netgraph related crash

From: John <strgout_at_unixjunkie.com>
Date: Tue, 1 Feb 2005 16:52:15 -0600
I was playing around with a 6.0 box i setup (current as of yesterday)
and i seem to have triggered a panic. The box panics when i run the following
script. It seems to die right when ng_ether is loaded.
One thing i noticed is if i boot into single user mode then load the module
it may not panic. I think it has something to do with the bge nics not being up.
Both bge nics are plugged into 100mbit taps. 

/usr/local/etc/rc.d/000.ifconfig.ngeth0.sh
        kldload ng_ether
        ngctl mkpeer . eiface hook ether
        ngctl mkpeer ngeth0: one2many lower one
        ngctl msg bge0: setautosrc 0
        ngctl msg bge1: setautosrc 0
        ngctl msg ngeth0: setautosrc 0
        ngctl connect bge0: ngeth0:lower lower many0
        ngctl connect bge1: ngeth0:lower lower many1
        ifconfig ngeth0 -arp up

btw if anyone wants access to the kernel and dump file let me know where i can
send it and i'll upload it, otherwise i'll be more then happy to proxy any
commands.

gdb6 output ...

root_at_elara# gdb6 -k /usr/obj/usr/src/sys/GENERIC/kernel.debug /var/crash/vmcore
.0
GNU gdb 20040810 [GDB v6.x for FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-portbld-freebsd6.0"...
panic: from debugger
panic messages:
---
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 06
fault virtual address   = 0x88
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc294c527
stack pointer           = 0x10:0xe4d6ec74
frame pointer           = 0x10:0xe4d6ec80
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 40 (irq29: bge1)
panic: from debugger
cpuid = 0
Uptime: 23s
Dumping 1023 MB
 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 3
52 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 608 624 640 656 6
72 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 928 944 960 976 9
92 1008
---
#0  doadump () at pcpu.h:159
159             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
doadump () at pcpu.h:159
159             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) where
#0  doadump () at pcpu.h:159
#1  0xc06126ac in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:398
#2  0xc06129c1 in panic (fmt=0xc07f0061 "from debugger")
    at /usr/src/sys/kern/kern_shutdown.c:554
#3  0xc0465ad1 in db_panic (addr=-1030437593, have_addr=0, count=-1,
    modif=0xe4d6ea98 "") at /usr/src/sys/ddb/db_command.c:435
#4  0xc0465a68 in db_command (last_cmdp=0xc08cb264, cmd_table=0x0,
    aux_cmd_tablep=0xc084a7c0, aux_cmd_tablep_end=0xc084a7dc)
    at /usr/src/sys/ddb/db_command.c:349
#5  0xc0465b30 in db_command_loop () at /usr/src/sys/ddb/db_command.c:455
#6  0xc04676b5 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:221
#7  0xc062a644 in kdb_trap (type=12, code=0, tf=0xe4d6ec34)
    at /usr/src/sys/kern/subr_kdb.c:421
#8  0xc07bba65 in trap_fatal (frame=0xe4d6ec34, eva=136)
    at /usr/src/sys/i386/i386/trap.c:801
#9  0xc07bb7c3 in trap_pfault (frame=0xe4d6ec34, usermode=0, eva=136)
    at /usr/src/sys/i386/i386/trap.c:724
#10 0xc07bb409 in trap (frame=
      {tf_fs = -1067253736, tf_es = -1064435696, tf_ds = 16, tf_edi = -103552204
8, tf_esi = -1035522048, tf_ebp = -455676800, tf_isp = -455676832, tf_ebx = 0, t
f_edx = -1031742976, tf_ecx = 1394, tf_eax = -1035522048, tf_trapno = 12, tf_err
 = 0, tf_eip = -1030437593, tf_cs = 8, tf_eflags = 66182, tf_esp = -1031600128,
tf_ss = -1035522048}) at /usr/src/sys/i386/i386/trap.c:414
#11 0xc07a99aa in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#12 0xc0630018 in sleepq_signal (wchan=0xc2473000, flags=-455676764,
    pri=-1035521448) at /usr/src/sys/kern/subr_sleepqueue.c:696
#13 0xc06784ce in ether_input (ifp=0xc2473000, m=0xc280da00)
    at /usr/src/sys/net/if_ethersubr.c:564
#14 0xc04e0bab in bge_rxeof (sc=0xc2473000)
    at /usr/src/sys/dev/bge/if_bge.c:2813
#15 0xc04e0ee0 in bge_intr (xsc=0xc2473000)
    at /usr/src/sys/dev/bge/if_bge.c:2975
#16 0xc0600a6c in ithread_loop (arg=0xc229be80)
    at /usr/src/sys/kern/kern_intr.c:546
#17 0xc05ffe98 in fork_exit (callout=0xc060094c <ithread_loop>,
    arg=0xc229be80, frame=0xe4d6ed48) at /usr/src/sys/kern/kern_fork.c:790
#18 0xc07a9a0c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208
(kgdb)
Received on Tue Feb 01 2005 - 21:44:39 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:27 UTC