Date: Thu, 21 Jan 2010 19:33:35 +0100 From: Florian Smeets <flo@smeets.im> To: John Baldwin <jhb@freebsd.org> Cc: freebsd-stable@freebsd.org Subject: Re: 7.2-STABLE page fault with kernel from 12.01.2010 / crashinfo available Message-ID: <4B589DFF.3030901@smeets.im> In-Reply-To: <201001211258.40316.jhb@freebsd.org> References: <4B58280C.50602@smeets.im> <201001210801.48390.jhb@freebsd.org> <4B5855C2.6000002@smeets.im> <201001211258.40316.jhb@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/21/10 6:58 PM, John Baldwin wrote:
> On Thursday 21 January 2010 8:25:22 am Florian Smeets wrote:
>> On 1/21/10 2:01 PM, John Baldwin wrote:
>>> On Thursday 21 January 2010 5:10:20 am Florian Smeets wrote:
>>>> (kgdb) where
>>>> #0 doadump () at pcpu.h:196
>>>> #1 0xc0525703 in boot (howto=260) at
> /usr/src/sys/kern/kern_shutdown.c:418
>>>> #2 0xc052590e in panic (fmt=Variable "fmt" is not available.
>>>> ) at /usr/src/sys/kern/kern_shutdown.c:574
>>>> #3 0xc06f110c in trap_fatal (frame=0xc1f15ae4, eva=12) at
>>>> /usr/src/sys/i386/i386/trap.c:950
>>>> #4 0xc06f1390 in trap_pfault (frame=0xc1f15ae4, usermode=0, eva=12) at
>>>> /usr/src/sys/i386/i386/trap.c:863
>>>> #5 0xc06f1d65 in trap (frame=0xc1f15ae4) at
>>>> /usr/src/sys/i386/i386/trap.c:541
>>>> #6 0xc06d910b in calltrap () at /usr/src/sys/i386/i386/exception.s:166
>>>> #7 0xc0572e48 in m_copydata (m=0x0, off=0, len=40, cp=0xc23cced8
>>>> "\203??b??\237\f)h?M\220\224?\023?\205K(e??s?\"???k?oQ?~\223\020g\030")
>>>> at /usr/src/sys/kern/uipc_mbuf.c:815
>>>> #8 0xc05f8b28 in ip_forward (m=0xc23dc900, srcrt=0) at
>>>> /usr/src/sys/netinet/ip_input.c:1307
>>>> #9 0xc05fa30c in ip_input (m=0xc23dc900) at
>>>> /usr/src/sys/netinet/ip_input.c:609
>>>> #10 0xc05c83d5 in netisr_dispatch (num=2, m=0xc23dc900) at
>>>> /usr/src/sys/net/netisr.c:185
>>>> #11 0xc05bf581 in ether_demux (ifp=0xc20a4800, m=0xc23dc900) at
>>>> /usr/src/sys/net/if_ethersubr.c:834
>>>> #12 0xc05bf973 in ether_input (ifp=0xc20a4800, m=0xc23dc900) at
>>>> /usr/src/sys/net/if_ethersubr.c:692
>>>> #13 0xc04b8749 in sis_rxeof (sc=0xc2093800) at
>>>> /usr/src/sys/dev/sis/if_sis.c:1476
>>>> #14 0xc04b8973 in sis_intr (arg=0xc2093800) at
>>>> /usr/src/sys/dev/sis/if_sis.c:1667
>>>> #15 0xc050344b in ithread_loop (arg=0xc20ab410) at
>>>> /usr/src/sys/kern/kern_intr.c:1126
>>>> #16 0xc04ffe36 in fork_exit (callout=0xc05032a0<ithread_loop>,
>>>> arg=0xc20ab410, frame=0xc1f15d38) at /usr/src/sys/kern/kern_fork.c:811
>>>> #17 0xc06d9180 in fork_trampoline () at
>>>> /usr/src/sys/i386/i386/exception.s:271
>>>> (kgdb) list *0xc0572e48
>>>> 0xc0572e48 is in m_copydata (libkern.h:61).
>>>> 56 static __inline int imax(int a, int b) { return (a> b ? a : b); }
>>>> 57 static __inline int imin(int a, int b) { return (a< b ? a : b); }
>>>> 58 static __inline long lmax(long a, long b) { return (a> b ? a : b); }
>>>> 59 static __inline long lmin(long a, long b) { return (a< b ? a : b); }
>>>> 60 static __inline u_int max(u_int a, u_int b) { return (a> b ? a : b);
> }
>>>> 61 static __inline u_int min(u_int a, u_int b) { return (a< b ? a : b);
> }
>>>> 62 static __inline quad_t qmax(quad_t a, quad_t b) { return (a> b ? a :
>>>> b); }
>>>> 63 static __inline quad_t qmin(quad_t a, quad_t b) { return (a< b ? a :
>>>> b); }
>>>> 64 static __inline u_long ulmax(u_long a, u_long b) { return (a> b ? a
>>>> : b); }
>>>> 65 static __inline u_long ulmin(u_long a, u_long b) { return (a< b ? a
>>>> : b); }
>>>> (kgdb) frame 7
>>>> #7 0xc0572e48 in m_copydata (m=0x0, off=0, len=40, cp=0xc23cced8
>>>> "\203??b??\237\f)h?M\220\224?\023?\205K(e??s?\"???k?oQ?~\223\020g\030")
>>>> at /usr/src/sys/kern/uipc_mbuf.c:815
>>>> 815 count = min(m->m_len - off, len);
>>>> (kgdb) l
>>>> 810 off -= m->m_len;
>>>> 811 m = m->m_next;
>>>> 812 }
>>>> 813 while (len> 0) {
>>>> 814 KASSERT(m != NULL, ("m_copydata, length> size of mbuf chain"));
>>>
>>> I think you would have hit this assertion if INVARIANTS were enabled. Can
> you
>>> go up to frame 8 and do an 'l'? Maybe 'p *m' as well?
