Date: Sat, 20 Mar 2004 08:22:16 -0800 (PST) From: Evgenii V Davidov <dado@korolev-net.ru> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/64502: mpd port crashes the kernel in bpf_filter.c Message-ID: <200403201622.i2KGMGMk019967@www.freebsd.org> Resent-Message-ID: <200403201630.i2KGU845048864@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 64502
>Category: kern
>Synopsis: mpd port crashes the kernel in bpf_filter.c
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Mar 20 08:30:08 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Evgenii V Davidov
>Release: 5.2.1-RELEASE-p3
>Organization:
>Environment:
FreeBSD black 5.2.1-RELEASE-p3 FreeBSD 5.2.1-RELEASE-p3 #3: Thu Mar 18 11:57:57 MSK 2004 root@black:/ad0/usr/obj/usr/src/sys/W3 i386
>Description:
i use mpd 3.17 from ports and from time to time kernel crashes in bpf_filter.c:
panic: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x2ea10689
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc0588dd8
stack pointer = 0x10:0xd76b1410
frame pointer = 0x10:0xd76b1478
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 29 (swi1: net)
trap number = 12
panic: page fault
syncing disks, buffers remaining... 3756 3756 3756 3756 3756 3756 3756 3756 3756
3756 3756 3756 3756 3756 3756 3756 3756 3756 3756 3756
giving up on 2881 buffers
Uptime: 1d0h6m51s
Dumping 510 MB
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 3
52 368 384 400 416 432 448 464 480 496
---
Reading symbols from /boot/kernel/acpi.ko...done.
Loaded symbols for /boot/kernel/acpi.ko
Reading symbols from /boot/kernel/green_saver.ko...done.
Loaded symbols for /boot/kernel/green_saver.ko
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
240 dumping++;
(kgdb) list *0xc0588dd8
0xc0588dd8 is in bpf_filter (/usr/src/sys/net/bpf_filter.c:347).
342 continue;
343 #else
344 return 0;
345 #endif
346 }
347 A = p[k];
348 continue;
349
350 case BPF_LDX|BPF_MSH|BPF_B:
351 k = pc->k;
bt
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
#1 0xc0523bd8 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:372
#2 0xc0523ec8 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
#3 0xc067a08c in trap_fatal (frame=0xd76b13d0, eva=0)
at /usr/src/sys/i386/i386/trap.c:821
#4 0xc0679d52 in trap_pfault (frame=0xd76b13d0, usermode=0, eva=782304905)
at /usr/src/sys/i386/i386/trap.c:735
#5 0xc067997d in trap (frame=
{tf_fs = -996540392, tf_es = -996540400, tf_ds = -680853488, tf_edi = 0, tf_esi = 0, tf_ebp = -680848264, tf_isp = -680848388, tf_ebx = -989481372, tf_edx = -680848224, tf_ecx = 9, tf_eax = 782304896, tf_trapno = 12, tf_err = 0, tf_eip = -1067938344, tf_cs = 8, tf_eflags = 66199, tf_esp = 0, tf_ss = -1066698121}) at /usr/src/sys/i386/i386/trap.c:420
#6 0xc066c478 in calltrap () at {standard input}:94
#7 0xc059b5d7 in ng_bpf_rcvdata (hook=0xc49a9600, item=0xc48d3a00)
at /usr/src/sys/netgraph/ng_bpf.c:409
#8 0xc0596df9 in ng_apply_item (node=0xc49aba00, item=0xc48d3a00)
at /usr/src/sys/netgraph/ng_base.c:2363
#9 0xc05969b6 in ng_snd_item (item=0xc48d3a00, queue=0)
