kern/94307: [bge] kernel panics when passing trafffic through bge1

Byron L. Hicks bhicks at nmsu.edu
Mon Mar 20 17:20:24 UTC 2006 

The following reply was made to PR kern/94307; it has been noted by GNATS.

From: "Byron L. Hicks" <bhicks at nmsu.edu>
To: bug-followup at FreeBSD.org, bhicks at nmsu.edu
Cc:  
Subject: Re: kern/94307: [bge] kernel panics when passing trafffic through
 bge1
Date: Mon, 20 Mar 2006 10:19:03 -0700

 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
 monitor-temp# cd /usr/obj/usr/src/sys/DL320
 monitor-temp# kgdb kernel.debug /usr/crash/vmcore.0
 [GDB will not be able to debug user-mode threads:
 /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
 GNU gdb 6.1.1 [FreeBSD]
 Copyright 2004 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and you are
 welcome to change it and/or distribute copies of it under certain
 conditions.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for details.
 This GDB was configured as "i386-marcel-freebsd".
 
 Unread portion of the kernel message buffer:
 bge1: discard frame w/o leading ethernet header (len 4294967292 pkt len
 4294967292)
 
 
 Fatal trap 12: page fault while in kernel mode
 fault virtual address   = 0xc
 fault code              = supervisor write, page not present
 instruction pointer     = 0x20:0xc04ed93b
 stack pointer           = 0x28:0xe500cca8
 frame pointer           = 0x28:0xe500ccd0
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = 28 (irq17: bge1 uhci1+)
 trap number             = 12
 panic: page fault
 Uptime: 58s
 Dumping 1023 MB (2 chunks)
   chunk 0: 1MB (159 pages) ... ok
   chunk 1: 1023MB (261848 pages) 1007 991 975 959 943 927 911 895 879
 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591
 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303
 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15
 
 #0  doadump () at pcpu.h:165
 165             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
 (kgdb) list 0xc04ed93b
 Function "0xc04ed93b" not defined.
 (kgdb) list *0xc04ed93b
 0xc04ed93b is in bge_rxeof (/usr/src/sys/dev/bge/if_bge.c:2626).
 2621                                cur_rx->bge_len);
 2622                            m->m_data += ETHER_ALIGN;
 2623                    }
 2624    #endif
 2625                    eh = mtod(m, struct ether_header *);
 2626                    m->m_pkthdr.len = m->m_len = cur_rx->bge_len -
 ETHER_CRC_LEN;
 2627                    m->m_pkthdr.rcvif = ifp;
 2628
 2629                    if (ifp->if_capenable & IFCAP_RXCSUM) {
 2630                            if (cur_rx->bge_flags &
 BGE_RXBDFLAG_IP_CSUM) {
 (kgdb) backtrace
 #0  doadump () at pcpu.h:165
 #1  0xc063f6b2 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
 #2  0xc063f948 in panic (fmt=0xc08367d7 "%s")
     at /usr/src/sys/kern/kern_shutdown.c:555
 #3  0xc07ee6b4 in trap_fatal (frame=0xe500cc68, eva=12)
     at /usr/src/sys/i386/i386/trap.c:836
 #4  0xc07ee41b in trap_pfault (frame=0xe500cc68, usermode=0, eva=12)
     at /usr/src/sys/i386/i386/trap.c:744
 #5  0xc07ee079 in trap (frame=
       {tf_fs = -994312184, tf_es = 822280232, tf_ds = -994312152, tf_edi
 = -452247520, tf_esi = -994267136, tf_ebp = -452932400, tf_isp =
 - -452932460, tf_ebx = 0, tf_edx = 0, tf_ecx = -994290688, tf_eax = -4,
 tf_trapno = 12, tf_err = 2, tf_eip = -1068574405, tf_cs = 32, tf_eflags
 = 590487, tf_esp = 1014144642, tf_ss = 0}) at
 /usr/src/sys/i386/i386/trap.c:434
 #6  0xc07ddfca in calltrap () at /usr/src/sys/i386/i386/exception.s:139
 #7  0xc04ed93b in bge_rxeof (sc=0xc4bcb000)
     at /usr/src/sys/dev/bge/if_bge.c:2626
 #8  0xc04edd6c in bge_intr (xsc=0xc4bcb000)
     at /usr/src/sys/dev/bge/if_bge.c:2818
 #9  0xc062ae2d in ithread_loop (arg=0xc4a87400)
     at /usr/src/sys/kern/kern_intr.c:547
 #10 0xc062a0b4 in fork_exit (callout=0xc062acd4 <ithread_loop>,
     arg=0xc4a87400, frame=0xe500cd38) at /usr/src/sys/kern/kern_fork.c:789
 - ---Type <return> to continue, or q <return> to quit---
 #11 0xc07de02c in fork_trampoline () at
 /usr/src/sys/i386/i386/exception.s:208
 (kgdb) frame 7
 #7  0xc04ed93b in bge_rxeof (sc=0xc4bcb000)
     at /usr/src/sys/dev/bge/if_bge.c:2626
 2626                    m->m_pkthdr.len = m->m_len = cur_rx->bge_len -
 ETHER_CRC_LEN;
 (kgdb) p m
 $1 = (struct mbuf *) 0x0
 (kgdb) p *m
 Cannot access memory at address 0x0
 (kgdb) p cur_rx
 $2 = (struct bge_rx_bd *) 0xe50b4020
 (kgdb) p *cur_rx
 $3 = {bge_addr = {bge_addr_hi = 0, bge_addr_lo = 0}, bge_len = 0,
 bge_idx = 0,
   bge_flags = 0, bge_type = 0, bge_tcp_udp_csum = 0, bge_ip_csum = 0,
   bge_vlan_tag = 0, bge_error_flag = 0, bge_rsvd = 0, bge_opaque = 0}
 (kgdb) p ifp
 $4 = (struct ifnet *) 0xc4bc5400
 (kgdb) p *ifp
 $5 = {if_softc = 0xc4bcb000, if_l2com = 0xc4bc31f0, if_link = {
     tqe_next = 0xc4c5e800, tqe_prev = 0xc4bbd808},
   if_xname = "bge1", '\0' <repeats 11 times>, if_dname = 0xc4ad3dec "bge",
   if_dunit = 1, if_addrhead = {tqh_first = 0xc4b9d400, tqh_last =
 0xc4d9bb60},
   if_klist = {kl_list = {slh_first = 0x0},
     kl_lock = 0xc0624d8c <knlist_mtx_lock>,
     kl_unlock = 0xc0624dc0 <knlist_mtx_unlock>,
     kl_locked = 0xc0624dfc <knlist_mtx_locked>, kl_lockarg = 0xc0907360},
   if_pcount = 0, if_carp = 0x0, if_bpf = 0x0, if_index = 2, if_timer = 0,
   if_nvlans = 0, if_flags = 34819, if_capabilities = 27, if_capenable = 27,
