Discussion:
page fault in fr_checkicmp6matchingstate
(too old to reply)
6***@6bone.informatik.uni-leipzig.de
2007-05-04 10:30:36 UTC
Permalink
Hello,

now the complete trace from the last crash:

kernel: page fault trap, code=0
Stopped at netbsd:fr_checkicmp6matchingstate+0x95: movw 0x4(%edi),%bx
db{0}> trace
fr_checkicmp6matchingstate(cbadaa48,0,28,cbaddaa48,8) at
netbsd:fr_checkicmp6matchingstate+0x95
fr_stlookup(cbadda48,c2affff8,cbadaa10,0,cbadda48) at
netbsd:fr_stlookup+0x2c4
fr_checkstate(cbadaa48,cbadaa44,cbadaa48,1,6) at
netbsd:fr_checkstate+0x21f
fr_check(c2afffd0,28,c1bc104c,1,cbadab50) at netbsd:fr_check+0x4bd
fr_check_wrapper6(0,cbadab50,c1bc104c,2,c1bc104c) at
netbsd:fr_check_wrapper6+0x23
pfil_run_hooks(c091b120,cbadabdc,c1bc104c,2,6bd50e60) at
netbsd:pfil_run_hooks+0x6e
ip6_output(c2afff00,0,cbadac98,4,0) at netbsd:ip6_output+0x891
icmp6_reflect(c2afff00,28,1,8000000,cb77f816) at
netbsd:icmp6_reflect+0x287
icmp6_error(c2affb00,2,0,500,c2afff00) at netbsd:icmp6_error+0x1b8
ip6_forward(c2accf00,0,c1bc104c,1,c1ba1120) at netbsd:ip6_forward+0x47d
ip6_input(c2accf00,7,cbadaf50,202,42) at netbsd:ip6_input+0x495
ip6intr(cbad0010,30,10,80010010,cbad7000 at netbsd:ip6intr+0x86
DDB lost frame for netbsd:Xsoftnet+0x56, trying 0xcbadaf58
Xsoftnet() at netbsd:Xsoftnet+0x56


You can download the screenshot from Loading Image...



thank you for you efforts
Uwe

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Pavel Cahyna
2007-05-06 12:54:58 UTC
Permalink
Post by 6***@6bone.informatik.uni-leipzig.de
Hello,
Do you have netbsd.gdb?

Pavel

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
6***@6bone.informatik.uni-leipzig.de
2007-05-07 04:58:51 UTC
Permalink
hello,

I am sorry, but I do not have a valid netbsd.gdb.
I will build a new kernel and resend all data at the next crash.


thank you for your efforts
Uwe

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
6***@6bone.informatik.uni-leipzig.de
2007-05-07 09:34:37 UTC
Permalink
hello,

now I can offer a complete trace with a matching netbsd.gdb

Loading Image...
http://139.18.25.35/netbsd.gdb


thank you for your efforts
Uwe

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Martti Kuparinen
2007-05-07 10:10:07 UTC
Permalink
What NetBSD version (and therefore what IPF version) are you using?

Martti

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
6***@6bone.informatik.uni-leipzig.de
2007-05-07 11:22:48 UTC
Permalink
the complete hard- and software description:

