FreeBSD Bugzilla – Attachment 149513 Details for
Bug 195102
dummynet_send() may panic the kernel (bad switch -256)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
crashdump details
kgdb.txt (text/plain), 8.00 KB, created by
Eugene Grosbein
on 2014-11-17 13:35:15 UTC
(
hide
)
Description:
crashdump details
Filename:
MIME Type:
Creator:
Eugene Grosbein
Created:
2014-11-17 13:35:15 UTC
Size:
8.00 KB
patch
obsolete
>Dump header from device /dev/ad0s4b > Architecture: amd64 > Architecture Version: 2 > Dump Length: 725405696B (691 MB) > Blocksize: 512 > Dumptime: Mon Nov 17 17:02:21 2014 > Hostname: m-19-pc-2.sd.rdtc.ru > Magic: FreeBSD Kernel Dump > Version String: FreeBSD 8.4-STABLE #0 r271962M: Tue Sep 23 13:40:43 NOVT 2014 > root@k-45-pc-1.sd.rdtc.ru:/usr/local/obj/nanobsd.pppoe/home/src/sys/PPPOE8 > Panic String: page fault > Dump Parity: 3644142087 > Bounds: 6 > Dump Status: good > >Script started on Mon Nov 17 20:00:54 2014 >kgdb kernel.debug /var/crash/vmcore.6 >GNU gdb 6.1.1 [FreeBSD] >Copyright 2004 Free Software Foundation, Inc. >GDB is free software, covered by the GNU General Public License, and you are >welcome to change it and/or distribute copies of it under certain conditions. >Type "show copying" to see the conditions. >There is absolutely no warranty for GDB. Type "show warranty" for details. >This GDB was configured as "amd64-marcel-freebsd"... > >Unread portion of the kernel message buffer: > >frame pointer = 0x28:0xffffff8122b0ba40 >code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, long 1, def32 0, gran 1 >processor eflags = interrupt enabled, resume, IOPL = 0 >current process = 0 (dummynet) >trap number = 12 >panic: page fault >cpuid = 0 >KDB: stack backtrace: >db_trace_self_wrapper() at 0xffffffff801d435a = db_trace_self_wrapper+0x2a >kdb_backtrace() at 0xffffffff80362567 = kdb_backtrace+0x37 >panic() at 0xffffffff8032c27e = panic+0x1ce >trap_fatal() at 0xffffffff805413a0 = trap_fatal+0x290 >trap_pfault() at 0xffffffff8054175f = trap_pfault+0x26f >trap() at 0xffffffff80541c15 = trap+0x365 >calltrap() at 0xffffffff805278a8 = calltrap+0x8 >--- trap 0xc, rip = 0x1, rsp = 0xffffff8122b0ba20, rbp = 0xffffff8122b0ba40 --- >uart_z8530_class() at 0x1 >uma_zfree_arg() at 0xffffffff8050071a = uma_zfree_arg+0x3a >m_freem() at 0xffffffff8038f0f7 = m_freem+0x37 >dummynet_send() at 0xffffffff8043c648 = dummynet_send+0x38 >dummynet_task() at 0xffffffff8043c926 = dummynet_task+0x1c6 >taskqueue_run_locked() at 0xffffffff8036f345 = taskqueue_run_locked+0x85 >taskqueue_thread_loop() at 0xffffffff8036f506 = taskqueue_thread_loop+0x46 >fork_exit() at 0xffffffff802fee2f = fork_exit+0x11f >fork_trampoline() at 0xffffffff80527dee = fork_trampoline+0xe >--- trap 0, rip = 0, rsp = 0xffffff8122b0bcf0, rbp = 0 --- >Uptime: 53d2h0m56s >Dumping 691 out of 4077 MB:..3%..12%..21%..31%..42%..51%..61%..72%..81%..91% > >#0 doadump () at /home/src/sys/kern/kern_shutdown.c:266 >266 if (textdump_pending) >(kgdb) bt full >#0 doadump () at /home/src/sys/kern/kern_shutdown.c:266 >No locals. >#1 0xffffffff8032bd6a in boot (howto=260) at /home/src/sys/kern/kern_shutdown.c:443 > _ep = (struct eventhandler_entry *) 0x0 > _el = <value optimized out> > first_buf_printf = 1 >#2 0xffffffff8032c257 in panic (fmt=0x1 <Address 0x1 out of bounds>) at /home/src/sys/kern/kern_shutdown.c:634 > td = (struct thread *) 0x1 > bootopt = <value optimized out> > newpanic = <value optimized out> > ap = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0xffffff8122b0b710, reg_save_area = 0xffffff8122b0b630}} > panic_cpu = 0 > buf = "page fault", '\0' <repeats 245 times> >#3 0xffffffff805413a0 in trap_fatal (frame=0xc, eva=<value optimized out>) at /home/src/sys/amd64/amd64/trap.c:849 > code = <value optimized out> > ss = 40 > type = 12 > esp = <value optimized out> > softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_long = 1, ssd_def32 = 0, ssd_gran = 1} > msg = <value optimized out> >#4 0xffffffff8054175f in trap_pfault (frame=0xffffff8122b0b970, usermode=0) at /home/src/sys/amd64/amd64/trap.c:765 > id = <value optimized out> > _tid = <value optimized out> > va = 0 > vm = <value optimized out> > map = 0xffffffff807d20a0 > rv = <value optimized out> > td = (struct thread *) 0xffffff0003c218e0 > p = (struct proc *) 0xffffffff807d17e0 > eva = 1 >#5 0xffffffff80541c15 in trap (frame=0xffffff8122b0b970) at /home/src/sys/amd64/amd64/trap.c:457 > regs = {r_r15 = -1096664042320, r_r14 = -1096000127616, r_r13 = -544878839728, r_r12 = -2143189682, r_r11 = 5996356352080, > r_r10 = -1099411684352, r_r9 = -1096664042320, r_r8 = -544878839328, r_rdi = -1096664042320, r_rsi = -1099448575776, r_rbp = -544878839664, > r_rbx = -2143188499, r_rdx = -2142065708, r_rcx = 1, r_rax = 1, r_trapno = 1, r_fs = 0, r_gs = 0, r_err = 1, r_es = 0, r_ds = 0, > r_rip = -544878839344, r_cs = -544878839408, r_rflags = -2142971781, r_rsp = 0, r_ss = -544878839504} > td = (struct thread *) 0xffffff0003c218e0 > p = <value optimized out> > i = <value optimized out> > ucode = <value optimized out> > code = 16 > type = 12 > addr = <value optimized out> > ksi = {ksi_link = {tqe_next = 0x1df773520, tqe_prev = 0x0}, ksi_info = {si_signo = 582007264, si_errno = -127, si_code = 0, si_pid = 0, > si_uid = 0, si_status = 0, si_addr = 0x180500c74, si_value = {sival_int = 0, sival_ptr = 0x0, sigval_int = 0, sigval_ptr = 0x0}, _reason = { > _fault = {_trapno = -545835744}, _timer = {_timerid = -545835744, _overrun = -256}, _mesgq = {_mqd = -545835744}, _poll = { > _band = -1095762496224}, __spare__ = {__spare1__ = -1095762496224, __spare2__ = {582007152, -127, -2142238389, -1, 0, 0, -545835864}}}}, > ksi_flags = 63052000, ksi_sigq = 0xffffff0003c218e0} >---Type <return> to continue, or q <return> to quit--- >#6 0xffffffff805278a8 in calltrap () at /home/src/sys/amd64/amd64/exception.S:228 >No locals. >#7 0x0000000000000001 in ?? () >No symbol table info available. >#8 0xffffffff803187c7 in mb_dtor_pack (mem=<value optimized out>, size=<value optimized out>, arg=<value optimized out>) > at /home/src/sys/kern/kern_mbuf.c:453 >No locals. >#9 0xffffffff8050071a in uma_zfree_arg (zone=0xffffff00df773780, item=0xffffff006e89e400, udata=0x0) at /home/src/sys/vm/uma_core.c:2543 > cache = <value optimized out> > bucket = <value optimized out> > bflags = <value optimized out> >#10 0xffffffff8038f0f7 in m_freem (mb=0x0) at mbuf.h:584 >No locals. >#11 0xffffffff8043c648 in dummynet_send (m=0xffffff006e89e400) at /home/src/sys/netinet/ipfw/ip_dn_io.c:705 > ifp = <value optimized out> > tag = (struct m_tag *) 0xffffff011a42c600 > dst = <value optimized out> > n = (struct mbuf *) 0xffffff00589d6700 >#12 0xffffffff8043c926 in dummynet_task (context=<value optimized out>, pending=1) at /home/src/sys/netinet/ipfw/ip_dn_io.c:615 > p = (struct dn_id *) 0x1 > t = {tv_sec = 4586456, tv_usec = 630986} > q = {head = 0xffffff006c440c00, tail = 0xffffff005a8c1400} >#13 0xffffffff8036f345 in taskqueue_run_locked (queue=0xffffff0003c17b00) at /home/src/sys/kern/subr_taskqueue.c:259 > tb = {tb_running = 0xffffffff807fec80, tb_link = {tqe_next = 0x0, tqe_prev = 0xffffff0003c17b20}} > pending = <value optimized out> >#14 0xffffffff8036f506 in taskqueue_thread_loop (arg=<value optimized out>) at /home/src/sys/kern/subr_taskqueue.c:417 > tq = (struct taskqueue *) 0xffffff0003c17b00 >#15 0xffffffff802fee2f in fork_exit (callout=0xffffffff8036f4c0 <taskqueue_thread_loop>, arg=0xffffffff807fec20, frame=0xffffff8122b0bc40) > at /home/src/sys/kern/kern_fork.c:872 > p = (struct proc *) 0xffffffff807d17e0 > td = (struct thread *) 0xffffff0003c218e0 >#16 0xffffffff80527dee in fork_trampoline () at /home/src/sys/amd64/amd64/exception.S:602 >No locals. >#17 0x0000000000000000 in ?? () >No symbol table info available. >(kgdb) frame 11 >#11 0xffffffff8043c648 in dummynet_send (m=0xffffff006e89e400) at /home/src/sys/netinet/ipfw/ip_dn_io.c:705 >705 FREE_PKT(m); >(kgdb) l >700 FREE_PKT(m); >701 break; >702 >703 default: >704 printf("dummynet: bad switch %d!\n", dst); >705 FREE_PKT(m); >706 break; >707 } >708 } >709 } >(kgdb) p m->M_dat.MH.MH_pkthdr.tags.slh_first >$1 = (struct m_tag *) 0x0 >(kgdb) p p m->M_dat.MH.MH_pkthdr >No symbol "p" in current context. >(kgdb) p m->M_dat.MH.MH_pkthdr >$2 = {rcvif = 0xffffff0005abd000, header = 0x0, len = 1400, flowid = 2, csum_flags = 3840, csum_data = 65535, tso_segsz = 0, PH_vt = { > vt_vtag = 0, vt_nrecs = 0}, tags = {slh_first = 0x0}} >(kgdb) p *tag >$3 = {m_tag_link = {sle_next = 0x0}, m_tag_id = 0, m_tag_len = 0, m_tag_cookie = 1262273568, m_tag_free = 0x1} >(kgdb) p dst >$4 = <value optimized out> >(kgdb) p ifp >$5 = <value optimized out> >(kgdb) quit >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=149513">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 195102
: 149513