Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 23 Feb 2006 04:17:58 -0500
From:      Kris Kennaway <kris@obsecurity.org>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        net@FreeBSD.org
Subject:   Re: bpf panic
Message-ID:  <20060223091758.GA58825@xor.obsecurity.org>
In-Reply-To: <20060223081945.GA57934@xor.obsecurity.org>
References:  <20060223081945.GA57934@xor.obsecurity.org>

next in thread | previous in thread | raw e-mail | index | archive | help

--ZPt4rx8FFjLCG7dd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Feb 23, 2006 at 03:19:46AM -0500, Kris Kennaway wrote:
> I ran tcpdump and killall tcpdump in a loop on 7.0, and after a few
> minutes it panicked with:
>=20
> Fatal trap 12: page fault while in kernel mode
> cpuid =3D 0; apic id =3D 00
> fault virtual address   =3D 0x8
> fault code      =3D supervisor read, page not present
> instruction pointer     =3D 0x20:0xc058d0fb
> stack pointer          =3D 0x28:0xe5007c04
> frame pointer          =3D 0x28:0xe5007c28
> code segment    =3D base 0x0, limit 0xfffff, type 0x1b
>                 =3D DPL 0, pres 1, def32 1, gran 1
> processor eflags =3D interrupt enabled, resume, IOPL =3D 0
> current process  =3D 9 (em0 taskq)
> [thread pid 9 tid 100019 ]
> Stopped at      bpf_mtap+0xf:   cmpl    $0,0x8(%edi)
> db> wh
> Tracing pid 9 tid 100019 td 0xc63d6340
> bpf_mtap(0,c8f46500,1,2,c63d0001) at bpf_mtap+0xf
> ether_input(c6455c00,c8f46500,c8f46500,c6588880,1) at ether_input+0x15f
> em_rxeof(c656e800,63,1,c06f7be0,c656e9cc) at em_rxeof+0x423
> em_handle_rxtx(c656e800,1,c06fbfa7,50,c658889c) at em_handle_rxtx+0x5b
> taskqueue_run(c6588880,c658889c,c06f0e27,0,1) at taskqueue_run+0x104
> taskqueue_thread_loop(c656e9dc,e5007d38,c06f5c42,31a,c656e9dc) at taskque=
ue_thread_loop+0x6b
> fork_exit(c053b5f8,c656e9dc,e5007d38) at fork_exit+0xc5
> fork_trampoline() at fork_trampoline+0x8
> --- trap 0x1, eip =3D 0, esp =3D 0xe5007d6c, ebp =3D 0 ---
> db>

On another machine:

Memory modified after free 0xce4cb800(2048) val=3Da028c0de @ 0xce4cb800
Memory modified after free 0xcc889800(2048) val=3Da028c0de @ 0xcc889800
Memory modified after free 0xce2b1000(2048) val=3Da020c0de @ 0xce2b1000


Fatal trap 12: page fault while in kernel mode
cpuid =3D 0; apic id =3D 00
fault virtual address   =3D 0x8
fault code              =3D supervisor read, page not present
instruction pointer     =3D 0x20:0xc05b033b
stack pointer           =3D 0x28:0xf562f860
frame pointer           =3D 0x28:0xf562f884
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, def32 1, gran 1
processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
current process         =3D 29269 (nfsd)
[thread pid 29269 tid 100044 ]
Stopped at      bpf_mtap+0xf:   cmpl    $0,0x8(%edi)
db> wh
Tracing pid 29269 tid 100044 td 0xcc532b60
bpf_mtap(0,ce16ae00,4,f562f8ac,f562f8a8) at bpf_mtap+0xf
fxp_encap(cc546000,ce16ae00,c071eeba,4c2,cc53c0f8) at fxp_encap+0x282
fxp_start_body(cc53c000,0,c071eeba,49a,cc53c000) at fxp_start_body+0x22d
fxp_start(cc53c000,138,0,cc53c000) at fxp_start+0x3c
if_start(cc53c000,0,c0732081,180,2afd2) at if_start+0x88
ether_output_frame(cc53c000,ce16ae00,6,f562fadc,f562fa7c) at ether_output_f=
rame+0x1c1
ether_output(cc53c000,ce16ae00,f562fadc,cc869bb8,cc86b1f8) at ether_output+=
0x4bb
ip_output(ce16ae00,0,f562fad8,0,0) at ip_output+0x8a9
udp_output(cc86b1f8,ce16ae00,cc765750,0,cc532b60) at udp_output+0x545
udp_send(cc863298,0,ce16ae00,cc765750,0) at udp_send+0x41
sosend(cc863298,cc765750,0,ce16ae00,0) at sosend+0x49e
nfsrv_send(cc863298,cc765750,ce16ae00,1ff,0) at nfsrv_send+0xb9
nfssvc_nfsd(cc532b60,0,c07396f8,9a,f562fc78) at nfssvc_nfsd+0x6a6
nfssvc(cc532b60,f562fd04,8,cc532b60,ccb68420) at nfssvc+0x1f0
syscall(3b,3b,3b,0,0) at syscall+0x304
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (155, FreeBSD ELF32, nfssvc), eip =3D 0x280c2173, esp =3D 0xbfb=
fe4dc, ebp =3D 0xbfbfe4f8 ---
db>
--ZPt4rx8FFjLCG7dd
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFD/X3GWry0BWjoQKURAgOJAKD/DaB8r2ncqmSqBYW4XWjCmQchPQCeIuap
nPT21neeEdR+f57a4Q5Bp7o=
=ul51
-----END PGP SIGNATURE-----

--ZPt4rx8FFjLCG7dd--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060223091758.GA58825>