On Fri, 30.07.2004 at 08:34:40 +0200, Ulrich Spoerlein wrote: > panic: bfe_start: attempted use of a free mbuf! > KDB: enter: panic > [thread 100019] > Stopped at kdb_enter+0x2a: leave > > trace > kdb_enter() > panic() > bfe_start() > bfe_intr() > ithread_loop() > fork_exit() > fork_trampoline() > --- trap 0x1, eip=0, esp=0xdb0c6d7c, ebp=0 --- This just happend again on a recent RELENG_5. I get an _instant reboot_, when trying to move a file from my gbde-home to NFS-mounted /usr/ports/distfiles (this is symliked three times... don't ask :) I then tried to copy it from / to the NFS server directly (without the three level symlinks) and got this panic (and dump! yay!) panic: bfe_start: attempted use of a free mbuf! (kgdb) bt #0 doadump () at pcpu.h:159 #1 0xc048e14b in db_fncall (dummy1=-281335756, dummy2=0, dummy3=-281335856, dummy4=0xef3b27cc "\036änÀ") at /usr/src/sys/ddb/db_command.c:531 #2 0xc048e4ec in db_command_loop () at /usr/src/sys/ddb/db_command.c:349 #3 0xc048fc71 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:221 #4 0xc057a355 in kdb_trap (type=3, code=0, tf=0xef3b28ec) at /usr/src/sys/kern/subr_kdb.c:418 #5 0xc06bb84f in trap (frame= {tf_fs = -281346024, tf_es = -1068040176, tf_ds = -1066336240, tf_edi = 256, tf_esi = -1066397045, tf_ebp = -281335508, tf_isp = -281335528, tf_ebx = -281335468, tf_edx = 0, tf_ecx = -1066286908, tf_eax = -1066295100, tf_trapno = 3, tf_err = 0, tf_eip = -1067999226, tf_cs = 8, tf_eflags = 646, tf_esp = -281335480, tf_ss = -1068083641}) at /usr/src/sys/i386/i386/trap.c:576 #6 0xc06b04ca in calltrap () at /usr/src/sys/i386/i386/exception.s:140 #7 0xef3b0018 in ?? () #8 0xc0570010 in kern_timeout_callwheel_alloc (v=0x0) at /usr/src/sys/kern/kern_timeout.c:125 #9 0xc0565647 in panic (fmt=0xc070128b "%s: attempted use of a free mbuf!") at /usr/src/sys/kern/kern_shutdown.c:536 #10 0xc04b4681 in bfe_start (ifp=0xc2419000) at /usr/src/sys/dev/bfe/if_bfe.c:1400 #11 0xc05c0309 in ether_output_frame (ifp=0xc2419000, m=0xc3393500) at /usr/src/sys/net/if_ethersubr.c:377 #12 0xc05c0646 in ether_output (ifp=0xc2419000, m=0xc3393500, dst=0xef3b2a3c, rt0=0x0) at /usr/src/sys/net/if_ethersubr.c:330 #13 0xc05e3ef5 in ip_output (m=0xc3393500, opt=0xc3393500, ro=0xef3b2a38, flags=0, imo=0x0, inp=0xc28c52d0) at /usr/src/sys/netinet/ip_output.c:824 #14 0xc05f203b in udp_send (so=0x0, flags=0, m=0x0, addr=0x0, control=0x0, td=0xc32be840) at /usr/src/sys/netinet/udp_usrreq.c:906 #15 0xc0595f8f in sosend (so=0xc28c3288, addr=0x0, uio=0x0, top=0xc3368200, control=0x0, flags=0, td=0xc32be840) at /usr/src/sys/kern/uipc_socket.c:799 #16 0xc062b391 in nfs_send (so=0xc28c3288, nam=0xc252f7a0, top=0xc3368200, rep=0xc32a5a00) at pcpu.h:156 ---Type <return> to continue, or q <return> to quit--- #17 0xc062bd7d in nfs_request (vp=0xc32e6420, mrest=0xc32a5a00, procnum=7, td=0x0, cred=0xc2a5c800, mrp=0xef3b2c54, mdp=0xef3b2c58, dposp=0xef3b2c5c) at /usr/src/sys/nfsclient/nfs_socket.c:1002 #18 0xc063134f in nfs_writerpc (vp=0xc32e6420, uiop=0xef3b2ccc, cred=0xc2a5c800, iomode=0xef3b2cbc, must_commit=0xef3b2cc0) at /usr/src/sys/nfsclient/nfs_vnops.c:1129 #19 0xc0628dd0 in nfs_doio (bp=0xd64b563c, cr=0xc2a5c800, td=0x0) at /usr/src/sys/nfsclient/nfs_bio.c:1452 #20 0xc062e533 in nfssvc_iod (instance=0xc07c6538) at /usr/src/sys/nfsclient/nfs_nfsiod.c:262 #21 0xc0554326 in fork_exit (callout=0xc062e3e4 <nfssvc_iod>, arg=0xc07c6538, frame=0xef3b2d48) at /usr/src/sys/kern/kern_fork.c:820 #22 0xc06b052c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:209 (kgdb) f 10 #10 0xc04b4681 in bfe_start (ifp=0xc2419000) at /usr/src/sys/dev/bfe/if_bfe.c:1400 1400 BPF_MTAP(ifp, m_head); (kgdb) l 1395 1396 /* 1397 * If there's a BPF listener, bounce a copy of this frame 1398 * to him. 1399 */ 1400 BPF_MTAP(ifp, m_head); 1401 } 1402 1403 sc->bfe_tx_prod = idx; 1404 /* Transmit - twice due to apparent hardware bug */ (kgdb) p *ifp $1 = {if_softc = 0xc2419000, if_link = {tqe_next = 0xc243482c, tqe_prev = 0xc07b6b24}, if_xname = "bfe0", '\0' <repeats 11 times>, if_dname = 0xc22cd56c "bfe", if_dunit = 0, if_addrhead = {tqh_first = 0xc2418200, tqh_last = 0xc28e1260}, if_klist = {kl_lock = 0xc078bea0, kl_list = {slh_first = 0x0}}, if_pcount = 0, if_carp = 0x0, if_bpf = 0xc2431200, if_index = 1, if_timer = 5, if_nvlans = 0, if_flags = 34883, if_capabilities = 8, if_capenable = 8, if_linkmib = 0x0, if_linkmiblen = 0, if_data = {ifi_type = 6 '\006', ifi_physical = 0 '\0', ifi_addrlen = 6 '\006', ifi_hdrlen = 18 '\022', ifi_link_state = 2 '\002', ifi_recvquota = 0 '\0', ifi_xmitquota = 0 '\0', ifi_mtu = 1500, ifi_metric = 0, ifi_baudrate = 100000000, ifi_ipackets = 640, ifi_ierrors = 0, ifi_opackets = 7145, ifi_oerrors = 0, ifi_collisions = 0, ifi_ibytes = 128126, ifi_obytes = 10260512, ifi_imcasts = 0, ifi_omcasts = 7, ifi_iqdrops = 0, ifi_noproto = 0, ifi_hwassist = 0, ifi_unused = 0, ifi_lastchange = {tv_sec = 1094655632, tv_usec = 806107}}, if_multiaddrs = { tqh_first = 0xc2530860, tqh_last = 0xc28bd500}, if_amcount = 0, if_output = 0xc05c0314 <ether_output>, if_input = 0xc05c0903 <ether_input>, if_start = 0xc04b4278 <bfe_start>, if_ioctl = 0xc04b5076 <bfe_ioctl>, if_watchdog = 0xc04b501a <bfe_watchdog>, if_init = 0xc04b4b90 <bfe_init>, if_resolvemulti = 0xc05c0d98 <ether_resolvemulti>, if_snd = {ifq_head = 0x0, ifq_tail = 0x0, ifq_len = 0, ifq_maxlen = 256, ifq_drops = 0, ifq_mtx = {mtx_object = {lo_class = 0xc075dc44, lo_name = 0xc241900c "bfe0", lo_type = 0xc0722ed9 "if send queue", lo_flags = 196608, lo_list = {tqe_next = 0xc241827c, tqe_prev = 0xc2419204}, lo_witness = 0xc0792498}, mtx_lock = 4, mtx_recurse = 0}, ifq_drv_head = 0x0, ifq_drv_tail = 0x0, ifq_drv_len = 0, ifq_drv_maxlen = 256, altq_type = 0, altq_flags = 1, altq_disc = 0x0, altq_ifp = 0xc2419000, altq_enqueue = 0, altq_dequeue = 0, altq_request = 0, altq_clfier = 0x0, altq_classify = 0, altq_tbr = 0x0, altq_cdnr = 0x0}, if_broadcastaddr = 0xc06e14a0 "ÿÿÿÿÿÿether_ipfw_chk", lltables = 0x0, if_label = 0x0, if_prefixhead = {tqh_first = 0x0, tqh_last = 0xc2419154}, if_afdata = {0x0 <repeats 28 times>, 0xc2534730, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, if_afdata_initialized = 1, if_afdata_mtx = {mtx_object = {lo_class = 0xc075dc44, lo_name = 0xc0722e9d "if_afdata", lo_type = 0xc0722e9d "if_afdata", lo_flags = 196608, lo_list = {tqe_next = 0xc24190e8, tqe_prev = 0xc241b35c}, lo_witness = 0xc07924c0}, ---Type <return> to continue, or q <return> to quit--- mtx_lock = 4, mtx_recurse = 0}, if_starttask = {ta_link = {stqe_next = 0x0}, ta_pending = 0, ta_priority = 0, ta_func = 0xc05bf59c <if_start_deferred>, ta_context = 0xc2419000}} (kgdb) p *m_head $2 = {m_hdr = {mh_next = 0xc3393600, mh_nextpkt = 0x0, mh_data = 0xc3393532 "", mh_len = 34, mh_flags = 43010, mh_type = 2}, M_dat = {MH = {MH_pkthdr = {rcvif = 0x0, len = 266, header = 0x0, csum_flags = 0, csum_data = 0, tags = {slh_first = 0x0}}, MH_dat = { MH_ext = {ext_buf = 0x1000e800---Can't read userspace from dump, or kernel process--- (kgdb) up #11 0xc05c0309 in ether_output_frame (ifp=0xc2419000, m=0xc3393500) at /usr/src/sys/net/if_ethersubr.c:377 377 IFQ_HANDOFF(ifp, m, error); (kgdb) l 372 373 /* 374 * Queue message on interface, update output statistics if 375 * successful, and start output if interface not yet active. 376 */ 377 IFQ_HANDOFF(ifp, m, error); 378 return (error); 379 } 380 381 #if defined(INET) || defined(INET6) The system is running with giant-locked network stack, because of IPSec FreeBSD 5.3-BETA3 #16: Tue Sep 7 16:23:16 CEST 2004 root_at_igor.q.local:/usr/obj/usr/src/sys/IGOR WARNING: WITNESS option enabled, expect reduced performance. WARNING: debug.mpsafenet forced to 0 as ipsec requires Giant WARNING: MPSAFE network stack disabled, expect reduced performance. I will now try with a GENERIC-Kernel and see if that helps. Ulrich Spoerlein -- PGP Key ID: F0DB9F44 Get it while it's hot! PGP Fingerprint: F1CE D062 0CA9 ADE3 349B 2FE8 980A C6B5 F0DB 9F44 "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:11 UTC