Uwe

NetBSD 3.1.0_PATCH (MYCONF.MP) #1: Wed Apr 18 08:09:02 CEST 2007
***@gate.ipv6.uni-leipzig.de:/usr/obj/sys/arch/i386/compile/MYCONF.MP
total memory = 1023 MB
avail memory = 992 MB
BIOS32 rev. 0 found at 0xf0010
mainbus0 (root)
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel (686-class), 2992.68 MHz, id 0xf43
cpu0: features bfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR>
cpu0: features bfebfbff<PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX>
cpu0: features bfebfbff<FXSR,SSE,SSE2,SS,HTT,TM,SBF>
cpu0: features2 641d<SSE3,MONITOR,DS-CPL,CID,xTPR>
cpu0: features3 20100000<EM64T>
cpu0: "Intel(R) Xeon(TM) CPU 3.00GHz"
cpu0: I-cache 12K uOp cache 8-way
cpu0: L2 cache 2 MB 64B/line 8-way
cpu0: ITLB 4K/4M: 64 entries
cpu0: DTLB 4K/4M: 64 entries
cpu0: using thermal monitor 1
cpu0: calibrating local timer
cpu0: apic clock running at 199 MHz
cpu0: 64 page colors
cpu1 at mainbus0: apid 6 (application processor)
cpu1: starting
cpu1: Intel (686-class), 2992.52 MHz, id 0xf43
cpu1: features bfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR>
cpu1: features bfebfbff<PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX>
cpu1: features bfebfbff<FXSR,SSE,SSE2,SS,HTT,TM,SBF>
cpu1: features2 641d<SSE3,MONITOR,DS-CPL,CID,xTPR>
cpu1: features3 20100000<EM64T>
cpu1: "Intel(R) Xeon(TM) CPU 3.00GHz"
cpu1: I-cache 12K uOp cache 8-way
cpu1: L2 cache 2 MB 64B/line 8-way
cpu1: ITLB 4K/4M: 64 entries
cpu1: DTLB 4K/4M: 64 entries
cpu1: using thermal monitor 1
cpu2 at mainbus0: apid 1 (application processor)
cpu2: starting
cpu2: Intel (686-class), 2992.51 MHz, id 0xf43
cpu2: features bfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR>
cpu2: features bfebfbff<PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX>
cpu2: features bfebfbff<FXSR,SSE,SSE2,SS,HTT,TM,SBF>
cpu2: features2 641d<SSE3,MONITOR,DS-CPL,CID,xTPR>
cpu2: features3 20100000<EM64T>
cpu2: "Intel(R) Xeon(TM) CPU 3.00GHz"
cpu2: I-cache 12K uOp cache 8-way
cpu2: L2 cache 2 MB 64B/line 8-way
cpu2: ITLB 4K/4M: 64 entries
cpu2: DTLB 4K/4M: 64 entries
cpu2: using thermal monitor 1
cpu3 at mainbus0: apid 7 (application processor)
cpu3: starting
cpu3: Intel (686-class), 2992.51 MHz, id 0xf43
cpu3: features bfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR>
cpu3: features bfebfbff<PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX>
cpu3: features bfebfbff<FXSR,SSE,SSE2,SS,HTT,TM,SBF>
cpu3: features2 641d<SSE3,MONITOR,DS-CPL,CID,xTPR>
cpu3: features3 20100000<EM64T>
cpu3: "Intel(R) Xeon(TM) CPU 3.00GHz"
cpu3: I-cache 12K uOp cache 8-way
cpu3: L2 cache 2 MB 64B/line 8-way
cpu3: ITLB 4K/4M: 64 entries
cpu3: DTLB 4K/4M: 64 entries
cpu3: using thermal monitor 1
ioapic0 at mainbus0 apid 8 (I/O APIC)
ioapic0: pa 0xfec00000, version 20, 24 pins
ioapic1 at mainbus0 apid 9 (I/O APIC)
ioapic1: pa 0xfec80000, version 20, 24 pins
ioapic2 at mainbus0 apid 10 (I/O APIC)
ioapic2: pa 0xfec80400, version 20, 24 pins
ioapic3 at mainbus0 apid 11 (I/O APIC)
ioapic3: pa 0xfec84000, version 20, 24 pins
