Re: carp kernel trap

From: Yar Tikhiy <yar_at_comp.chem.msu.su>
Date: Tue, 27 Jun 2006 15:13:35 +0400
On Fri, Jun 23, 2006 at 03:26:43PM +0400, Denis Shaposhnikov wrote:
> Hi!
> 
> I've got a kernel panic on yesterday's current:
> 
> # ifconfig carp3 vhid 3 advskew 100 pass XXXXXXXX 10.10.8.7/26
> 
> Fatal trap 12: page fault while in kernel mode
> cpuid = 1; apic id = 06
> fault virtual address	= 0x0
> fault code		= supervisor write, page not present
> instruction pointer	= 0x20:0xc0546fb3
> stack pointer	        = 0x28:0xe4b38ae8
> cframe pointer	        = 0x28:0xe4b38b14
> code segment		= base 0x0, limit 0xfffff, type 0x1b
> 			= DPL 0, pres 1, def32 1, gran 1
> processor eflags	= interrupt enabled, resume, IOPL = 0
> current process		= 53 (ifconfig)
> trap number		= 12
> panic: page fault
> cpuid = 1
> arp_input: packet received on non-carp interface: lan0
> carp_input: packet received on non-carp interface: lan0
> carp_input: packet received on non-carp interface: lan0
> Uptime: 2m52s
> Cannot dump. No dump device defined.
> Automatic reboot in 15 seconds - press a key on the console to abort

Acknowledged.  Let's notify Gleb Smirnoff about this; adding him to Cc:.

More info on the panic attached.

-- 
Yar

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x0
fault code              = supervisor write, page not present
instruction pointer     = 0x20:0xc054733a
stack pointer           = 0x28:0xc76fdad4
frame pointer           = 0x28:0xc76fdb04
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 39 (ifconfig)
panic: from debugger
Uptime: 6s
Physical memory: 121 MB
Dumping 13 MB:

