Hi all,
I started to play with RAT application (ports: mbone/rat + an SVN version)
and
it seems to crash my 6.3-RELEASE-p1 box in rather deterministic way. Crash
details are shown below. Has anyone seen a problem like this?
Thanks,
Petr
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x0
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc0713a7f
stack pointer = 0x28:0xe8583b38
frame pointer = 0x28:0xe8583b40
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 9460 (rat-4.4.01)
trap number = 12
panic: page fault
Uptime: 35m41s
Dumping 1023 MB (2 chunks)
chunk 0: 1MB (159 pages) ... ok
chunk 1: 1023MB (261760 pages) 1007 991 975 959 943 927 911 895 879 863
847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559
543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255
239 223 207 191 175 159 143 127 111 95 79 63 47 31 15
#0 doadump () at pcpu.h:165
in pcpu.h
(kgdb) bt
#0 doadump () at pcpu.h:165
#1 0xc06a4ad6 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2 0xc06a4d6c in panic (fmt=0xc096ba63 "%s")
at /usr/src/sys/kern/kern_shutdown.c:565
#3 0xc090d0d4 in trap_fatal (frame=0xe8583af8, eva=0)
at /usr/src/sys/i386/i386/trap.c:838
#4 0xc090ce3b in trap_pfault (frame=0xe8583af8, usermode=0, eva=0)
at /usr/src/sys/i386/i386/trap.c:745
#5 0xc090ca79 in trap (frame {tf_fs = 8, tf_es = 40, tf_ds = -983498712,
tf_edi = -396870780,
tf_esi = -396870780, tf_ebp = -396870848, tf_isp = -396870876, tf_ebx
-972494912, tf_edx = -975435904, tf_ecx = 0, tf_eax = 0, tf_trapno = 12,
tf_err = 0, tf_eip = -1066321281, tf_cs = 32, tf_eflags = 66183, tf_esp
-396870780, tf_ss = -985987072}) at /usr/src/sys/i386/i386/trap.c:435
#6 0xc08f9f0a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7 0xc0713a7f in if_findmulti (ifp=0x0, sa=0xe8583b84)
at /usr/src/sys/net/if.c:1893
#8 0xc0713c1f in if_addmulti (ifp=0xc53b0800, sa=0xe8583b84,
retifma=0xe8583b80) at /usr/src/sys/net/if.c:2001
#9 0xc073f6bb in in_addmulti (ap=0xe8583bb8, ifp=0xc53b0800)
at /usr/src/sys/netinet/in.c:982
#10 0xc0748898 in ip_setmoptions (inp=0xc58a3d5c, sopt=0xc5dc0780)
at /usr/src/sys/netinet/ip_output.c:1897
#11 0xc0747cc7 in ip_ctloutput_pcbinfo (so=0xc60469bc, sopt=0xe8583c90,
pcbinfo=0xc0a746a0) at /usr/src/sys/netinet/ip_output.c:1314
#12 0xc0747f74 in ip_ctloutput (so=0xc60469bc, sopt=0xe8583c90)
at /usr/src/sys/netinet/ip_output.c:1516
#13 0xc06dfcf0 in sosetopt (so=0xc60469bc, sopt=0xe8583c90)
at /usr/src/sys/kern/uipc_socket.c:1575
#14 0xc06e5071 in kern_setsockopt (td=0xc5dc0780, s=4, level=0, name=0,
val=0x0, valseg=UIO_USERSPACE, valsize=3319531392)
at /usr/src/sys/kern/uipc_syscalls.c:1351
#15 0xc06e4f92 in setsockopt (td=0xc5dc0780, uap=0x0)
at /usr/src/sys/kern/uipc_syscalls.c:1307
#16 0xc090d3eb in syscall (frame {tf_fs = 59, tf_es = 59, tf_ds = 59,
tf_edi = 134598976, tf_esi 47000, tf_ebp = -1077942872, tf_isp = -396870300,
tf_ebx = -1077942896,
tf_edx = -270598176, tf_ecx = 23, tf_eax = 105, tf_trapno = 12, tf_err = 2,
tf_eip = 672253131, tf_cs = 51, tf_eflags = 658, tf_esp = -1077942980, tf_ss
= 59})
at /usr/src/sys/i386/i386/trap.c:984
#17 0xc08f9f5f in Xint0x80_syscall ()
at /usr/src/sys/i386/i386/exception.s:200
#18 0x00000033 in ?? ()
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc06a4ad6 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
first_buf_printf = 1
#2 0xc06a4d6c in panic (fmt=0xc096ba63 "%s")
at /usr/src/sys/kern/kern_shutdown.c:565
td = (struct thread *) 0xc5dc0780
bootopt = 260
newpanic = 0
ap = 0xc5dc0780 "H6???YE?"
