From owner-freebsd-bugs@FreeBSD.ORG Thu Nov 27 05:10:01 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D30A11065670 for ; Thu, 27 Nov 2008 05:10:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id BFB3A8FC14 for ; Thu, 27 Nov 2008 05:10:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mAR5A11o088559 for ; Thu, 27 Nov 2008 05:10:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mAR5A1DK088558; Thu, 27 Nov 2008 05:10:01 GMT (envelope-from gnats) Resent-Date: Thu, 27 Nov 2008 05:10:01 GMT Resent-Message-Id: <200811270510.mAR5A1DK088558@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Greg Robinson Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 33D311065672 for ; Thu, 27 Nov 2008 05:09:04 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 32BA58FC13 for ; Thu, 27 Nov 2008 05:09:04 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id mAR593lO059576 for ; Thu, 27 Nov 2008 05:09:03 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id mAR5930R059574; Thu, 27 Nov 2008 05:09:03 GMT (envelope-from nobody) Message-Id: <200811270509.mAR5930R059574@www.freebsd.org> Date: Thu, 27 Nov 2008 05:09:03 GMT From: Greg Robinson To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/129219: Kernel panic when using kernel mode ppp X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Nov 2008 05:10:01 -0000 >Number: 129219 >Category: kern >Synopsis: Kernel panic when using kernel mode ppp >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Nov 27 05:10:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Greg Robinson >Release: 7.1-PRERELEASE >Organization: >Environment: FreeBSD hostname.com.au 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #4: Sat Nov 15 18:02:01 CST 2008 root@hostname.com.au:/usr/obj/usr/src/sys/HOSTNAME i386 >Description: I have installed 7.0-RELEASE, cvsup'ed to 7.1-PRERELEASE. The system runs rock solid as a simple file server (smb - no NFS). But when I dialup using kernel mode PPP, the system will crash after an unspecified amount of time. kgdb kernel.debug /var/crash/vmcore.2 [...] This GDB was configured as "i386-marcel-freebsd"... Unread portion of the kernel message buffer: Fa ta lF attraalp tr1a2p: p1a2g:e pfaaguel tf awuhlitl ew hiinl ek eirnn ekle rmnoe dle m odcepu idc p=u id1 ;= ap0i;c aipdi c= id0 1= 00 f afualutl tv ivritrutaula la daddrdersess s= =0 0xx1144 fafualutl tc ocdoed e = =s uspueprevrivsiosro r rreeaad , padg,e npoatg ep rnesoetn tpr esiennsttruction pointe ri n=s t0rxuc2t0i:o0nx pco0ian6tae2r8 6= 0sxta2c0k: 0pxoicn0tae6ra 2 8 6 = s0txac2k8 :p0oxinet7ecr5 1 9 7 4 f r a m=e 0pxo2i8n:t0exre 7 c 4 e 9 7 4 =f r0axme2 8p:o0ixntee7rc 5 1 9 a 4 c o=d e0 xse2g8m:e0nxt e 7=c 4bea9sae4 0x0, l cturrarpe nntu mpbreorc e s=s 1=2 68p9an i(cn:a mepda)ge tfraaupl tn umcbpeuri d == 012 Uptime: 11d2h7m15s Physical memory: 2027 MB Dumping 252 MB: 237 221 205 189 173 157 141 125 109 93 77 61 45 29 13 Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/ac pi.ko.symbols...done. done. Loaded symbols for /boot/kernel/acpi.ko #0 doadump () at pcpu.h:196 196 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) backtrace #0 doadump () at pcpu.h:196 #1 0xc07711d7 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418 #2 0xc07714a9 in panic (fmt=Variable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:574 #3 0xc0a6c65c in trap_fatal (frame=0xe7c51934, eva=20) at /usr/src/sys/i386/i386/trap.c:939 #4 0xc0a6c8e0 in trap_pfault (frame=0xe7c51934, usermode=0, eva=20) at /usr/src/sys/i386/i386/trap.c:852 #5 0xc0a6d29c in trap (frame=0xe7c51934) at /usr/src/sys/i386/i386/trap.c:530 #6 0xc0a531eb in calltrap () at /usr/src/sys/i386/i386/exception.s:159 #7 0xc0a6a286 in generic_bcopy () at /usr/src/sys/i386/i386/support.s:498 Previous frame inner to this frame (corrupt stack?) (kgdb) This is an *exact* cut and paste of the error. To me, the first line translates to: Fatal trap 12: page fault while in kernel mode I think it is a bug in kernel mode ppp and/or the sio module. An earlier crash on 7.0-RELEASE looks like this: # kgdb kernel.debug /var/crash/vmcore.0 [...] This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: spin lock 0xc0c04448 (sio) held by 0xc566f420 (tid 100079) too long panic: spin lock held too long cpuid = 0 Uptime: 2h14m42s Physical memory: 2027 MB Dumping 73 MB: 58 42 26 10 #0 doadump () at pcpu.h:195 195 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) backtrace #0 doadump () at pcpu.h:195 #1 0xc0754647 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409 #2 0xc0754909 in panic (fmt=Variable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:563 #3 0xc0747fff in _mtx_lock_spin_failed (m=0x0) at /usr/src/sys/kern/kern_mutex.c:445 #4 0xc0748085 in _mtx_lock_spin (m=0xc0c04448, tid=3306395184, opts=0, file=0x0, line=0) at /usr/src/sys/kern/kern_mutex.c:478 #5 0xc0a2b19a in comstart (tp=0xc5278800) at /usr/src/sys/dev/sio/sio.c:1996 #6 0xc07f4404 in pppstart (tp=0xc5278800) at tty.h:393 #7 0xc07f4eff in pppasyncstart (sc=0xc5487e00) at /usr/src/sys/net/ppp_tty.c:693 #8 0xc07ef9a2 in pppoutput (ifp=0xc5286000, m0=0xc5600600, dst=0xc543c0b0, rtp=0xc5595ca8) at /usr/src/sys/net/if_ppp.c:992 #9 0xc0836f09 in ip_output (m=0xc5600600, opt=0x0, ro=0xe578db1c, flags=Variable "flags" is not available. ) at /usr/src/sys/netinet/ip_output.c:549 #10 0xc0833e05 in ip_forward (m=0xc5600600, srcrt=0) at /usr/src/sys/netinet/ip_input.c:1361 #11 0xc08352f3 in ip_input (m=0xc5600600) at /usr/src/sys/netinet/ip_input.c:610 #12 0xc07f4045 in netisr_dispatch (num=2, m=0xc5600600) at /usr/src/sys/net/netisr.c:185 #13 0xc07ea081 in ether_demux (ifp=0xc5255800, m=0xc5600600) at /usr/src/sys/net/if_ethersubr.c:834 ---Type to continue, or q to quit--- #14 0xc07ea473 in ether_input (ifp=0xc5255800, m=0xc5600600) at /usr/src/sys/net/if_ethersubr.c:692 #15 0xc09208e8 in xl_rxeof (sc=0xc526b000) at /usr/src/sys/pci/if_xl.c:2062 #16 0xc0922c64 in xl_intr (arg=0xc526b000) at /usr/src/sys/pci/if_xl.c:2298 #17 0xc073786b in ithread_loop (arg=0xc5231a80) at /usr/src/sys/kern/kern_intr.c:1036 #18 0xc0734669 in fork_exit (callout=0xc07376c0 , arg=0xc5231a80, frame=0xe578dd38) at /usr/src/sys/kern/kern_fork.c:781 #19 0xc0a37f60 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:205 (kgdb) This problem is critcal for me, as I want to replace my router with an updated release of FreeBSD. But it may not be critical in regards to other IFF_NEEDSGIANT flag work being worked on at the moment. >How-To-Repeat: run kernel mode PPP on 7.0 or 7.1-PRERELEASE >Fix: Dont run kernel mode ppp >Release-Note: >Audit-Trail: >Unformatted: