\000\000Â]¾\005\000\000\000\000\000\000\000"}
(kgdb) print arpresolve
$5 = {int ()} 0xf014bd4c <arpresolve>
(kgdb)
$7 = {int ()} 0xf014bd4c <arpresolve>
(kgdb) q
>How-To-Repeat:
Just do "gdc stop; gated -f gated.conf.ospf" on the box :-)
>Fix:
I'm not a kernel guru :-(((
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611271600.SAA00869>