Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 18 Feb 2010 11:36:12 -0800
From:      Pyun YongHyeon <pyunyh@gmail.com>
To:        Slawa Olhovchenkov <slw@zxy.spb.ru>
Cc:        Nick Rogers <ncrogers@gmail.com>, stable@freebsd.org
Subject:   Re: trap 12: page fault while in kernel mode on 8.0-RELEASE (possibly bge(4) related)
Message-ID:  <20100218193612.GB11675@michelle.cdnetworks.com>
In-Reply-To: <20100218143822.GA8380@zxy.spb.ru>
References:  <147432021002141004o6c1412b7gd548b87709532ef9@mail.gmail.com> <20100216175719.GB1394@michelle.cdnetworks.com> <20100218143822.GA8380@zxy.spb.ru>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 18, 2010 at 05:38:22PM +0300, Slawa Olhovchenkov wrote:
> On Tue, Feb 16, 2010 at 09:57:19AM -0800, Pyun YongHyeon wrote:
> 
> > On Sun, Feb 14, 2010 at 10:04:58AM -0800, Nick Rogers wrote:
> > > I'm having repeated kernel panic issues on 8.0-RELEASE/amd64. Can anyone
> > > shed light on the below error? I unfortunately cannot provide a proper crash
> > > dump. The pointer addresses are always the same. The only other thing I've
> > > noticed that may be related is a watchdog timeout on bge0 error before the
> > > panic. Thanks.
> > > 
> > 
> > Any chance to get backtrace from the crash?
> 
> I got same trouble on the same platform (8.0-STABLE/amd64).
> hw.bge.allow_asf=0 already
> 
> I got 2 proper crash dump (first w/ net.inet.ip.forwarding=1
> and second w/ net.inet.ip.forwarding=0).
> 

It looks like mbuf pointer was changed to NULL in the middle of IP
forwarding and IP fragment stage. If bge(4) frees passed mbufs this
may happen but I'm not sure this comes from bge(4).
By chance, are you using polling(4) on bge(4)? Also show me the
dmesg output(only bge(4) related one).

> backtrace from the first crash:
> 
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "amd64-marcel-freebsd"...
> 
> Unread portion of the kernel message buffer:
> 
> 
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 00
> fault virtual address   = 0x18
> fault code              = supervisor read data, page not present
> instruction pointer     = 0x20:0xffffffff802ea751
> stack pointer           = 0x28:0xffffff80000ef930
> frame pointer           = 0x28:0xffffff80000ef970
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 12 (irq26: bge1)
> panic: from debugger
> cpuid = 0
> Uptime: 5h23m50s
> Physical memory: 2039 MB
> Dumping 1316 MB: 1301 1285 1269 1253 1237 1221 1205 1189 1173 1157 1141 1125 1109 1093 1077 1061 1045 1029 1013 997 981 965 949 933 917 901 885 869 853 837 821 805 789 773 757 741 725 709 693 677 661 645 629 613 597 581 565 549 533 517 501 485 469 453 437 421 405 389 373 357 341 325 309 293 277 261 245 229 213 197 181 165 149 133 117 101 85 69 53 37 21 5
> 
> Reading symbols from /boot/kernel/if_bge.ko...Reading symbols from /boot/kernel/if_bge.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/if_bge.ko
> Reading symbols from /boot/kernel/miibus.ko...Reading symbols from /boot/kernel/miibus.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/miibus.ko
> Reading symbols from /boot/kernel/ipfw.ko...Reading symbols from /boot/kernel/ipfw.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/ipfw.ko
> Reading symbols from /boot/kernel/nfsserver.ko...Reading symbols from /boot/kernel/nfsserver.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/nfsserver.ko
> Reading symbols from /boot/kernel/krpc.ko...Reading symbols from /boot/kernel/krpc.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/krpc.ko
> Reading symbols from /boot/kernel/nfssvc.ko...Reading symbols from /boot/kernel/nfssvc.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/nfssvc.ko
> #0  doadump () at pcpu.h:223
> 223     pcpu.h: No such file or directory.
>         in pcpu.h
> (kgdb) bt
> #0  doadump () at pcpu.h:223
> #1  0xffffffff802909b9 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:416
> #2  0xffffffff80290e0c in panic (fmt=Variable "fmt" is not available.
> ) at /usr/src/sys/kern/kern_shutdown.c:579
> #3  0xffffffff801a5bc7 in db_panic (addr=Variable "addr" is not available.
> ) at /usr/src/sys/ddb/db_command.c:478
> #4  0xffffffff801a5fd1 in db_command (last_cmdp=0xffffffff806b1fa0, cmd_table=Variable "cmd_table" is not available.
> ) at /usr/src/sys/ddb/db_command.c:445
> #5  0xffffffff801a6220 in db_command_loop () at /usr/src/sys/ddb/db_command.c:498
> #6  0xffffffff801a81e9 in db_trap (type=Variable "type" is not available.
> ) at /usr/src/sys/ddb/db_main.c:229
> #7  0xffffffff802c0995 in kdb_trap (type=12, code=0, tf=0xffffff80000ef880) at /usr/src/sys/kern/subr_kdb.c:535
> #8  0xffffffff8049ee0d in trap_fatal (frame=0xffffff80000ef880, eva=Variable "eva" is not available.
> ) at /usr/src/sys/amd64/amd64/trap.c:852
> #9  0xffffffff8049f1e4 in trap_pfault (frame=0xffffff80000ef880, usermode=0) at /usr/src/sys/amd64/amd64/trap.c:773
> #10 0xffffffff8049fa6a in trap (frame=0xffffff80000ef880) at /usr/src/sys/amd64/amd64/trap.c:499
> #11 0xffffffff80484ff3 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:224
> #12 0xffffffff802ea751 in m_copydata (m=0x0, off=0, len=108, cp=0xffffff0027865194 "б\026zHqJВ\220ЦПЫСPo~@<22>Feb 17 15:10:2")
>     at /usr/src/sys/kern/uipc_mbuf.c:816
> #13 0xffffffff8035e72d in ip_forward (m=0xffffff0001530900, srcrt=Variable "srcrt" is not available.
> ) at /usr/src/sys/netinet/ip_input.c:1444
> #14 0xffffffff8035fef7 in ip_input (m=0xffffff0001530900) at /usr/src/sys/netinet/ip_input.c:717
> #15 0xffffffff80342e9e in netisr_dispatch_src (proto=1, source=Variable "source" is not available.
> ) at /usr/src/sys/net/netisr.c:917
> #16 0xffffffff8033fd5d in ether_demux (ifp=0xffffff0001412800, m=0xffffff0001530900) at /usr/src/sys/net/if_ethersubr.c:895
> #17 0xffffffff80340127 in ether_input (ifp=0xffffff0001412800, m=0xffffff0001530900) at /usr/src/sys/net/if_ethersubr.c:754
> #18 0xffffffff80838257 in bge_rxeof (sc=0xffffff800023b000, rx_prod=773, holdlck=1) at /usr/src/sys/modules/bge/../../dev/bge/if_bge.c:3392
> #19 0xffffffff8083a058 in bge_intr (xsc=Variable "xsc" is not available.
> ) at /usr/src/sys/modules/bge/../../dev/bge/if_bge.c:3657
> #20 0xffffffff8026964d in intr_event_execute_handlers (p=Variable "p" is not available.
> ) at /usr/src/sys/kern/kern_intr.c:1220
> #21 0xffffffff8026acfe in ithread_loop (arg=0xffffff0001430740) at /usr/src/sys/kern/kern_intr.c:1233
> #22 0xffffffff80267088 in fork_exit (callout=0xffffffff8026ac70 <ithread_loop>, arg=0xffffff0001430740, frame=0xffffff80000efc80)
>     at /usr/src/sys/kern/kern_fork.c:843
> #23 0xffffffff804854ce in fork_trampoline () at /usr/src/sys/amd64/amd64/exception.S:561
> #24 0x0000000000000000 in ?? ()
> #25 0x0000000000000000 in ?? ()
> #26 0x0000000000000001 in ?? ()
> 
> backtrace from the second crash (ipforwardinf disabled):
> 
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "amd64-marcel-freebsd"...
> 
> Unread portion of the kernel message buffer:
> 
> cpuid = 0; apic id = 00
> fault virtual address   = 0x18
> fault code              = supervisor read data, page not present
> instruction pointer     = 0x20:0xffffffff802eb3b7
> stack pointer           = 0x28:0xffffff80001c66e0
> frame pointer           = 0x28:0xffffff80001c6740
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 732 (named)
> panic: from debugger
> cpuid = 0
> Uptime: 8h28m38s
> Physical memory: 2039 MB
> Dumping 1425 MB: 1410 1394 1378 1362 1346 1330 1314 1298 1282 1266 1250 1234 1218 1202 1186 1170 1154 1138 1122 1106 1090 1074 1058 1042 1026 1010 994 978 962 946 930 914 898 882 866 850 834 818 802 786 770 754 738 722 706 690 674 658 642 626 610 594 578 562 546 530 514 498 482 466 450 434 418 402 386 370 354 338 322 306 290 274 258 242 226 210 194 178 162 146 130 114 98 82 66 50 34 18 2
> 
> Reading symbols from /boot/kernel/if_bge.ko...Reading symbols from /boot/kernel/if_bge.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/if_bge.ko
> Reading symbols from /boot/kernel/miibus.ko...Reading symbols from /boot/kernel/miibus.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/miibus.ko
> Reading symbols from /boot/kernel/ipfw.ko...Reading symbols from /boot/kernel/ipfw.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/ipfw.ko
> Reading symbols from /boot/kernel/nfsserver.ko...Reading symbols from /boot/kernel/nfsserver.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/nfsserver.ko
> Reading symbols from /boot/kernel/krpc.ko...Reading symbols from /boot/kernel/krpc.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/krpc.ko
> Reading symbols from /boot/kernel/nfssvc.ko...Reading symbols from /boot/kernel/nfssvc.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/nfssvc.ko
> #0  doadump () at pcpu.h:223
> 223     pcpu.h: No such file or directory.
>         in pcpu.h
> (kgdb) bt
> #0  doadump () at pcpu.h:223
> #1  0xffffffff802909b9 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:416
> #2  0xffffffff80290e0c in panic (fmt=Variable "fmt" is not available.
> ) at /usr/src/sys/kern/kern_shutdown.c:579
> #3  0xffffffff801a5bc7 in db_panic (addr=Variable "addr" is not available.
> ) at /usr/src/sys/ddb/db_command.c:478
> #4  0xffffffff801a5fd1 in db_command (last_cmdp=0xffffffff806b1fa0, cmd_table=Variable "cmd_table" is not available.
> ) at /usr/src/sys/ddb/db_command.c:445
> #5  0xffffffff801a6220 in db_command_loop () at /usr/src/sys/ddb/db_command.c:498
> #6  0xffffffff801a81e9 in db_trap (type=Variable "type" is not available.
> ) at /usr/src/sys/ddb/db_main.c:229
> #7  0xffffffff802c0995 in kdb_trap (type=12, code=0, tf=0xffffff80001c6630) at /usr/src/sys/kern/subr_kdb.c:535
> #8  0xffffffff8049ee0d in trap_fatal (frame=0xffffff80001c6630, eva=Variable "eva" is not available.
> ) at /usr/src/sys/amd64/amd64/trap.c:852
> #9  0xffffffff8049f1e4 in trap_pfault (frame=0xffffff80001c6630, usermode=0) at /usr/src/sys/amd64/amd64/trap.c:773
> #10 0xffffffff8049fa6a in trap (frame=0xffffff80001c6630) at /usr/src/sys/amd64/amd64/trap.c:499
> #11 0xffffffff80484ff3 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:224
> #12 0xffffffff802eb3b7 in m_copym (m=0x0, off0=1496, len=1496, wait=1) at /usr/src/sys/kern/uipc_mbuf.c:541
> #13 0xffffffff80361041 in ip_fragment (ip=0xffffff004c748830, m_frag=0xffffff80001c6848, mtu=Variable "mtu" is not available.
> ) at /usr/src/sys/netinet/ip_output.c:805
> #14 0xffffffff8036206e in ip_output (m=0xffffff0012d4ed00, opt=Variable "opt" is not available.
> ) at /usr/src/sys/netinet/ip_output.c:636
> #15 0xffffffff803d8ac5 in udp_send (so=Variable "so" is not available.
> ) at /usr/src/sys/netinet/udp_usrreq.c:1236
> #16 0xffffffff802f5a72 in sosend_dgram (so=0xffffff00018da000, addr=0xffffff00018ad120, uio=Variable "uio" is not available.
> ) at /usr/src/sys/kern/uipc_socket.c:1069
> #17 0xffffffff802f9b75 in kern_sendit (td=0xffffff00015fd740, s=514, mp=0xffffff80001c6af0, flags=0, control=0x0, segflg=UIO_USERSPACE)
>     at /usr/src/sys/kern/uipc_syscalls.c:784
> #18 0xffffffff802f9dbc in sendit (td=0xffffff00015fd740, s=514, mp=0xffffff80001c6af0, flags=0) at /usr/src/sys/kern/uipc_syscalls.c:720
> #19 0xffffffff802f9e47 in sendmsg (td=0xffffff00015fd740, uap=0xffffff80001c6bf0) at /usr/src/sys/kern/uipc_syscalls.c:917
> #20 0xffffffff8049f3f7 in syscall (frame=0xffffff80001c6c80) at /usr/src/sys/amd64/amd64/trap.c:1025
> #21 0xffffffff804852d1 in Xfast_syscall () at /usr/src/sys/amd64/amd64/exception.S:373
> #22 0x0000000800c82c6c in ?? ()
> Previous frame inner to this frame (corrupt stack?)
> 
> 
> -- 
> Slawa Olhovchenkov



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100218193612.GB11675>