ioapic4 at mainbus0 apid 12 (I/O APIC)
ioapic4: pa 0xfec84400, version 20, 24 pins
acpi0 at mainbus0
acpi0: using Intel ACPI CA subsystem version 20040211
acpi0: X/RSDT: OemId <A M I ,7520JR23,09000629>, AslId <MSFT,00000097>
acpi0: SCI interrupting at int 9
acpi0: fixed-feature power button present
ACPI Object Type 'Processor' (0x0c) at acpi0 not configured
ACPI Object Type 'Processor' (0x0c) at acpi0 not configured
ACPI Object Type 'Processor' (0x0c) at acpi0 not configured
ACPI Object Type 'Processor' (0x0c) at acpi0 not configured
ACPI Object Type 'Processor' (0x0c) at acpi0 not configured
ACPI Object Type 'Processor' (0x0c) at acpi0 not configured
ACPI Object Type 'Processor' (0x0c) at acpi0 not configured
ACPI Object Type 'Processor' (0x0c) at acpi0 not configured
acpi: activated PNP0C0F
acpi: activated PNP0C0F
acpi: activated PNP0C0F
PNP0A03 at acpi0 not configured
PNP0000 at acpi0 not configured
PNP0200 at acpi0 not configured
PNP0100 at acpi0 not configured
PNP0B00 at acpi0 not configured
PNP0303 at acpi0 not configured
PNP0F03 at acpi0 not configured
PNP0800 at acpi0 not configured
PNP0C04 at acpi0 not configured
com3 at acpi0 (PNP0501-1)
com3: io 0x3f8-0x3ff irq 4
com3: ns16550a, working fifo
com4 at acpi0 (PNP0501-2)
com4: io 0x2f8-0x2ff irq 3
com4: ns16550a, working fifo
PNP0C02 at acpi0 not configured
PNP0C02 at acpi0 not configured
PNP0C02 at acpi0 not configured
PNP0C02 at acpi0 not configured
PNP0C01 at acpi0 not configured
acpibut0 at acpi0 (PNP0C0C-170): ACPI Power Button
PNP0C0F at acpi0 not configured
PNP0C0F at acpi0 not configured
PNP0C0F at acpi0 not configured
PNP0C0F at acpi0 not configured
PNP0C0F at acpi0 not configured
PNP0C0F at acpi0 not configured
PNP0C0F at acpi0 not configured
PNP0C0F at acpi0 not configured
pci0 at mainbus0 bus 0: configuration mode 1
pci0: i/o space, memory space enabled, rd/line, rd/mult, wr/inv ok
pchb0 at pci0 dev 0 function 0
pchb0: Intel product 0x3590 (rev. 0x0c)
Intel product 0x3591 (undefined subclass 0x00, revision 0x0c) at pci0 dev 0 function 1 not configured
Intel product 0x3594 (miscellaneous system, revision 0x0c) at pci0 dev 1 function 0 not configured
ppb0 at pci0 dev 2 function 0: Intel product 0x3595 (rev. 0x0c)
pci1 at ppb0 bus 1
pci1: i/o space, memory space enabled, rd/line, wr/inv ok
ppb1 at pci1 dev 0 function 0: Intel product 0x0329 (rev. 0x09)
pci2 at ppb1 bus 2
pci2: i/o space, memory space enabled, rd/line, wr/inv ok
mpt0 at pci2 dev 5 function 0: LSI Logic 53c1030 Ultra320 SCSI
mpt0: interrupting at ioapic1 pin 2 (irq 7)
scsibus0 at mpt0: 16 targets, 8 luns per target
mpt1 at pci2 dev 5 function 1: LSI Logic 53c1030 Ultra320 SCSI
mpt1: interrupting at ioapic1 pin 1 (irq 11)
scsibus1 at mpt1: 16 targets, 8 luns per target
ppb2 at pci1 dev 0 function 2: Intel product 0x032a (rev. 0x09)
pci3 at ppb2 bus 3
pci3: i/o space, memory space enabled, rd/line, wr/inv ok
wm0 at pci3 dev 4 function 0: Intel i82546GB 1000BASE-T Ethernet, rev. 3
wm0: interrupting at ioapic2 pin 6 (irq 7)
wm0: 64-bit 66MHz PCI bus
