(unknown charset) ip_output panics on recent -CURRENT

From: (unknown charset) Andrea Campi <andrea_at_webcom.it>
Date: Mon, 3 Nov 2003 21:58:49 +0100
Hi,

after updating my laptop to last sunday sources, it panics very often with
one of two panics. Sam, any chance you might know what's up?

Note that both panics seem (to my untrained eye at least) to be related
to spammed route entry structures. The second one in particular looks
suspicious, with all those null arguments...


Enjoy,
	Andrea


panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x68
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc04d8ad2
stack pointer           = 0x10:0xcb4a0a24
frame pointer           = 0x10:0xcb4a0a50
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 466 (ntpd)
Dumping 191 MB
 16 32 48 64 80 96 112 128 144 160 176
---

(kgdb) where
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:240
#1  0xc044ada5 in db_fncall (dummy1=0, dummy2=0, dummy3=0, dummy4=0xcb4a0850 "\2005hÀ\f")
    at /usr/src/sys/ddb/db_command.c:548
#2  0xc044aaf2 in db_command (last_cmdp=0xc0682c20, cmd_table=0x0, aux_cmd_tablep=0xc0659ef0,
    aux_cmd_tablep_end=0xc0659ef4) at /usr/src/sys/ddb/db_command.c:346
#3  0xc044ac35 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472
#4  0xc044dc55 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:73
#5  0xc060336c in kdb_trap (type=12, code=0, regs=0xcb4a09e4)
    at /usr/src/sys/i386/i386/db_interface.c:171
#6  0xc0614ec6 in trap_fatal (frame=0xcb4a09e4, eva=0) at /usr/src/sys/i386/i386/trap.c:818
#7  0xc0614513 in trap (frame=
      {tf_fs = -884342760, tf_es = -1067450352, tf_ds = -1055719408, tf_edi = -1036451332, tf_esi =
1036561520, tf_ebp = -884340144, tf_isp = -884340208, tf_ebx = -1055714416, tf_edx = 2, tf_ecx = 0,
 tf_eax = 1, tf_trapno = 12, tf_err = 0, tf_eip = -1068660014, tf_cs = 8, tf_eflags = 66118, tf_esp
= 47, tf_ss = -1077936960}) at /usr/src/sys/i386/i386/trap.c:252
#8  0xc0604d18 in calltrap () at {standard input}:102
#9  0xc0575416 in ip_output (m0=0xc1131390, opt=0xc2375390, ro=0xc23901fc, flags=32, imo=0x0,
    inp=0xc23901c0) at /usr/src/sys/netinet/ip_output.c:266
#10 0xc0584726 in udp_output (inp=0xc23901c0, m=0xc1139500, addr=0xc29be7d0, control=0x20,
    td=0xc1131390) at /usr/src/sys/netinet/udp_usrreq.c:847
#11 0xc05853d1 in udp_send (so=0x0, flags=0, m=0xc1139500, addr=0x0, control=0x0, td=0x0)
    at /usr/src/sys/netinet/udp_usrreq.c:1043
#12 0xc0522d9d in sosend (so=0xc238e880, addr=0xc29be7d0, uio=0xcb4a0c38, top=0xc1139500,
    control=0x0, flags=0, td=0xc1131390) at /usr/src/sys/kern/uipc_socket.c:715
#13 0xc05276dc in kern_sendit (td=0xc1131390, s=6, mp=0xcb4a0cb0, flags=0, control=0x0)
    at /usr/src/sys/kern/uipc_syscalls.c:722
#14 0xc05274fe in sendit (td=0x0, s=0, mp=0xcb4a0cb0, flags=0)
    at /usr/src/sys/kern/uipc_syscalls.c:662
#15 0xc05278cb in sendto (td=0x0, uap=0x0) at /usr/src/sys/kern/uipc_syscalls.c:783
#16 0xc0615280 in syscall (frame=
      {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 134746472, tf_esi = 134741744, tf_ebp = -1077938
072, tf_isp = -884339340, tf_ebx = -1, tf_edx = 134732640, tf_ecx = 672656864, tf_eax = 133, tf_trap
no = 22, tf_err = 2, tf_eip = 672158495, tf_cs = 31, tf_eflags = 663, tf_esp = -1077938116, tf_ss =
47}) at /usr/src/sys/i386/i386/trap.c:1012
#17 0xc0604d6d in Xint0x80_syscall () at {standard input}:144
---Can't read userspace from dump, or kernel process---

(kgdb) list /usr/src/sys/netinet/ip_output.c:266
261              * cache with IPv6.
262              */
263             if (ro->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 ||
264                               dst->sin_family != AF_INET ||
265                               dst->sin_addr.s_addr != pkt_dst.s_addr)) {
266                     RTFREE(ro->ro_rt);
267                     ro->ro_rt = (struct rtentry *)0;
268             }
269             if (ro->ro_rt == 0) {
270                     bzero(dst, sizeof(*dst));

