NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/48789: Sudden reboot; apparent crash in pf
The following reply was made to PR kern/48789; it has been noted by GNATS.
From: Sevan Janiyan <venture37%geeklan.co.uk@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc:
Subject: Re: kern/48789: Sudden reboot; apparent crash in pf
Date: Thu, 12 Apr 2018 12:30:23 +0100
Same issue here, previously reported in kern/53175 by mistake.
login: uvm_fault(0xffffffff815b2840, 0x0, 1) -> e
fatal page fault in supervisor mode
trap type 6 code 0 rip 0xffffffff8077f83e cs 0x8 rflags 0x10206 cr2 0x30
ilevel 0x4 rsp 0xffff800067fe1f08
curlwp 0xffffe40107fe85a0 pid 0.67 lowest kstack 0xffff800067fde2c0
panic: trap
cpu2: Begin traceback...
vpanic() at netbsd:vpanic+0x152
snprintf() at netbsd:snprintf
startlwp() at netbsd:startlwp
alltraps() at netbsd:alltraps+0xc8
pf_state_tree_id_RB_REMOVE() at netbsd:pf_state_tree_id_RB_REMOVE+0xca
pf_unlink_state() at netbsd:pf_unlink_state+0x21
pf_purge_expired_states() at netbsd:pf_purge_expired_states+0x77
pf_purge_thread() at netbsd:pf_purge_thread+0x72
cpu2: End traceback...
nm -n netbsd |grep ffffffff8077f
ffffffff8077f03c T pf_state_tree_ext_gwy_RB_REMOVE
ffffffff8077f166 T pf_state_tree_ext_gwy_RB_INSERT
ffffffff8077f2cd T pf_state_tree_ext_gwy_RB_FIND
ffffffff8077f3bb T pf_state_tree_ext_gwy_RB_NFIND
ffffffff8077f4a2 T pf_state_tree_ext_gwy_RB_NEXT
ffffffff8077f4eb T pf_state_tree_ext_gwy_RB_PREV
ffffffff8077f534 T pf_state_tree_ext_gwy_RB_MINMAX
ffffffff8077f557 T pf_state_tree_id_RB_INSERT_COLOR
ffffffff8077f768 T pf_state_tree_id_RB_REMOVE_COLOR
ffffffff8077fac6 T pf_state_tree_id_RB_REMOVE
ffffffff8077fbf0 T pf_state_tree_id_RB_INSERT
ffffffff8077fc92 T pf_state_tree_id_RB_FIND
ffffffff8077fcc8 T pf_state_tree_id_RB_NFIND
ffffffff8077fd03 T pf_state_tree_id_RB_NEXT
ffffffff8077fd4c T pf_state_tree_id_RB_PREV
ffffffff8077fd95 T pf_state_tree_id_RB_MINMAX
ffffffff8077fdb8 T pf_addrcpy
ffffffff8077fdd2 T pf_find_state_byid
ffffffff8077fdee T pf_find_state
ffffffff8077fe79 T pf_find_state_all
ffffffff8077fef2 T pf_init_threshold
ffffffff8077ff1a T pf_add_threshold
ffffffff8077ff5b T pf_check_threshold
ffffffff8077ff6c T pf_state_expires
(gdb) disas 0xffffffff8077f83e
Dump of assembler code for function pf_state_tree_id_RB_REMOVE_COLOR:
0xffffffff8077f768 <+0>: push %rbp
0xffffffff8077f769 <+1>: mov %rsp,%rbp
0xffffffff8077f76c <+4>: jmp 0xffffffff8077f7ab
<pf_state_tree_id_RB_REMOVE_COLOR+67>
