Fatal trap in rt_msg2

Roberto Nunnari roberto.nunnari at supsi.ch
Fri Mar 26 06:00:53 PST 2004 

Also, my kernel is configured without INET6 and my netmask is /23
.. maybe I should try again with INET6 and /24 ??


Roberto Nunnari wrote:
> Hello.
> 
> I'm posting here as I've been told in current it's a better place.
> 
> On March 18th I did an upgrade from 5.2-p1 to RELENG_5_2 which
> gave me 5.2.1-p3. cvsup, build and install went well, but
> when I rebooted I got Fatal trap 12 during network configuration,
> late in the boot process..
> 
> I could boot and get a working system using the old kernel..
> 
> Anyways, i did a partial restore
> /boot, /bin, /etc, /lib, /libexec, /sbin
> 
> that was enough to get the system back to multiuser mode
> and running great as usual..
> 
> Yet.. I cannot seam to be able to upgrade the system any more..
> 
> Please help. Just ask and I'll be glad to give all relevant
> information you may need in order to solve this problem.
> I'm new to kernel debugging, but I'll do my best. I just
> need some help and guidance. Thanks.
> 
> here is the 5.2-p1 kernel config and dmesg
> http://www.dti.supsi.ch/~robi/WEB.20040323
> http://www.dti.supsi.ch/~robi/dmesg.20040323
> 
> and this is the kernel config I used to save the dump.
> http://www.dti.supsi.ch/~robi/WEB
> 
> it seams that sa in rt_msg2 (/usr/src/sys/net/rtsock.c:708)
> is a bogus pointer..
> 
> 
> Here is my gdb session:
> 
> web.dti.supsi.ch# gdb -k kernel.debug /usr/crash/vmcore.1
> GNU gdb 5.2.1 (FreeBSD)
> Copyright 2002 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you 
> are
> welcome to change it and/or distribute copies of it under certain 
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "i386-unknown-freebsd"...
> panic: page fault
> panic messages:
> ---
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 00
> fault virtual address   = 0xff70ff70
> fault code              = supervisor read, page not present
> instruction pointer     = 0x8:0xc0568949
> stack pointer           = 0x10:0xe40a1b04
> frame pointer           = 0x10:0xe40a1b28
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 303 (ifconfig)
> trap number             = 12
> panic: page fault
> cpuid = 0;
> boot() called on cpu#0
> 
> syncing disks, buffers remaining... 218 218 216 216 215 215 215 215 215 
> 215 215 215 215 215 215 215 215 215 215 215 215 215 215 215
> giving up on 200 buffers
> Uptime: 46s
> Dumping 1023 MB
>  16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 
> 320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 
> 608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 
> 896 912 928 944 960 976 992 1008
> ---
> Reading symbols from 
> /usr/obj/usr/src/sys/WEB/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done. 
> 
> Loaded symbols for 
> /usr/obj/usr/src/sys/WEB/modules/usr/src/sys/modules/acpi/acpi.ko.debug
> #0  doadump () at /usr/src/sys/kern/kern_shutdown.c:240
> 240             dumping++;
> (kgdb) list *0xc0568949
> 0xc0568949 is in rt_msg2 (/usr/src/sys/net/rtsock.c:708).
> 703                     register struct sockaddr *sa;
> 704
> 705                     if ((sa = rtinfo->rti_info[i]) == 0)
> 706                             continue;
> 707                     rtinfo->rti_addrs |= (1 << i);
> 708                     dlen = ROUNDUP(sa->sa_len);
