deadc0de panic in em driver (Re: deadc0de panic in fxp driver)

Kris Kennaway kris at obsecurity.org
Thu Feb 23 11:32:40 PST 2006 

On Thu, Feb 16, 2006 at 03:15:14PM -0500, Kris Kennaway wrote:
> Peter Holm's stress test gave me this on an SMP machine running fresh
> 7.0:
> 
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 00
> fault virtual address   = 0xdeadc0de
> fault code              = supervisor write, page not present
> instruction pointer     = 0x20:0xc0681633
> stack pointer           = 0x28:0xf3bbeb88
> frame pointer           = 0x28:0xf3bbeb88
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 24 (irq17: fxp0)
> [thread pid 24 tid 100020 ]
> Stopped at      trash_dtor+0x10:        movl    $0xdeadc0de,0(%edx)
> db> wh
> Tracing pid 24 tid 100020 td 0xcc47b1a0
> trash_dtor(deadc0de,800,0,f3bbebb8,c05295bb) at trash_dtor+0x10
> trash_init(deadc0de,800,1,7f,35) at trash_init+0x20
> mb_zinit_pack(ccb7e100,100,1,85f,f3bbebec) at mb_zinit_pack+0x50
> uma_zalloc_bucket(c1057000,1,c073d432,75d,0) at uma_zalloc_bucket+0x1f1
> uma_zalloc_arg(c1057000,f3bbec4c,1,1,c072a086) at uma_zalloc_arg+0x38e
> fxp_add_rfabuf(cc546000,cc54604c,2,61a,cc546014) at fxp_add_rfabuf+0x35
> fxp_intr_body(cc546000,cc53c000,40,ffffffff,cc53c000) at fxp_intr_body+0x115
> fxp_intr(cc546000,f3bbecdc,c052aa10,c07f5c90,1) at fxp_intr+0xcf
> ithread_execute_handlers(cc4cccd8,cc477700,c0725a19,2f9,cc47b1a0) at ithread_execute_handlers+0x10e
> ithread_loop(cc539960,f3bbed38,c0725807,31a,cc539960) at ithread_loop+0x78
> fork_exit(c051cdfa,cc539960,f3bbed38) at fork_exit+0xc5
> fork_trampoline() at fork_trampoline+0x8
> --- trap 0x1, eip = 0, esp = 0xf3bbed6c, ebp = 0 ---
> db>

Same panic from em:

panic: vm_fault: fault on nofault entry, addr: deadc000
cpuid = 2
KDB: enter: panic
[thread pid 9 tid 100019 ]
Stopped at      kdb_enter+0x30: leave
db> wh
Tracing pid 9 tid 100019 td 0xc63d6340
kdb_enter(c06f8aa4,2,c070debb,e50079a8,c63d6340) at kdb_enter+0x30
panic(c070debb,deadc000,2,e5007a38,e5007a28) at panic+0x13f
vm_fault(c1069000,deadc000,2,0,c63d6340) at vm_fault+0x23a
trap_pfault(e5007b50,0,deadc0de,c106c388,deadc0de) at trap_pfault+0x162
trap(c1050008,e5000028,c0650028,c1057000,1) at trap+0x3fb
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0xc065405b, esp = 0xe5007b90, ebp = 0xe5007b90 ---
trash_dtor(deadc0de,800,0,e5007bc0,c05086eb) at trash_dtor+0x10
trash_init(deadc0de,800,1,c105bd20,cda8ad00) at trash_init+0x20
mb_zinit_pack(cda8ad00,100,1,8ab,138) at mb_zinit_pack+0x50
uma_zalloc_internal(c105bd20,e5007c3c,1,796,c63d6180) at uma_zalloc_internal+0xcf
uma_zalloc_arg(c105bd20,e5007c3c,1,c0529964,c63d6340) at uma_zalloc_arg+0x3f3
em_get_buf(8,c656e800,0,c6588880,1) at em_get_buf+0x3f
em_rxeof(c656e800,63,1,c06f7be0,c656e9cc) at em_rxeof+0x1f5
em_handle_rxtx(c656e800,1,c06fbfa7,50,c658889c) at em_handle_rxtx+0x5b
taskqueue_run(c6588880,c658889c,c06f0e27,0,1) at taskqueue_run+0x104
taskqueue_thread_loop(c656e9dc,e5007d38,c06f5c42,31a,c656e9dc) at taskqueue_thread_loop+0x6b
fork_exit(c053b5f8,c656e9dc,e5007d38) at fork_exit+0xc5
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip = 0, esp = 0xe5007d6c, ebp = 0 ---
db>

Core available.

Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20060223/0ac8230b/attachment.bin

More information about the freebsd-net mailing list