kern/121181: [panic] Fatal trap 3: breakpoint instruction fault
while in kernel mode, rtfree: NULL rnh
Oleksandr V. Typlyns'kyi
astral at sputnikmedia.net
Tue Mar 18 03:40:04 PDT 2008
The following reply was made to PR kern/121181; it has been noted by GNATS.
From: "Oleksandr V. Typlyns'kyi" <astral at sputnikmedia.net>
To: bug-followup at FreeBSD.org
Cc:
Subject: Re: kern/121181: [panic] Fatal trap 3: breakpoint instruction fault
while in kernel mode, rtfree: NULL rnh
Date: Tue, 18 Mar 2008 12:36:30 +0200 (EET)
Another crash 16 march 2008:
kgdb kernel.debug /var/crash/vmcore.0
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
panic: rtfree: NULL rnh
cpuid = 7
Uptime: 16d22h19m19s
Dumping 2046 MB (2 chunks)
chunk 0: 1MB (156 pages) ... ok
chunk 1: 2047MB (523872 pages) 2031 2015 1999 1983 1967 1951 1935 1919 1903 1887 1871 1855 1839 1823 1807 1791 1775 1759 1743 1727 1711 1695 1679 1663 1647 1631 1615 1599 1583 1567 1551 1535 1519 1503 1487 1471 1455 1439 1423 1407 1391 1375 1359 1343 1327 1311 1295 1279 1263 1247 1231 1215 1199 1183 1167 1151 1135 1119 1103 1087 1071 1055 1039 1023 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 3 83 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc04f225a in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
first_buf_printf = 1
#2 0xc04f260b in panic (fmt=0xc069b980 "rtfree: NULL rnh") at /usr/src/sys/kern/kern_shutdown.c:565
td = (struct thread *) 0xc6af6780
bootopt = 260
newpanic = 0
ap = 0xc6af6780 "`xJÌ ¾ÍÊ"
buf = "rtfree: NULL rnh", '\0' <repeats 239 times>
#3 0xc05808e7 in rtfree (rt=0xc6161c00) at /usr/src/sys/net/route.c:240
rnh = (struct radix_node_head *) 0x0
#4 0xc0598aa3 in ip_output (m=0xc98c4d00, opt=0xc6161c00, ro=0xe8edda80, flags=0, imo=0x0, inp=0xc756e384) at /usr/src/sys/netinet/ip_output.c:835
ip = (struct ip *) 0xc98c4d40
ifp = (struct ifnet *) 0xc6161c00
m0 = (struct mbuf *) 0x1
hlen = 20
len = -961583232
error = 0
dst = (struct sockaddr_in *) 0xe8edda84
ia = (struct in_ifaddr *) 0xc6444c00
isbroadcast = 0
sw_csum = 1
iproute = {ro_rt = 0xc6532000, ro_dst = {sa_len = 16 '\020', sa_family = 2 '\002', sa_data = "\000\000\177\000\000\001\000\000\000\000\000\000\000"}}
odst = {s_addr = 1}
fwd_tag = (struct m_tag *) 0x0
#5 0xc05a2ce0 in tcp_output (tp=0xcab1fae0) at /usr/src/sys/netinet/tcp_output.c:1080
so = (struct socket *) 0xcd167b20
len = 43
recwin = 71680
sendwin = -913552044
off = 0
flags = 24
error = 0
m = (struct mbuf *) 0xc98c4d00
ip = (struct ip *) 0xc98c4d40
th = (struct tcphdr *) 0xc98c4d54
opt = "\001\001\b\nW/3âW/3Ûè{\026Í\000È\206É\000\000\000\000è{\026Í`ÛíèîÁSÀè{\026Í"
ipoptlen = 0
optlen = 12
hdrlen = 52
idle = 1
sendalot = 0
i = -387065040
sack_rxmit = 0
sack_bytes_rxmt = 0
p = (struct sackhole *) 0x0
#6 0xc05a997f in tcp_usr_send (so=0xcd167b20, flags=0, m=0xc986c800, nam=0x0, control=0x0, td=0xc6af6780) at /usr/src/sys/netinet/tcp_usrreq.c:698
error = 0
inp = (struct inpcb *) 0xc756e384
tp = (struct tcpcb *) 0xcab1fae0
unlocked = 1
#7 0xc0538024 in sosend (so=0xcd167b20, addr=0x0, uio=0xe8eddc34, top=0xc986c800, control=0x0, flags=128, td=0xc6af6780)
at /usr/src/sys/kern/uipc_socket.c:836
mp = (struct mbuf **) 0xc986c800
m = (struct mbuf *) 0xc986c800
space = 71637
len = 43
resid = 0
clen = -913913856
error = 0
dontroute = 0
atomic = 0
#8 0xc053eb94 in kern_sendit (td=0xc6af6780, s=16, mp=0xe8eddcb0, flags=128, control=0x0, segflg=UIO_USERSPACE) at /usr/src/sys/kern/uipc_syscalls.c:772
fp = (struct file *) 0xc6a248b8