at /usr/src/sys/netgraph/ng_base.c:2252
#10 0xc05a1bf7 in ng_ppp_rcvdata (hook=0xc1d3db00, item=0xc48d3a00)
at /usr/src/sys/netgraph/ng_ppp.c:796
#11 0xc0596df9 in ng_apply_item (node=0xc49abc00, item=0xc48d3a00)
at /usr/src/sys/netgraph/ng_base.c:2363
#12 0xc05969b6 in ng_snd_item (item=0xc48d3a00, queue=0)
at /usr/src/sys/netgraph/ng_base.c:2252
#13 0xc05a8b58 in ng_vjc_rcvdata (hook=0xc49a9100, item=0xc48d3a00)
at /usr/src/sys/netgraph/ng_vjc.c:538
#14 0xc0596df9 in ng_apply_item (node=0xc49ab500, item=0xc48d3a00)
at /usr/src/sys/netgraph/ng_base.c:2363
#15 0xc05969b6 in ng_snd_item (item=0xc48d3a00, queue=0)
at /usr/src/sys/netgraph/ng_base.c:2252
#16 0xc05a2332 in ng_ppp_input (node=0xc49abc00, bypass=0, linkNum=0,
item=0xc48d3a00) at /usr/src/sys/netgraph/ng_ppp.c:946
#17 0xc05a1ba5 in ng_ppp_rcvdata (hook=0xc1d31b00, item=0xc48d3a00)
at /usr/src/sys/netgraph/ng_ppp.c:788
#18 0xc0596df9 in ng_apply_item (node=0xc49abc00, item=0xc48d3a00)
at /usr/src/sys/netgraph/ng_base.c:2363
#19 0xc05969b6 in ng_snd_item (item=0xc48d3a00, queue=0)
at /usr/src/sys/netgraph/ng_base.c:2252
#20 0xc05a5ce4 in ng_pptpgre_recv (node=0xc4b9b700, item=0xc48d3a00)
at /usr/src/sys/netgraph/ng_pptpgre.c:729
#21 0xc05a4f89 in ng_pptpgre_rcvdata (hook=0xc4f7a880, item=0xc48d3a00)
at /usr/src/sys/netgraph/ng_pptpgre.c:404
#22 0xc0596df9 in ng_apply_item (node=0xc4b9b700, item=0xc48d3a00)
at /usr/src/sys/netgraph/ng_base.c:2363
#23 0xc05969b6 in ng_snd_item (item=0xc48d3a00, queue=0)
at /usr/src/sys/netgraph/ng_base.c:2252
#24 0xc059e229 in ng_ksocket_incoming2 (node=0x0, hook=0x0, arg1=0xc5026960,
waitflag=4) at /usr/src/sys/netgraph/ng_ksocket.c:1143
#25 0xc05970bf in ng_apply_item (node=0xc505cc00, item=0xc48d38c0)
at /usr/src/sys/netgraph/netgraph.h:726
#26 0xc05969b6 in ng_snd_item (item=0xc48d38c0, queue=0)
at /usr/src/sys/netgraph/ng_base.c:2252
#27 0xc059a6c4 in ng_send_fn (node=0xc505cc00, hook=0x0, fn=0, arg1=0x0,
arg2=0) at /usr/src/sys/netgraph/ng_base.c:3600
#28 0xc059de6f in ng_ksocket_incoming (so=0x0, arg=0x0, waitflag=0)
at /usr/src/sys/netgraph/ng_ksocket.c:1013
#29 0xc055ee11 in sowakeup (so=0xc5026960, sb=0xc50269ac)
at /usr/src/sys/kern/uipc_socket2.c:320
#30 0xc05ba445 in raw_append (last=0xc50269ac, ip=0x0, n=0xc5026960)
at /usr/src/sys/netinet/raw_ip.c:180
#31 0xc05ba5c5 in rip_input (m=0xc1d31b00, off=20)
at /usr/src/sys/netinet/raw_ip.c:230
#32 0xc05b010a in encap4_input (m=0xc1d31b00, off=20)
at /usr/src/sys/netinet/ip_encap.c:209
#33 0xc05b6b60 in ip_input (m=0xc1d31b00)
at /usr/src/sys/netinet/ip_input.c:983
#34 0xc058dcfe in netisr_processqueue (ni=0xc0757118)
#35 0xc058e0d3 in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:257
#36 0xc0511bd2 in ithread_loop (arg=0xc1d0c480)
at /usr/src/sys/kern/kern_intr.c:544
#37 0xc0510d2e in fork_exit (callout=0xc0511a70 <ithread_loop>, arg=0x0,
frame=0x0) at /usr/src/sys/kern/kern_fork.c:793
>How-To-Repeat:
i have bout 10+ windows pptp users using mpd, without them i think it will not happen
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403201622.i2KGMGMk019967>