[Bug 208389] Netmap Panic

bugzilla-noreply Fri, 01 Apr 2016 14:23:42 -0700

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208389


Shirkdog <msh...@daemon-security.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |msh...@daemon-security.com

--- Comment #12 from Shirkdog <msh...@daemon-security.com> ---

I have observed a similar issue, on a build of HBSD 11 

11.0-CURRENT-HBSD FreeBSD 11.0-CURRENT-HBSD #0
352417c(hardened/current/master): Mon Mar 14 13:04:31 UTC 2016 

Intel PCIe card (dual card)
[1] em1: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0xe000-0xe01f mem
0xf7d40000-0xf7d5ffff,0xf7d20000-0xf7d3ffff irq 17 at device 0.1 on pci1
[1] em1: Using an MSI interrupt
[1] em1: Ethernet address: 68:05:ca:XX:XX:XX
[1] em1: netmap queues/slots: TX 1/1024, RX 1/1024  

em1@pci0:1:0:1: class=0x020000 card=0x115e8086 chip=0x105e8086 rev=0x06
hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '82571EB Gigabit Ethernet Controller'
    class      = network
    subclass   = ethernet

tcpdump prints the following (when other traffic should exist, including the
SSH session I am using

tcpdump -i netmap:em1 -nns 0 -Xxvvvvetttt
tcpdump: listening on netmap:em1, link-type EN10MB (Ethernet), capture size
262144 bytes

2016-04-01 17:00:07.595078 00:00:00:00:00:00 > 00:00:00:00:00:00, 802.3, length
177: LLC, dsap Null (0x00) Individual, ssap Null (0x00) Command, ctrl 0x0000:
Information, send seq 0, rcv seq 0, Flags [Command], length 163                 
        0x0000:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0010:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0020:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0050:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0060:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0070:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0080:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0090:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00a0:  0000 00                                  ...             


Steps to reproduce:

ifconfig em1 up
tcpdump -i netmap:em1 -nns 0


Output from panic/dump

Unread portion of the kernel message buffer:
[267] panic: Memory modified after free 0xfffff800c4468000(2048) val=ffffffff @
0xfffff800c4468000
[267] 
[267] cpuid = 0
[267] KDB: stack backtrace:
[267] db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
0xfffffe02337f2620
[267] vpanic() at vpanic+0x182/frame 0xfffffe02337f26a0
[267] panic() at panic+0x43/frame 0xfffffe02337f2700
[267] trash_ctor() at trash_ctor+0x48/frame 0xfffffe02337f2710
[267] mb_ctor_pack() at mb_ctor_pack+0x2a/frame 0xfffffe02337f2750
[267] uma_zalloc_arg() at uma_zalloc_arg+0x4e0/frame 0xfffffe02337f27b0
[267] m_getjcl() at m_getjcl+0x39/frame 0xfffffe02337f27f0
[267] em_init_locked() at em_init_locked+0xd62/frame 0xfffffe02337f28c0
[267] em_netmap_reg() at em_netmap_reg+0x1c8/frame 0xfffffe02337f2910
[267] netmap_do_unregif() at netmap_do_unregif+0x130/frame 0xfffffe02337f2940
[267] netmap_dtor() at netmap_dtor+0x64/frame 0xfffffe02337f2960
[267] devfs_destroy_cdevpriv() at devfs_destroy_cdevpriv+0x8b/frame
0xfffffe02337f2980
[267] devfs_close_f() at devfs_close_f+0x65/frame 0xfffffe02337f29b0
[267] _fdrop() at _fdrop+0x1a/frame 0xfffffe02337f29d0
[267] closef() at closef+0x1e1/frame 0xfffffe02337f2a60
[267] closefp() at closefp+0x9f/frame 0xfffffe02337f2aa0
[267] amd64_syscall() at amd64_syscall+0x2c1/frame 0xfffffe02337f2bb0
[267] Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe02337f2bb0
[267] --- syscall (6, FreeBSD ELF64, sys_close), rip = 0xf590083b5a, rsp =
0x6b3d21120d08, rbp = 0x6b3d21120d70 ---
[267] KDB: enter: panic

Reading symbols from /boot/kernel/zfs.ko...done.
Loaded symbols for /boot/kernel/zfs.ko
Reading symbols from /boot/kernel/opensolaris.ko...done.
Loaded symbols for /boot/kernel/opensolaris.ko
Reading symbols from /boot/kernel/fdescfs.ko...done.
Loaded symbols for /boot/kernel/fdescfs.ko
Reading symbols from /boot/kernel/uhid.ko...done.
Loaded symbols for /boot/kernel/uhid.ko
Reading symbols from /boot/kernel/ipfw.ko...done.
Loaded symbols for /boot/kernel/ipfw.ko
#0  doadump (textdump=0) at pcpu.h:221
221             __asm("movq %%gs:%1,%0" : "=r" (td)
(kgdb)

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 208389] Netmap Panic

Reply via email to