current-users: Crashes in bpf

Subject: Crashes in bpf
To: None <current-users@NetBSD.org>
From: Julio M. Merino Vidal <jmmv@menta.net>
List: current-users
Date: 10/24/2004 22:24:15
Hi all,

during the last few weeks, I've been experiencing (what seem to be) random
crashes in bpf.  They always happen at system bootup, while dhclient is
configuring my vr0 card, although they don't happen very often.

In fact, the first time I saw them was maybe two or three weeks ago, though
I couldn't do anything useful with the crash dumps because my kernel didn't
have debugging information.  But today, it happened again - now I have a
kernel with debug info - so I can provide more information.

Here is it:

dawn:/var/crash# /usr/bin/gdb /netbsd.gdb
GNU gdb 5.3nb1
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain condition=
s.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386--netbsdelf"...
(gdb) target kcore netbsd.3.core
#0  0x1fefc000 in ?? ()
(gdb) bt
#0  0x1fefc000 in ?? ()
#1  0xc029c99e in cpu_reboot (howto=3D256, bootstr=3D0x0)
    at /home/jmmv/NetBSD/src/sys/arch/i386/i386/machdep.c:751
#2  0xc01f6cc0 in db_sync_cmd (addr=3D1, have_addr=3D0, count=3D-1070770678=
,=20
    modif=3D0xc044bab4 "=C0=DF>=C0=CB=BAD=C0\001")
    at /home/jmmv/NetBSD/src/sys/ddb/db_command.c:750
#3  0xc01f670f in db_command (last_cmdp=3D0xc03974b8, cmd_table=3D0xc033048=
0)
    at /home/jmmv/NetBSD/src/sys/ddb/db_command.c:464
#4  0xc01f6422 in db_command_loop ()
    at /home/jmmv/NetBSD/src/sys/ddb/db_command.c:255
#5  0xc01f9514 in db_trap (type=3D6, code=3D0)
    at /home/jmmv/NetBSD/src/sys/ddb/db_trap.c:101
#6  0xc029a106 in kdb_trap (type=3D6, code=3D0, regs=3D0xc044bcf8)
    at /home/jmmv/NetBSD/src/sys/arch/i386/i386/db_interface.c:225
#7  0xc02a47d8 in trap (frame=3D0xc044bcf8)
    at /home/jmmv/NetBSD/src/sys/arch/i386/i386/trap.c:270
#8  0xc010ae7f in calltrap ()
#9  0xc026bf80 in bpf_filter (pc=3D0xc0eb8800,=20
    p=3D0xca4aa000 "=D1=F8X\2073=A9=C7\223=DFR\200A=F6=F7\017|&?\002=E8\210=
=D9\230=D6=B8=C3'G\177\016f=C3\b=FE=EE}\217=3Dg=E21J\037=D8=A86\227\203=D3{=
=CC\227p\030", wirelen=3D0, buflen=3D0)
    at /home/jmmv/NetBSD/src/sys/net/bpf_filter.c:221
#10 0xc026b302 in bpf_mtap (arg=3D0xc0deac40, m=3D0xc0cd7100)
    at /home/jmmv/NetBSD/src/sys/net/bpf.c:1234
---Type <return> to continue, or q <return> to quit---
#11 0xc02c9e0e in vr_rxeof (sc=3D0xc0e35800)
    at /home/jmmv/NetBSD/src/sys/dev/pci/if_vr.c:744
#12 0xc02ca3e9 in vr_intr (arg=3D0xc0e35800)
    at /home/jmmv/NetBSD/src/sys/dev/pci/if_vr.c:860
#13 0xc0106bc3 in Xintr_ioapic_level5 ()
(gdb) frame 9
#9  0xc026bf80 in bpf_filter (pc=3D0xc0eb8800,=20
    p=3D0xca4aa000 "=D1=F8X\2073=A9=C7\223=DFR\200A=F6=F7\017|&?\002=E8\210=
=D9\230=D6=B8=C3'G\177\016f=C3\b=FE=EE}\217=3Dg=E21J\037=D8=A86\227\203=D3{=
=CC\227p\030", wirelen=3D0, buflen=3D0)
    at /home/jmmv/NetBSD/src/sys/net/bpf_filter.c:221
221                                     A =3D m_xhalf((struct mbuf *)p, k, =
&merr);
(gdb) list
216     #ifdef _KERNEL
217                                     int merr;
218    =20
219                                     if (buflen !=3D 0)
220                                             return 0;
221                                     A =3D m_xhalf((struct mbuf *)p, k, =
&merr);
222                                     continue;
223     #else
224                                     return 0;
225     #endif
(gdb)=20

Has anybody seen this before?  Should I send-pr (even if I don't know how to
reproduce this)?

Thanks.

--=20
Julio M. Merino Vidal <jmmv@menta.net>
http://www.livejournal.com/users/jmmv/
The NetBSD Project - http://www.NetBSD.org/