wm0: 256 word (8 address bits) MicroWire EEPROM
wm0: Ethernet address 00:04:23:c1:c4:34
makphy0 at wm0 phy 1: Marvell 88E1011 Gigabit PHY, rev. 5
makphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
wm1 at pci3 dev 4 function 1: Intel i82546GB 1000BASE-T Ethernet, rev. 3
wm1: interrupting at ioapic2 pin 7 (irq 10)
wm1: 64-bit 66MHz PCI bus
wm1: 256 word (8 address bits) MicroWire EEPROM
wm1: Ethernet address 00:04:23:c1:c4:35
makphy1 at wm1 phy 1: Marvell 88E1011 Gigabit PHY, rev. 5
makphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
icp0 at pci3 dev 9 function 0: Intel Storage RAID controller
icp0: interrupting at ioapic2 pin 2 (irq 7)
icp0: model <SRCU42L>, firmware <Firmware>, 2 channel(s), 64MB memory
icpsp0 at icp0 unit 100: physical SCSI channel 0
scsibus2 at icpsp0: 16 targets, 8 luns per target
icpsp1 at icp0 unit 101: physical SCSI channel 1
scsibus3 at icpsp1: 16 targets, 8 luns per target
ld0 at icp0 unit 0: <PD_B000>, type: RAID-1, status: optimal
ld0: 70099 MB, 8936 cyl, 255 head, 63 sec, 512 bytes/sect x 143564064 sectors
ppb3 at pci0 dev 6 function 0: Intel product 0x3599 (rev. 0x0c)
pci4 at ppb3 bus 4
pci4: i/o space, memory space enabled, rd/line, wr/inv ok
ppb4 at pci4 dev 0 function 0: Intel product 0x0329 (rev. 0x09)
pci5 at ppb4 bus 5
pci5: i/o space, memory space enabled, rd/line, wr/inv ok
ppb5 at pci5 dev 1 function 0: IBM 133 PCI-X Bridge (rev. 0x02)
pci6 at ppb5 bus 6
pci6: i/o space, memory space enabled, rd/line, wr/inv ok
wm2 at pci6 dev 4 function 0: Intel i82546EB 1000BASE-T Ethernet, rev. 1
wm2: interrupting at ioapic3 pin 0 (irq 10)
wm2: 64-bit 120MHz PCIX bus
wm2: 256 word (8 address bits) MicroWire EEPROM
wm2: Ethernet address 00:04:23:c2:ab:4c
makphy2 at wm2 phy 1: Marvell 88E1011 Gigabit PHY, rev. 3
makphy2: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
wm3 at pci6 dev 4 function 1: Intel i82546EB 1000BASE-T Ethernet, rev. 1
wm3: interrupting at ioapic3 pin 1 (irq 11)
wm3: 64-bit 120MHz PCIX bus
wm3: 256 word (8 address bits) MicroWire EEPROM
wm3: Ethernet address 00:04:23:c2:ab:4d
makphy3 at wm3 phy 1: Marvell 88E1011 Gigabit PHY, rev. 3
makphy3: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
wm4 at pci6 dev 6 function 0: Intel i82546EB 1000BASE-T Ethernet, rev. 1
wm4: interrupting at ioapic3 pin 2 (irq 7)
wm4: 64-bit 120MHz PCIX bus
wm4: 256 word (8 address bits) MicroWire EEPROM
wm4: Ethernet address 00:04:23:c2:ab:4e
makphy4 at wm4 phy 1: Marvell 88E1011 Gigabit PHY, rev. 3
makphy4: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
wm5 at pci6 dev 6 function 1: Intel i82546EB 1000BASE-T Ethernet, rev. 1
wm5: interrupting at ioapic3 pin 3 (irq 10)
wm5: 64-bit 120MHz PCIX bus
wm5: 256 word (8 address bits) MicroWire EEPROM
wm5: Ethernet address 00:04:23:c2:ab:4f
makphy5 at wm5 phy 1: Marvell 88E1011 Gigabit PHY, rev. 3
makphy5: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
ppb6 at pci4 dev 0 function 2: Intel product 0x032a (rev. 0x09)
pci7 at ppb6 bus 7
pci7: no spaces enabled!