>>>
>>
>> Sure, thanks for taking a look John!
>>
>> (kgdb) frame 8
>> #8 0xc05f8b28 in ip_forward (m=0xc23dc900, srcrt=0) at
>> /usr/src/sys/netinet/ip_input.c:1307
>> 1307 m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t));
>> (kgdb) l
>> 1302 mcopy = NULL;
>> 1303 }
>> 1304 if (mcopy != NULL) {
>> 1305 mcopy->m_len = min(ip->ip_len, M_TRAILINGSPACE(mcopy));
>> 1306 mcopy->m_pkthdr.len = mcopy->m_len;
>> 1307 m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t));
>> 1308 }
>> 1309
>> 1310 #ifdef IPSTEALTH
>> 1311 if (!ipstealth) {
>> (kgdb) p *m
>> $1 = {m_hdr = {mh_next = 0x0, mh_nextpkt = 0x0, mh_data = 0xc271e80e
>> "E\020", mh_len = 164, mh_flags = 3, mh_type = 1, pad = "\000"}, M_dat =
>> {MH = {MH_pkthdr = {rcvif = 0xc20a4800, header = 0x0, len = 164,
>> csum_flags = 3072,
>> csum_data = 65535, tso_segsz = 0, ether_vtag = 0, tags =
>> {slh_first = 0xc35bc380}}, MH_dat = {MH_ext = {ext_buf = 0xc271e800 "",
>> ext_free = 0, ext_args = 0x0, ext_size = 2048, ref_cnt = 0xc2703ab4,
>> ext_type = 6},
>> MH_databuf =
>> "\000?q?\000\000\000\000\000\000\000\000\000\b\000\000?:p?
> \006\000\000\000dL?\t<+?\202\200\020
>> O/\207\000\000\001\001\b\n-?b\230qms?\000\000\004\001?l?\000\000\001%r???
> \200\000????\034?Ot?\b?{sr\000\034org.jboss.mq.ConnectionToken?\b&?
> \237N\002\000\005I\000\004hashZ\000\asameJVML\000\bclientIDt\000\022Ljava/l\000\220\032Ae\207\000\002?
> 36@\210d\021\000\001?\001B\000!E\000\001@bV\000\000@2\032$W\213\n\034"...}},
>>
>> M_databuf =
>> "\000H\n?\000\000\000\000?\000\000\000\000\f\000\000??
> \000\000\000\000\000\000\200?[?\000?q?
> \000\000\000\000\000\000\000\000\000\b\000\000?:p?\006\000\000\000dL?\t<+?
> \202\200\020
>> O/\207\000\000\001\001\b\n-?b\230qms?\000\000\004\001?l?\000\000\001%r???
> \200\000????\034?Ot?\b?{sr\000\034org.jboss.mq.ConnectionToken?\b&?
> \237N\002\000\005I\000\004hashZ\000\asameJVML\000\bclientIDt\000\022Ljava/l\000\220\032Ae\207\000\002?
> 3"...}}
>
> Ok, can you do 'p *m_copy'?
>
What ever you want :-)
(kgdb) p *m_copy
No symbol "m_copy" in current context.
(kgdb) p *m_copydata
$2 = {void (const struct mbuf *, int, int, caddr_t)} 0xc0572e10 <m_copydata>
(kgdb) p *mcopy
$1 = {m_hdr = {mh_next = 0x0, mh_nextpkt = 0x0, mh_data = 0xc23cce34
"E\020", mh_len = 204, mh_flags = 2, mh_type = 1, pad = "\000"}, M_dat =
{MH = {MH_pkthdr = {rcvif = 0xc20a4800, header = 0x0,
len = 204, csum_flags = 3072, csum_data = 65535, tso_segsz = 0,
ether_vtag = 0, tags = {slh_first = 0xc23c3e00}}, MH_dat = {MH_ext =
{ext_buf = 0x84001045 <Address 0x84001045 out of bounds>,
ext_free = 0x40f034, ext_args = 0x88210640, ext_size =
355576000, ref_cnt = 0x8631a8c0, ext_type = 365696512},
MH_databuf =
"E\020\000\2044?@\000@\006!\210??1\025??1\206\000\026?\025?:N?\000e\224\214\200\030
\206?\017\000\000\001\001\b\n\017LM\027\036??\006Dʿfգ\001\030Qv\024s;Z??MC\f?\nx?&\201????8?\rr?<\r\222?h??\v^P\211???~]?y?R?'f\001&M?:\016i?\205S\030A\001'2?;aFp????@???\002?3?*6k\r?=]w?·\034??\210V(ré\203??b??\237\f)h?M\220\224?\023?\205K(e??s?\"???k?oQ?~"...}},
M_databuf =
"\000H\n?\000\000\000\000?\000\000\000\000\f\000\000??\000\000\000\000\000\000\000><?E\020\000\2044?@\000@\006!\210??1\025??1\206\000\026?\025?:N?\000e\224\214\200\030
\206?\017\000\000\001\001\b\n\017LM\027\036??\006Dʿfգ\001\030Qv\024s;Z??MC\f?\nx?&\201????8?\rr?<\r\222?h??\v^P\211???~]?y?R?'f\001&M?:\016i?\205S\030A\001'2?;aFp????@???\002?3?*6k\r?=]w?·\034??\210V(ré\203??b??\237\f"...}}
Cheers,
Florian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B589DFF.3030901>