0xffffffff8077f76e <+6>: mov 0x30(%rax),%rdx
0xffffffff8077f772 <+10>: test %rdx,%rdx
0xffffffff8077f775 <+13>: je 0xffffffff8077f784
<pf_state_tree_id_RB_REMOVE_COLOR+28>
0xffffffff8077f777 <+15>: mov 0x48(%rdx),%r10d
0xffffffff8077f77b <+19>: test %r10d,%r10d
0xffffffff8077f77e <+22>: jne 0xffffffff8077f9ac
<pf_state_tree_id_RB_REMOVE_COLOR+580>
0xffffffff8077f784 <+28>: mov 0x38(%rax),%rcx
0xffffffff8077f788 <+32>: test %rcx,%rcx
0xffffffff8077f78b <+35>: je 0xffffffff8077f79a
<pf_state_tree_id_RB_REMOVE_COLOR+50>
0xffffffff8077f78d <+37>: mov 0x48(%rcx),%r9d
0xffffffff8077f791 <+41>: test %r9d,%r9d
0xffffffff8077f794 <+44>: jne 0xffffffff8077f94a
<pf_state_tree_id_RB_REMOVE_COLOR+482>
0xffffffff8077f79a <+50>: movl $0x1,0x48(%rax)
0xffffffff8077f7a1 <+57>: mov 0x40(%rsi),%rax
0xffffffff8077f7a5 <+61>: mov %rsi,%rdx
0xffffffff8077f7a8 <+64>: mov %rax,%rsi
0xffffffff8077f7ab <+67>: test %rdx,%rdx
0xffffffff8077f7ae <+70>: je 0xffffffff8077f7bd
<pf_state_tree_id_RB_REMOVE_COLOR+85>
0xffffffff8077f7b0 <+72>: mov 0x48(%rdx),%r8d
0xffffffff8077f7b4 <+76>: test %r8d,%r8d
0xffffffff8077f7b7 <+79>: jne 0xffffffff8077f8d5
<pf_state_tree_id_RB_REMOVE_COLOR+365>
0xffffffff8077f7bd <+85>: cmp (%rdi),%rdx
0xffffffff8077f7c0 <+88>: je 0xffffffff8077f8d0
<pf_state_tree_id_RB_REMOVE_COLOR+360>
0xffffffff8077f7c6 <+94>: mov 0x30(%rsi),%rax
0xffffffff8077f7ca <+98>: cmp %rax,%rdx
0xffffffff8077f7cd <+101>: je 0xffffffff8077f830
<pf_state_tree_id_RB_REMOVE_COLOR+200>
0xffffffff8077f7cf <+103>: cmpl $0x1,0x48(%rax)
0xffffffff8077f7d3 <+107>: jne 0xffffffff8077f76e
<pf_state_tree_id_RB_REMOVE_COLOR+6>
0xffffffff8077f7d5 <+109>: movl $0x0,0x48(%rax)
0xffffffff8077f7dc <+116>: movl $0x1,0x48(%rsi)
0xffffffff8077f7e3 <+123>: mov 0x30(%rsi),%rax
0xffffffff8077f7e7 <+127>: mov 0x38(%rax),%rdx
0xffffffff8077f7eb <+131>: mov %rdx,0x30(%rsi)
0xffffffff8077f7ef <+135>: test %rdx,%rdx
0xffffffff8077f7f2 <+138>: je 0xffffffff8077f7fc
<pf_state_tree_id_RB_REMOVE_COLOR+148>
0xffffffff8077f7f4 <+140>: mov 0x38(%rax),%rdx
0xffffffff8077f7f8 <+144>: mov %rsi,0x40(%rdx)
0xffffffff8077f7fc <+148>: mov 0x40(%rsi),%rdx
0xffffffff8077f800 <+152>: mov %rdx,0x40(%rax)
0xffffffff8077f804 <+156>: test %rdx,%rdx
0xffffffff8077f807 <+159>: je 0xffffffff8077f939
<pf_state_tree_id_RB_REMOVE_COLOR+465>
0xffffffff8077f80d <+165>: mov 0x40(%rsi),%rdx
0xffffffff8077f811 <+169>: cmp 0x30(%rdx),%rsi
0xffffffff8077f815 <+173>: je 0xffffffff8077f941
<pf_state_tree_id_RB_REMOVE_COLOR+473>
0xffffffff8077f81b <+179>: mov %rax,0x38(%rdx)