auio = {uio_iov = 0xe8eddca8, uio_iovcnt = 1, uio_offset = 43, uio_resid = 0, uio_segflg = UIO_USERSPACE, uio_rw = UIO_WRITE, uio_td = 0xc6af6780}
iov = (struct iovec *) 0x0
so = (struct socket *) 0xcd167b20
i = 0
len = 43
error = 0
ktruio = (struct uio *) 0x0
#9 0xc053ea1d in sendit (td=0x0, s=0, mp=0xe8eddcb0, flags=0) at /usr/src/sys/kern/uipc_syscalls.c:712
control = (struct mbuf *) 0x0
to = (struct sockaddr *) 0x0
error = -867534752
#10 0xc053ed8a in sendto (td=0x0, uap=0x0) at /usr/src/sys/kern/uipc_syscalls.c:830
msg = {msg_name = 0x0, msg_namelen = 0, msg_iov = 0xe8eddca8, msg_iovlen = 1, msg_control = 0x0, msg_controllen = 3427432544, msg_flags = 0}
aiov = {iov_base = 0x81a3a17, iov_len = 0}
error = 0
#11 0xc06682db in syscall (frame=
{tf_fs = -1078001605, tf_es = 1747386427, tf_ds = -1078001605, tf_edi = 138327552, tf_esi = 43, tf_ebp = -1077943256, tf_isp = -387064476, tf_ebx = 1748313312, tf_edx = 43, tf_ecx = 128, tf_eax = 133, tf_trapno = 0, tf_err = 2, tf_eip = 1748138419, tf_cs = 51, tf_eflags = 2097798, tf_esp = -1077943300, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:984
params = 0xbfbfe400 <Address 0xbfbfe400 out of bounds>
callp = (struct sysent *) 0xc06bbf1c
td = (struct thread *) 0xc6af6780
p = (struct proc *) 0xcc4a7860
orig_tf_eflags = 2097798
sticks = 622
error = 0
narg = 6
args = {16, 135936492, 43, 128, 0, 0, -387064532, -1067092312}
code = 133
#12 0xc065074f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200
No locals.
#13 0x00000033 in ?? ()
No symbol table info available.
And today:
kgdb kernel.debug /var/crash/vmcore.1
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
panic: rtfree: NULL rnh
cpuid = 7
Uptime: 1d17h38m0s
Dumping 2046 MB (2 chunks)
chunk 0: 1MB (156 pages) ... ok
chunk 1: 2047MB (523872 pages) 2031 2015 1999 1983 1967 1951 1935 1919 1903 1887 1871 1855 1839 1823 1807 1791 1775 1759 1743 1727 1711 1695 1679 1663 1647 1631 1615 1599 1583 1567 1551 1535 1519 1503 1487 1471 1455 1439 1423 1407 1391 1375 1359 1343 1327 1311 1295 1279 1263 1247 1231 1215 1199 1183 1167 1151 1135 1119 1103 1087 1071 1055 1039 1023 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 3 83 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc04f225a in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
first_buf_printf = 1
#2 0xc04f260b in panic (fmt=0xc069b980 "rtfree: NULL rnh") at /usr/src/sys/kern/kern_shutdown.c:565
td = (struct thread *) 0xc6127900
bootopt = 260
newpanic = 0
ap = 0xc6127900 "`h\022Æ`@ÿÅ"
buf = "rtfree: NULL rnh", '\0' <repeats 239 times>
#3 0xc05808e7 in rtfree (rt=0xc6161c00) at /usr/src/sys/net/route.c:240
rnh = (struct radix_node_head *) 0x0
#4 0xc0598aa3 in ip_output (m=0xc920a100, opt=0xc6161c00, ro=0xe681fa80, flags=0, imo=0x0, inp=0xc95d3a8c) at /usr/src/sys/netinet/ip_output.c:835
ip = (struct ip *) 0xc920a140
ifp = (struct ifnet *) 0xc6161c00
m0 = (struct mbuf *) 0x1
hlen = 20
len = -971867904
error = 0
dst = (struct sockaddr_in *) 0xe681fa84
ia = (struct in_ifaddr *) 0xc62a4c00
isbroadcast = 0
sw_csum = 1
iproute = {ro_rt = 0xc6460000, ro_dst = {sa_len = 16 '\020', sa_family = 2 '\002', sa_data = "\000\000\177\000\000\001\000\000\000\000\000\000\000"}}
odst = {s_addr = 1}
fwd_tag = (struct m_tag *) 0x0
#5 0xc05a2ce0 in tcp_output (tp=0xc76d4cb0) at /usr/src/sys/netinet/tcp_output.c:1080
so = (struct socket *) 0xc94292c8
len = 32
recwin = 71680
sendwin = -920608428
off = 0
flags = 24
error = 0
m = (struct mbuf *) 0xc920a100
ip = (struct ip *) 0xc920a140
