We had to wait 10 days for the next kernel crash to happily collect our crash dump (people who were using the system at that moment to route their remote maintance job were not so happy...).
It appears that the argument m to m_freem() is corrupt, but the value of m in the context of the caller is 0. This could mean we have corrupted stack, or maybe I simply don't understand gdb (I never used it before). As the contents of sc show, the code was handling interface de1 at the moment of the crash.
If you need more information, please let me know.
Greetings,
Rudi Mathijssen
# gdb -k
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd".
(kgdb) symbol kernel.debug
Reading symbols from kernel.debug...done.
(kgdb) exec /var/crash/kernel.2
(kgdb) core /var/crash/vmcore.2
IdlePTD 2965504
initial pcb at 263de0
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x79c02812
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc0164da8
stack pointer = 0x10:0xc0244440
frame pointer = 0x10:0xc024444c
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = Idle
interrupt mask = net
trap number = 12
panic: page fault
syncing disks...
done
Uptime: 10d10h58m20s
dumping to dev #da/0x20001, offset 1737856
dump 128 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
---
#0 dumpsys () at ../../kern/kern_shutdown.c:469
469 if (dumping++) {
(kgdb) where
#0 dumpsys () at ../../kern/kern_shutdown.c:469
#1 0xc014ab7f in boot (howto%6) at ../../kern/kern_shutdown.c:309
#2 0xc014aefc in poweroff_wait (junk=0xc023c0cf, howto=0)
at ../../kern/kern_shutdown.c:556
#3 0xc02060e5 in trap_fatal (frame=0xc0244400, eva 42636306)
at ../../i386/i386/trap.c:951
#4 0xc0205dbd in trap_pfault (frame=0xc0244400, usermode=0, eva 42636306)
at ../../i386/i386/trap.c:844
#5 0xc02059a3 in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = -2147483632,
tf_edi = 6717472, tf_esi = -1064284928, tf_ebp = -1071365044,
tf_isp = -1071365076, tf_ebx = 2042636288, tf_edx = 0,
tf_ecx = -1066018816, tf_eax = -6717473, tf_trapno = 12, tf_err = 0,
tf_eip = -1072280152, tf_cs = 8, tf_eflags = 66054,
tf_esp = -1053560832, tf_ss = 2147430528}) at ../../i386/i386/trap.c:443
#6 0xc0164da8 in m_freem (m=0xc0904d00) at ../../kern/uipc_mbuf.c:525
#7 0xc01a54b5 in tulip_tx_intr (sc=0xc133f000) at ../../pci/if_de.c:3715
#8 0xc01a5cf1 in tulip_txput (sc=0xc133f000, m=0xc08d2100)
at ../../pci/if_de.c:4299
#9 0xc01a6421 in tulip_ifstart_one (ifp=0xc133f018) at ../../pci/if_de.c:4740
#10 0xc018bc1c in ether_output_frame (ifp=0xc133f018, m=0xc08d2100)
at ../../net/if_ethersubr.c:401
#11 0xc018bb8a in ether_output (ifp=0xc133f018, m=0xc08d2100, dst=0xc02650d4,
rt0=0xc142b000) at ../../net/if_ethersubr.c:354
#12 0xc019856f in ip_output (m0=0xc0765400, opt=0x0, ro=0xc02650d0, flags=1,
imo=0x0) at ../../netinet/ip_output.c:787
#13 0xc0197d04 in ip_forward (m=0xc0765400, srcrt=0)
at ../../netinet/ip_input.c:1552
#14 0xc0196f0e in ip_input (m=0xc0765400) at ../../netinet/ip_input.c:563
#15 0xc019713f in ipintr () at ../../netinet/ip_input.c:759
#16 0xc01fc675 in swi_net_next ()
(kgdb) up 6
#6 0xc0164da8 in m_freem (m=0xc0904d00) at ../../kern/uipc_mbuf.c:525
525 if (m == NULL)
(kgdb) print m
$1 = (struct mbuf *) 0x668020
(kgdb) print *m
cannot read proc at 0
(kgdb) up 1
#7 0xc01a54b5 in tulip_tx_intr (sc=0xc133f000) at ../../pci/if_de.c:3715
3715 m_freem(m);
(kgdb) print m
$2 = (struct mbuf *) 0x0
(kgdb) echo print sc
$4 = (tulip_softc_t *) 0xc133f000
(kgdb) print *sc
$5 = {tulip_ifmedia = {ifm_mask = 0, ifm_media = 0, ifm_cur = 0xc071c600,
ifm_list = {lh_first = 0xc071c600},
ifm_change = 0xc01a46f4 <tulip_ifmedia_change>,
ifm_status = 0xc01a4774 <tulip_ifmedia_status>}, tulip_ac = {ac_if = {
if_softc = 0xc133f000, if_name = 0xc022a53d "de", if_link = {
tqe_next = 0xc1340018, tqe_prev = 0xc071b020}, if_addrhead = {
tqh_first = 0xc132c700, tqh_last = 0xc1423f10}, if_pcount = 0,
if_bpf = 0x0, if_index = 2, if_unit = 1, if_timer = 1,
if_flags = -30653, if_ipending = 0, if_linkmib = 0x0, if_linkmiblen = 0,
if_data = {ifi_type = 6 '\006', ifi_physical = 0 '\000',
ifi_addrlen = 6 '\006', ifi_hdrlen = 14 '\016',
ifi_recvquota = 0 '\000', ifi_xmitquota = 0 '\000', ifi_mtu = 1500,
ifi_metric = 0, ifi_baudrate = 100000000, ifi_ipackets = 13710740,
ifi_ierrors = 0, ifi_opackets = 13455672, ifi_oerrors = 1,
ifi_collisions = 84737, ifi_ibytes = 2233673408,
ifi_obytes = 1905899332, ifi_imcasts = 119437, ifi_omcasts = 0,
ifi_iqdrops = 0, ifi_noproto = 0, ifi_hwassist = 0, ifi_unused = 0,
ifi_lastchange = {tv_sec = 0, tv_usec = 0}}, if_multiaddrs = {
lh_first = 0xc13485c0}, if_amcount = 0,
if_output = 0xc018b878 <ether_output>,
if_start = 0xc01a63d4 <tulip_ifstart_one>, if_done = 0,
if_ioctl = 0xc01a61cc <tulip_ifioctl>,
if_watchdog = 0xc01a6450 <tulip_ifwatchdog>, if_poll_recv = 0,
if_poll_xmit = 0, if_poll_intren = 0, if_poll_slowinput = 0,
if_init = 0, if_resolvemulti = 0xc018bf4c <ether_resolvemulti>,
if_snd = {ifq_head = 0x0, ifq_tail = 0x0, ifq_len = 0, ifq_maxlen = 50,
ifq_drops = 0}, if_poll_slowq = 0x0, if_prefixhead = {tqh_first = 0x0,
tqh_last = 0xc133f0e8}}, ac_enaddr = "\000à)<à{", ac_multicnt = 0,
ac_netgraph = 0x0}, tulip_csrs_bst = 0, tulip_csrs_bsh = 12416,
tulip_csrs = {csr_busmode = 0, csr_txpoll = 8, csr_rxpoll = 16,
csr_rxlist = 24, csr_txlist = 32, csr_status = 40, csr_command = 48,
csr_intr = 56, csr_missed_frames = 64, csr_9 = 72, csr_10 = 80,
csr_11 = 88, csr_12 = 96, csr_13 = 104, csr_14 = 112, csr_15 = 120},
tulip_flags = 172228608, tulip_features = 172303, tulip_intrmask = 106858,
tulip_cmdmode = 33841186, tulip_last_system_error = 0, tulip_txtimer = 0,
tulip_system_errors = 0, tulip_statusbits = 0, tulip_mediums = {0x0,
0xc133f25c, 0xc133f25c, 0x0, 0x0, 0x0, 0x0, 0xc133f25c, 0xc133f25c, 0x0,
0x0, 0x0}, tulip_media = TULIP_MEDIA_100BASETX, tulip_abilities = 8256,
tulip_revinfo = 34 '"', tulip_phyaddr = 3 '\003', tulip_gpinit = 31 '\037',
tulip_gpdata = 0 '\000', tulip_probe = {probe_count = 0 '\000',
probe_timeout = 3000, probe_state = TULIP_PROBE_INACTIVE,
probe_media = TULIP_MEDIA_100BASETX, probe_mediamask = 0,
probe_passes = 0, probe_txprobes = 0}, tulip_chipid = TULIP_21140A,
tulip_boardsw = 0xc022a084, tulip_slaves = 0x0, tulip_txq = {
ifq_head = 0xc07f8900, ifq_tail = 0xc07cae00, ifq_len = 125,
ifq_maxlen = 128, ifq_drops = 0}, tulip_rxq = {ifq_head = 0xc0863000,
ifq_tail = 0xc086d400, ifq_len = 32, ifq_maxlen = 0, ifq_drops = 0},
tulip_dot3stats = {dot3StatsSingleCollisionFrames = 30355,
dot3StatsMultipleCollisionFrames = 23777, dot3StatsSQETestErrors = 0,
dot3StatsDeferredTransmissions = 47096, dot3StatsLateCollisions = 0,
dot3StatsExcessiveCollisions = 0, dot3StatsCarrierSenseErrors = 0,
dot3StatsInternalMacTransmitErrors = 1,
dot3StatsInternalTransmitUnderflows = 1,
dot3StatsInternalTransmitBabbles = 0, dot3StatsMissedFrames = 0,
dot3StatsAlignmentErrors = 0, dot3StatsFCSErrors = 0,
dot3StatsFrameTooLongs = 0, dot3StatsInternalMacReceiveErrors = 0},
tulip_rxinfo = {ri_first = 0xc1327400, ri_last = 0xc1327700,
ri_nextin = 0xc1327540, ri_nextout = 0xc1327440, ri_max = 48,
ri_free = 48}, tulip_txinfo = {ri_first = 0xc1340800,
ri_last = 0xc1341000, ri_nextin = 0xc1340bb0, ri_nextout = 0xc1340b90,
ri_max = 128, ri_free = 3}, tulip_mediainfo = {{
mi_type = TULIP_MEDIAINFO_MII, mi_un = {un_sia = {
sia_connectivity = 390, sia_tx_rx = 0, sia_general = 30720,
sia_gp_control = 402673664, sia_gp_data = 16973824}, un_gpr = {
gpr_cmdmode = 390, gpr_gpcontrol = 31488000, gpr_gpdata = 402673664,
gpr_actmask = 0 '\000', gpr_actdata = 0 '\000', gpr_default = 1},
un_mii = {mii_mediamask = 390, mii_capabilities = 30720,
mii_advertisement = 480, mii_full_duplex = 20480,
mii_tx_threshold = 6144, mii_interrupt = 0, mii_phyaddr = 3 '\003',
mii_gpr_length = 1 '\001', mii_gpr_offset = 38 '&',
mii_reset_length = 2 '\002', mii_reset_offset = 40 '(',
mii_phyid = 536894465}}}, {mi_type = TULIP_MEDIAINFO_NONE, mi_un = {
un_sia = {sia_connectivity = 0, sia_tx_rx = 0, sia_general = 0,
sia_gp_control = 0, sia_gp_data = 0}, un_gpr = {gpr_cmdmode = 0,
gpr_gpcontrol = 0, gpr_gpdata = 0, gpr_actmask = 0 '\000',
gpr_actdata = 0 '\000', gpr_default = 0}, un_mii = {
mii_mediamask = 0, mii_capabilities = 0, mii_advertisement = 0,
mii_full_duplex = 0, mii_tx_threshold = 0, mii_interrupt = 0,
mii_phyaddr = 0 '\000', mii_gpr_length = 0 '\000',
mii_gpr_offset = 0 '\000', mii_reset_length = 0 '\000',
mii_reset_offset = 0 '\000', mii_phyid = 0}}}, {
mi_type = TULIP_MEDIAINFO_NONE, mi_un = {un_sia = {sia_connectivity = 0,
sia_tx_rx = 0, sia_general = 0, sia_gp_control = 0,
sia_gp_data = 0}, un_gpr = {gpr_cmdmode = 0, gpr_gpcontrol = 0,
gpr_gpdata = 0, gpr_actmask = 0 '\000', gpr_actdata = 0 '\000',
gpr_default = 0}, un_mii = {mii_mediamask = 0, mii_capabilities = 0,
mii_advertisement = 0, mii_full_duplex = 0, mii_tx_threshold = 0,
mii_interrupt = 0, mii_phyaddr = 0 '\000',
mii_gpr_length = 0 '\000', mii_gpr_offset = 0 '\000',
mii_reset_length = 0 '\000', mii_reset_offset = 0 '\000',
mii_phyid = 0}}}, {mi_type = TULIP_MEDIAINFO_NONE, mi_un = {
un_sia = {sia_connectivity = 0, sia_tx_rx = 0, sia_general = 0,
sia_gp_control = 0, sia_gp_data = 0}, un_gpr = {gpr_cmdmode = 0,
gpr_gpcontrol = 0, gpr_gpdata = 0, gpr_actmask = 0 '\000',
gpr_actdata = 0 '\000', gpr_default = 0}, un_mii = {
mii_mediamask = 0, mii_capabilities = 0, mii_advertisement = 0,
mii_full_duplex = 0, mii_tx_threshold = 0, mii_interrupt = 0,
mii_phyaddr = 0 '\000', mii_gpr_length = 0 '\000',
mii_gpr_offset = 0 '\000', mii_reset_length = 0 '\000',
mii_reset_offset = 0 '\000', mii_phyid = 0}}}, {
mi_type = TULIP_MEDIAINFO_NONE, mi_un = {un_sia = {sia_connectivity = 0,
sia_tx_rx = 0, sia_general = 0, sia_gp_control = 0,
sia_gp_data = 0}, un_gpr = {gpr_cmdmode = 0, gpr_gpcontrol = 0,
gpr_gpdata = 0, gpr_actmask = 0 '\000', gpr_actdata = 0 '\000',
gpr_default = 0}, un_mii = {mii_mediamask = 0, mii_capabilities = 0,
mii_advertisement = 0, mii_full_duplex = 0, mii_tx_threshold = 0,
mii_interrupt = 0, mii_phyaddr = 0 '\000',
mii_gpr_length = 0 '\000', mii_gpr_offset = 0 '\000',
mii_reset_length = 0 '\000', mii_reset_offset = 0 '\000',
mii_phyid = 0}}}, {mi_type = TULIP_MEDIAINFO_NONE, mi_un = {
un_sia = {sia_connectivity = 0, sia_tx_rx = 0, sia_general = 0,
sia_gp_control = 0, sia_gp_data = 0}, un_gpr = {gpr_cmdmode = 0,
gpr_gpcontrol = 0, gpr_gpdata = 0, gpr_actmask = 0 '\000',
gpr_actdata = 0 '\000', gpr_default = 0}, un_mii = {
mii_mediamask = 0, mii_capabilities = 0, mii_advertisement = 0,
mii_full_duplex = 0, mii_tx_threshold = 0, mii_interrupt = 0,
mii_phyaddr = 0 '\000', mii_gpr_length = 0 '\000',
mii_gpr_offset = 0 '\000', mii_reset_length = 0 '\000',
mii_reset_offset = 0 '\000', mii_phyid = 0}}}, {
mi_type = TULIP_MEDIAINFO_NONE, mi_un = {un_sia = {sia_connectivity = 0,
sia_tx_rx = 0, sia_general = 0, sia_gp_control = 0,
sia_gp_data = 0}, un_gpr = {gpr_cmdmode = 0, gpr_gpcontrol = 0,
gpr_gpdata = 0, gpr_actmask = 0 '\000', gpr_actdata = 0 '\000',
gpr_default = 0}, un_mii = {mii_mediamask = 0, mii_capabilities = 0,
mii_advertisement = 0, mii_full_duplex = 0, mii_tx_threshold = 0,
mii_interrupt = 0, mii_phyaddr = 0 '\000',
mii_gpr_length = 0 '\000', mii_gpr_offset = 0 '\000',
mii_reset_length = 0 '\000', mii_reset_offset = 0 '\000',
mii_phyid = 0}}}, {mi_type = TULIP_MEDIAINFO_NONE, mi_un = {
un_sia = {sia_connectivity = 0, sia_tx_rx = 0, sia_general = 0,
sia_gp_control = 0, sia_gp_data = 0}, un_gpr = {gpr_cmdmode = 0,
gpr_gpcontrol = 0, gpr_gpdata = 0, gpr_actmask = 0 '\000',
gpr_actdata = 0 '\000', gpr_default = 0}, un_mii = {
mii_mediamask = 0, mii_capabilities = 0, mii_advertisement = 0,
mii_full_duplex = 0, mii_tx_threshold = 0, mii_interrupt = 0,
mii_phyaddr = 0 '\000', mii_gpr_length = 0 '\000',
mii_gpr_offset = 0 '\000', mii_reset_length = 0 '\000',
mii_reset_offset = 0 '\000', mii_phyid = 0}}}, {
mi_type = TULIP_MEDIAINFO_NONE, mi_un = {un_sia = {sia_connectivity = 0,
sia_tx_rx = 0, sia_general = 0, sia_gp_control = 0,
sia_gp_data = 0}, un_gpr = {gpr_cmdmode = 0, gpr_gpcontrol = 0,
gpr_gpdata = 0, gpr_actmask = 0 '\000', gpr_actdata = 0 '\000',
gpr_default = 0}, un_mii = {mii_mediamask = 0, mii_capabilities = 0,
mii_advertisement = 0, mii_full_duplex = 0, mii_tx_threshold = 0,
mii_interrupt = 0, mii_phyaddr = 0 '\000',
mii_gpr_length = 0 '\000', mii_gpr_offset = 0 '\000',
mii_reset_length = 0 '\000', mii_reset_offset = 0 '\000',
mii_phyid = 0}}}, {mi_type = TULIP_MEDIAINFO_NONE, mi_un = {
un_sia = {sia_connectivity = 0, sia_tx_rx = 0, sia_general = 0,
sia_gp_control = 0, sia_gp_data = 0}, un_gpr = {gpr_cmdmode = 0,
gpr_gpcontrol = 0, gpr_gpdata = 0, gpr_actmask = 0 '\000',
gpr_actdata = 0 '\000', gpr_default = 0}, un_mii = {
mii_mediamask = 0, mii_capabilities = 0, mii_advertisement = 0,
mii_full_duplex = 0, mii_tx_threshold = 0, mii_interrupt = 0,
mii_phyaddr = 0 '\000', mii_gpr_length = 0 '\000',
mii_gpr_offset = 0 '\000', mii_reset_length = 0 '\000',
mii_reset_offset = 0 '\000', mii_phyid = 0}}}}, tulip_setupbuf = {1,
94, 256, 65535, 65535, 65535, 57344, 15401, 31712, 57344, 15401, 31712,
57344, 15401, 31712, 57344, 15401, 31712, 57344, 15401, 31712, 57344,
15401, 31712, 57344, 15401, 31712, 57344, 15401, 31712, 57344, 15401,
31712, 57344, 15401, 31712, 57344, 15401, 31712, 57344, 15401, 31712,
57344, 15401, 31712, 57344, 15401, 31712}, tulip_setupdata = {1, 94, 256,
65535, 65535, 65535, 57344, 15401, 31712, 57344, 15401, 31712, 57344,
15401, 31712, 57344, 15401, 31712, 57344, 15401, 31712, 57344, 15401,
31712, 57344, 15401, 31712, 57344, 15401, 31712, 57344, 15401, 31712,
57344, 15401, 31712, 57344, 15401, 31712, 57344, 15401, 31712, 57344,
15401, 31712, 57344, 15401, 31712},
tulip_boardid = "SMC 9332BDT \000\000\000",
tulip_rombuf = "¸\020\003 ", '\000' <repeats 12 times>, "\234\000\003\001\000à)<à{\000\036\000\000\000\b\037\001\217\001\000\001\000\002\001\000\000xà\001\000P\000\030", '\000' <repeats 76 times>, "\bÆ", tulip_pci_busno = 2 '\002',
tulip_pci_devno = 5 '\005', tulip_connidx = 16 '\020',
tulip_conntype = TULIP_SROM_CONNTYPE_AUTOSENSE, tulip_rxdescs = 0xc1327400,
tulip_txdescs = 0xc1340800}
(kgdb) print m
$6 = (struct mbuf *) 0x0
(kgdb) quit