> 709                     if (cp) {
> 710                             bcopy((caddr_t)sa, cp, (unsigned)dlen);
> 711                             cp += dlen;
> 712                     }
> (kgdb) backtrace
> #0  doadump () at /usr/src/sys/kern/kern_shutdown.c:240
> #1  0xc04f1791 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:372
> #2  0xc04f1b6e in panic () at /usr/src/sys/kern/kern_shutdown.c:550
> #3  0xc062547c in trap_fatal (frame=0xe40a1ac4, eva=0) at 
> /usr/src/sys/i386/i386/trap.c:821
> #4  0xc0625122 in trap_pfault (frame=0xe40a1ac4, usermode=0, 
> eva=4285595504) at /usr/src/sys/i386/i386/trap.c:735
> #5  0xc0624d33 in trap (frame=
>       {tf_fs = 24, tf_es = -1066860528, tf_ds = 16, tf_edi = 0, tf_esi = 
> 4, tf_ebp = -469099736, tf_isp = -469099792, tf_ebx = -964638720, tf_edx 
> = -9371792, tf_ecx = -469099704, tf_eax = 16, tf_trapno = 12, tf_err = 
> 0, tf_eip = -1068070583, tf_cs = 8, tf_eflags = 66050, tf_esp = 
> -967258976, tf_ss = -964361888})
>     at /usr/src/sys/i386/i386/trap.c:420
> #6  0xc0611f28 in calltrap () at {standard input}:94
> #7  0xc0568fe6 in sysctl_iflist (af=0, w=0xe40a1b9c) at 
> /usr/src/sys/net/rtsock.c:981
> #8  0xc056943e in sysctl_rtsock (oidp=0xc0694b00, arg1=0xe40a1cb4, 
> arg2=4, req=0xe40a1c10) at /usr/src/sys/net/rtsock.c:1132
> #9  0xc04fb89a in sysctl_root (oidp=0x0, arg1=0x16, arg2=-469099504, 
> req=0xe40a1cb8) at /usr/src/sys/kern/kern_sysctl.c:1179
> #10 0xc04fbb4d in userland_sysctl (td=0x0, name=0xe40a1cac, namelen=6, 
> old=0xe40a1c10, oldlenp=0xe40a1cb8, inkernel=0, new=0x16, newlen=0,
>     retval=0xe40a1ca8) at /usr/src/sys/kern/kern_sysctl.c:1286
> #11 0xc04fb980 in __sysctl (td=0x0, uap=0xe40a1d14) at 
> /usr/src/sys/kern/kern_sysctl.c:1216
> #12 0xc06257e0 in syscall (frame=
>       {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 0, tf_esi = 
> -1077940636, tf_ebp = -1077940728, tf_isp = -469099148, tf_ebx = 
> 672416032, tf_edx = 0, tf_ecx = -1077940632, tf_eax = 202, tf_trapno = 
> 12, tf_err = 2, tf_eip = 671908719, tf_cs = 31, tf_eflags = 663, tf_esp 
> = -1077940772, tf_ss = 47})
>     at /usr/src/sys/i386/i386/trap.c:1010
> #13 0xc0611f7d in Xint0x80_syscall () at {standard input}:136
> ---Can't read userspace from dump, or kernel process---
> 
> (kgdb) up 7
> #7  0xc0568fe6 in sysctl_iflist (af=0, w=0xe40a1b9c) at 
> /usr/src/sys/net/rtsock.c:981
> 981                     len = rt_msg2(RTM_IFINFO, &info, (caddr_t)0, w);
> (kgdb) print info
> $1 = {rti_addrs = 16, rti_info = {0x0, 0x0, 0x0, 0x0, 0xff70ff70, 0x0, 
> 0x0, 0x0}, rti_flags = 0, rti_ifa = 0x0, rti_ifp = 0x0}
> (kgdb) print w
> $2 = (struct walkarg *) 0xe40a1b9c
> (kgdb) print *w
> $3 = {w_tmemsize = 152, w_op = 3, w_arg = 0, w_tmem = 0xc6850100 "\230", 
> w_req = 0xe40a1c10}
> 


-- 
               Roberto Nunnari -software engineer-
                mailto:roberto.nunnari at supsi.ch
  Scuola Universitaria Professionale della Svizzera Italiana
              Dipartimento Tecnologie Innovative
                   http://www.dti.supsi.ch
  SUPSI-DTI
  Via Cantonale                        tel: +41-91-6108561
  6928 Manno                 """       fax: +41-91-6108570
  Switzerland               (o o)
=======================oOO==(_)==OOo========================

More information about the freebsd-net mailing list