th = (struct tcphdr *) 0xc920a154
opt = "\001\001\b\n\bîçï\bîç\201\220\223BÉ\0009vÆ\000\000\000\000\220\223BÉ`û\201æîÁSÀ\220\223BÉ"
ipoptlen = 0
optlen = 12
hdrlen = 52
idle = 1
sendalot = 0
i = -961414496
sack_rxmit = 0
sack_bytes_rxmt = 0
p = (struct sackhole *) 0x0
#6 0xc05a997f in tcp_usr_send (so=0xc94292c8, flags=0, m=0xc6763900, nam=0x0, control=0x0, td=0xc6127900) at /usr/src/sys/netinet/tcp_usrreq.c:698
error = 0
inp = (struct inpcb *) 0xc95d3a8c
tp = (struct tcpcb *) 0xc76d4cb0
unlocked = 1
#7 0xc0538024 in sosend (so=0xc94292c8, addr=0x0, uio=0xe681fc34, top=0xc6763900, control=0x0, flags=128, td=0xc6127900)
at /usr/src/sys/kern/uipc_socket.c:836
mp = (struct mbuf **) 0xc6763900
m = (struct mbuf *) 0xc6763900
space = 71648
len = 32
resid = 0
clen = -965330688
error = 0
dontroute = 0
atomic = 0
#8 0xc053eb94 in kern_sendit (td=0xc6127900, s=16, mp=0xe681fcb0, flags=128, control=0x0, segflg=UIO_USERSPACE) at /usr/src/sys/kern/uipc_syscalls.c:772
fp = (struct file *) 0xc6504558
auio = {uio_iov = 0xe681fca8, uio_iovcnt = 1, uio_offset = 32, uio_resid = 0, uio_segflg = UIO_USERSPACE, uio_rw = UIO_WRITE, uio_td = 0xc6127900}
iov = (struct iovec *) 0x0
so = (struct socket *) 0xc94292c8
i = 0
len = 32
error = 0
ktruio = (struct uio *) 0x0
#9 0xc053ea1d in sendit (td=0x0, s=0, mp=0xe681fcb0, flags=0) at /usr/src/sys/kern/uipc_syscalls.c:712
control = (struct mbuf *) 0x0
to = (struct sockaddr *) 0x0
error = -971872160
#10 0xc053ed8a in sendto (td=0x0, uap=0x0) at /usr/src/sys/kern/uipc_syscalls.c:830
msg = {msg_name = 0x0, msg_namelen = 0, msg_iov = 0xe681fca8, msg_iovlen = 1, msg_control = 0x0, msg_controllen = 3323095136, msg_flags = 0}
aiov = {iov_base = 0x819df64, iov_len = 0}
error = 0
#11 0xc06682db in syscall (frame=
{tf_fs = 1754660923, tf_es = 1754660923, tf_ds = -1078001605, tf_edi = 137748992, tf_esi = 32, tf_ebp = -1077951208, tf_isp = -427688604, tf_ebx = 1748313312, tf_edx = 32, tf_ecx = 128, tf_eax = 133, tf_trapno = 22, tf_err = 2, tf_eip = 1748138419, tf_cs = 51, tf_eflags = 2097798, tf_esp = -1077951252, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:984
params = 0xbfbfc4f0 <Address 0xbfbfc4f0 out of bounds>
callp = (struct sysent *) 0xc06bbf1c
td = (struct thread *) 0xc6127900
p = (struct proc *) 0xc6126860
orig_tf_eflags = 2097798
sticks = 8929
error = 0
narg = 6
args = {16, 135913284, 32, 128, 0, 0, 8929, -971872160}
code = 133
#12 0xc065074f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200
No locals.
#13 0x00000033 in ?? ()
No symbol table info available.
Previous frame inner to this frame (corrupt stack?)
What can I do to help solve this problem?
6.3-RELEASE, SCHED_4BSD, 2x dual core Xeon + HT
Family: 15 Model: 6 Stepping: 4 Type: 0 Brand: 0
CPU Model: Unknown CPU Original OEM
Processor name string: Intel(R) Xeon(TM) CPU 3.20GHz
Feature flags:
fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflsh ds acpi mmx fxsr sse sse2 ss ht tm pbe sse3 monitor ds-cpl vmx cntx-id cx16 xTPR
Extended feature flags:
em64t lahf_lm
Cache info
Instruction trace cache: 12K uOps, 8-way associative.
L1 Data cache: 16KB, sectored, 8-way associative. 64 byte line size.
L2 unified cache: 2MB, sectored, 8-way associative. 64 byte line size.
TLB info
Instruction TLB: 4K, 2MB or 4MB pages, fully associative, 64 entries.
Data TLB: 4KB or 4MB pages, fully associative, 64 entries.
The physical package supports 4 logical processors
--
WNGS-RIPE
KP Media / bigmir)net
More information about the freebsd-net
mailing list