0xffffffff8077f81f <+183>: mov %rsi,0x38(%rax)
0xffffffff8077f823 <+187>: mov %rax,0x40(%rsi)
0xffffffff8077f827 <+191>: mov 0x30(%rsi),%rax
0xffffffff8077f82b <+195>: jmpq 0xffffffff8077f76e
<pf_state_tree_id_RB_REMOVE_COLOR+6>
0xffffffff8077f830 <+200>: mov 0x38(%rsi),%rax
0xffffffff8077f834 <+204>: cmpl $0x1,0x48(%rax)
0xffffffff8077f838 <+208>: je 0xffffffff8077f8de
<pf_state_tree_id_RB_REMOVE_COLOR+374>
0xffffffff8077f83e <+214>: mov 0x30(%rax),%rdx
0xffffffff8077f842 <+218>: test %rdx,%rdx
0xffffffff8077f845 <+221>: je 0xffffffff8077f852
<pf_state_tree_id_RB_REMOVE_COLOR+234>
0xffffffff8077f847 <+223>: mov 0x48(%rdx),%ecx
0xffffffff8077f84a <+226>: test %ecx,%ecx
0xffffffff8077f84c <+228>: jne 0xffffffff8077fa32
<pf_state_tree_id_RB_REMOVE_COLOR+714>
0xffffffff8077f852 <+234>: mov 0x38(%rax),%rdx
0xffffffff8077f856 <+238>: test %rdx,%rdx
0xffffffff8077f859 <+241>: je 0xffffffff8077f79a
<pf_state_tree_id_RB_REMOVE_COLOR+50>
0xffffffff8077f85f <+247>: mov 0x48(%rdx),%r11d
0xffffffff8077f863 <+251>: test %r11d,%r11d
0xffffffff8077f866 <+254>: je 0xffffffff8077f79a
<pf_state_tree_id_RB_REMOVE_COLOR+50>
0xffffffff8077f86c <+260>: mov 0x48(%rsi),%edx
0xffffffff8077f86f <+263>: mov %edx,0x48(%rax)
0xffffffff8077f872 <+266>: movl $0x0,0x48(%rsi)
0xffffffff8077f879 <+273>: mov 0x38(%rax),%rax
0xffffffff8077f87d <+277>: test %rax,%rax
0xffffffff8077f880 <+280>: je 0xffffffff8077f889
<pf_state_tree_id_RB_REMOVE_COLOR+289>
0xffffffff8077f882 <+282>: movl $0x0,0x48(%rax)
0xffffffff8077f889 <+289>: mov 0x38(%rsi),%rax
0xffffffff8077f88d <+293>: mov 0x30(%rax),%rdx
0xffffffff8077f891 <+297>: mov %rdx,0x38(%rsi)
0xffffffff8077f895 <+301>: test %rdx,%rdx
0xffffffff8077f898 <+304>: je 0xffffffff8077f8a2
<pf_state_tree_id_RB_REMOVE_COLOR+314>
0xffffffff8077f89a <+306>: mov 0x30(%rax),%rdx
0xffffffff8077f89e <+310>: mov %rsi,0x40(%rdx)
0xffffffff8077f8a2 <+314>: mov 0x40(%rsi),%rdx
0xffffffff8077f8a6 <+318>: mov %rdx,0x40(%rax)
0xffffffff8077f8aa <+322>: test %rdx,%rdx
0xffffffff8077f8ad <+325>: je 0xffffffff8077faaa
<pf_state_tree_id_RB_REMOVE_COLOR+834>
0xffffffff8077f8b3 <+331>: mov 0x40(%rsi),%rdx
0xffffffff8077f8b7 <+335>: cmp 0x30(%rdx),%rsi
0xffffffff8077f8bb <+339>: je 0xffffffff8077fab2
<pf_state_tree_id_RB_REMOVE_COLOR+842>
0xffffffff8077f8c1 <+345>: mov %rax,0x38(%rdx)
0xffffffff8077f8c5 <+349>: mov %rsi,0x30(%rax)
0xffffffff8077f8c9 <+353>: mov %rax,0x40(%rsi)
0xffffffff8077f8cd <+357>: mov (%rdi),%rdx
0xffffffff8077f8d0 <+360>: test %rdx,%rdx
