Date: Fri, 18 Sep 2009 20:42:36 +0800 From: e280s 4ever <e280s4ever@gmail.com> To: freebsd-net@freebsd.org Subject: [if_em.c] ping cause system crash Message-ID: <600614150909180542t3895bf4ybf1e02392fe8131d@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
discription:
1. before the system crash, i have excuted these commands:
ipfw add 00100 nat 100 all from any to any
ipfw nat 100 config redirect_addr 192.168.1.100 10.10.10.10
192.168.1.100 is my em0, and 10.10.10.10 is a alias address of lo0.
2. then run ping some_addr, the system to be crashed.
3. the follow lines is the result of kgdb
localhost# kgdb kernel.debug /var/crash/vmcore.3
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0xc
fault code = supervisor write, page not present
instruction pointer = 0x20:0xc04ccd7d
stack pointer = 0x28:0xe648d6c4
frame pointer = 0x28:0xe648d96c
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 1574 (ping)
trap number = 12
panic: page fault
cpuid = 0
Uptime: 23s
Physical memory: 990 MB
Dumping 59 MB: 44 28 12
Reading symbols from /boot/kernel/if_wpi.ko...Reading symbols from
/boot/kernel/if_wpi.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/if_wpi.ko
Reading symbols from /boot/kernel/snd_hda.ko...Reading symbols from
/boot/kernel/snd_hda.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/snd_hda.ko
Reading symbols from /boot/kernel/sound.ko...Reading symbols from
/boot/kernel/sound.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/sound.ko
Reading symbols from /boot/kernel/acpi_ibm.ko...Reading symbols from
/boot/kernel/acpi_ibm.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi_ibm.ko
Reading symbols from /boot/kernel/ng_ubt.ko...Reading symbols from
/boot/kernel/ng_ubt.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_ubt.ko
Reading symbols from /boot/kernel/netgraph.ko...Reading symbols from
/boot/kernel/netgraph.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/netgraph.ko
Reading symbols from /boot/kernel/ng_hci.ko...Reading symbols from
/boot/kernel/ng_hci.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_hci.ko
Reading symbols from /boot/kernel/ng_bluetooth.ko...Reading symbols from
/boot/kernel/ng_bluetooth.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_bluetooth.ko
Reading symbols from /boot/modules/vboxdrv.ko...done.
Loaded symbols for /boot/modules/vboxdrv.ko
Reading symbols from /boot/kernel/procfs.ko...Reading symbols from
/boot/kernel/procfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/procfs.ko
Reading symbols from /boot/kernel/pseudofs.ko...Reading symbols from
/boot/kernel/pseudofs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/pseudofs.ko
#0 doadump () at pcpu.h:246
246 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) list *0xc04ccd7d
0xc04ccd7d is in em_xmit (/usr/src/sys/dev/e1000/if_em.c:3800).
3795 }
3796 default:
3797 break;
3798 }
3799
3800 TXD->tcp_seg_setup.data = htole32(0);
3801 TXD->cmd_and_length =
3802 htole32(adapter->txd_cmd | E1000_TXD_CMD_DEXT | cmd);
3803 tx_buffer = &adapter->tx_buffer_area[curr_txd];
3804 tx_buffer->m_head = NULL;
(kgdb) backtrace
#0 doadump () at pcpu.h:246
#1 0xc05ec913 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:416
#2 0xc05ecbf0 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:579
#3 0xc07931e1 in trap_fatal (frame=0xe648d684, eva=12) at
/usr/src/sys/i386/i386/trap.c:933
#4 0xc0793431 in trap_pfault (frame=0xe648d684, usermode=0, eva=12) at
/usr/src/sys/i386/i386/trap.c:846
#5 0xc0793d31 in trap (frame=0xe648d684) at
/usr/src/sys/i386/i386/trap.c:528
#6 0xc0778dab in calltrap () at /usr/src/sys/i386/i386/exception.s:165
#7 0xc04ccd7d in em_xmit (adapter=0xc3e71000, m_headp=Variable "m_headp" is
not available.
) at /usr/src/sys/dev/e1000/if_em.c:3791
#8 0xc04d0090 in em_mq_start_locked (ifp=0xc3e66c00, m=0xc3ed9000) at
/usr/src/sys/dev/e1000/if_em.c:1037
#9 0xc04d06b6 in em_mq_start (ifp=0xc3e66c00, m=0xc3ed9000) at
/usr/src/sys/dev/e1000/if_em.c:1097
#10 0xc06891c0 in ether_output_frame (ifp=0xc3e66c00, m=0xc3ed9000) at
/usr/src/sys/net/if_ethersubr.c:452
#11 0xc0689adb in ether_output (ifp=0xc3e66c00, m=0xc3ed9000,
dst=0xc42592b0, ro=0xe648dac4)
at /usr/src/sys/net/if_ethersubr.c:423
#12 0xc06ddf9a in ip_output (m=0xc46b2400, opt=0x0, ro=0xe648dac4,
flags=Variable "flags" is not available.
) at /usr/src/sys/netinet/ip_output.c:620
#13 0xc06f217e in udp_send (so=0xc4424670, flags=0, m=0xc3ed9100, addr=0x0,
control=0x0, td=0xc42a96c0)
at /usr/src/sys/netinet/udp_usrreq.c:1236
#14 0xc0645909 in sosend_dgram (so=0xc4424670, addr=0x0, uio=0xe648dbec,
top=0xc3ed9100, control=0x0, flags=Variable "flags" is not available.
)
at /usr/src/sys/kern/uipc_socket.c:1072
#15 0xc06418f7 in sosend (so=0xc4424670, addr=0x0, uio=0xe648dbec, top=0x0,
control=0x0, flags=0, td=0xc42a96c0)
at /usr/src/sys/kern/uipc_socket.c:1303
#16 0xc06489b3 in kern_sendit (td=0xc42a96c0, s=5, mp=0xe648dc60, flags=0,
control=0x0, segflg=UIO_USERSPACE)
at /usr/src/sys/kern/uipc_syscalls.c:783
#17 0xc0648b9a in sendit (td=0xc42a96c0, s=5, mp=0xe648dc60, flags=0) at
/usr/src/sys/kern/uipc_syscalls.c:719
#18 0xc0648c8f in sendto (td=0xc42a96c0, uap=0xe648dcf8) at
/usr/src/sys/kern/uipc_syscalls.c:835
#19 0xc079371b in syscall (frame=0xe648dd38) at
/usr/src/sys/i386/i386/trap.c:1073
#20 0xc0778e10 in Xint0x80_syscall () at
/usr/src/sys/i386/i386/exception.s:261
#21 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?600614150909180542t3895bf4ybf1e02392fe8131d>