(kgdb) print *ro
$1 = {ro_rt = 0xc2375300, ro_dst = {sa_len = 16 '\020', sa_family = 2 '\002',
    sa_data = "\0\0Õ\\\005R\0\0\0\0\0\0\0"}}
(kgdb) print *ro->ro_rt
$2 = {rt_nodes = {{rn_mklist = 0xc2375370, rn_parent = 0xc23753c0, rn_bit = 876,
      rn_bmask = 112 'p', rn_flags = 194 'Â', rn_u = {rn_leaf = {
          rn_Key = 0xc232cdb0 ",¤fÀ\232ËdÀ\232ËdÀ", rn_Mask = 0x0, rn_Dupedkey = 0x14}, rn_node = {
          rn_Off = -1036857936, rn_L = 0x0, rn_R = 0x14}}}, {rn_mklist = 0x3, rn_parent = 0x3,
      rn_bit = 63, rn_bmask = 0 '\0', can not access 0xffffffff, invalid address (ffffffff)
can not access 0xffffffff, invalid address (ffffffff)
can not access 0xffffffff, invalid address (ffffffff)
can not access 0xffffffff, invalid address (ffffffff)
can not access 0xffffffff, invalid address (ffffffff)
can not access 0xffffffff, invalid address (ffffffff)
rn_flags = 0 '\0', rn_u = {rn_leaf = {
          rn_Key = 0xffffffff <Address 0xffffffff out of bounds>, rn_Mask = 0x0,
          rn_Dupedkey = 0x0}, rn_node = {rn_Off = -1, rn_L = 0x0, rn_R = 0x0}}}},
  rt_gateway = 0x0, rt_refcnt = -1067015124, rt_flags = 3227804624, rt_ifp = 0xc06463d0,
  rt_ifa = 0x20000, rt_genmask = 0x0, rt_llinfo = 0x0, rt_rmx = {rmx_locks = 0, rmx_mtu = 4,
    rmx_hopcount = 0, rmx_expire = 0, rmx_recvpipe = 3258405720, rmx_sendpipe = 0,
    rmx_ssthresh = 0, rmx_rtt = 0, rmx_rttvar = 0, rmx_pksent = 3261469692, rmx_filler = {
      3261472140, 3261602056, 3261600764, 0}}, rt_gwroute = 0x0, rt_output = 0, rt_parent = 0x0,
  rt_mtx = {mtx_object = {lo_class = 0x0, lo_name = 0x0, lo_type = 0x0, lo_flags = 0, lo_list = {
        tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 2, mtx_recurse = 0,
    mtx_blocked = {tqh_first = 0x0, tqh_last = 0x0}, mtx_contested = {le_next = 0x0,
      le_prev = 0x0}}}






panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x24
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc04d872b
stack pointer           = 0x10:0xcb453b28
frame pointer           = 0x10:0xcb453b3c
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 12 (swi8: tty:sio clock)
Dumping 191 MB
 16 32 48 64 80 96 112 128 144 160 176
---
(kgdb) where
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:240
#1  0xc044ada5 in db_fncall (dummy1=0, dummy2=0, dummy3=0, dummy4=0xcb453954 "\2005hÀ\f")
    at /usr/src/sys/ddb/db_command.c:548
#2  0xc044aaf2 in db_command (last_cmdp=0xc0682c20, cmd_table=0x0, aux_cmd_tablep=0xc0659ef0,
    aux_cmd_tablep_end=0xc0659ef4) at /usr/src/sys/ddb/db_command.c:346
#3  0xc044ac35 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472
#4  0xc044dc55 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:73
#5  0xc060336c in kdb_trap (type=12, code=0, regs=0xcb453ae8)
    at /usr/src/sys/i386/i386/db_interface.c:171
#6  0xc0614ec6 in trap_fatal (frame=0xcb453ae8, eva=0) at /usr/src/sys/i386/i386/trap.c:818
#7  0xc0614513 in trap (frame=
      {tf_fs = 24, tf_es = -884670448, tf_ds = 16, tf_edi = 16, tf_esi = 36, tf_ebp = -884655300, tf
_isp = -884655340, tf_ebx = 0, tf_edx = -1067133489, tf_ecx = -1037192912, tf_eax = 36, tf_trapno =
12, tf_err = 0, tf_eip = -1068660949, tf_cs = 8, tf_eflags = 66195, tf_esp = -1055741568, tf_ss = -1
055745676}) at /usr/src/sys/i386/i386/trap.c:252
#8  0xc0604d18 in calltrap () at {standard input}:102
#9  0xc04d8b79 in _mtx_lock_sleep (m=0x24, opts=0, file=0x0, line=0)
    at /usr/src/sys/kern/kern_mutex.c:635
#10 0xc055c8cc in rtalloc_ign (ro=0xc28633bc, ignore=0) at /usr/src/sys/net/route.c:99
#11 0xc055c859 in rtalloc (ro=0x0) at /usr/src/sys/net/route.c:88
#12 0xc057e328 in tcp_rtlookup (inc=0x0) at /usr/src/sys/netinet/tcp_subr.c:1485
#13 0xc057e351 in tcp_gettaocache (inc=0x0) at /usr/src/sys/netinet/tcp_subr.c:1576
#14 0xc057bd23 in tcp_output (tp=0xc28633bc) at /usr/src/sys/netinet/tcp_output.c:237
#15 0xc0581106 in tcp_timer_rexmt (xtp=0xc2864590) at /usr/src/sys/netinet/tcp_timer.c:615
#16 0xc04f57be in softclock (dummy=0x0) at /usr/src/sys/kern/kern_timeout.c:225
#17 0xc04cd288 in ithread_loop (arg=0xc1127d00) at /usr/src/sys/kern/kern_intr.c:540
#18 0xc04cbf30 in fork_exit (callout=0xc04cd0b0 <ithread_loop>, arg=0x0, frame=0x0)
    at /usr/src/sys/kern/kern_fork.c:793


-- 
                  Weird enough for government work.
Received on Mon Nov 03 2003 - 11:58:54 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:27 UTC