From owner-freebsd-net@FreeBSD.ORG Fri Sep 18 13:08:11 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 94D771065679 for ; Fri, 18 Sep 2009 13:08:11 +0000 (UTC) (envelope-from e280s4ever@gmail.com) Received: from mail-iw0-f190.google.com (mail-iw0-f190.google.com [209.85.223.190]) by mx1.freebsd.org (Postfix) with ESMTP id 4364E8FC1B for ; Fri, 18 Sep 2009 13:08:11 +0000 (UTC) Received: by iwn28 with SMTP id 28so635105iwn.15 for ; Fri, 18 Sep 2009 06:08:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=rBM5+nLVrjrkJSF4Hc+2vqLJmq+uW1KwUpl3oT73pdM=; b=srfzNduB+uhceje1BAhbh8UcrhIe6A3XxyzZlYVKWzMrhkA+CFc9NlP16p6HiAXEOu Ztifm1jSdO+RNNlg6EU2GH4kb8pveLHVorw4wJjWJZjWcWa2CEmB7jrS4UuP6ovh97Mn R8fLuSnZdT9D/iLMQrOj2Y8FPC1YkmiOlRj2M= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=uqR2Np4oWy72BI7Ij2DQArhvcYY8HBBeR4WVQ9f0uBbmWTP7RdHfsotGtU75U7xFK/ VbdEWJ6fRpgRnZxVpz7WxGWUFcob9T0/SuZLW+u2SNWE8oMvPv1jJ5BMohK+7GHLMmow 9YXJF59L0Do6viiEd4y7slX4f1AVRX5tHuRQs= MIME-Version: 1.0 Received: by 10.231.121.69 with SMTP id g5mr1676639ibr.44.1253277756200; Fri, 18 Sep 2009 05:42:36 -0700 (PDT) Date: Fri, 18 Sep 2009 20:42:36 +0800 Message-ID: <600614150909180542t3895bf4ybf1e02392fe8131d@mail.gmail.com> From: e280s 4ever To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: [if_em.c] ping cause system crash X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Sep 2009 13:08:11 -0000 discription: 1. before the system crash, i have excuted these commands: ipfw add 00100 nat 100 all from any to any ipfw nat 100 config redirect_addr 192.168.1.100 10.10.10.10 192.168.1.100 is my em0, and 10.10.10.10 is a alias address of lo0. 2. then run ping some_addr, the system to be crashed. 3. the follow lines is the result of kgdb localhost# kgdb kernel.debug /var/crash/vmcore.3 GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd"... Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0xc fault code = supervisor write, page not present instruction pointer = 0x20:0xc04ccd7d stack pointer = 0x28:0xe648d6c4 frame pointer = 0x28:0xe648d96c code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 1574 (ping) trap number = 12 panic: page fault cpuid = 0 Uptime: 23s Physical memory: 990 MB Dumping 59 MB: 44 28 12 Reading symbols from /boot/kernel/if_wpi.ko...Reading symbols from /boot/kernel/if_wpi.ko.symbols...done. done. Loaded symbols for /boot/kernel/if_wpi.ko Reading symbols from /boot/kernel/snd_hda.ko...Reading symbols from /boot/kernel/snd_hda.ko.symbols...done. done. Loaded symbols for /boot/kernel/snd_hda.ko Reading symbols from /boot/kernel/sound.ko...Reading symbols from /boot/kernel/sound.ko.symbols...done. done. Loaded symbols for /boot/kernel/sound.ko Reading symbols from /boot/kernel/acpi_ibm.ko...Reading symbols from /boot/kernel/acpi_ibm.ko.symbols...done. done. Loaded symbols for /boot/kernel/acpi_ibm.ko Reading symbols from /boot/kernel/ng_ubt.ko...Reading symbols from /boot/kernel/ng_ubt.ko.symbols...done. done. Loaded symbols for /boot/kernel/ng_ubt.ko Reading symbols from /boot/kernel/netgraph.ko...Reading symbols from /boot/kernel/netgraph.ko.symbols...done. done. Loaded symbols for /boot/kernel/netgraph.ko Reading symbols from /boot/kernel/ng_hci.ko...Reading symbols from /boot/kernel/ng_hci.ko.symbols...done. done. Loaded symbols for /boot/kernel/ng_hci.ko Reading symbols from /boot/kernel/ng_bluetooth.ko...Reading symbols from /boot/kernel/ng_bluetooth.ko.symbols...done. done. Loaded symbols for /boot/kernel/ng_bluetooth.ko Reading symbols from /boot/modules/vboxdrv.ko...done. Loaded symbols for /boot/modules/vboxdrv.ko Reading symbols from /boot/kernel/procfs.ko...Reading symbols from /boot/kernel/procfs.ko.symbols...done. done. Loaded symbols for /boot/kernel/procfs.ko Reading symbols from /boot/kernel/pseudofs.ko...Reading symbols from /boot/kernel/pseudofs.ko.symbols...done. done. Loaded symbols for /boot/kernel/pseudofs.ko #0 doadump () at pcpu.h:246 246 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) list *0xc04ccd7d 0xc04ccd7d is in em_xmit (/usr/src/sys/dev/e1000/if_em.c:3800). 3795 } 3796 default: 3797 break; 3798 } 3799 3800 TXD->tcp_seg_setup.data = htole32(0); 3801 TXD->cmd_and_length = 3802 htole32(adapter->txd_cmd | E1000_TXD_CMD_DEXT | cmd); 3803 tx_buffer = &adapter->tx_buffer_area[curr_txd]; 3804 tx_buffer->m_head = NULL; (kgdb) backtrace #0 doadump () at pcpu.h:246 #1 0xc05ec913 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:416 #2 0xc05ecbf0 in panic (fmt=Variable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:579 #3 0xc07931e1 in trap_fatal (frame=0xe648d684, eva=12) at /usr/src/sys/i386/i386/trap.c:933 #4 0xc0793431 in trap_pfault (frame=0xe648d684, usermode=0, eva=12) at /usr/src/sys/i386/i386/trap.c:846 #5 0xc0793d31 in trap (frame=0xe648d684) at /usr/src/sys/i386/i386/trap.c:528 #6 0xc0778dab in calltrap () at /usr/src/sys/i386/i386/exception.s:165 #7 0xc04ccd7d in em_xmit (adapter=0xc3e71000, m_headp=Variable "m_headp" is not available. ) at /usr/src/sys/dev/e1000/if_em.c:3791 #8 0xc04d0090 in em_mq_start_locked (ifp=0xc3e66c00, m=0xc3ed9000) at /usr/src/sys/dev/e1000/if_em.c:1037 #9 0xc04d06b6 in em_mq_start (ifp=0xc3e66c00, m=0xc3ed9000) at /usr/src/sys/dev/e1000/if_em.c:1097 #10 0xc06891c0 in ether_output_frame (ifp=0xc3e66c00, m=0xc3ed9000) at /usr/src/sys/net/if_ethersubr.c:452 #11 0xc0689adb in ether_output (ifp=0xc3e66c00, m=0xc3ed9000, dst=0xc42592b0, ro=0xe648dac4) at /usr/src/sys/net/if_ethersubr.c:423 #12 0xc06ddf9a in ip_output (m=0xc46b2400, opt=0x0, ro=0xe648dac4, flags=Variable "flags" is not available. ) at /usr/src/sys/netinet/ip_output.c:620 #13 0xc06f217e in udp_send (so=0xc4424670, flags=0, m=0xc3ed9100, addr=0x0, control=0x0, td=0xc42a96c0) at /usr/src/sys/netinet/udp_usrreq.c:1236 #14 0xc0645909 in sosend_dgram (so=0xc4424670, addr=0x0, uio=0xe648dbec, top=0xc3ed9100, control=0x0, flags=Variable "flags" is not available. ) at /usr/src/sys/kern/uipc_socket.c:1072 #15 0xc06418f7 in sosend (so=0xc4424670, addr=0x0, uio=0xe648dbec, top=0x0, control=0x0, flags=0, td=0xc42a96c0) at /usr/src/sys/kern/uipc_socket.c:1303 #16 0xc06489b3 in kern_sendit (td=0xc42a96c0, s=5, mp=0xe648dc60, flags=0, control=0x0, segflg=UIO_USERSPACE) at /usr/src/sys/kern/uipc_syscalls.c:783 #17 0xc0648b9a in sendit (td=0xc42a96c0, s=5, mp=0xe648dc60, flags=0) at /usr/src/sys/kern/uipc_syscalls.c:719 #18 0xc0648c8f in sendto (td=0xc42a96c0, uap=0xe648dcf8) at /usr/src/sys/kern/uipc_syscalls.c:835 #19 0xc079371b in syscall (frame=0xe648dd38) at /usr/src/sys/i386/i386/trap.c:1073 #20 0xc0778e10 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:261 #21 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?)