uhci0 at pci0 dev 29 function 0: Intel 82801EB/ER USB UHCI Controller (rev. 0x02)
uhci0: interrupting at ioapic0 pin 16 (irq 10)
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1: Intel 82801EB/ER USB UHCI Controller (rev. 0x02)
uhci1: interrupting at ioapic0 pin 19 (irq 10)
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2: Intel 82801EB/ER USB UHCI Controller (rev. 0x02)
uhci2: interrupting at ioapic0 pin 18 (irq 7)
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7: Intel 82801EB/ER USB EHCI Controller (rev. 0x02)
ehci0: interrupting at ioapic0 pin 23 (irq 5)
ehci0: BIOS has given up ownership
ehci0: EHCI version 1.0
ehci0: companion controllers, 2 ports each: uhci0 uhci1 uhci2
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
uhub3: single transaction translator
uhub3: 6 ports with 6 removable, self powered
ppb7 at pci0 dev 30 function 0: Intel 82801BA Hub-PCI Bridge (rev. 0xc2)
pci8 at ppb7 bus 8
pci8: i/o space, memory space enabled
vga1 at pci8 dev 12 function 0: ATI Technologies Rage XL (rev. 0x27)
wsdisplay0 at vga1 kbdmux 1: console (80x25, vt100 emulation)
wsmux1: connecting to wsdisplay0
pcib0 at pci0 dev 31 function 0
pcib0: Intel 82801EB LPC Interface Bridge (rev. 0x02)
piixide0 at pci0 dev 31 function 1
piixide0: Intel 82801EB IDE Controller (ICH5) (rev. 0x02)
piixide0: bus-master DMA support present
piixide0: primary channel configured to compatibility mode
piixide0: primary channel interrupting at ioapic0 pin 14 (irq 14)
atabus0 at piixide0 channel 0
piixide0: secondary channel configured to compatibility mode
piixide0: secondary channel interrupting at ioapic0 pin 15 (irq 15)
atabus1 at piixide0 channel 1
Intel 82801EB/ER SMBus Controller (SMBus serial bus, revision 0x02) at pci0 dev 31 function 3 not configured
isa0 at pcib0
pckbc0 at isa0 port 0x60-0x64
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
isapnp0 at isa0 port 0x279: ISA Plug 'n Play device support
npx0 at isa0 port 0xf0-0xff: using exception 16
isapnp0: no ISA Plug 'n Play devices found
ioapic0: enabling
ioapic1: enabling
ioapic2: enabling
ioapic3: enabling
ioapic4: enabling
Kernelized RAIDframe activated
IPsec: Initialized Security Association Processing.
scsibus0: waiting 2 seconds for devices to settle...
scsibus1: waiting 2 seconds for devices to settle...
atapibus0 at atabus1: 2 targets
cd0 at atapibus0 drive 0: <SONY CD-RW/DVD-ROM CRX835E, , KYK2> cdrom removable
cd0: 32-bit data port
cd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 2 (Ultra/33)
cd0(piixide0:1:0): using PIO mode 4, Ultra-DMA mode 2 (Ultra/33) (using DMA)
ses0 at scsibus3 target 6 lun 0: <ESG-SHV, SCA HSBP M29, 1.10> processor fixed
ses0: SAF-TE Compliant Device
boot device: ld0
root on ld0a dumps on ld0b
root file system type: ffs
cpu2: CPU 1 running
cpu1: CPU 6 running
cpu3: CPU 7 running
wsdisplay0: screen 1 added (80x25, vt100 emulation)
wsdisplay0: screen 2 added (80x25, vt100 emulation)
wsdisplay0: screen 3 added (80x25, vt100 emulation)
wsdisplay0: screen 4 added (80x25, vt100 emulation)

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Pavel Cahyna
2007-05-08 17:57:24 UTC
Permalink
Post by 6***@6bone.informatik.uni-leipzig.de
hello,
now I can offer a complete trace with a matching netbsd.gdb
http://139.18.25.35/dump1.jpg
http://139.18.25.35/netbsd.gdb
So. fr_checkicmp6matchingstate+0x95 is line 3479 of
src/sys/dist/ipf/netinet/ip_state.c , which, assuming you have rev.
1.5.2.1.4.1 of this file, is

savelen = oip6->ip6_plen;

and oip6 originates several lines above:

oip6 = (ip6_t *)((char *)ic6 + ICMPERR_ICMPHLEN);

it is not at all clear how this pointer arithmetics is supposed to
work... though there is some attempt in other parts of the code to
ensure the data is valid (call to fr_coalesce in frpr_icmp6)

btw here is the line information for the trace:

(gdb) info line *(fr_checkicmp6matchingstate+0x95)
Line 3479 of "/usr/src/sys/dist/ipf/netinet/ip_state.c"
starts at address 0xc0169ea9 <fr_checkicmp6matchingstate+149>
and ends at 0xc0169ead <fr_checkicmp6matchingstate+153>.
(gdb) info line *(fr_stlookup+0x2c4)
Line 2269 of "/usr/src/sys/dist/ipf/netinet/ip_state.c"
starts at address 0xc0168bf8 <fr_stlookup+708>
and ends at 0xc0168bfd <fr_stlookup+713>.
(gdb) info line *(fr_checkstate+0x21f)
Line 2482 of "/usr/src/sys/dist/ipf/netinet/ip_state.c"
starts at address 0xc01690ef <fr_checkstate+531>
and ends at 0xc0169108 <fr_checkstate+556>.
(gdb) info line *(fr_check+0x4bd)
Line 2369 of "/usr/src/sys/dist/ipf/netinet/fil.c"
starts at address 0xc014bd07 <fr_check+1203>
and ends at 0xc014bd1f <fr_check+1227>.

Pavel

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Pavel Cahyna
2007-05-08 18:13:27 UTC
Permalink
Post by 6***@6bone.informatik.uni-leipzig.de
hello,
now I can offer a complete trace with a matching netbsd.gdb
http://139.18.25.35/dump1.jpg
http://139.18.25.35/netbsd.gdb
Try a kernel with the following patch:

Index: fil.c
===================================================================
RCS file: /home/pavel/cvs/src/sys/dist/ipf/netinet/fil.c,v
retrieving revision 1.11.2.2
diff -u -p -c -r1.11.2.2 fil.c
cvs diff: conflicting specifications of output style
*** fil.c 13 May 2006 16:52:52 -0000 1.11.2.2
--- fil.c 8 May 2007 18:11:22 -0000
*************** int plen;
*** 831,836 ****
--- 831,838 ----
if (M_LEN(fin->fin_m) < plen) {
if (fr_pullup(fin->fin_m, fin, plen) == NULL)
return -1;
+ if (M_LEN(fin->fin_m) < plen)
+ printf("frpr_pullup: fr_pullup malfunction, expect panic soon\n");
}
}
#endif

I am curious if it will print the message before panicing.

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Pavel Cahyna
2007-05-08 18:29:38 UTC
Permalink
Post by 6***@6bone.informatik.uni-leipzig.de
hello,
now I can offer a complete trace with a matching netbsd.gdb
http://139.18.25.35/dump1.jpg
http://139.18.25.35/netbsd.gdb
Use this one instead:

Index: fil.c
===================================================================
RCS file: /home/pavel/cvs/src/sys/dist/ipf/netinet/fil.c,v
retrieving revision 1.11.2.2
diff -u -p -c -r1.11.2.2 fil.c
cvs diff: conflicting specifications of output style
*** fil.c 13 May 2006 16:52:52 -0000 1.11.2.2
--- fil.c 8 May 2007 18:28:30 -0000
*************** int plen;
*** 831,836 ****
--- 831,839 ----
if (M_LEN(fin->fin_m) < plen) {
if (fr_pullup(fin->fin_m, fin, plen) == NULL)
return -1;
+ if (M_LEN(fin->fin_m) < plen)
+ printf("frpr_pullup: fr_pullup malfunction,\n\
+ size %d > %d, expect panic soon\n", (int)plen, (int)M_LEN(fin->fin_m));
}
}
#endif

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
6***@6bone.informatik.uni-leipzig.de
2007-05-14 07:02:03 UTC
Permalink
hello,

next trace with matching netbsd.gdb:

Loading Image...
http://139.18.25.35/netbsd2.gdb


Uwe

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Pavel Cahyna
2007-05-14 07:03:18 UTC
Permalink
Post by 6***@6bone.informatik.uni-leipzig.de
hello,
http://139.18.25.35/dump2.jpg
http://139.18.25.35/netbsd2.gdb
Was it with my patch?

Pavel

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
6***@6bone.informatik.uni-leipzig.de
2007-05-14 08:46:38 UTC
Permalink
the patch is included

strings /netbsd | grep "expect panic soon"
size %d > %d, expect panic soon

Uwe

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Darren Reed
2007-05-18 10:23:33 UTC
Permalink
What version of IPFilter is in use?

and can you disassemble fr_checkicmp6matchingstate from the start through
to a few instructions after the one that caused the panic.

thanks,
Darren

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Pavel Cahyna
2007-05-19 19:12:01 UTC
Permalink
Post by Darren Reed
What version of IPFilter is in use?
Apparently 4.1.8, that's what the netbsd-3-1 branch has.
Post by Darren Reed
and can you disassemble fr_checkicmp6matchingstate from the start through
to a few instructions after the one that caused the panic.
Have you seen my analysis earlier in this thread? There you have the exact
source line where it happens.

Pavel

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
6***@6bone.informatik.uni-leipzig.de
2007-05-23 12:17:25 UTC
Permalink
Hello,

last night my router crashed again. Can I do anything more to help you to
solve the problem?


Thank you for your efforts
Uwe

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Pavel Cahyna
2007-05-25 07:51:47 UTC
Permalink
Post by 6***@6bone.informatik.uni-leipzig.de
Hello,
last night my router crashed again. Can I do anything more to help you to solve
the problem?
- Could you produce a crash dump? (reboot 0x104 in ddb)

- could you see what is in register %edi? when it crashes? (show registers
in ddb)

Pavel

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Darren Reed
2007-05-25 07:58:39 UTC
Permalink
A register dump would be good to have (show regs) as would
something like this;
print *(fr_info_t *)<address_passed_in_to_fr_checkicmp6matchingstate>

Can you configure and generate a crash dump?

Darren

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
6***@6bone.informatik.uni-leipzig.de
2007-05-30 16:57:02 UTC
Permalink
Hello,

the server crashed again, but this night in another function. The error
occurred again in the ipv6 code, so I think it is the same reason.


Loading Image...
Loading Image...

and the matching gdb file:
http://139.18.25.35/netbsd2.gdb

It was not possible to create a crash dump.



Thank you for your efforts
Uwe

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Pavel Cahyna
2007-06-09 09:59:42 UTC
Permalink
Post by 6***@6bone.informatik.uni-leipzig.de
Hello,
the server crashed again, but this night in another function. The error
occurred again in the ipv6 code, so I think it is the same reason.
This looks like some memory error. Have you tested your RAM?