#0  doadump () at pcpu.h:166
166     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) bt full
#0  doadump () at pcpu.h:166
No locals.
#1  0xc04c8454 in boot (howto=260) at ../../../kern/kern_shutdown.c:409
        first_buf_printf = 1
#2  0xc04c86ff in panic (fmt=0xc060d52b "from debugger") at ../../../kern/kern_shutdown.c:565
        td = (struct thread *) 0xc1165780
        bootopt = 260
        newpanic = 1
        ap = 0xc76fd88c "<ÙoÇl£EÀ:sTÀ"
        buf = "from debugger", '\0' <repeats 242 times>
#3  0xc045a3d5 in db_panic (addr=-1068207302, have_addr=0, count=-1, modif=0xc76fd8b0 "") at ../../../ddb/db_command.c:426
No locals.
#4  0xc045a36c in db_command (last_cmdp=0xc066a824, cmd_table=0x0) at ../../../ddb/db_command.c:395
        cmd = (struct command *) 0xc0602f80
        t = 0
        modif = "\000ØoÇÄØoÇ\211\a\000\000\211\a\000\000Ï\a\000\000\000\000\000\000\000ÈmÀ\r\000\000\000\000ÈmÀ\000ÈmÀ\r\000\000\000\001\000\000\000\000ÙoÇ\v­]À\000ÙoÇ$­]À_at_\227lÀÀ\233kÀx\000\000\000 ±fÀ\f\000\000\000 ÙoÇüÃEÀ¬\221aÀÔÀEÀ\f\000\000\000 ±fÀ\206¸EÀ ±fÀ`¨fÀ"
        addr = -1068207302
        count = -1
        have_addr = 0
        result = 0
#5  0xc045a42a in db_command_loop () at ../../../ddb/db_command.c:446
No locals.
#6  0xc045c041 in db_trap (type=12, code=0) at ../../../ddb/db_main.c:221
        jb = {{_jb = {-948971168, -948971188, -948971116, -948970860, 12, -1069170726, 12, -948971092, -1068608069,
      -1067229443, -1068607936, -948971112}}}
        prev_jb = (void *) 0x0
        bkpt = 0
#7  0xc04e3b59 in kdb_trap (type=12, code=0, tf=0x0) at ../../../kern/subr_kdb.c:502
        handled = 0
#8  0xc05f55d1 in trap_fatal (frame=0xc76fda94, eva=0) at ../../../i386/i386/trap.c:860
        code = 2
        type = 12
        ss = 40
        esp = 0
        softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_xx = 0, ssd_xx1 = 3,
  ssd_def32 = 1, ssd_gran = 1}
        msg = 0x0
#9  0xc05f5333 in trap_pfault (frame=0xc76fda94, usermode=0, eva=0) at ../../../i386/i386/trap.c:778
        va = 0
        vm = (struct vmspace *) 0x0
        map = 0xc1167a28
        rv = 1
        ftype = 1 '\001'
        td = (struct thread *) 0xc1165780
        p = (struct proc *) 0xc1293000
#10 0xc05f4f51 in trap (frame=
      {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -1055540224, tf_esi = -1054194432, tf_ebp = -948970748, tf_isp = -948970816, tf_ebx = -1054273536, tf_edx = 0, tf_ecx = -1055540212, tf_eax = -1053789472, tf_trapno = 12, tf_err = 0, tf_eip = -1068207302, tf_cs = 32, tf_eflags = 66118, tf_esp = -948970764, tf_ss = -1054273536}) at ../../../i386/i386/trap.c:463
        td = (struct thread *) 0xc1165780
        p = (struct proc *) 0xc1293000
        i = 0
        ucode = 0
        type = 12
        code = 2
        addr = -948970932
        eva = 0
        ksi = {ksi_link = {tqe_next = 0xc061cf41, tqe_prev = 0x6b5}, ksi_info = {si_signo = -1066976812, si_errno = 0,
    si_code = -1067331775, si_pid = 1714, si_uid = 3228277308, si_status = -948970900, si_addr = 0xc04ef542, si_value = {
      sival_int = -1066689992, sival_ptr = 0xc06b9a38}, _reason = {_fault = {_trapno = 582}, _timer = {_timerid = 582,
        _overrun = -1067153852}, _mesgq = {_mqd = 582}, _poll = {_band = 582}, __spare__ = {__spare1__ = 582, __spare2__ = {
          -1067153852, -1066684056, 1016, -1067298956, -948970864, -1068760600, -1066684056}}}}, ksi_flags = 1,
  ksi_sigq = 0xc061821a}
#11 0xc05e5f1a in calltrap () at ../../../i386/i386/exception.s:138
No locals.
#12 0xc054733a in carp_set_addr (sc=0xc115bc00, sin=0x0) at ../../../netinet/ip_carp.c:1439
        ifp = (struct ifnet *) 0xc1291000
        cif = (struct carp_if *) 0x6b5
        ia = (struct in_ifaddr *) 0xc12a4500
        ia_if = (struct in_ifaddr *) 0xc1291000
        imo = (struct ip_moptions *) 0xc115bc0c
        addr = {s_addr = 301990112}
        iaddr = 3239427084
        own = 0
        error = -1066976812
#13 0xc0547e08 in carp_ioctl (ifp=0xc13072e0, cmd=0, addr=0xc12b4400 "¸D+ÁÈD+ÁØD+Á") at ../../../netinet/ip_carp.c:1770
        sc = (struct carp_softc *) 0xc115bc00
        vr = (struct carp_softc *) 0x0
        carpr = {carpr_state = 582, carpr_vhid = -1066976812, carpr_advskew = -948970688, carpr_advbase = -1068760204,
  carpr_key = "\b×gÀdÛoÇî÷NÀÔ9gÀ\000\000\000"}
        ifa = (struct ifaddr *) 0xc12b4400
        ifr = (struct ifreq *) 0xc12b4400
        ifra = (struct ifaliasreq *) 0xc12b4400
        locked = 0
        error = 0
#14 0xc05447b9 in in_ifinit (ifp=0xc121d000, ia=0xc12b4400, sin=0xc115bc0c, scrub=0) at ../../../netinet/in.c:708
        i = 168430180
        oldaddr = {sin_len = 0 '\0', sin_family = 0 '\0', sin_port = 0, sin_addr = {s_addr = 0},
  sin_zero = "\000\000\000\000\000\000\000"}
        flags = 1
        error = -1054129028
#15 0xc0543c56 in in_control (so=0xc1308a60, cmd=1, data=0xc1305900 "carp3", ifp=0xc121d000, td=0xc1165780)
    at ../../../netinet/in.c:439
        ifr = (struct ifreq *) 0xc1305900
        ia = (struct in_ifaddr *) 0xc12b4400
        iap = (struct in_ifaddr *) 0x0
        ifa = (struct ifaddr *) 0x0
        dst = {s_addr = 1678379530}
        ifra = (struct in_aliasreq *) 0xc1305900
        oldaddr = {sin_len = 0 '\0', sin_family = 208 'Ð', sin_port = 49441, sin_addr = {s_addr = 3241171200},
  sin_zero = "\000Y0Á\bÜoÇ"}
        error = 0
        hostIsNew = 1
        iaIsNew = 1
        maskIsNew = 0
#16 0xc0537d30 in ifioctl (so=0xc1308a60, cmd=2151704858, data=0xc1305900 "carp3", td=0xc1165780) at ../../../net/if.c:1777
        ifp = (struct ifnet *) 0xc121d000
        ifr = (struct ifreq *) 0xc121d000
        error = -3
        oif_flags = 8
#17 0xc04f6147 in soo_ioctl (fp=0xc13072e0, cmd=2151704858, data=0xc1305900, active_cred=0xc115dd00, td=0xc1165780)
    at ../../../kern/sys_socket.c:214
        so = (struct socket *) 0xc1308a60
        error = 0
#18 0xc04f0e10 in ioctl (td=0xc1165780, uap=0xc76fdd04) at file.h:265
        fp = (struct file *) 0xc12be558
        fdp = (struct filedesc *) 0x0
        com = 2151704858
        error = 0
        size = 64
        data = 0xc1305900 "carp3"
        memp = 0xc1305900 "carp3"
        tmp = 49
#19 0xc05f58ee in syscall (frame=
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134571648, tf_esi = 134580800, tf_ebp = -1077940760, tf_isp = -948970140, tf_ebx = -2143262438, tf_edx = 134583582, tf_ecx = 134571648, tf_eax = 54, tf_trapno = 0, tf_err = 2, tf_eip = 672494519, tf_cs = 51, tf_eflags = 646, tf_esp = -1077942884, tf_ss = 59}) at ../../../i386/i386/trap.c:1015
        params = 0xbfbfe5a0 <Address 0xbfbfe5a0 out of bounds>
        callp = (struct sysent *) 0xc0643e48
        td = (struct thread *) 0xc1165780
        p = (struct proc *) 0xc1293000
        orig_tf_eflags = 646
        error = 0
        narg = 3
        args = {3, -2143262438, 134580800, -948970196, -1067483570, -1067038688, -948970184, 671596824}
        code = 54
        ksi = {ksi_link = {tqe_next = 0xc0664820, tqe_prev = 0xc115dc80}, ksi_info = {si_signo = -1055500416,
    si_errno = -948970292, si_code = 70, si_pid = -1066543480, si_uid = 3239466880, si_status = -1067038688,
    si_addr = 0xc115dc80, si_value = {sival_int = -948970252, sival_ptr = 0xc76fdcf4}, _reason = {_fault = {
        _trapno = -1068644505}, _timer = {_timerid = -1068644505, _overrun = -1066998992}, _mesgq = {_mqd = -1068644505},
      _poll = {_band = -1068644505}, __spare__ = {__spare1__ = -1068644505, __spare2__ = {-1066998992, 2, -1067341680, 625,
          0, -948970224, -1067539996}}}}, ksi_flags = 0, ksi_sigq = 0xc1165780}
#20 0xc05e5f6f in Xint0x80_syscall () at ../../../i386/i386/exception.s:191
No locals.
#21 0x00000033 in ?? ()
No symbol table info available.
Previous frame inner to this frame (corrupt stack?)
(kgdb) frame 12
#12 0xc054733a in carp_set_addr (sc=0xc115bc00, sin=0x0) at ../../../netinet/ip_carp.c:1439
1439                    if ((imo->imo_membership[0] = in_addmulti(&addr, ifp)) == NULL)

%%% END %%%
Received on Tue Jun 27 2006 - 09:13:46 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:57 UTC