From owner-freebsd-bugs@FreeBSD.ORG Mon Mar 20 17:20:24 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7152B16A426 for ; Mon, 20 Mar 2006 17:20:24 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1988D43D6B for ; Mon, 20 Mar 2006 17:20:20 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k2KHKJED012570 for ; Mon, 20 Mar 2006 17:20:19 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k2KHKJc6012569; Mon, 20 Mar 2006 17:20:19 GMT (envelope-from gnats) Date: Mon, 20 Mar 2006 17:20:19 GMT Message-Id: <200603201720.k2KHKJc6012569@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: "Byron L. Hicks" Cc: Subject: Re: kern/94307: [bge] kernel panics when passing trafffic through bge1 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Byron L. Hicks" List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 17:20:24 -0000 The following reply was made to PR kern/94307; it has been noted by GNATS. From: "Byron L. Hicks" To: bug-followup@FreeBSD.org, bhicks@nmsu.edu Cc: Subject: Re: kern/94307: [bge] kernel panics when passing trafffic through bge1 Date: Mon, 20 Mar 2006 10:19:03 -0700 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 monitor-temp# cd /usr/obj/usr/src/sys/DL320 monitor-temp# kgdb kernel.debug /usr/crash/vmcore.0 [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: bge1: discard frame w/o leading ethernet header (len 4294967292 pkt len 4294967292) Fatal trap 12: page fault while in kernel mode fault virtual address = 0xc fault code = supervisor write, page not present instruction pointer = 0x20:0xc04ed93b stack pointer = 0x28:0xe500cca8 frame pointer = 0x28:0xe500ccd0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 28 (irq17: bge1 uhci1+) trap number = 12 panic: page fault Uptime: 58s Dumping 1023 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 1023MB (261848 pages) 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 #0 doadump () at pcpu.h:165 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) list 0xc04ed93b Function "0xc04ed93b" not defined. (kgdb) list *0xc04ed93b 0xc04ed93b is in bge_rxeof (/usr/src/sys/dev/bge/if_bge.c:2626). 2621 cur_rx->bge_len); 2622 m->m_data += ETHER_ALIGN; 2623 } 2624 #endif 2625 eh = mtod(m, struct ether_header *); 2626 m->m_pkthdr.len = m->m_len = cur_rx->bge_len - ETHER_CRC_LEN; 2627 m->m_pkthdr.rcvif = ifp; 2628 2629 if (ifp->if_capenable & IFCAP_RXCSUM) { 2630 if (cur_rx->bge_flags & BGE_RXBDFLAG_IP_CSUM) { (kgdb) backtrace #0 doadump () at pcpu.h:165 #1 0xc063f6b2 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399 #2 0xc063f948 in panic (fmt=0xc08367d7 "%s") at /usr/src/sys/kern/kern_shutdown.c:555 #3 0xc07ee6b4 in trap_fatal (frame=0xe500cc68, eva=12) at /usr/src/sys/i386/i386/trap.c:836 #4 0xc07ee41b in trap_pfault (frame=0xe500cc68, usermode=0, eva=12) at /usr/src/sys/i386/i386/trap.c:744 #5 0xc07ee079 in trap (frame= {tf_fs = -994312184, tf_es = 822280232, tf_ds = -994312152, tf_edi = -452247520, tf_esi = -994267136, tf_ebp = -452932400, tf_isp = - -452932460, tf_ebx = 0, tf_edx = 0, tf_ecx = -994290688, tf_eax = -4, tf_trapno = 12, tf_err = 2, tf_eip = -1068574405, tf_cs = 32, tf_eflags = 590487, tf_esp = 1014144642, tf_ss = 0}) at /usr/src/sys/i386/i386/trap.c:434 #6 0xc07ddfca in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #7 0xc04ed93b in bge_rxeof (sc=0xc4bcb000) at /usr/src/sys/dev/bge/if_bge.c:2626 #8 0xc04edd6c in bge_intr (xsc=0xc4bcb000) at /usr/src/sys/dev/bge/if_bge.c:2818 #9 0xc062ae2d in ithread_loop (arg=0xc4a87400) at /usr/src/sys/kern/kern_intr.c:547 #10 0xc062a0b4 in fork_exit (callout=0xc062acd4 , arg=0xc4a87400, frame=0xe500cd38) at /usr/src/sys/kern/kern_fork.c:789 - ---Type to continue, or q to quit--- #11 0xc07de02c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208 (kgdb) frame 7 #7 0xc04ed93b in bge_rxeof (sc=0xc4bcb000) at /usr/src/sys/dev/bge/if_bge.c:2626 2626 m->m_pkthdr.len = m->m_len = cur_rx->bge_len - ETHER_CRC_LEN; (kgdb) p m $1 = (struct mbuf *) 0x0 (kgdb) p *m Cannot access memory at address 0x0 (kgdb) p cur_rx $2 = (struct bge_rx_bd *) 0xe50b4020 (kgdb) p *cur_rx $3 = {bge_addr = {bge_addr_hi = 0, bge_addr_lo = 0}, bge_len = 0, bge_idx = 0, bge_flags = 0, bge_type = 0, bge_tcp_udp_csum = 0, bge_ip_csum = 0, bge_vlan_tag = 0, bge_error_flag = 0, bge_rsvd = 0, bge_opaque = 0} (kgdb) p ifp $4 = (struct ifnet *) 0xc4bc5400 (kgdb) p *ifp $5 = {if_softc = 0xc4bcb000, if_l2com = 0xc4bc31f0, if_link = { tqe_next = 0xc4c5e800, tqe_prev = 0xc4bbd808}, if_xname = "bge1", '\0' , if_dname = 0xc4ad3dec "bge", if_dunit = 1, if_addrhead = {tqh_first = 0xc4b9d400, tqh_last = 0xc4d9bb60}, if_klist = {kl_list = {slh_first = 0x0}, kl_lock = 0xc0624d8c , kl_unlock = 0xc0624dc0 , kl_locked = 0xc0624dfc , kl_lockarg = 0xc0907360}, if_pcount = 0, if_carp = 0x0, if_bpf = 0x0, if_index = 2, if_timer = 0, if_nvlans = 0, if_flags = 34819, if_capabilities = 27, if_capenable = 27, if_linkmib = 0x0, if_linkmiblen = 0, if_data = {ifi_type = 6 '\006', ifi_physical = 0 '\0', ifi_addrlen = 6 '\006', ifi_hdrlen = 14 '\016', ifi_link_state = 2 '\002', ifi_recvquota = 0 '\0', ifi_xmitquota = 0 '\0', ifi_datalen = 80 'P', ifi_mtu = 1500, ifi_metric = 0, ifi_baudrate = 10000000, ifi_ipackets = 610, ifi_ierrors = 1252492992, ifi_opackets = 375, ifi_oerrors = 2944995602, ifi_collisions = 2706406393, ifi_ibytes = 770316, ifi_obytes = 24940, ifi_imcasts = 71, ifi_omcasts = 0, ifi_iqdrops = 0, ifi_noproto = 0, ifi_hwassist = 7, ifi_epoch = 0, ifi_lastchange = {tv_sec = 1142522343, tv_usec = 446415}}, if_multiaddrs = {tqh_first = 0xc4c289c0, tqh_last = 0xc4c289a0}, if_amcount = 0, if_output = 0xc06ac748 , if_input = 0xc06acf80 , if_start = 0xc04ee84c , if_ioctl = 0xc04eee6c , if_watchdog = 0xc04ef1bc , - ---Type to continue, or q to quit--- if_init = 0xc04eebb4 , if_resolvemulti = 0xc06ad78c , if_spare1 = 0x0, if_spare2 = 0x0, if_spare3 = 0x0, if_drv_flags = 64, if_spare_flags2 = 0, if_snd = {ifq_head = 0x0, ifq_tail = 0x0, ifq_len = 0, ifq_maxlen = 511, ifq_drops = 0, ifq_mtx = {mtx_object = {lo_class = 0xc08a9884, lo_name = 0xc4bc5410 "bge1", lo_type = 0xc0855521 "if send queue", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}, ifq_drv_head = 0x0, ifq_drv_tail = 0x0, ifq_drv_len = 0, ifq_drv_maxlen = 511, altq_type = 0, altq_flags = 1, altq_disc = 0x0, altq_ifp = 0xc4bc5400, altq_enqueue = 0, altq_dequeue = 0, altq_request = 0, altq_clfier = 0x0, altq_classify = 0, altq_tbr = 0x0, altq_cdnr = 0x0}, if_broadcastaddr = 0xc0810c20 "??????", if_bridge = 0x0, lltables = 0x0, if_label = 0x0, if_prefixhead = { tqh_first = 0x0, tqh_last = 0xc4bc557c}, if_afdata = { 0x0 }, if_afdata_initialized = 2, if_afdata_mtx = { mtx_object = {lo_class = 0xc08a9884, lo_name = 0xc0855511 "if_afdata", lo_type = 0xc0855511 "if_afdata", lo_flags = 196608, lo_list = { tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}, if_starttask = {ta_link = {stqe_next = 0x0}, ta_pending = 0, ta_priority = 0, ta_func = 0xc06ab8f4 , ta_context = 0xc4bc5400}, if_linktask = {ta_link = {stqe_next = 0x0}, ta_pending = 0, ta_priority = 0, ta_func = 0xc06a9a00 , ta_context = 0xc4bc5400}, - ---Type to continue, or q to quit--- if_addr_mtx = {mtx_object = {lo_class = 0xc08a9884, lo_name = 0xc08554a7 "if_addr_mtx", lo_type = 0xc08554a7 "if_addr_mtx", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}} monitor-temp# ident /boot/kernel/kernel | grep kern_mbuf.c $FreeBSD: src/sys/kern/kern_mbuf.c,v 1.9.2.5 2006/03/01 20:51:49 andre Exp $ - -- Byron L. Hicks Network Engineer NMSU ICT/CHECS-NET -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEHuQHIuuK+iJ+1EMRAosXAKDZ7cVr8tUd1wf3MKhvObbvdGi1UQCgyKlB iKtAZ3JTdg7pdTGrdr/AxMo= =Wkmo -----END PGP SIGNATURE-----