Pavel

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Martti Kuparinen
2007-06-09 10:33:03 UTC
Permalink
Post by Pavel Cahyna
Post by 6***@6bone.informatik.uni-leipzig.de
the server crashed again, but this night in another function. The error
occurred again in the ipv6 code, so I think it is the same reason.
This looks like some memory error. Have you tested your RAM?
I'm not sure this is true, I've had the same problem. I "solved" it by not
using IPv6 :-(

http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=34212

Martti

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Michael van Elst
2007-06-09 17:03:50 UTC
Permalink
Post by Martti Kuparinen
I'm not sure this is true, I've had the same problem. I "solved" it by not
using IPv6 :-(
I had the same problem (very rarely) with netbsd-3 but it disappeared
after some upgrade from the netbsd-3 branch. It never occured with
netbsd-4 (neither with the obsolete first branch nor BETA2).
--
--
Michael van Elst
Internet: ***@serpens.de
"A potential Snark may lurk in every tree."

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
David Young
2007-06-09 18:30:43 UTC
Permalink
Post by Martti Kuparinen
Post by Pavel Cahyna
Post by 6***@6bone.informatik.uni-leipzig.de
the server crashed again, but this night in another function. The error
occurred again in the ipv6 code, so I think it is the same reason.
This looks like some memory error. Have you tested your RAM?
I'm not sure this is true, I've had the same problem. I "solved" it by not
using IPv6 :-(
http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=34212
Can you replicate this with 4.0_BETA or -current? A couple of folks
have fixed bugs in the ICMP6 code since 3.1 was released.

Dave
--
David Young OJC Technologies
***@ojctech.com Urbana, IL * (217) 278-3933 ext 24

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Martti Kuparinen
2007-08-27 05:52:37 UTC
Permalink
Post by Martti Kuparinen
I'm not sure this is true, I've had the same problem. I "solved" it by
not using IPv6 :-(
Well, this happened again so I guess I need to upgrade our firewall to the
latest and greatest netbsd-4 code...

# uname -srm
NetBSD 3.1.1 i386

# dmesg -M netbsd.1.core
trap() at netbsd:trap+0x149
--- trap (number 6) ---
fr_checkicmp6matchingstate(c0894960,0,28,c0894960,8) at
netbsd:fr_checkicmp6matchingstate+0x95
fr_stlookup(c0894960,c2745ff8,c0894928,0,c0894960) at netbsd:fr_stlookup+0x2c4
fr_checkstate(c0894960,c089495c,c0894960,1,6) at netbsd:fr_checkstate+0x21f
fr_check(c2745fd0,28,c1cfc400,1,c0894a68) at netbsd:fr_check+0x4bd
fr_check_wrapper6(0,c0894a68,c1cfc400,2,c1cfc400) at netbsd:fr_check_wrapper6+0x23
pfil_run_hooks(c07ce180,c0894af4,c1cfc400,2,60) at netbsd:pfil_run_hooks+0x6e
ip6_output(c2745f00,0,c0894bb0,4,0) at netbsd:ip6_output+0x891
icmp6_reflect(c2745f00,28,1,8000000,cb5b202a) at netbsd:icmp6_reflect+0x287
icmp6_error(c274ad00,2,0,500,c1df3320) at netbsd:icmp6_error+0x1b8
ip6_forward(c193b700,0,c1cfc400,1,c193b700) at netbsd:ip6_forward+0x47d
ip6_input(c193b700,0,0,246,0) at netbsd:ip6_input+0x499
ip6intr(55390010,30030,a67a0010,10,c0891000) at netbsd:ip6intr+0x76
DDB lost frame for netbsd:Xsoftnet+0x4e, trying 0xc0894e60
Xsoftnet() at netbsd:Xsoftnet+0x4e

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
6***@6bone.informatik.uni-leipzig.de
2007-06-11 04:54:41 UTC
Permalink
hello,

since I have changed to NetBSD 4.0_BETA2 with IP Filter v4.1.22 (396)
there was no crash in the last days.


Uwe

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...