0xffffffff8077f8d3 <+363>: je 0xffffffff8077f8dc
<pf_state_tree_id_RB_REMOVE_COLOR+372>
0xffffffff8077f8d5 <+365>: movl $0x0,0x48(%rdx)
0xffffffff8077f8dc <+372>: pop %rbp
0xffffffff8077f8dd <+373>: retq
0xffffffff8077f8de <+374>: movl $0x0,0x48(%rax)
0xffffffff8077f8e5 <+381>: movl $0x1,0x48(%rsi)
0xffffffff8077f8ec <+388>: mov 0x38(%rsi),%rax
0xffffffff8077f8f0 <+392>: mov 0x30(%rax),%rdx
0xffffffff8077f8f4 <+396>: mov %rdx,0x38(%rsi)
0xffffffff8077f8f8 <+400>: test %rdx,%rdx
0xffffffff8077f8fb <+403>: je 0xffffffff8077f905
<pf_state_tree_id_RB_REMOVE_COLOR+413>
0xffffffff8077f8fd <+405>: mov 0x30(%rax),%rdx
0xffffffff8077f901 <+409>: mov %rsi,0x40(%rdx)
0xffffffff8077f905 <+413>: mov 0x40(%rsi),%rdx
0xffffffff8077f909 <+417>: mov %rdx,0x40(%rax)
0xffffffff8077f90d <+421>: test %rdx,%rdx
0xffffffff8077f910 <+424>: je 0xffffffff8077fa16
<pf_state_tree_id_RB_REMOVE_COLOR+686>
0xffffffff8077f916 <+430>: mov 0x40(%rsi),%rdx
0xffffffff8077f91a <+434>: cmp 0x30(%rdx),%rsi
0xffffffff8077f91e <+438>: je 0xffffffff8077fa1e
<pf_state_tree_id_RB_REMOVE_COLOR+694>
0xffffffff8077f924 <+444>: mov %rax,0x38(%rdx)
0xffffffff8077f928 <+448>: mov %rsi,0x30(%rax)
0xffffffff8077f92c <+452>: mov %rax,0x40(%rsi)
0xffffffff8077f930 <+456>: mov 0x38(%rsi),%rax
0xffffffff8077f934 <+460>: jmpq 0xffffffff8077f83e
<pf_state_tree_id_RB_REMOVE_COLOR+214>
0xffffffff8077f939 <+465>: mov %rax,(%rdi)
0xffffffff8077f93c <+468>: jmpq 0xffffffff8077f81f
<pf_state_tree_id_RB_REMOVE_COLOR+183>
0xffffffff8077f941 <+473>: mov %rax,0x30(%rdx)
0xffffffff8077f945 <+477>: jmpq 0xffffffff8077f81f
<pf_state_tree_id_RB_REMOVE_COLOR+183>
0xffffffff8077f94a <+482>: test %rdx,%rdx
0xffffffff8077f94d <+485>: je 0xffffffff8077f956
<pf_state_tree_id_RB_REMOVE_COLOR+494>
0xffffffff8077f94f <+487>: mov 0x48(%rdx),%edx
0xffffffff8077f952 <+490>: test %edx,%edx
0xffffffff8077f954 <+492>: jne 0xffffffff8077f9ac
<pf_state_tree_id_RB_REMOVE_COLOR+580>
0xffffffff8077f956 <+494>: movl $0x0,0x48(%rcx)
0xffffffff8077f95d <+501>: movl $0x1,0x48(%rax)
0xffffffff8077f964 <+508>: mov 0x38(%rax),%rdx
0xffffffff8077f968 <+512>: mov 0x30(%rdx),%rcx
0xffffffff8077f96c <+516>: mov %rcx,0x38(%rax)
0xffffffff8077f970 <+520>: test %rcx,%rcx
0xffffffff8077f973 <+523>: je 0xffffffff8077f97d
<pf_state_tree_id_RB_REMOVE_COLOR+533>
0xffffffff8077f975 <+525>: mov 0x30(%rdx),%rcx
0xffffffff8077f979 <+529>: mov %rax,0x40(%rcx)
0xffffffff8077f97d <+533>: mov 0x40(%rax),%rcx
0xffffffff8077f981 <+537>: mov %rcx,0x40(%rdx)
0xffffffff8077f985 <+541>: test %rcx,%rcx
0xffffffff8077f988 <+544>: je 0xffffffff8077fa99
<pf_state_tree_id_RB_REMOVE_COLOR+817>
0xffffffff8077f98e <+550>: mov 0x40(%rax),%rcx
0xffffffff8077f992 <+554>: cmp 0x30(%rcx),%rax
0xffffffff8077f996 <+558>: je 0xffffffff8077faa1
<pf_state_tree_id_RB_REMOVE_COLOR+825>
0xffffffff8077f99c <+564>: mov %rdx,0x38(%rcx)
0xffffffff8077f9a0 <+568>: mov %rax,0x30(%rdx)
0xffffffff8077f9a4 <+572>: mov %rdx,0x40(%rax)
0xffffffff8077f9a8 <+576>: mov 0x30(%rsi),%rax
0xffffffff8077f9ac <+580>: mov 0x48(%rsi),%edx
0xffffffff8077f9af <+583>: mov %edx,0x48(%rax)
0xffffffff8077f9b2 <+586>: movl $0x0,0x48(%rsi)
0xffffffff8077f9b9 <+593>: mov 0x30(%rax),%rax
0xffffffff8077f9bd <+597>: test %rax,%rax
0xffffffff8077f9c0 <+600>: je 0xffffffff8077f9c9
<pf_state_tree_id_RB_REMOVE_COLOR+609>
0xffffffff8077f9c2 <+602>: movl $0x0,0x48(%rax)
0xffffffff8077f9c9 <+609>: mov 0x30(%rsi),%rax
0xffffffff8077f9cd <+613>: mov 0x38(%rax),%rdx
0xffffffff8077f9d1 <+617>: mov %rdx,0x30(%rsi)
0xffffffff8077f9d5 <+621>: test %rdx,%rdx
0xffffffff8077f9d8 <+624>: je 0xffffffff8077f9e2
<pf_state_tree_id_RB_REMOVE_COLOR+634>
0xffffffff8077f9da <+626>: mov 0x38(%rax),%rdx
0xffffffff8077f9de <+630>: mov %rsi,0x40(%rdx)
0xffffffff8077f9e2 <+634>: mov 0x40(%rsi),%rdx
0xffffffff8077f9e6 <+638>: mov %rdx,0x40(%rax)
0xffffffff8077f9ea <+642>: test %rdx,%rdx
0xffffffff8077f9ed <+645>: je 0xffffffff8077fa27
<pf_state_tree_id_RB_REMOVE_COLOR+703>
0xffffffff8077f9ef <+647>: mov 0x40(%rsi),%rdx
0xffffffff8077f9f3 <+651>: cmp 0x30(%rdx),%rsi
0xffffffff8077f9f7 <+655>: je 0xffffffff8077fa2c
<pf_state_tree_id_RB_REMOVE_COLOR+708>
0xffffffff8077f9f9 <+657>: mov %rax,0x38(%rdx)
0xffffffff8077f9fd <+661>: mov %rsi,0x38(%rax)
0xffffffff8077fa01 <+665>: mov %rax,0x40(%rsi)
0xffffffff8077fa05 <+669>: mov (%rdi),%rdx
0xffffffff8077fa08 <+672>: test %rdx,%rdx
0xffffffff8077fa0b <+675>: jne 0xffffffff8077f8d5
<pf_state_tree_id_RB_REMOVE_COLOR+365>
0xffffffff8077fa11 <+681>: jmpq 0xffffffff8077f8dc
<pf_state_tree_id_RB_REMOVE_COLOR+372>
0xffffffff8077fa16 <+686>: mov %rax,(%rdi)
0xffffffff8077fa19 <+689>: jmpq 0xffffffff8077f928
<pf_state_tree_id_RB_REMOVE_COLOR+448>
0xffffffff8077fa1e <+694>: mov %rax,0x30(%rdx)
0xffffffff8077fa22 <+698>: jmpq 0xffffffff8077f928
<pf_state_tree_id_RB_REMOVE_COLOR+448>
0xffffffff8077fa27 <+703>: mov %rax,(%rdi)
0xffffffff8077fa2a <+706>: jmp 0xffffffff8077f9fd
<pf_state_tree_id_RB_REMOVE_COLOR+661>
0xffffffff8077fa2c <+708>: mov %rax,0x30(%rdx)
