From owner-freebsd-net@FreeBSD.ORG Thu Feb 23 19:32:40 2006 Return-Path: X-Original-To: net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D9E1316A420 for ; Thu, 23 Feb 2006 19:32:39 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9470343D45 for ; Thu, 23 Feb 2006 19:32:39 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 4B0941A3C1D for ; Thu, 23 Feb 2006 11:32:39 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 39A6651601; Thu, 23 Feb 2006 14:32:38 -0500 (EST) Date: Thu, 23 Feb 2006 14:32:38 -0500 From: Kris Kennaway To: Kris Kennaway Message-ID: <20060223193238.GA89748@xor.obsecurity.org> References: <20060216201514.GA25470@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="mYCpIKhGyMATD0i+" Content-Disposition: inline In-Reply-To: <20060216201514.GA25470@xor.obsecurity.org> User-Agent: Mutt/1.4.2.1i Cc: net@FreeBSD.org Subject: deadc0de panic in em driver (Re: deadc0de panic in fxp driver) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2006 19:32:40 -0000 --mYCpIKhGyMATD0i+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 16, 2006 at 03:15:14PM -0500, Kris Kennaway wrote: > Peter Holm's stress test gave me this on an SMP machine running fresh > 7.0: >=20 > Fatal trap 12: page fault while in kernel mode > cpuid =3D 0; apic id =3D 00 > fault virtual address =3D 0xdeadc0de > fault code =3D supervisor write, page not present > instruction pointer =3D 0x20:0xc0681633 > stack pointer =3D 0x28:0xf3bbeb88 > frame pointer =3D 0x28:0xf3bbeb88 > code segment =3D base 0x0, limit 0xfffff, type 0x1b > =3D DPL 0, pres 1, def32 1, gran 1 > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > current process =3D 24 (irq17: fxp0) > [thread pid 24 tid 100020 ] > Stopped at trash_dtor+0x10: movl $0xdeadc0de,0(%edx) > db> wh > Tracing pid 24 tid 100020 td 0xcc47b1a0 > trash_dtor(deadc0de,800,0,f3bbebb8,c05295bb) at trash_dtor+0x10 > trash_init(deadc0de,800,1,7f,35) at trash_init+0x20 > mb_zinit_pack(ccb7e100,100,1,85f,f3bbebec) at mb_zinit_pack+0x50 > uma_zalloc_bucket(c1057000,1,c073d432,75d,0) at uma_zalloc_bucket+0x1f1 > uma_zalloc_arg(c1057000,f3bbec4c,1,1,c072a086) at uma_zalloc_arg+0x38e > fxp_add_rfabuf(cc546000,cc54604c,2,61a,cc546014) at fxp_add_rfabuf+0x35 > fxp_intr_body(cc546000,cc53c000,40,ffffffff,cc53c000) at fxp_intr_body+0x= 115 > fxp_intr(cc546000,f3bbecdc,c052aa10,c07f5c90,1) at fxp_intr+0xcf > ithread_execute_handlers(cc4cccd8,cc477700,c0725a19,2f9,cc47b1a0) at ithr= ead_execute_handlers+0x10e > ithread_loop(cc539960,f3bbed38,c0725807,31a,cc539960) at ithread_loop+0x78 > fork_exit(c051cdfa,cc539960,f3bbed38) at fork_exit+0xc5 > fork_trampoline() at fork_trampoline+0x8 > --- trap 0x1, eip =3D 0, esp =3D 0xf3bbed6c, ebp =3D 0 --- > db> Same panic from em: panic: vm_fault: fault on nofault entry, addr: deadc000 cpuid =3D 2 KDB: enter: panic [thread pid 9 tid 100019 ] Stopped at kdb_enter+0x30: leave db> wh Tracing pid 9 tid 100019 td 0xc63d6340 kdb_enter(c06f8aa4,2,c070debb,e50079a8,c63d6340) at kdb_enter+0x30 panic(c070debb,deadc000,2,e5007a38,e5007a28) at panic+0x13f vm_fault(c1069000,deadc000,2,0,c63d6340) at vm_fault+0x23a trap_pfault(e5007b50,0,deadc0de,c106c388,deadc0de) at trap_pfault+0x162 trap(c1050008,e5000028,c0650028,c1057000,1) at trap+0x3fb calltrap() at calltrap+0x5 --- trap 0xc, eip =3D 0xc065405b, esp =3D 0xe5007b90, ebp =3D 0xe5007b90 --- trash_dtor(deadc0de,800,0,e5007bc0,c05086eb) at trash_dtor+0x10 trash_init(deadc0de,800,1,c105bd20,cda8ad00) at trash_init+0x20 mb_zinit_pack(cda8ad00,100,1,8ab,138) at mb_zinit_pack+0x50 uma_zalloc_internal(c105bd20,e5007c3c,1,796,c63d6180) at uma_zalloc_interna= l+0xcf uma_zalloc_arg(c105bd20,e5007c3c,1,c0529964,c63d6340) at uma_zalloc_arg+0x3= f3 em_get_buf(8,c656e800,0,c6588880,1) at em_get_buf+0x3f em_rxeof(c656e800,63,1,c06f7be0,c656e9cc) at em_rxeof+0x1f5 em_handle_rxtx(c656e800,1,c06fbfa7,50,c658889c) at em_handle_rxtx+0x5b taskqueue_run(c6588880,c658889c,c06f0e27,0,1) at taskqueue_run+0x104 taskqueue_thread_loop(c656e9dc,e5007d38,c06f5c42,31a,c656e9dc) at taskqueue= _thread_loop+0x6b fork_exit(c053b5f8,c656e9dc,e5007d38) at fork_exit+0xc5 fork_trampoline() at fork_trampoline+0x8 --- trap 0x1, eip =3D 0, esp =3D 0xe5007d6c, ebp =3D 0 --- db> Core available. Kris --mYCpIKhGyMATD0i+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD/g3VWry0BWjoQKURArxZAJ4rgmGiMovqcx3qpBpLw4SohXD0fwCgmEvA MTzhuEMFi+44B0aCmm97xmo= =wUlf -----END PGP SIGNATURE----- --mYCpIKhGyMATD0i+--