Date: Fri, 01 Apr 2016 21:23:16 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 208389] Netmap Panic Message-ID: <bug-208389-2472-NHr4J2Alkl@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-208389-2472@https.bugs.freebsd.org/bugzilla/> References: <bug-208389-2472@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D208389 Shirkdog <mshirk@daemon-security.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mshirk@daemon-security.com --- Comment #12 from Shirkdog <mshirk@daemon-security.com> --- I have observed a similar issue, on a build of HBSD 11=20 11.0-CURRENT-HBSD FreeBSD 11.0-CURRENT-HBSD #0 352417c(hardened/current/master): Mon Mar 14 13:04:31 UTC 2016=20 Intel PCIe card (dual card) [1] em1: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0xe000-0xe01f = mem 0xf7d40000-0xf7d5ffff,0xf7d20000-0xf7d3ffff irq 17 at device 0.1 on pci1 [1] em1: Using an MSI interrupt [1] em1: Ethernet address: 68:05:ca:XX:XX:XX [1] em1: netmap queues/slots: TX 1/1024, RX 1/1024=20=20 em1@pci0:1:0:1: class=3D0x020000 card=3D0x115e8086 chip=3D0x105e8086 rev=3D= 0x06 hdr=3D0x00 vendor =3D 'Intel Corporation' device =3D '82571EB Gigabit Ethernet Controller' class =3D network subclass =3D ethernet tcpdump prints the following (when other traffic should exist, including the SSH session I am using tcpdump -i netmap:em1 -nns 0 -Xxvvvvetttt tcpdump: listening on netmap:em1, link-type EN10MB (Ethernet), capture size 262144 bytes 2016-04-01 17:00:07.595078 00:00:00:00:00:00 > 00:00:00:00:00:00, 802.3, le= ngth 177: LLC, dsap Null (0x00) Individual, ssap Null (0x00) Command, ctrl 0x000= 0: Information, send seq 0, rcv seq 0, Flags [Command], length 163=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20 0x0000: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0010: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0020: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0040: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0050: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0: 0000 00 ...=20=20=20=20= =20=20=20=20=20=20=20=20=20 Steps to reproduce: ifconfig em1 up tcpdump -i netmap:em1 -nns 0 Output from panic/dump Unread portion of the kernel message buffer: [267] panic: Memory modified after free 0xfffff800c4468000(2048) val=3Dffff= ffff @ 0xfffff800c4468000 [267]=20 [267] cpuid =3D 0 [267] KDB: stack backtrace: [267] db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe02337f2620 [267] vpanic() at vpanic+0x182/frame 0xfffffe02337f26a0 [267] panic() at panic+0x43/frame 0xfffffe02337f2700 [267] trash_ctor() at trash_ctor+0x48/frame 0xfffffe02337f2710 [267] mb_ctor_pack() at mb_ctor_pack+0x2a/frame 0xfffffe02337f2750 [267] uma_zalloc_arg() at uma_zalloc_arg+0x4e0/frame 0xfffffe02337f27b0 [267] m_getjcl() at m_getjcl+0x39/frame 0xfffffe02337f27f0 [267] em_init_locked() at em_init_locked+0xd62/frame 0xfffffe02337f28c0 [267] em_netmap_reg() at em_netmap_reg+0x1c8/frame 0xfffffe02337f2910 [267] netmap_do_unregif() at netmap_do_unregif+0x130/frame 0xfffffe02337f29= 40 [267] netmap_dtor() at netmap_dtor+0x64/frame 0xfffffe02337f2960 [267] devfs_destroy_cdevpriv() at devfs_destroy_cdevpriv+0x8b/frame 0xfffffe02337f2980 [267] devfs_close_f() at devfs_close_f+0x65/frame 0xfffffe02337f29b0 [267] _fdrop() at _fdrop+0x1a/frame 0xfffffe02337f29d0 [267] closef() at closef+0x1e1/frame 0xfffffe02337f2a60 [267] closefp() at closefp+0x9f/frame 0xfffffe02337f2aa0 [267] amd64_syscall() at amd64_syscall+0x2c1/frame 0xfffffe02337f2bb0 [267] Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe02337f2bb0 [267] --- syscall (6, FreeBSD ELF64, sys_close), rip =3D 0xf590083b5a, rsp = =3D 0x6b3d21120d08, rbp =3D 0x6b3d21120d70 --- [267] KDB: enter: panic Reading symbols from /boot/kernel/zfs.ko...done. Loaded symbols for /boot/kernel/zfs.ko Reading symbols from /boot/kernel/opensolaris.ko...done. Loaded symbols for /boot/kernel/opensolaris.ko Reading symbols from /boot/kernel/fdescfs.ko...done. Loaded symbols for /boot/kernel/fdescfs.ko Reading symbols from /boot/kernel/uhid.ko...done. Loaded symbols for /boot/kernel/uhid.ko Reading symbols from /boot/kernel/ipfw.ko...done. Loaded symbols for /boot/kernel/ipfw.ko #0 doadump (textdump=3D0) at pcpu.h:221 221 __asm("movq %%gs:%1,%0" : "=3Dr" (td) (kgdb) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-208389-2472-NHr4J2Alkl>