kernel panic w/ ALTQ and SMP
Stefan Krüger
skrueger at meinberlikomm.de
Sun Apr 3 12:40:47 PDT 2005
hi folks,
I wanted to try ATLQ + pf and got a nice (reproduceable) kernel panic
after running
root$ pfctl -F queue -v
altq cleared (or smth like that)
BANG! panic + dump
here's a bt from gdb:
root$ gdb /usr/obj/../kernel.debug
GNU gdb 6.2.1
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-dragonfly"...
(gdb) target kgdb vmcore.0
panic: from debugger
panic messages:
---
Fatal trap 12: page fault while in kernel mode
mp_lock = 00000000; cpuid = 0; lapic.id = 00000000
fault virtual address = 0x0
fault code = supervisor read, page not present
instruction pointer = 0x8:0x0
stack pointer = 0x10:0xd6e33958
frame pointer = 0x10:0xd6e3398c
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = Idle
current thread = pri 12
interrupt mask = net <- SMP: XXX
Fatal trap 12: page fault while in kernel mode
mp_lock = 00000000; cpuid = 0; lapic.id = 00000000
fault virtual address = 0x0
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc02bda40
stack pointer = 0x10:0xd6e33790
frame pointer = 0x10:0xd6e33794
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = Idle
current thread = pri 12
interrupt mask = net <- SMP: XXX
Fatal trap 12: page fault while in kernel mode
mp_lock = 00000000; cpuid = 0; lapic.id = 00000000
fault virtual address = 0x0
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc02bda40
stack pointer = 0x10:0xd6e336a0
frame pointer = 0x10:0xd6e336a4
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = resume, IOPL = 0
current process = Idle
current thread = pri 12
interrupt mask = net <- SMP: XXX
panic: from debugger
mp_lock = 00000000; cpuid = 0; lapic.id = 00000000
Fatal trap 3: breakpoint instruction fault while in kernel mode
mp_lock = 00000000; cpuid = 0; lapic.id = 00000000
instruction pointer = 0x8:0xc02bdcaa
stack pointer = 0x10:0xd6e33718
frame pointer = 0x10:0xd6e33720
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = IOPL = 0
current process = Idle
current thread = pri 12
interrupt mask = net <- SMP: XXX
Fatal trap 12: page fault while in kernel mode
mp_lock = 00000000; cpuid = 0; lapic.id = 00000000
fault virtual address = 0x0
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc02bda40
stack pointer = 0x10:0xd6e33790
frame pointer = 0x10:0xd6e33794
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = resume, IOPL = 0
current process = Idle
current thread = pri 12
interrupt mask = net <- SMP: XXX
panic: from debugger
mp_lock = 00000000; cpuid = 0; lapic.id = 00000000
boot() called on cpu#0
Uptime: 2m45s
dumping to dev #da/0x30001, offset 917504
dump 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43
42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19
18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
---
#0 dumpsys () at /home/dcvs/src/sys/kern/kern_shutdown.c:508
508 if (dumping++) {
dumpsys () at /home/dcvs/src/sys/kern/kern_shutdown.c:508
508 if (dumping++) {
(gdb) bt
#0 dumpsys () at /home/dcvs/src/sys/kern/kern_shutdown.c:508
#1 0xc018d77e in boot (howto=260)
at /home/dcvs/src/sys/kern/kern_shutdown.c:341
#2 0xc018dc82 in panic (fmt=0xc02f72f2 "from debugger")
at /home/dcvs/src/sys/kern/kern_shutdown.c:620
#3 0xc0142926 in db_panic (addr=0, have_addr=0, count=-1,
modif=0xd6e33780 "") at /home/dcvs/src/sys/ddb/db_command.c:450
#4 0xc014289d in db_command (last_cmdp=0xc0353ef0, cmd_table=0x0,
aux_cmd_tablep=0xc0327d90, aux_cmd_tablep_end=0xc0327d94)
at /home/dcvs/src/sys/ddb/db_command.c:346
#5 0xc014299b in db_command_loop ()
at /home/dcvs/src/sys/ddb/db_command.c:472
#6 0xc0145610 in db_trap (type=12, code=0)
at /home/dcvs/src/sys/ddb/db_trap.c:72
#7 0xc02bd8d9 in kdb_trap (type=12, code=0, regs=0xd6e33918)
at /home/dcvs/src/sys/i386/i386/db_interface.c:161
#8 0xc02d508f in trap_fatal (frame=0xd6e33918, eva=0)
at /home/dcvs/src/sys/i386/i386/trap.c:1139
#9 0xc02d4c31 in trap_pfault (frame=0xd6e33918, usermode=0, eva=0)
at /home/dcvs/src/sys/i386/i386/trap.c:1033
#10 0xc02d4828 in trap (frame=
{tf_fs = 24, tf_es = 100794384, tf_ds = 16, tf_edi = 4, tf_esi =
-963572488, tf_ebp = -689751668, tf_isp = -689751740, tf_ebx = 0, tf_edx
= -963572288, tf_ecx = -1070190016, tf_eax = -1005220864, tf_trapno =
12, tf_err = 0, tf_eip = 0, tf_cs = 8, tf_eflags = 66182, tf_esp =
-686204909, tf_ss = -963572288})
at /home/dcvs/src/sys/i386/i386/trap.c:613
#11 0xc02bebbb in calltrap () at
/home/dcvs/src/sys/i386/i386/exception.s:780
#12 0x00000018 in ?? ()
#13 0x06020010 in ?? ()
#14 0x00000010 in ?? ()
#15 0x00000004 in ?? ()
#16 0xc6910cf8 in ?? ()
#17 0xd6e3398c in ?? ()
#18 0xd6e33944 in ?? ()
#19 0x00000000 in ?? ()
#20 0xc6910dc0 in ?? ()
#21 0xc0363240 in ipq_mpipe ()
#22 0xc4158c00 in ?? ()
#23 0x0000000c in ?? ()
#24 0x00000000 in ?? ()
#25 0x00000000 in ?? ()
#26 0x00000008 in ?? ()
#27 0x00010286 in ?? ()
#28 0xd7195813 in ?? ()
#29 0xc6910dc0 in ?? ()
#30 0xc4158c00 in ?? ()
#31 0xd6e33970 in ?? ()
#32 0xc01e7071 in pfil_run_hooks (ph=0xc6910d00, mp=0xc4158c00,
ifp=0xc0ac9db0, dir=-963572488) at /home/dcvs/src/sys/net/pfil.c:67
#33 0xc021b6e7 in ip_output (m0=0x1, opt=0xc4158c3c, ro=0xd6e33ad4,
flags=0,
imo=0x0, inp=0x0) at /home/dcvs/src/sys/netinet/ip_output.c:1015
#34 0xc0223b72 in tcp_respond (tp=0x0, ipgen=0xc4158c50, th=0xc4158c50,
m=0xc4158c00, ack=1995456074, seq=0, flags=20)
at /home/dcvs/src/sys/netinet/tcp_subr.c:640
#35 0xc0220ad2 in tcp_input (m=0xc4158c00)
at /home/dcvs/src/sys/netinet/tcp_input.c:2598
#36 0xc0218459 in transport_processing_oncpu (m=0xc4158c00, hlen=20,
ip=0x0,
nexthop=0x0) at /home/dcvs/src/sys/netinet/ip_input.c:423
#37 0xc0218f56 in ip_input (m=0xc4158c00)
at /home/dcvs/src/sys/netinet/ip_input.c:1118
#38 0xc02184d2 in ip_input_handler (msg0=0xd6fd9a00)
at /home/dcvs/src/sys/netinet/ip_input.c:454
#39 0xc0223481 in tcpmsg_service_loop (dummy=0x0)
at /home/dcvs/src/sys/netinet/tcp_subr.c:395
#40 0xc01943c2 in lwkt_create (func=0, arg=0x0, tdp=0xff800000,
template=0x0,
tdflags=0, cpu=0, fmt=0x0) at /home/dcvs/src/sys/kern/lwkt_thread.c:1260
Previous frame inner to this frame (corrupt stack?)
(gdb) quit
More information about the Bugs
mailing list