buf = "page fault", '\0' <repeats 245 times>
#3 0xc090d0d4 in trap_fatal (frame=0xe8583af8, eva=0)
at /usr/src/sys/i386/i386/trap.c:838
code = 40
ss = 40
esp = 0
type = 12
softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27,
ssd_dpl = 0, ssd_p = 1, ssd_xx = 6, ssd_xx1 = 3, ssd_def32 = 1,
ssd_gran = 1}
msg = 0x0
#4 0xc090ce3b in trap_pfault (frame=0xe8583af8, usermode=0, eva=0)
at /usr/src/sys/i386/i386/trap.c:745
va = 0
vm = (struct vmspace *) 0x0
map = 0xc5fbc000
rv = 1
ftype = 1 '\001'
td = (struct thread *) 0xc5dc0780
p = (struct proc *) 0xc5dc3648
#5 0xc090ca79 in trap (frame {tf_fs = 8, tf_es = 40, tf_ds = -983498712,
tf_edi = -396870780,
tf_esi = -396870780, tf_ebp = -396870848, tf_isp = -396870876, tf_ebx
-972494912, tf_edx = -975435904, tf_ecx = 0, tf_eax = 0, tf_trapno = 12,
tf_err = 0, tf_eip = -1066321281, tf_cs = 32, tf_eflags = 66183, tf_esp
-396870780, tf_ss = -985987072}) at /usr/src/sys/i386/i386/trap.c:435
td = (struct thread *) 0xc5dc0780
p = (struct proc *) 0xc5dc3648
sticks = 3314033776
type = 12
i = 0
ucode = 0
code = 0
eva = 0
#6 0xc08f9f0a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
No locals.
#7 0xc0713a7f in if_findmulti (ifp=0x0, sa=0xe8583b84)
at /usr/src/sys/net/if.c:1893
ifma = (struct ifmultiaddr *) 0xc608e7c0
#8 0xc0713c1f in if_addmulti (ifp=0xc53b0800, sa=0xe8583b84,
retifma=0xe8583b80) at /usr/src/sys/net/if.c:2001
ifma = (struct ifmultiaddr *) 0xe8583b84
ll_ifma = (struct ifmultiaddr *) 0xc5dc0780
llsa = (struct sockaddr *) 0xe8583b64
error = -987328256
#9 0xc073f6bb in in_addmulti (ap=0xe8583bb8, ifp=0xc53b0800)
at /usr/src/sys/netinet/in.c:982
inm = (struct in_multi *) 0xe8583b84
error = 0
sin = {sin_len = 16 '\020', sin_family = 2 '\002', sin_port =
0,
sin_addr = {s_addr = 4024369120}, sin_zero
"\000\000\000\000\000\000\000"}
ifma = (struct ifmultiaddr *) 0xc58a3d5c
#10 0xc0748898 in ip_setmoptions (inp=0xc58a3d5c, sopt=0xc5dc0780)
at /usr/src/sys/netinet/ip_output.c:1897
error = 0
i = 0
addr = {s_addr = 0}
mreq = {imr_multiaddr = {s_addr = 4024369120}, imr_interface = {
s_addr = 0}}
ifp = (struct ifnet *) 0xc53b0800
imo = (struct ip_moptions *) 0xc552c200
ro = {ro_rt = 0x0, ro_dst = {sa_len = 16 '\020',
sa_family = 2 '\002',
sa_data = "\000\000????\000\000\000\000\000\000\000"}}
ifindex = -975435904
#11 0xc0747cc7 in ip_ctloutput_pcbinfo (so=0xc60469bc, sopt=0xe8583c90,
pcbinfo=0xc0a746a0) at /usr/src/sys/netinet/ip_output.c:1314
inp = (struct inpcb *) 0xc58a3d5c
error = 0
optval = 0
#12 0xc0747f74 in ip_ctloutput (so=0xc60469bc, sopt=0xe8583c90)
at /usr/src/sys/netinet/ip_output.c:1516
No locals.
#13 0xc06dfcf0 in sosetopt (so=0xc60469bc, sopt=0xe8583c90)
at /usr/src/sys/kern/uipc_socket.c:1575
error = -975435904
optval = -1048225976
l = {l_onoff = -396870524, l_linger = 0}
tv = {tv_sec = -1066137227, tv_usec = -1048309760}
val = 0
#14 0xc06e5071 in kern_setsockopt (td=0xc5dc0780, s=4, level=0, name=0,
val=0x0, valseg=UIO_USERSPACE, valsize=3319531392)
at /usr/src/sys/kern/uipc_syscalls.c:1351
error = 0
fp = (struct file *) 0xc5d77c60
sopt = {sopt_dir = SOPT_SET, sopt_level = 0, sopt_name = 12,
sopt_val = 0xbfbfe584, sopt_valsize = 8, sopt_td = 0xc5dc0780}
#15 0xc06e4f92 in setsockopt (td=0xc5dc0780, uap=0x0)
at /usr/src/sys/kern/uipc_syscalls.c:1307
No locals.
#16 0xc090d3eb in syscall (frame {tf_fs = 59, tf_es = 59, tf_ds = 59,
tf_edi = 134598976, tf_esi 47000, tf_ebp = -1077942872, tf_isp = -396870300,
tf_ebx = -1077942896,
tf_edx = -270598176, tf_ecx = 23, tf_eax = 105, tf_trapno = 12, tf_err = 2,
tf_eip = 672253131, tf_cs = 51, tf_eflags = 658, tf_esp = -1077942980, tf_ss
= 59})
at /usr/src/sys/i386/i386/trap.c:984
params = 0xbfbfe540 <Address 0xbfbfe540 out of bounds>
callp = (struct sysent *) 0xc09fca4c
td = (struct thread *) 0xc5dc0780
p = (struct proc *) 0xc5dc3648
orig_tf_eflags = 658
sticks = 0
error = 0
narg = 5
args = {4, 0, 12, -1077942908, 8, 0, 0, -975423928}
code = 105
#17 0xc08f9f5f in Xint0x80_syscall ()
at /usr/src/sys/i386/i386/exception.s:200
No locals.
#18 0x00000033 in ?? ()
No symbol table info available.
(kgdb) up 7
#7 0xc0713a7f in if_findmulti (ifp=0x0, sa=0xe8583b84)
at /usr/src/sys/net/if.c:1893
1893 if (sa_equal(ifma->ifma_addr, sa))
(kgdb) p ifma->ifma_addr
$1 = (struct sockaddr *) 0x0
(kgdb) p *ifma
$2 = {ifma_link = {tqe_next = 0x306d65, tqe_prev = 0x0}, ifma_addr = 0x0,
ifma_lladdr = 0x0, ifma_ifp = 0x8843, ifma_refcount = 0,
ifma_protospec = 0x0}
$3 = (struct sockaddr *) 0xe8583b84
(kgdb) p *sa
$4 = {sa_len = 16 '\020', sa_family = 2 '\002',
sa_data = "\000\000????\000\000\000\000\000\000\000"}
(kgdb) q