From owner-freebsd-bugs@FreeBSD.ORG Wed Aug 14 13:30:00 2013 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id C8D6C41F for ; Wed, 14 Aug 2013 13:30:00 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id A6B1F2AD6 for ; Wed, 14 Aug 2013 13:30:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r7EDU0sA009507 for ; Wed, 14 Aug 2013 13:30:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r7EDU0t0009506; Wed, 14 Aug 2013 13:30:00 GMT (envelope-from gnats) Resent-Date: Wed, 14 Aug 2013 13:30:00 GMT Resent-Message-Id: <201308141330.r7EDU0t0009506@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Stefan Zimmermann Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id DD185357 for ; Wed, 14 Aug 2013 13:21:21 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id CA74B2A90 for ; Wed, 14 Aug 2013 13:21:21 +0000 (UTC) Received: from oldred.freebsd.org ([127.0.1.6]) by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id r7EDLL4X066602 for ; Wed, 14 Aug 2013 13:21:21 GMT (envelope-from nobody@oldred.freebsd.org) Received: (from nobody@localhost) by oldred.freebsd.org (8.14.5/8.14.5/Submit) id r7EDLLFt066599; Wed, 14 Aug 2013 13:21:21 GMT (envelope-from nobody) Message-Id: <201308141321.r7EDLLFt066599@oldred.freebsd.org> Date: Wed, 14 Aug 2013 13:21:21 GMT From: Stefan Zimmermann To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: kern/181289: "sys/dev/arcmsr" causes page fault X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Aug 2013 13:30:00 -0000 >Number: 181289 >Category: kern >Synopsis: "sys/dev/arcmsr" causes page fault >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Aug 14 13:30:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Stefan Zimmermann >Release: FreeBSD 9.2-PRERELEASE (GENERIC) >Organization: >Environment: FreeBSD storage.dmz.local 9.2-PRERELEASE FreeBSD 9.2-PRERELEASE #1: Mon Aug 12 13:17:24 CEST 2013 root@storage.dmz.local:/usr/obj/usr/src/sys/GENERIC amd64 >Description: Under some circumstances the ARECA-RAID device driver causes a page fault; it't not known if this happens only under heavy i/o, but it seems that in such situations the error will raise earlier. Side hint: Over in the FreeNAS forums is a guy who experienced almost the same problem (http://forums.freenas.org/threads/areca-driver-arcmsr-crashing-since-8-3.11779/). Interesting is here, that he uses almost the same hardware-environment as me. I can provide any information about the whole environment, but here are the short facts ... CPU: Dual Core AMD Opteron(tm) Processor 275 (2193.80-MHz K8-class CPU) RAM: 16 GB ARECA ARC-1160 RAID-CONTROLLER Firmware Version: V1.49 2010-12-02 BOOT ROM Version: V1.49 2010-12-02 Find below the relevant parts of the crash dump (can provide the whole dump if needed) ... --- BEGIN: CRASH DUMP --- Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0xffffff84d63c8ae8 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80d01802 stack pointer = 0x28:0xffffff84686e1af0 frame pointer = 0x28:0xffffff84686e1b10 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 12 (irq30: arcmsr0) trap number = 12 panic: page fault cpuid = 0 KDB: stack backtrace: #0 0xffffffff80948e26 at kdb_backtrace+0x66 #1 0xffffffff8090ed8e at panic+0x1ce #2 0xffffffff80cf36b0 at trap_fatal+0x290 #3 0xffffffff80cf3a11 at trap_pfault+0x211 #4 0xffffffff80cf3fc4 at trap+0x344 #5 0xffffffff80cdd2f3 at calltrap+0x8 #6 0xffffffff80d01ede at arcmsr_interrupt+0x51e #7 0xffffffff80d0211e at arcmsr_intr_handler+0x3e #8 0xffffffff808e000d at intr_event_execute_handlers+0xfd #9 0xffffffff808e17fd at ithread_loop+0x9d #10 0xffffffff808dca5f at fork_exit+0x11f #11 0xffffffff80cdd81e at fork_trampoline+0xe #0 doadump (textdump=) at pcpu.h:234 #1 0xffffffff8090e866 in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:449 #2 0xffffffff8090ed67 in panic (fmt=0x1
) at /usr/src/sys/kern/kern_shutdown.c:637 #3 0xffffffff80cf36b0 in trap_fatal (frame=0xc, eva=) at /usr/src/sys/amd64/amd64/trap.c:879 #4 0xffffffff80cf3a11 in trap_pfault (frame=0xffffff84686e1a40, usermode=0) at /usr/src/sys/amd64/amd64/trap.c:795 #5 0xffffffff80cf3fc4 in trap (frame=0xffffff84686e1a40) at /usr/src/sys/amd64/amd64/trap.c:463 #6 0xffffffff80cdd2f3 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:232 #7 0xffffffff80d01802 in arcmsr_drain_donequeue (acb=0xffffff800085d000, flag_srb=2014202080, error=0) at /usr/src/sys/dev/arcmsr/arcmsr.c:835 #8 0xffffffff80d01ede in arcmsr_interrupt (acb=0xffffff800085d000) at /usr/src/sys/dev/arcmsr/arcmsr.c:1890 #9 0xffffffff80d0211e in arcmsr_intr_handler (arg=) at /usr/src/sys/dev/arcmsr/arcmsr.c:2168 #10 0xffffffff808e000d in intr_event_execute_handlers ( p=, ie=0xfffffe000839c900) at /usr/src/sys/kern/kern_intr.c:1272 #11 0xffffffff808e17fd in ithread_loop (arg=0xfffffe000a3b49e0) at /usr/src/sys/kern/kern_intr.c:1285 #12 0xffffffff808dca5f in fork_exit ( callout=0xffffffff808e1760 , arg=0xfffffe000a3b49e0, frame=0xffffff84686e1c40) at /usr/src/sys/kern/kern_fork.c:992 #13 0xffffffff80cdd81e in fork_trampoline () at /usr/src/sys/amd64/amd64/exception.S:606 #14 0x0000000000000000 in ?? () (kgdb) list *0xffffffff80d01802 0xffffffff80d01802 is in arcmsr_drain_donequeue (/usr/src/sys/dev/arcmsr/arcmsr.c:838). 833 case ACB_ADAPTER_TYPE_B: 834 default: 835 srb = (struct CommandControlBlock *)(acb->vir2phy_offset+(flag_srb << 5));/*frame must be 32 bytes aligned*/ 836 break; 837 } 838 if((srb->acb != acb) || (srb->srb_state != ARCMSR_SRB_START)) { 839 if(srb->srb_state == ARCMSR_SRB_TIMEOUT) { 840 arcmsr_free_srb(srb); 841 printf("arcmsr%d: srb='%p' return srb has been timeouted\n", acb->pci_unit, srb); 842 return; --- END: CRASH DUMP --- >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: