Subject: kern/22775: panic with current-20030913-152310 in key_delsp()
To: None <gnats-bugs@gnats.netbsd.org>
From: Frank Kardel <kardel@acm.org>
List: netbsd-bugs
Date: 09/13/2003 19:55:52
>Number:         22775
>Category:       kern
>Synopsis:       key_delsp incurrs a uvm_fault() -> 0xe during rc startup ifconfig
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Sep 13 17:56:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Frank Kardel
>Release:        NetBSD 1.6Y (Userland) 1.6ZA (Kernel)
>Organization:
	
>Environment:
System: NetBSD 1.6ZA (PIP) #5: Sat Sep 13 18:19:55 MEST 2003 kardel@pip:/fs/IC35L120AVV207-0-e/src/NetBSD/netbsd/sys/arch/i386/compile/obj.i386/PIP
Architecture: i386
Machine: i386
>Description:
	When booting a current-20030913-152310 1.6ZA kernel with a 1.6Y userland the kernel panic when
	configuring ip6.

	The dmesg output is (boot kernel information follows):

wd2 at pciide1 channel 1 drive 0: <IC35L120AVV207-1>
wd2: drive supports 16-sector PIO transfers, LBA48 addressing
wd2: 115 GB, 239340 cyl, 16 head, 63 sec, 512 bytes/sect x 241254720 sectors
wd2: 32-bit data port
wd2: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 5 (Ultra/100)
wd3 at pciide1 channel 1 drive 1: <IBM-DTTA-351010>
wd3: drive supports 16-sector PIO transfers, LBA addressing
wd3: 9671 MB, 19650 cyl, 16 head, 63 sec, 512 bytes/sect x 19807200 sectors
wd3: 32-bit data port
wd3: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 2 (Ultra/33)
pciide1: secondary channel interrupting at ioapic0 pin 15 (irq 15)
wd2(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5 (Ultra/100) (using DMA data transfers)
wd3(pciide1:1:1): using PIO mode 4, Ultra-DMA mode 2 (Ultra/33) (using DMA data transfers)
auvia0 at pci0 dev 17 function 5: VIA VT8235 AC'97 Audio (rev 0x50)
auvia0: interrupting at ioapic0 pin 22 (irq 9)
auvia0: ac97: Avance Logic ALC650 codec; 20 bit DAC, 18 bit ADC, Realtek 3D
auvia0: ac97: ext id 5c7<AC97_22,LDAC,SDAC,CDAC,SPDIF,DRA,VRA>
audio0 at auvia0: full duplex, mmap, independent
isa0 at pcib0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
isapnp0 at isa0 port 0x279: ISA Plug 'n Play device support
isapnp0: no ISA Plug 'n Play devices found
ioapic0: enabling
IPsec: Initialized Security Association Processing.
fw0 at fwohci0: 00:e0:18:00:00:0e:37:67:0a:02:ff:ff:f0:01:00:00
scsibus0: waiting 2 seconds for devices to settle...
uhub0: port error, restarting port 1
uhub0: port error, giving up port 1
uhub0: port error, restarting port 2
uhub0: port error, giving up port 2
uhub1: port error, restarting port 1
uhub1: port error, giving up port 1
uhub1: port error, restarting port 2
uhub1: port error, giving up port 2
uhub2: port error, restarting port 1
uhub2: port error, giving up port 1
uhub3 at uhub0 port 2
uhub3: Texas Instruments UT-USB41 hub, class 9/0, rev 1.10/1.10, addr 2
uhub3: 4 ports with 4 removable, self powered
umass0 at uhub2 port 1 configuration 1 interface 0
umass0: Pen Drive product 0x1300, rev 1.10/0.50, addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets, 1 lun per target
uhub2: port error, restarting port 2
uhub2: port error, giving up port 2
uhidev0 at uhub3 port 1 configuration 1 interface 0
uhidev0: Microsoft Microsoft IntelliMouse M-. with IntelliEye, rev 1.10/1.01, addr 3, iclass 3/1
ums0 at uhidev0: 3 buttons and Z dir.
wsmouse0 at ums0 mux 0
cd0 at scsibus0 target 5 lun 0: <YAMAHA, CRW-F1S, 1.0g> cdrom removable
cd0: sync (50.00ns offset 15), 8-bit (20.000MB/s) transfers
st0 at scsibus0 target 8 lun 0: <SONY, SDT-10000, 0101> tape removable
st0: drive empty
st0: sync (50.00ns offset 8), 16-bit (40.000MB/s) transfers
sd0 at scsibus1 target 0 lun 0: <Acer USB, 2.0 Flash Stick, 1.02> disk removable
sd0: fabricating a geometry
sd0: 248 MB, 248 cyl, 64 head, 32 sec, 512 bytes/sect x 507904 sectors
umodem0 at uhub3 port 2 configuration 2 interface 0
umodem0: Lucent Technologies, Inc. ELSA Modem Board, rev 1.00/1.00, addr 4, iclass 2/2
umodem0: data interface 1, has CM over data, has break
umodem0: status change notification available
ucom0 at umodem0
sd0: fabricating a geometry
findroot: can't open dev sd0a (6)
boot device: wd1
root on wd1a dumps on wd1b
mountroot: trying smbfs...
mountroot: trying coda...
mountroot: trying msdos...
mountroot: trying cd9660...
mountroot: trying ntfs...
mountroot: trying nfs...
mountroot: trying lfs...
mountroot: trying ext2fs...
mountroot: trying ffs...
root file system type: ffs
init: copying out flags `-s' 3
init: copying out path `/sbin/init' 11
IP Filter: v3.4.29 initialized.  Default = block all, Logging = enabled
ip6_output: Invalid policy found. -246
uvm_fault(0xe41c3540, 0, 0, 1) -> 0xe
key_delsp(c1760280,5dc,0,c15d81d8,c16f0034) at netbsd:key_delsp+0x45
key_freesp(c1760280,e4dc485c,c16f0034,2,e4dc4864) at netbsd:key_freesp+0x38
ip6_output(c15d8100,c04b48e0,e4dc48b4,1,e4dc4924) at netbsd:ip6_output+0x16a
mld6_sendpkt(c15d7900,83,0,7,40) at netbsd:mld6_sendpkt+0x34d
mld6_start_listening(c15d7900,80206931,e4dc49b4,c15c0a50,1) at netbsd:mld6_start_listening+0x70
in6_addmulti(e4dc4bdc,c16f0034,e4dc4b50,e4dc4ce4,e4dc4ce4) at netbsd:in6_addmulti+0x25a
in6_joingroup(c16f0034,e4dc4bdc,e4dc4b50,1,c182d430) at netbsd:in6_joingroup+0x47
in6_update_ifa(c16f0034,e4dc4ce4,c17c4700,c037ae56,c16f0000) at netbsd:in6_update_ifa+0x32a
in6_ifattach_linklocal(c16f0034,0,c074b940,0,0) at netbsd:in6_ifattach_linklocal+0xc9
in6_ifattach(c16f0034,0,8040691a,8040691a,0) at netbsd:in6_ifattach+0xb0
in6_if_up(c16f0034,8040691a,e4dc4ea4,c16f0034,e4258de4) at netbsd:in6_if_up+0x1b
ifioctl(c1844000,8040691a,e4dc4ea4,e4258de4,c06bea40) at netbsd:ifioctl+0x1a4
sys_ioctl(e41c6a50,e4dc4f64,e4dc4f5c,48113000,48113272) at netbsd:sys_ioctl+0x14f
syscall_plain(e4dc4fa8,1f,1f,1f,1f) at netbsd:syscall_plain+0x7b
syncing disks... ip_output: Invalid policy found. 3
ip_output: Invalid policy found. 3
ip_output: Invalid policy found. 3
5 done
unmounting /var (/fs/IC35L060-0-f/var)...
unmounting /fs/IC35L060-0-f (/dev/wd0f)...
unmounting /usr (/dev/wd1g)...
unmounting / (/dev/wd1a)...
NetBSD 1.6ZA (PIP) #5: Sat Sep 13 18:19:55 MEST 2003
	kardel@pip:/fs/IC35L120AVV207-0-e/src/NetBSD/netbsd/sys/arch/i386/compile/obj.i386/PIP
total memory = 1023 MB
avail memory = 944 MB
using 6144 buffers containing 52508 KB of memory
BIOS32 rev. 0 found at 0xf1aa0
mainbus0 (root)
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD K7 (Athlon) XP 2800+ (686-class), 2083.24 MHz, id 0x6a0
cpu0: features c3c3fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR>
cpu0: features c3c3fbff<PGE,MCA,CMOV,PAT,PSE36,MMXX,MMX>
cpu0: features c3c3fbff<FXSR,SSE,3DNOW2,3DNOW>
cpu0: I-cache 64 KB 64b/line 2-way, D-cache 64 KB 64b/line 2-way
cpu0: L2 cache 512 KB 64b/line 16-way
cpu0: ITLB 16 4 KB entries fully associative, 8 4 MB entries fully associative
cpu0: DTLB 32 4 KB entries fully associative, 8 4 MB entries 4-way
cpu0: calibrating local timer
cpu0: apic clock running at 333 MHz
cpu0: 8 page colors
ioapic0 at mainbus0 apid 2 (I/O APIC)
ioapic0: pa 0xfec00000, version 3, 24 pins
ioapic0: misconfigured as apic 0
ioapic0: remapped to apic 2
acpi0 at mainbus0
acpi0: using Intel ACPI CA subsystem version 20030228
acpi0: X/RSDT: OemId <ASUS  ,A7V8X   ,42302e31>, AslId <MSFT,31313031>
acpi0: SCI interrupting at int 9
acpi0: fixed-feature power button present
ACPI Object Type 'Processor' (0x0c) at acpi0 not configured
acpibut0 at acpi0 (PNP0C0C): ACPI Power Button
PNP0C01 [System Board] at acpi0 not configured
PNP0C0F [PCI interrupt link device] at acpi0 not configured
PNP0C0F [PCI interrupt link device] at acpi0 not configured
PNP0C0F [PCI interrupt link device] at acpi0 not configured
PNP0C0F [PCI interrupt link device] at acpi0 not configured
PNP0C0F [PCI interrupt link device] at acpi0 not configured
PNP0C0F [PCI interrupt link device] at acpi0 not configured
PNP0A03 [PCI Bus] at acpi0 not configured
PNP0C02 [Plug and Play motherboard register resources] at acpi0 not configured
PNP0C02 [Plug and Play motherboard register resources] at acpi0 not configured
PNP0000 [AT Interrupt Controller] at acpi0 not configured
PNP0200 [AT DMA Controller] at acpi0 not configured
PNP0100 [AT Timer] at acpi0 not configured
PNP0B00 [AT Real-Time Clock] at acpi0 not configured
PNP0800 [AT-style speaker sound] at acpi0 not configured
npx1 at acpi0 (PNP0C04)
npx1: io 0xf0-0xff irq 13
npx1: using exception 16
fdc1 at acpi0 (PNP0700)
fdc1: io 0x3f2-0x3f5,0x3f7 irq 6 drq 2
fd0 at fdc1 drive 0: density unknown
lpt1 at acpi0 (PNP0401)
lpt1: io 0x378-0x37f,0x778-0x77b irq 7 drq 3
com2 at acpi0 (PNP0501-1)
com2: io 0x3f8-0x3ff irq 4
com2: ns16550a, working fifo
com3 at acpi0 (PNP0501-2)
com3: io 0x2f8-0x2ff irq 3
com3: ns16550a, working fifo
pckbc1 at acpi0 (PNP0303): kbd port
pckbc1: io 0x60,0x64 irq 1
PNPB02F [Joystick/Game port] at acpi0 not configured
PNP0C02 [Plug and Play motherboard register resources] at acpi0 not configured
pckbd: error setting scanset 2
pckbd0 at pckbc1 (kbd slot)
pckbc1: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
pci0 at mainbus0 bus 0: configuration mode 1
pci0: i/o space, memory space enabled, rd/line, rd/mult, wr/inv ok
pchb0 at pci0 dev 0 function 0
pchb0: VIA Technologies VT8377 Apollo KT400 CPU to PCI Bridge (rev. 0x00)
agp0 at pchb0: aperture at 0xf0000000, size 0x10000000
ppb0 at pci0 dev 1 function 0: VIA Technologies VT8377 CPU-AGP Bridge (rev. 0x00)
pci1 at ppb0 bus 1
pci1: i/o space, memory space enabled
vga0 at pci1 dev 0 function 0: Matrox MGA G400 AGP (rev. 0x82)
wsdisplay0 at vga0 kbdmux 1: console (80x25, vt100 emulation), using wskbd0
wsmux1: connecting to wsdisplay0
fwohci0 at pci0 dev 7 function 0: VIA Technologies VT3606 OHCI IEEE 1394 Controller (rev. 0x80)
fwohci0: interrupting at ioapic0 pin 17 (irq 10)
fwohci0: OHCI 1.0, 00:e0:18:00:00:0e:37:67, 400Mb/s, 2048 max_rec, 4 ir_ctx, 8 it_ctx
pciide0 at pci0 dev 8 function 0: Promise Serial ATA/150 TX2plus Bus Master IDE Accelerator (rev. 0x02)
pciide0: bus-master DMA support present
pciide0: primary channel configured to compatibility mode
pciide0: primary channel ignored (disabled)
pciide0: secondary channel configured to compatibility mode
pciide0: secondary channel ignored (disabled)
bge0 at pci0 dev 9 function 0: Broadcom BCM5702X Gigabit Ethernet
bge0: interrupting at ioapic0 pin 18 (irq 5)
bge0: ASIC BCM5703 A2, Ethernet address 00:e0:18:dd:34:6f
brgphy0 at bge0 phy 1: BCM5703 1000BASE-T media interface, rev. 2
brgphy0: using BCM5703 DSP patch
brgphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
isic0 at pci0 dev 10 function 0: ELSA QuickStep 1000pro/PCI
isic0: IPAC PSB2115 Version 1.1
isic0: interrupting at ioapic0 pin 16 (irq 11)
BRI 0 at isic0
ex0 at pci0 dev 11 function 0: 3Com 3c905B-TX 10/100 Ethernet (rev. 0x30)
ex0: interrupting at ioapic0 pin 19 (irq 9)
ex0: MAC address 00:10:5a:d8:53:54
exphy0 at ex0 phy 24: 3Com internal media interface
exphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
ahc0 at pci0 dev 12 function 0
ahc0: interrupting at ioapic0 pin 19 (irq 9)
ahc0: aic7880: Ultra Wide Channel A, SCSI Id=7, 16/253 SCBs
scsibus0 at ahc0: 16 targets, 8 luns per target
ex1 at pci0 dev 14 function 0: 3Com 3c905C-TX 10/100 Ethernet with mngmt (rev. 0x6c)
ex1: interrupting at ioapic0 pin 17 (irq 10)
ex1: MAC address 00:50:da:ee:ca:2e
bmtphy0 at ex1 phy 24: Broadcom 3c905C internal PHY, rev. 4
bmtphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
uhci0 at pci0 dev 16 function 0: VIA Technologies VT83C572 USB Controller (rev. 0x80)
uhci0: interrupting at ioapic0 pin 21 (irq 9)
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA Technologies UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1: VIA Technologies VT83C572 USB Controller (rev. 0x80)
uhci1: interrupting at ioapic0 pin 21 (irq 9)
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA Technologies UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2: VIA Technologies VT83C572 USB Controller (rev. 0x80)
uhci2: interrupting at ioapic0 pin 21 (irq 9)
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA Technologies UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
VIA Technologies VT8237 EHCI USB Controller (USB serial bus, interface 0x20, revision 0x82) at pci0 dev 16 function 3 not configured
pcib0 at pci0 dev 17 function 0
pcib0: VIA Technologies VT8235 (Apollo KT400) PCI-ISA Bridge (rev. 0x00)
pciide1 at pci0 dev 17 function 1: VIA Technologies VT8235 ATA133 controller
pciide1: bus-master DMA support present
pciide1: primary channel configured to compatibility mode
wd0 at pciide1 channel 0 drive 0: <IC35L060AVER07-0>
wd0: drive supports 16-sector PIO transfers, LBA addressing
wd0: 58644 MB, 119150 cyl, 16 head, 63 sec, 512 bytes/sect x 120103200 sectors
wd0: 32-bit data port
wd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 5 (Ultra/100)
wd1 at pciide1 channel 0 drive 1: <IBM-DTLA-305040>
wd1: drive supports 16-sector PIO transfers, LBA addressing
wd1: 39266 MB, 79780 cyl, 16 head, 63 sec, 512 bytes/sect x 80418240 sectors
wd1: 32-bit data port
wd1: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 5 (Ultra/100)
pciide1: primary channel interrupting at ioapic0 pin 14 (irq 14)
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 (Ultra/100) (using DMA data transfers)
wd1(pciide1:0:1): using PIO mode 4, Ultra-DMA mode 5 (Ultra/100) (using DMA data transfers)
pciide1: secondary channel configured to compatibility mode
wd2 at pciide1 channel 1 drive 0: <IC35L120AVV207-1>
wd2: drive supports 16-sector PIO transfers, LBA48 addressing
wd2: 115 GB, 239340 cyl, 16 head, 63 sec, 512 bytes/sect x 241254720 sectors
wd2: 32-bit data port
wd2: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 5 (Ultra/100)
wd3 at pciide1 channel 1 drive 1: <IBM-DTTA-351010>
wd3: drive supports 16-sector PIO transfers, LBA addressing
wd3: 9671 MB, 19650 cyl, 16 head, 63 sec, 512 bytes/sect x 19807200 sectors
wd3: 32-bit data port
wd3: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 2 (Ultra/33)
pciide1: secondary channel interrupting at ioapic0 pin 15 (irq 15)
wd2(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5 (Ultra/100) (using DMA data transfers)
wd3(pciide1:1:1): using PIO mode 4, Ultra-DMA mode 2 (Ultra/33) (using DMA data transfers)
auvia0 at pci0 dev 17 function 5: VIA VT8235 AC'97 Audio (rev 0x50)
auvia0: interrupting at ioapic0 pin 22 (irq 9)
auvia0: ac97: Avance Logic ALC650 codec; 20 bit DAC, 18 bit ADC, Realtek 3D
auvia0: ac97: ext id 5c7<AC97_22,LDAC,SDAC,CDAC,SPDIF,DRA,VRA>
audio0 at auvia0: full duplex, mmap, independent
isa0 at pcib0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
isapnp0 at isa0 port 0x279: ISA Plug 'n Play device support
isapnp0: no ISA Plug 'n Play devices found
ioapic0: enabling
IPsec: Initialized Security Association Processing.
fw0 at fwohci0: 00:e0:18:00:00:0e:37:67:0a:02:ff:ff:f0:01:00:00
scsibus0: waiting 2 seconds for devices to settle...
uhub0: port error, restarting port 1
uhub0: port error, giving up port 1
uhub0: port error, restarting port 2
uhub0: port error, giving up port 2
uhub1: port error, restarting port 1
uhub1: port error, giving up port 1
uhub1: port error, restarting port 2
uhub1: port error, giving up port 2
uhub2: port error, restarting port 1
uhub2: port error, giving up port 1
uhub3 at uhub0 port 2
uhub3: Texas Instruments UT-USB41 hub, class 9/0, rev 1.10/1.10, addr 2
uhub3: 4 ports with 4 removable, self powered
umass0 at uhub2 port 1 configuration 1 interface 0
umass0: Pen Drive product 0x1300, rev 1.10/0.50, addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets, 1 lun per target
uhub2: port error, restarting port 2
uhub2: port error, giving up port 2
uhidev0 at uhub3 port 1 configuration 1 interface 0
uhidev0: Microsoft Microsoft IntelliMouse M-. with IntelliEye, rev 1.10/1.01, addr 3, iclass 3/1
ums0 at uhidev0: 3 buttons and Z dir.
wsmouse0 at ums0 mux 0
cd0 at scsibus0 target 5 lun 0: <YAMAHA, CRW-F1S, 1.0g> cdrom removable
cd0: sync (50.00ns offset 15), 8-bit (20.000MB/s) transfers
st0 at scsibus0 target 8 lun 0: <SONY, SDT-10000, 0101> tape removable
st0: drive empty
st0: sync (50.00ns offset 8), 16-bit (40.000MB/s) transfers
sd0 at scsibus1 target 0 lun 0: <Acer USB, 2.0 Flash Stick, 1.02> disk removable
sd0: fabricating a geometry
sd0: 248 MB, 248 cyl, 64 head, 32 sec, 512 bytes/sect x 507904 sectors
umodem0 at uhub3 port 2 configuration 2 interface 0
umodem0: Lucent Technologies, Inc. ELSA Modem Board, rev 1.00/1.00, addr 4, iclass 2/2
umodem0: data interface 1, has CM over data, has break
umodem0: status change notification available
ucom0 at umodem0
sd0: fabricating a geometry
findroot: can't open dev sd0a (6)
boot device: wd1
root on wd1a dumps on wd1b
mountroot: trying smbfs...
mountroot: trying coda...
mountroot: trying msdos...
mountroot: trying cd9660...
mountroot: trying ntfs...
mountroot: trying nfs...
mountroot: trying lfs...
mountroot: trying ext2fs...
mountroot: trying ffs...
root file system type: ffs
init: copying out flags `-s' 3
init: copying out path `/sbin/init' 11

	Coredump is NOT available: It seems to be dumped correctly, but savecore claims that there is no
	core dump.
>How-To-Repeat:
	Build kernel. Boot (and at least my kernel crashes).
	FWIW: everything is built using gcc3.3.1 environment.

>Fix:
	?
>Release-Note:
>Audit-Trail:
>Unformatted: