6.0BETA3 panic in ip_output (vlan/RIP related?)

From: Gavin Atkinson (gavin.atkinson_at_ury.york.ac.uk)
Date: 08/31/05

Next message: Suleiman Souhlal: "Re: nfs through nullfs"

Previous message: Robert Watson: "Re: Application layer firewall on FreeBSD, is it possible ?"
Next in thread: Yar Tikhiy: "Re: 6.0BETA3 panic in ip_output (vlan/RIP related?)"
Reply: Yar Tikhiy: "Re: 6.0BETA3 panic in ip_output (vlan/RIP related?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: freebsd-current@freebsd.org
Date: Wed, 31 Aug 2005 12:24:45 +0100

Hi,

I've just managed to panic an amd64 machine running 6.0BETA3.

wiggum# ifconfig vlan76 destroy
wiggum# Aug 31 12:02:48 wiggum routed[244]: IP_DROP_MEMBERSHIP ALLHOSTS: Can't assign requested address
wiggum#
wiggum# ifconfig vlan76 create
wiggum# ifconfig vlan76 vlan 76 vlandev bge0
wiggum# ifconfig vlan76 inet x.y.76.59 netmask 255.255.254.0

Fatal trap 9: general protection fault while in kernel mode
cpuid = 0; apic id = 00
instruction pointer = 0x8:0xffffffff80429420
stack pointer = 0x10:0xffffffffb260b600
frame pointer = 0x10:0xffffffffb260b710
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 244 (routed)
[thread pid 244 tid 100077 ]
Stopped at strlen: cmpb $0,0(%rdi)
db> tr
Tracing pid 244 tid 100077 td 0xffffff0078c74980
strlen() at strlen
vsnprintf() at vsnprintf+0x2e
panic() at panic+0x14b
_mtx_lock_flags() at _mtx_lock_flags+0xd6
ip_output() at ip_output+0x692
rip_output() at rip_output+0x161
rip_send() at rip_send+0x65
sosend() at sosend+0x654
kern_sendit() at kern_sendit+0x104
sendit() at sendit+0x66
sendto() at sendto+0x54
syscall() at syscall+0x4b2
Xfast_syscall() at Xfast_syscall+0xa8
--- syscall (133, FreeBSD ELF64, sendto), rip = 0x800799dfc, rsp =
0x7fffffffeb28, rbp = 0x413112 ---
db>

(kgdb) where
#23 0xffffffff803d3d5e in vsnprintf (str=0x0, size=0, format=0x0, ap=0x0) at /usr/src/sys/kern/subr_prf.c:408
#24 0xffffffff803b3efb in panic (fmt=0xffffffff80615639 "%s @ %s:%d") at /usr/src/sys/kern/kern_shutdown.c:520
#25 0xffffffff803ab6e6 in _mtx_lock_flags (m=0xffffff00622dec78, opts=0, file=0xffffffff80628080 "/usr/src/sys/netinet/ip_output.c",
    line=296) at /usr/src/sys/kern/kern_mutex.c:268
#26 0xffffffff80464a52 in ip_output (m=0xffffff005e402300, opt=0xffffff0042432000, ro=0xffffffffb260b8d0, flags=32, imo=0xffffff007b8aa500,
    inp=0xffffff0061bf2000) at /usr/src/sys/netinet/ip_output.c:296
#27 0xffffffff80465791 in rip_output (m=0xffffff005e402300, so=0x0, dst=64) at /usr/src/sys/netinet/raw_ip.c:320
#28 0xffffffff80466535 in rip_send (so=0xffffff0061ccf000, flags=0, m=0xffffff005e402300, nam=0xffffff007b5b90f0, control=0x0, td=0x0)
    at /usr/src/sys/netinet/raw_ip.c:785
#29 0xffffffff803f95c4 in sosend (so=0xffffff0061ccf000, addr=0xffffff007b5b90f0, uio=0xffffffffb260ba80, top=0xffffff005e402300,
    control=0x0, flags=0, td=0xffffff0078c74980) at /usr/src/sys/kern/uipc_socket.c:829
#30 0xffffffff80400534 in kern_sendit (td=0xffffff0078c74980, s=5, mp=0xffffffffb260bb50, flags=0, control=0x0, segflg=8)
    at /usr/src/sys/kern/uipc_syscalls.c:772
#31 0xffffffff804016f6 in sendit (td=0xffffff0078c74980, s=5, mp=0xffffffffb260bb50, flags=0) at /usr/src/sys/kern/uipc_syscalls.c:712
#32 0xffffffff80401ab4 in sendto (td=0x0, uap=0x0) at /usr/src/sys/kern/uipc_syscalls.c:830
#33 0xffffffff80570042 in syscall (frame=
      {tf_rdi = 5, tf_rsi = 140737488350080, tf_rdx = 8, tf_rcx = 0, tf_r8 = 140737488350016, tf_r9 = 16, tf_rax = 133, tf_rbx = 5367808, tf)
    at /usr/src/sys/amd64/amd64/trap.c:796
#34 0xffffffff8055d468 in Xfast_syscall () at /usr/src/sys/amd64/amd64/exception.S:272

(kgdb) f 25
#25 0xffffffff803ab6e6 in _mtx_lock_flags (m=0xffffff00622dec78, opts=0, file=0xffffffff80628080 "/usr/src/sys/netinet/ip_output.c",
line=296) at /usr/src/sys/kern/kern_mutex.c:268
268 KASSERT(m->mtx_object.lo_class == &lock_class_mtx_sleep,
(kgdb) l
263 void
264 _mtx_lock_flags(struct mtx *m, int opts, const char *file, int line)
265 {
266
267 MPASS(curthread != NULL);
268 KASSERT(m->mtx_object.lo_class == &lock_class_mtx_sleep,
269 ("mtx_lock() of spin mutex %s @ %s:%d", m->mtx_object.lo_name,
270 file, line));
271 WITNESS_CHECKORDER(&m->mtx_object, opts | LOP_NEWORDER | LOP_EXCLUSIVE,
272 file, line);
(kgdb) up
#26 0xffffffff80464a52 in ip_output (m=0xffffff005e402300, opt=0xffffff0042432000, ro=0xffffffffb260b8d0, flags=32, imo=0xffffff007b8aa500,
inp=0xffffff0061bf2000) at /usr/src/sys/netinet/ip_output.c:296
296 IN_LOOKUP_MULTI(ip->ip_dst, ifp, inm);
(kgdb) l
291 if (ia != NULL)
292 ip->ip_src = IA_SIN(ia)->sin_addr;
293 }
294
295 IN_MULTI_LOCK();
296 IN_LOOKUP_MULTI(ip->ip_dst, ifp, inm);
297 if (inm != NULL &&
298 (imo == NULL || imo->imo_multicast_loop)) {
299 IN_MULTI_UNLOCK();
300 /*

I've got the core file if anyone wants any more info.

Gavin
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"

Next message: Suleiman Souhlal: "Re: nfs through nullfs"

Previous message: Robert Watson: "Re: Application layer firewall on FreeBSD, is it possible ?"
Next in thread: Yar Tikhiy: "Re: 6.0BETA3 panic in ip_output (vlan/RIP related?)"
Reply: Yar Tikhiy: "Re: 6.0BETA3 panic in ip_output (vlan/RIP related?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]