   if_linkmib = 0x0, if_linkmiblen = 0, if_data = {ifi_type = 6 '\006',
     ifi_physical = 0 '\0', ifi_addrlen = 6 '\006', ifi_hdrlen = 14 '\016',
     ifi_link_state = 2 '\002', ifi_recvquota = 0 '\0', ifi_xmitquota = 0
 '\0',
     ifi_datalen = 80 'P', ifi_mtu = 1500, ifi_metric = 0,
     ifi_baudrate = 10000000, ifi_ipackets = 610, ifi_ierrors = 1252492992,
     ifi_opackets = 375, ifi_oerrors = 2944995602, ifi_collisions =
 2706406393,
     ifi_ibytes = 770316, ifi_obytes = 24940, ifi_imcasts = 71,
     ifi_omcasts = 0, ifi_iqdrops = 0, ifi_noproto = 0, ifi_hwassist = 7,
     ifi_epoch = 0, ifi_lastchange = {tv_sec = 1142522343, tv_usec =
 446415}},
   if_multiaddrs = {tqh_first = 0xc4c289c0, tqh_last = 0xc4c289a0},
   if_amcount = 0, if_output = 0xc06ac748 <ether_output>,
   if_input = 0xc06acf80 <ether_input>, if_start = 0xc04ee84c <bge_start>,
   if_ioctl = 0xc04eee6c <bge_ioctl>, if_watchdog = 0xc04ef1bc
 <bge_watchdog>,
 - ---Type <return> to continue, or q <return> to quit---
   if_init = 0xc04eebb4 <bge_init>,
   if_resolvemulti = 0xc06ad78c <ether_resolvemulti>, if_spare1 = 0x0,
   if_spare2 = 0x0, if_spare3 = 0x0, if_drv_flags = 64, if_spare_flags2 = 0,
   if_snd = {ifq_head = 0x0, ifq_tail = 0x0, ifq_len = 0, ifq_maxlen = 511,
     ifq_drops = 0, ifq_mtx = {mtx_object = {lo_class = 0xc08a9884,
         lo_name = 0xc4bc5410 "bge1", lo_type = 0xc0855521 "if send queue",
         lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0},
         lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}, ifq_drv_head
 = 0x0,
     ifq_drv_tail = 0x0, ifq_drv_len = 0, ifq_drv_maxlen = 511, altq_type
 = 0,
     altq_flags = 1, altq_disc = 0x0, altq_ifp = 0xc4bc5400, altq_enqueue
 = 0,
     altq_dequeue = 0, altq_request = 0, altq_clfier = 0x0, altq_classify
 = 0,
     altq_tbr = 0x0, altq_cdnr = 0x0}, if_broadcastaddr = 0xc0810c20
 "??????",
   if_bridge = 0x0, lltables = 0x0, if_label = 0x0, if_prefixhead = {
     tqh_first = 0x0, tqh_last = 0xc4bc557c}, if_afdata = {
     0x0 <repeats 37 times>}, if_afdata_initialized = 2, if_afdata_mtx = {
     mtx_object = {lo_class = 0xc08a9884, lo_name = 0xc0855511 "if_afdata",
       lo_type = 0xc0855511 "if_afdata", lo_flags = 196608, lo_list = {
         tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4,
     mtx_recurse = 0}, if_starttask = {ta_link = {stqe_next = 0x0},
     ta_pending = 0, ta_priority = 0, ta_func = 0xc06ab8f4
 <if_start_deferred>,
     ta_context = 0xc4bc5400}, if_linktask = {ta_link = {stqe_next = 0x0},
     ta_pending = 0, ta_priority = 0,
     ta_func = 0xc06a9a00 <do_link_state_change>, ta_context = 0xc4bc5400},
 - ---Type <return> to continue, or q <return> to quit---
   if_addr_mtx = {mtx_object = {lo_class = 0xc08a9884,
       lo_name = 0xc08554a7 "if_addr_mtx", lo_type = 0xc08554a7
 "if_addr_mtx",
       lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0},
       lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}}
 
 monitor-temp# ident /boot/kernel/kernel | grep kern_mbuf.c
      $FreeBSD: src/sys/kern/kern_mbuf.c,v 1.9.2.5 2006/03/01 20:51:49
 andre Exp $
 
 - --
 Byron L. Hicks
 Network Engineer
 NMSU ICT/CHECS-NET
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.1 (Darwin)
 Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
 
 iD8DBQFEHuQHIuuK+iJ+1EMRAosXAKDZ7cVr8tUd1wf3MKhvObbvdGi1UQCgyKlB
 iKtAZ3JTdg7pdTGrdr/AxMo=
 =Wkmo
 -----END PGP SIGNATURE-----

More information about the freebsd-bugs mailing list