Subject: kern/12591: my 1.5.1_BETA box does not boot clean
To: None <gnats-bugs@gnats.netbsd.org>
From: None <itojun@itojun.org>
List: netbsd-bugs
Date: 04/10/2001 09:14:38
>Number: 12591
>Category: kern
>Synopsis: my 1.5.1_BETA box does not boot clean
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Apr 09 17:15:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Jun-ichiro itojun Hagino
>Release: 1.5.1_BETA
>Organization:
itojun.org
>Environment:
System: NetBSD coconut.itojun.org 1.5.1_BETA NetBSD 1.5.1_BETA (COCONUT) #2: Tue Apr 10 08:06:12 JST 2001 itojun@coconut.itojun.org:/export/home/itojun/NetBSD15/src/sys/arch/i386/compile/COCONUT i386
>Description:
somehow, my 1.5.1_BETA box does not boot clean. after tapping
"fastboot", there will be a kernel panic in icmp6_error.
it seems that, for some reason, incorrect pointer is passed to mbuf
allocation routine (called from M_PREPEND). or maybe there's some
locking issue. i'm not sure why icmp6_error is visited here.
not sure if the kernel panic trace is too trustworthy, but anyway,
it happened more than one time. the machine is running NFS server
as well as client.
% diff -u1 GENERIC COCONUT
--- GENERIC Wed Dec 13 06:28:24 2000
+++ COCONUT Sun Apr 8 10:53:38 2001
@@ -63,7 +63,7 @@
#options KMEMSTATS # kernel memory statistics (vmstat -m)
-options DDB # in-kernel debugger
-options DDB_HISTORY_SIZE=512 # enable history editing in DDB
+#options DDB # in-kernel debugger
+#options DDB_HISTORY_SIZE=512 # enable history editing in DDB
#options KGDB # remote debugger
#options "KGDB_DEVNAME=\"com\"",KGDBADDR=0x3f8,KGDBRATE=9600
-#makeoptions DEBUG="-g" # compile full symbol table
+makeoptions DEBUG="-g" # compile full symbol table
@@ -107,3 +107,3 @@
options QUOTA # UFS quotas
-#options FFS_EI # FFS Endian Independent support
+options FFS_EI # FFS Endian Independent support
options SOFTDEP # FFS soft updates support.
@@ -117,4 +117,4 @@
options INET6 # IPV6
-#options IPSEC # IP security
-#options IPSEC_ESP # IP security (encryption part; define w/IPSEC)
+options IPSEC # IP security
+options IPSEC_ESP # IP security (encryption part; define w/IPSEC)
#options IPSEC_DEBUG # debug for IP security
@@ -829,3 +829,3 @@
pseudo-device ipip 2 # IP Encapsulation within IP (RFC 2003)
-pseudo-device gif 4 # IPv[46] over IPv[46] tunnel (RFC1933)
+pseudo-device gif 8 # IPv[46] over IPv[46] tunnel (RFC1933)
#pseudo-device faith 1 # IPv[46] tcp relay translation i/f
% dmesg
4:a7
fatal page fault in supervisor mode
trap type 6 code 0 eip c0251181 cs 8 eflags 10246 cr2 2c cpl c0000000
panic: trap
syncing disks... 5 done
dumping to dev 0,1 offset 527103
dump 254 253 252 251 250 249 248 247 246 245 244 243 242 241 240 239 238 237 236 235 234 233 232 231 230 229 228 227 226 225 224 223 222 221 220 219 218 217 216 215 214 213 212 211 210 209 208 207 206 205 204 203 202 201 200 199 198 197 196 195 194 193 192 191 190 189 188 187 186 185 184 183 182 181 180 179 178 177 176 175 174 173 172 171 170 169 168 167 166 165 164 163 162 161 160 159 158 157 156 155 154 153 152 151 150 149 148 147 146 145 144 143 142 141 140 139 138 137 136 135 134 133 132 131 130 129 128 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 NetBSD 1.5.1_BETA (COCONUT) #2: Tue Apr 10 08:06:12 JST 2001
itojun@coconut.itojun.org:/export/home/itojun/NetBSD15/src/sys/arch/i386/compile/COCONUT
cpu0: IDT Pentium Pro compatible (686-class), 551.30 MHz
total memory = 254 MB
avail memory = 231 MB
using 3284 buffers containing 13136 KB of memory
BIOS32 rev. 0 found at 0xfb1a0
mainbus0 (root)
pci0 at mainbus0 bus 0: configuration mode 1
pci0: i/o space, memory space enabled
pchb0 at pci0 dev 0 function 0
pchb0: Intel 82810E Memory Controller Hub (rev. 0x03)
vga1 at pci0 dev 1 function 0: Intel 82810E Graphics Controller (rev. 0x03)
wsdisplay0 at vga1
ppb0 at pci0 dev 30 function 0: Intel 82801AA Hub-to-PCI Bridge (rev. 0x02)
pci1 at ppb0 bus 1
pci1: i/o space, memory space enabled
fxp0 at pci1 dev 8 function 0: Intel i82557 Ethernet, rev 8
fxp0: interrupting at irq 11
fxp0: Ethernet address 00:ae:d0:00:00:3b, 10/100 Mb/s
inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 4
inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
pcib0 at pci0 dev 31 function 0
pcib0: Intel 82801AA LPC Interface Bridge (rev. 0x02)
pciide0 at pci0 dev 31 function 1: Intel 82801AA IDE Controller (ICH) (rev. 0x02)
pciide0: bus-master DMA support present
pciide0: primary channel wired to compatibility mode
wd0 at pciide0 channel 0 drive 0: <TOSHIBA MK3017GAP>
wd0: drive supports 16-sector pio transfers, lba addressing
wd0: 28615 MB, 16383 cyl, 16 head, 63 sec, 512 bytes/sect x 58605120 sectors
wd0: 32-bit data port
wd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 4
pciide0: primary channel interrupting at irq 14
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 (using DMA data transfers)
pciide0: secondary channel wired to compatibility mode
pciide0: disabling secondary channel (no drives)
Intel 82801AA SMBus Controller (SMBus serial bus, revision 0x02) at pci0 dev 31 function 3 not configured
Intel 82801AA AC-97 Audio Controller (audio multimedia, revision 0x02) at pci0 dev 31 function 5 not configured
isa0 at pcib0
com0 at isa0 port 0x3f8-0x3ff irq 4: ns16550a, working fifo
com0: console
com1 at isa0 port 0x2f8-0x2ff irq 3: ns16550a, working fifo
pckbc0 at isa0 port 0x60-0x64
lpt0 at isa0 port 0x378-0x37b irq 7
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
isapnp0 at isa0 port 0x279: ISA Plug 'n Play device support
npx0 at isa0 port 0xf0-0xff: using exception 16
isapnp0: no ISA Plug 'n Play devices found
biomask f767 netmask ff67 ttymask ffe7
IPsec: Initialized Security Association Processing.
boot device: wd0
root on wd0a dumps on wd0b
root file system type: ffs
wsdisplay0: screen 1 added (80x25, vt100 emulation)
wsdisplay0: screen 2 added (80x25, vt100 emulation)
wsdisplay0: screen 3 added (80x25, vt100 emulation)
wsdisplay0: screen 4 added (80x25, vt100 emulation)
wsmux1: connecting to wsdisplay0
uvm_fault(0xd228c3ac, 0x0, 0, 1) -> 1
fatal page fault in supervisor mode
trap type 6 code 0 eip c0251181 cs 8 eflags 10246 cr2 2c cpl c0000000
panic: trap
syncing disks... uvm_fault(0xd228c3ac, 0x0, 0, 1) -> 1
fatal page fault in supervisor mode
trap type 6 code 0 eip c0251181 cs 8 eflags 10246 cr2 2c cpl c0000000
panic: trap
dumping to dev 0,1 offset 527103
dump 254 253 252 251 250 249 248 247 246 245 244 243 242 241 240 239 238 237 236 235 234 233 232 231 230 229 228 227 226 225 224 223 222 221 220 219 218 217 216 215 214 213 212 211 210 209 208 207 206 205 204 203 202 201 200 199 198 197 196 195 194 193 192 191 190 189 188 187 186 185 184 183 182 181 180 179 178 177 176 175 174 173 172 171 170 169 168 167 166 165 164 163 162 161 160 159 158 157 156 155 154 153 152 151 150 149 148 147 146 145 144 143 142 141 140 139 138 137 136 135 134 133 132 131 130 129 128 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 NetBSD 1.5.1_BETA (COCONUT) #2: Tue Apr 10 08:06:12 JST 2001
itojun@coconut.itojun.org:/export/home/itojun/NetBSD15/src/sys/arch/i386/compile/COCONUT
cpu0: IDT Pentium Pro compatible (686-class), 551.28 MHz
total memory = 254 MB
avail memory = 231 MB
using 3284 buffers containing 13136 KB of memory
BIOS32 rev. 0 found at 0xfb1a0
mainbus0 (root)
pci0 at mainbus0 bus 0: configuration mode 1
pci0: i/o space, memory space enabled
pchb0 at pci0 dev 0 function 0
pchb0: Intel 82810E Memory Controller Hub (rev. 0x03)
vga1 at pci0 dev 1 function 0: Intel 82810E Graphics Controller (rev. 0x03)
wsdisplay0 at vga1: console (80x25, vt100 emulation)
ppb0 at pci0 dev 30 function 0: Intel 82801AA Hub-to-PCI Bridge (rev. 0x02)
pci1 at ppb0 bus 1
pci1: i/o space, memory space enabled
fxp0 at pci1 dev 8 function 0: Intel i82557 Ethernet, rev 8
fxp0: interrupting at irq 11
fxp0: Ethernet address 00:ae:d0:00:00:3b, 10/100 Mb/s
inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 4
inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
pcib0 at pci0 dev 31 function 0
pcib0: Intel 82801AA LPC Interface Bridge (rev. 0x02)
pciide0 at pci0 dev 31 function 1: Intel 82801AA IDE Controller (ICH) (rev. 0x02)
pciide0: bus-master DMA support present
pciide0: primary channel wired to compatibility mode
wd0 at pciide0 channel 0 drive 0: <TOSHIBA MK3017GAP>
wd0: drive supports 16-sector pio transfers, lba addressing
wd0: 28615 MB, 16383 cyl, 16 head, 63 sec, 512 bytes/sect x 58605120 sectors
wd0: 32-bit data port
wd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 4
pciide0: primary channel interrupting at irq 14
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 (using DMA data transfers)
pciide0: secondary channel wired to compatibility mode
pciide0: disabling secondary channel (no drives)
Intel 82801AA SMBus Controller (SMBus serial bus, revision 0x02) at pci0 dev 31 function 3 not configured
Intel 82801AA AC-97 Audio Controller (audio multimedia, revision 0x02) at pci0 dev 31 function 5 not configured
isa0 at pcib0
com0 at isa0 port 0x3f8-0x3ff irq 4: ns16550a, working fifo
com1 at isa0 port 0x2f8-0x2ff irq 3: ns16550a, working fifo
pckbc0 at isa0 port 0x60-0x64
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
lpt0 at isa0 port 0x378-0x37b irq 7
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
isapnp0 at isa0 port 0x279: ISA Plug 'n Play device support
npx0 at isa0 port 0xf0-0xff: using exception 16
isapnp0: no ISA Plug 'n Play devices found
biomask f765 netmask ff65 ttymask ffe7
IPsec: Initialized Security Association Processing.
boot device: wd0
root on wd0a dumps on wd0b
root file system type: ffs
wsdisplay0: screen 1 added (80x25, vt100 emulation)
wsdisplay0: screen 2 added (80x25, vt100 emulation)
wsdisplay0: screen 3 added (80x25, vt100 emulation)
wsdisplay0: screen 4 added (80x25, vt100 emulation)
wsmux1: connecting to wsdisplay0
% gdb netbsd.gdb
GNU gdb 4.17
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386--netbsd"...