0xffffffff8077fa30 <+712>: jmp 0xffffffff8077f9fd
<pf_state_tree_id_RB_REMOVE_COLOR+661>
0xffffffff8077fa32 <+714>: mov 0x38(%rax),%rcx
0xffffffff8077fa36 <+718>: test %rcx,%rcx
0xffffffff8077fa39 <+721>: je 0xffffffff8077fa46
<pf_state_tree_id_RB_REMOVE_COLOR+734>
0xffffffff8077fa3b <+723>: mov 0x48(%rcx),%ecx
0xffffffff8077fa3e <+726>: test %ecx,%ecx
0xffffffff8077fa40 <+728>: jne 0xffffffff8077f86c
<pf_state_tree_id_RB_REMOVE_COLOR+260>
0xffffffff8077fa46 <+734>: movl $0x0,0x48(%rdx)
0xffffffff8077fa4d <+741>: movl $0x1,0x48(%rax)
0xffffffff8077fa54 <+748>: mov 0x30(%rax),%rdx
0xffffffff8077fa58 <+752>: mov 0x38(%rdx),%rcx
0xffffffff8077fa5c <+756>: mov %rcx,0x30(%rax)
0xffffffff8077fa60 <+760>: test %rcx,%rcx
0xffffffff8077fa63 <+763>: je 0xffffffff8077fa6d
<pf_state_tree_id_RB_REMOVE_COLOR+773>
0xffffffff8077fa65 <+765>: mov 0x38(%rdx),%rcx
0xffffffff8077fa69 <+769>: mov %rax,0x40(%rcx)
0xffffffff8077fa6d <+773>: mov 0x40(%rax),%rcx
0xffffffff8077fa71 <+777>: mov %rcx,0x40(%rdx)
0xffffffff8077fa75 <+781>: test %rcx,%rcx
0xffffffff8077fa78 <+784>: je 0xffffffff8077fac1
<pf_state_tree_id_RB_REMOVE_COLOR+857>
0xffffffff8077fa7a <+786>: mov 0x40(%rax),%rcx
0xffffffff8077fa7e <+790>: cmp 0x30(%rcx),%rax
0xffffffff8077fa82 <+794>: je 0xffffffff8077fabb
<pf_state_tree_id_RB_REMOVE_COLOR+851>
0xffffffff8077fa84 <+796>: mov %rdx,0x38(%rcx)
0xffffffff8077fa88 <+800>: mov %rax,0x38(%rdx)
0xffffffff8077fa8c <+804>: mov %rdx,0x40(%rax)
0xffffffff8077fa90 <+808>: mov 0x38(%rsi),%rax
0xffffffff8077fa94 <+812>: jmpq 0xffffffff8077f86c
<pf_state_tree_id_RB_REMOVE_COLOR+260>
0xffffffff8077fa99 <+817>: mov %rdx,(%rdi)
0xffffffff8077fa9c <+820>: jmpq 0xffffffff8077f9a0
<pf_state_tree_id_RB_REMOVE_COLOR+568>
0xffffffff8077faa1 <+825>: mov %rdx,0x30(%rcx)
0xffffffff8077faa5 <+829>: jmpq 0xffffffff8077f9a0
<pf_state_tree_id_RB_REMOVE_COLOR+568>
0xffffffff8077faaa <+834>: mov %rax,(%rdi)
0xffffffff8077faad <+837>: jmpq 0xffffffff8077f8c5
<pf_state_tree_id_RB_REMOVE_COLOR+349>
0xffffffff8077fab2 <+842>: mov %rax,0x30(%rdx)
0xffffffff8077fab6 <+846>: jmpq 0xffffffff8077f8c5
<pf_state_tree_id_RB_REMOVE_COLOR+349>
0xffffffff8077fabb <+851>: mov %rdx,0x30(%rcx)
0xffffffff8077fabf <+855>: jmp 0xffffffff8077fa88
<pf_state_tree_id_RB_REMOVE_COLOR+800>
0xffffffff8077fac1 <+857>: mov %rdx,(%rdi)
0xffffffff8077fac4 <+860>: jmp 0xffffffff8077fa88
<pf_state_tree_id_RB_REMOVE_COLOR+800>
End of assembler dump.
Home |
Main Index |
Thread Index |
Old Index