Dummynet causes kernel trap and system freeze

Vladimir V. Kobal vlad at prokk.net
Wed Mar 19 13:01:29 UTC 2008 

Here is the backtraces for two sequential crashes for kernel compiled with
options         INVARIANTS
options         INVARIANT_SUPPORT
-------------- next part --------------
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd".

Unread portion of the kernel message buffer:


Fatal trap 9: general protection fault while in kernel mode
cpuid = 1; apic id = 01
instruction pointer= 0x8:0xffffffff8034332c
stack pointer        = 0x10:0xffffffff9e727b00
frame pointer        = 0x10:0xffffff00014e3031
code segment= base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags= interrupt enabled, resume, IOPL = 0
current process= 29 (dummynet)
trap number= 9
panic: general protection fault
cpuid = 1
Uptime: 1h7m47s
Physical memory: 952 MB
Dumping 84 MB: 69 53 37 21 5

#0  doadump () at pcpu.h:194
194pcpu.h: No such file or directory.
in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:194
#1  0x8888888888888889 in ?? ()
#2  0xffffffff80246bc4 in boot (howto=260) at ../../../kern/kern_shutdown.c:409
#3  0xffffffff80246fbd in panic (fmt=0x104 <Address 0x104 out of bounds>)
    at ../../../kern/kern_shutdown.c:563
#4  0xffffffff803d6eb4 in trap_fatal (frame=0xffffff0001213000, 
    eva=18446742974215792848) at ../../../amd64/amd64/trap.c:724
#5  0xffffffff803d7953 in trap (frame=0xffffffff9e727a50)
    at ../../../amd64/amd64/trap.c:526
#6  0xffffffff803bde7e in calltrap () at ../../../amd64/amd64/exception.S:169
#7  0xffffffff8034332c in ip_input (m=0xffffff0006959300)
    at ../../../netinet/ip_input.c:520
#8  0xffffffff8033709d in dummynet_send (m=0xffffff0006959300)
    at ../../../netinet/ip_dummynet.c:858
#9  0xffffffff80337322 in dummynet_task (context=Variable "context" is not available.
)
    at ../../../netinet/ip_dummynet.c:834
#10 0xffffffff802767a1 in taskqueue_run (queue=0xffffff0001231380)
    at ../../../kern/subr_taskqueue.c:255
#11 0xffffffff80276932 in taskqueue_thread_loop (arg=Variable "arg" is not available.
)
    at ../../../kern/subr_taskqueue.c:374
#12 0xffffffff8022b03e in fork_exit (
    callout=0xffffffff802768e0 <taskqueue_thread_loop>, 
    arg=0xffffffff805d3698, frame=0xffffffff9e727c80)
    at ../../../kern/kern_fork.c:781
#13 0xffffffff803be24e in fork_trampoline ()
    at ../../../amd64/amd64/exception.S:415
#14 0x0000000000000000 in ?? ()
#15 0x0000000000000000 in ?? ()
#16 0x0000000000000001 in ?? ()
#17 0x0000000000000000 in ?? ()
#18 0x0000000000000000 in ?? ()
#19 0x0000000000000000 in ?? ()
#20 0x0000000000000000 in ?? ()
#21 0x0000000000000000 in ?? ()
#22 0x0000000000000000 in ?? ()
#23 0x0000000000000000 in ?? ()
#24 0x0000000000000000 in ?? ()
#25 0x0000000000000000 in ?? ()
#26 0x0000000000000000 in ?? ()
#27 0x0000000000000000 in ?? ()
#28 0x0000000000000000 in ?? ()
#29 0x0000000000000000 in ?? ()
#30 0x0000000000000000 in ?? ()
#31 0x0000000000000000 in ?? ()
#32 0x0000000000000000 in ?? ()
#33 0x0000000000000000 in ?? ()
#34 0x0000000000000000 in ?? ()
#35 0x0000000000000000 in ?? ()
#36 0x0000000000000000 in ?? ()
#37 0x0000000000000000 in ?? ()
#38 0x00000000007a3000 in ?? ()
#39 0xffffffff9e727b80 in ?? ()
#40 0xffffff000110a8d0 in ?? ()
#41 0xffffffff805c5000 in facility_initialized ()
#42 0xffffff000110a8d0 in ?? ()
#43 0xffffff0001060000 in ?? ()
#44 0xffffffff9e727738 in ?? ()
#45 0xffffff0001213000 in ?? ()
#46 0xffffffff80263b8d in sched_switch (td=0xffffffff805d3698, newtd=0x0, 
    flags=Variable "flags" is not available.
) at ../../../kern/sched_4bsd.c:905
#47 0x0000000000000000 in ?? ()
#48 0x0000000000000000 in ?? ()
#49 0x0000000000000000 in ?? ()
#50 0x0000000000000000 in ?? ()
#51 0x0000000000000000 in ?? ()
#52 0x0000000000000000 in ?? ()
#53 0x0000000000000000 in ?? ()
#54 0x0000000000000000 in ?? ()
#55 0x0000000000000000 in ?? ()
#56 0x0000000000000000 in ?? ()
#57 0x0000000000000000 in ?? ()
#58 0x0000000000000000 in ?? ()
#59 0x0000000000000000 in ?? ()
#60 0x0000000000000000 in ?? ()
#61 0x0000000000000000 in ?? ()
#62 0x0000000000000000 in ?? ()
#63 0x0000000000000000 in ?? ()
#64 0x0000000000000000 in ?? ()
#65 0x0000000000000000 in ?? ()
#66 0x0000000000000000 in ?? ()
#67 0x0000000000000000 in ?? ()
#68 0x0000000000000000 in ?? ()
#69 0x0000000000000000 in ?? ()
#70 0x0000000000000000 in ?? ()
#71 0x0000000000000000 in ?? ()
#72 0x0000000000000000 in ?? ()
#73 0x0000000000000000 in ?? ()
#74 0x0000000000000000 in ?? ()
#75 0x0000000000000000 in ?? ()
#76 0x0000000000000000 in ?? ()
#77 0x0000000000000000 in ?? ()
#78 0x0000000000000000 in ?? ()
#79 0x0000000000000000 in ?? ()
#80 0x0000000000000000 in ?? ()
#81 0x0000000000000000 in ?? ()
#82 0x0000000000000000 in ?? ()
#83 0x0000000000000000 in ?? ()
#84 0x0000000000000000 in ?? ()
#85 0x0000000000000000 in ?? ()
#86 0x0000000000000000 in ?? ()
#87 0x0000000000000000 in ?? ()
#88 0x0000000000000000 in ?? ()
#89 0x0000000000000000 in ?? ()
#90 0x0000000000000000 in ?? ()
#91 0x0000000000000000 in ?? ()
#92 0x0000000000000000 in ?? ()
#93 0x0000000000000000 in ?? ()
#94 0x0000000000000000 in ?? ()
#95 0x0000000000000000 in ?? ()
#96 0x0000000000000000 in ?? ()
#97 0x0000000000000000 in ?? ()
#98 0x0000000000000000 in ?? ()
#99 0x0000000000000000 in ?? ()
#100 0x0000000000000000 in ?? ()
#101 0x0000000000000000 in ?? ()
#102 0x0000000000000000 in ?? ()
#103 0x0000000000000000 in ?? ()
#104 0x0000000000000000 in ?? ()
#105 0x0000000000000000 in ?? ()
#106 0x0000000000000000 in ?? ()
#107 0x0000000000000000 in ?? ()
#108 0x0000000000000000 in ?? ()
#109 0x0000000000000000 in ?? ()
#110 0x0000000000000000 in ?? ()
#111 0x0000000000000000 in ?? ()
#112 0x0000000000000000 in ?? ()
#113 0x0000000000000000 in ?? ()
#114 0x0000000000000000 in ?? ()
#115 0x0000000000000000 in ?? ()
#116 0x0000000000000000 in ?? ()
#117 0x0000000000000000 in ?? ()
#118 0x0000000000000000 in ?? ()
Cannot access memory at address 0xffffffff9e728000
(kgdb) bt full
#0  doadump () at pcpu.h:194
No locals.
#1  0x8888888888888889 in ?? ()
No symbol table info available.
#2  0xffffffff80246bc4 in boot (howto=260) at ../../../kern/kern_shutdown.c:409
_ep = Variable "_ep" is not available.
(kgdb) 
-------------- next part --------------
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd".

Unread portion of the kernel message buffer:
Slab at 0xffffff0001648f50, freei 12 = 0.
panic: Duplicate free of item 0xffffff0001648c00 from zone 0xffffff003bfdce00(mbuf_packet)

cpuid = 1
Uptime: 10s
Physical memory: 952 MB
Dumping 56 MB: 41 25 9

#0  doadump () at pcpu.h:194
194pcpu.h: No such file or directory.
in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:194
#1  0xffffff000105a480 in ?? ()
#2  0xffffffff80246bc4 in boot (howto=260) at ../../../kern/kern_shutdown.c:409
#3  0xffffffff80246fbd in panic (fmt=0x104 <Address 0x104 out of bounds>)
    at ../../../kern/kern_shutdown.c:563
#4  0xffffffff803a0f28 in uma_dbg_free (zone=Variable "zone" is not available.
) at ../../../vm/uma_dbg.c:302
#5  0xffffffff8039fa54 in uma_zfree_arg (zone=0xffffff003bfdce00, 
    item=0xffffff0001648c00, udata=0x0) at ../../../vm/uma_core.c:2261
#6  0xffffffff80291147 in m_freem (mb=0x0) at mbuf.h:510
#7  0xffffffff8033997b in ip_fastforward (m=0xffffff0001648c00)
    at ../../../netinet/ip_fastfwd.c:609
#8  0xffffffff802d4ddf in ether_demux (ifp=0xffffff000118a800, 
    m=0xffffff0001648c00) at ../../../net/if_ethersubr.c:770
#9  0xffffffff802d50a8 in ether_input (ifp=0xffffff000118a800, 
    m=0xffffff0001648c00) at ../../../net/if_ethersubr.c:692
#10 0xffffffff801a133a in em_handle_rxtx (context=Variable "context" is not available.
)
    at ../../../dev/em/if_em.c:4542
#11 0xffffffff802767a1 in taskqueue_run (queue=0xffffff00011f0a80)
    at ../../../kern/subr_taskqueue.c:255
#12 0xffffffff80276932 in taskqueue_thread_loop (arg=Variable "arg" is not available.
)
    at ../../../kern/subr_taskqueue.c:374
#13 0xffffffff8022b03e in fork_exit (
    callout=0xffffffff802768e0 <taskqueue_thread_loop>, 
    arg=0xffffff00011a84d8, frame=0xffffffff9e6d3c80)
    at ../../../kern/kern_fork.c:781
#14 0xffffffff803be24e in fork_trampoline ()
    at ../../../amd64/amd64/exception.S:415
#15 0x0000000000000000 in ?? ()
#16 0x0000000000000000 in ?? ()
#17 0x0000000000000001 in ?? ()
#18 0x0000000000000000 in ?? ()
#19 0x0000000000000000 in ?? ()
#20 0x0000000000000000 in ?? ()
#21 0x0000000000000000 in ?? ()
#22 0x0000000000000000 in ?? ()
#23 0x0000000000000000 in ?? ()
#24 0x0000000000000000 in ?? ()
#25 0x0000000000000000 in ?? ()
#26 0x0000000000000000 in ?? ()
#27 0x0000000000000000 in ?? ()
#28 0x0000000000000000 in ?? ()
#29 0x0000000000000000 in ?? ()
#30 0x0000000000000000 in ?? ()
#31 0x0000000000000000 in ?? ()
#32 0x0000000000000000 in ?? ()
#33 0x0000000000000000 in ?? ()
#34 0x0000000000000000 in ?? ()
#35 0x0000000000000000 in ?? ()
#36 0x0000000000000000 in ?? ()
#37 0x0000000000000000 in ?? ()
#38 0x0000000000000000 in ?? ()
#39 0x00000000007a3000 in ?? ()
#40 0xffffff003bfddd20 in ?? ()
#41 0xffffff00011c3000 in ?? ()
#42 0xffffffff805c5000 in facility_initialized ()
#43 0xffffff00011c3000 in ?? ()
#44 0xffffff0001060680 in ?? ()
#45 0xffffffff9e6d37e8 in ?? ()
#46 0xffffff00011049c0 in ?? ()
#47 0xffffffff80263b8d in sched_switch (td=0xffffff00011a84d8, newtd=0x0, 
    flags=Variable "flags" is not available.
) at ../../../kern/sched_4bsd.c:905
#48 0x0000000000000000 in ?? ()
#49 0x0000000000000000 in ?? ()
#50 0x0000000000000000 in ?? ()
#51 0x0000000000000000 in ?? ()
#52 0x0000000000000000 in ?? ()
#53 0x0000000000000000 in ?? ()
#54 0x0000000000000000 in ?? ()
#55 0x0000000000000000 in ?? ()
#56 0x0000000000000000 in ?? ()
#57 0x0000000000000000 in ?? ()
#58 0x0000000000000000 in ?? ()
#59 0x0000000000000000 in ?? ()
#60 0x0000000000000000 in ?? ()
#61 0x0000000000000000 in ?? ()
#62 0x0000000000000000 in ?? ()
#63 0x0000000000000000 in ?? ()
#64 0x0000000000000000 in ?? ()
#65 0x0000000000000000 in ?? ()
#66 0x0000000000000000 in ?? ()
#67 0x0000000000000000 in ?? ()
#68 0x0000000000000000 in ?? ()
#69 0x0000000000000000 in ?? ()
#70 0x0000000000000000 in ?? ()
#71 0x0000000000000000 in ?? ()
#72 0x0000000000000000 in ?? ()
#73 0x0000000000000000 in ?? ()
#74 0x0000000000000000 in ?? ()
#75 0x0000000000000000 in ?? ()
#76 0x0000000000000000 in ?? ()
#77 0x0000000000000000 in ?? ()
#78 0x0000000000000000 in ?? ()
#79 0x0000000000000000 in ?? ()
#80 0x0000000000000000 in ?? ()
#81 0x0000000000000000 in ?? ()
#82 0x0000000000000000 in ?? ()
#83 0x0000000000000000 in ?? ()
#84 0x0000000000000000 in ?? ()
#85 0x0000000000000000 in ?? ()
#86 0x0000000000000000 in ?? ()
#87 0x0000000000000000 in ?? ()
#88 0x0000000000000000 in ?? ()
#89 0x0000000000000000 in ?? ()
#90 0x0000000000000000 in ?? ()
#91 0x0000000000000000 in ?? ()
#92 0x0000000000000000 in ?? ()
#93 0x0000000000000000 in ?? ()
#94 0x0000000000000000 in ?? ()
#95 0x0000000000000000 in ?? ()
#96 0x0000000000000000 in ?? ()
#97 0x0000000000000000 in ?? ()
#98 0x0000000000000000 in ?? ()
#99 0x0000000000000000 in ?? ()
#100 0x0000000000000000 in ?? ()
#101 0x0000000000000000 in ?? ()
#102 0x0000000000000000 in ?? ()
#103 0x0000000000000000 in ?? ()
#104 0x0000000000000000 in ?? ()
#105 0x0000000000000000 in ?? ()
#106 0x0000000000000000 in ?? ()
#107 0x0000000000000000 in ?? ()
#108 0x0000000000000000 in ?? ()
#109 0x0000000000000000 in ?? ()
#110 0x0000000000000000 in ?? ()
#111 0x0000000000000000 in ?? ()
#112 0x0000000000000000 in ?? ()
#113 0x0000000000000000 in ?? ()
#114 0x0000000000000000 in ?? ()
#115 0x0000000000000000 in ?? ()
#116 0x0000000000000000 in ?? ()
#117 0x0000000000000000 in ?? ()
#118 0x0000000000000000 in ?? ()
#119 0x0000000000000000 in ?? ()
Cannot access memory at address 0xffffffff9e6d4000
(kgdb) bt full
#0  doadump () at pcpu.h:194
No locals.
#1  0xffffff000105a480 in ?? ()
No symbol table info available.
#2  0xffffffff80246bc4 in boot (howto=260) at ../../../kern/kern_shutdown.c:409
_ep = Variable "_ep" is not available.
(kgdb)

More information about the freebsd-ipfw mailing list