(gdb) target kcore netbsd.0.core
panic: trap
#0 0xc0443a3b in i386_features ()
(gdb) backtrace
#0 0xc0443a3b in i386_features ()
#1 0xde05000 in ?? ()
#2 0xc03083bb in cpu_reboot (howto=260, bootstr=0x0)
at ../../../../arch/i386/i386/machdep.c:1149
#3 0xc01b9d3f in panic () at ../../../../kern/subr_prf.c:240
#4 0xc0310129 in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -1062726400,
tf_esi = -769654752, tf_ebp = -766301068, tf_ebx = -1062726192,
tf_edx = 1073709310, tf_ecx = 4, tf_eax = 0, tf_trapno = 6, tf_err = 0,
tf_eip = -1071312511, tf_cs = 8, tf_eflags = 66118,
tf_esp = -1062726400, tf_ss = -769654752, tf_vm86_es = 0,
tf_vm86_ds = 4, tf_vm86_fs = 1, tf_vm86_gs = 120})
at ../../../../arch/i386/i386/trap.c:308
#5 0xc0100f21 in calltrap ()
#6 0xc024e7d0 in icmp6_error (m=0xc0a36800, type=1, code=4, param=0)
at ../../../../netinet6/icmp6.c:282
#7 0xc02464d6 in udp6_input (mp=0xd2532d60, offp=0xd2532d50, proto=17)
at ../../../../netinet/udp_usrreq.c:423
#8 0xc025aade in ip6_input (m=0xc0a36800)
at ../../../../netinet6/ip6_input.c:723
#9 0xc025a0d0 in ip6intr () at ../../../../netinet6/ip6_input.c:223
#10 0xc0102019 in Xsoftnet ()
#11 0xc0308393 in cpu_reboot (howto=256, bootstr=0x0)
at ../../../../arch/i386/i386/machdep.c:1136
---Type <return> to continue, or q <return> to quit---
#12 0xc01b9d3f in panic () at ../../../../kern/subr_prf.c:240
#13 0xc0310129 in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -1063031040,
tf_esi = -769716192, tf_ebp = -766300492, tf_ebx = -1063030832,
tf_edx = 1073709310, tf_ecx = 4, tf_eax = 0, tf_trapno = 6, tf_err = 0,
tf_eip = -1071312511, tf_cs = 8, tf_eflags = 66118,
tf_esp = -1063031040, tf_ss = -769716192, tf_vm86_es = 0,
tf_vm86_ds = 4, tf_vm86_fs = 1, tf_vm86_gs = 120})
at ../../../../arch/i386/i386/trap.c:308
#14 0xc0100f21 in calltrap ()
#15 0xc024e7d0 in icmp6_error (m=0xc0a81000, type=1, code=4, param=0)
at ../../../../netinet6/icmp6.c:282
#16 0xc02464d6 in udp6_input (mp=0xd2532fa0, offp=0xd2532f90, proto=17)
at ../../../../netinet/udp_usrreq.c:423
#17 0xc025aade in ip6_input (m=0xc0a81000)
at ../../../../netinet6/ip6_input.c:723
#18 0xc025a0d0 in ip6intr () at ../../../../netinet6/ip6_input.c:223
#19 0xc0102019 in Xsoftnet ()
can not access 0xbfbfdc00, invalid translation (invalid PDE)
can not access 0xbfbfdc00, invalid translation (invalid PDE)
Cannot access memory at address 0xbfbfdc00.
(gdb) frame 5
#5 0xc0100f21 in calltrap ()
(gdb) frame 6
#6 0xc024e7d0 in icmp6_error (m=0xc0a36800, type=1, code=4, param=0)
at ../../../../netinet6/icmp6.c:282
282 icmp6_reflect(m, sizeof(struct ip6_hdr)); /*header order: IPv6 - ICMPv6*/
(gdb) list
277 * information in ip header (nip6).
278 */
279 m->m_pkthdr.rcvif = NULL;
280
281 icmp6stat.icp6s_outhist[type]++;
282 icmp6_reflect(m, sizeof(struct ip6_hdr)); /*header order: IPv6 - ICMPv6*/
283
284 return;
285
286 freeit:
(gdb) print m
$1 = (struct mbuf *) 0xc0000000
(gdb) print type
$2 = 1
(gdb)
>How-To-Repeat:
reboot my mail server.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: