Date: Thu, 27 Oct 2005 16:00:22 +0800 From: Rong-En Fan <grafan@gmail.com> To: stable@freebsd.org Subject: panic on RELENG_5 on em(4) Message-ID: <6eb82e0510270100r3e186770wac250d62d92c931b@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi,
I'm running RELENG_5 around Oct 12, got a panic related to em(4).
After some searching, I saw a similar panic reported on -current
(his/her system is also RELENG_5) in May, but no further replies.
The kernel is similar to GENERIC with IPFW and have HTT
enabled in loader.conf. Box is a 2*Xeon with HTT, SMP kernel
is enabled, thus there are 4 logical cpus. For some reasons,
I did not have DDB compiled. The kgdb outputs are enclosed.
If there are people interested to help debug this, I can send
information as request.
Thanks,,
Rong-En Fan
(kgdb and console):
Fatal trap 12: page fault while in kernel mode
cpuid =3D 2; apic id =3D 06
fault virtual address =3D 0xbfc38018
fault code =3D supervisor read, page not present
instruction pointer =3D 0x8:0xc05fb49f
stack pointer =3D 0x10:0xe6448bc0
frame pointer =3D 0x10:0xe6448c24
code segment =3D base 0x0, limit 0xfffff, type 0x1b
=3D DPL 0, pres 1, def32 1, gran 1
processor eflags =3D interrupt enabled, resume, IOPL =3D 0
current process =3D 77 (irq16: em0)
trap number =3D 12
panic: page fault
cpuid =3D 2
#0 doadump () at pcpu.h:160
No locals.
#1 0xc04c1268 in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:4=
12
first_buf_printf =3D 1
#2 0xc04c1616 in panic (fmt=3D0xc062dcbe "%s")
at /usr/src/sys/kern/kern_shutdown.c:568
td =3D (struct thread *) 0xc313bd80
bootopt =3D 260
newpanic =3D 0
ap =3D 0xc313bd80 "L\023\020\t"
buf =3D "page fault", '\0' <repeats 245 times>
#3 0xc06121dd in trap_fatal (frame=3D0xe6448b80, eva=3D0)
at /usr/src/sys/i386/i386/trap.c:817
code =3D 16
type =3D 12
ss =3D 16
esp =3D 0
softseg =3D {ssd_base =3D 0, ssd_limit =3D 1048575, ssd_type =3D 27=
,
ssd_dpl =3D 0, ssd_p =3D 1, ssd_xx =3D 1, ssd_xx1 =3D 0, ssd_def32 =3D 1,=
ssd_gran =3D 1}
#4 0xc0611ed4 in trap_pfault (frame=3D0xe6448b80, usermode=3D0, eva=3D3217=
260568)
at /usr/src/sys/i386/i386/trap.c:735
va =3D 3217260544
vm =3D (struct vmspace *) 0x0
map =3D 0xc0673280
rv =3D 1
ftype =3D 1 '\001'
td =3D (struct thread *) 0xc313bd80
p =3D (struct proc *) 0xc313a54c
#5 0xc0611ab9 in trap (frame=3D
{tf_fs =3D -1022033896, tf_es =3D 16, tf_ds =3D -431751152, tf_edi =
=3D -10217512\
96, tf_esi =3D -1017843008, tf_ebp =3D -431715292, tf_isp =3D -431715412, t=
f_ebx =3D -\
1008379904, tf_edx =3D 0, tf_ecx =3D 234907650, tf_eax =3D 57350, tf_trapno=
=3D 12, tf\
_err =3D 0, tf_eip =3D -1067469665, tf_cs =3D 8, tf_eflags =3D 66055, tf_es=
p =3D -431715\
256, tf_ss =3D -1021353488}) at /usr/src/sys/i386/i386/trap.c:425
td =3D (struct thread *) 0xc313bd80
p =3D (struct proc *) 0xc313a54c
sticks =3D 3863251848
i =3D 0
ucode =3D 0
type =3D 12
code =3D 0
eva =3D 3217260568
#6 0xc05fdc4a in calltrap () at /usr/src/sys/i386/i386/exception.s:140
No locals.
#7 0xc3150018 in ?? ()
No symbol table info available.
#8 0x00000010 in ?? ()
No symbol table info available.
#9 0xe6440010 in ?? ()
No symbol table info available.
#10 0xc3195000 in ?? ()
No symbol table info available.
#11 0xc354f2c0 in ?? ()
No symbol table info available.
#12 0xe6448c24 in ?? ()
No symbol table info available.
#13 0xe6448bac in ?? ()
No symbol table info available.
#14 0xc3e55800 in ?? ()
No symbol table info available.
#15 0x00000000 in ?? ()
No symbol table info available.
#16 0x0e006802 in ?? ()
No symbol table info available.
#17 0x0000e006 in ?? ()
No symbol table info available.
#18 0x0000000c in ?? ()
No symbol table info available.
#19 0x00000000 in ?? ()
No symbol table info available.
#20 0xc05fb49f in bus_dmamap_load (dmat=3D0xc3353400, map=3D0x0, buf=3D0xe0=
06802,
buflen=3D2046, callback=3D0xc045f8e8 <em_dmamap_cb>, callback_arg=3D0xe=
6448c48,
flags=3D0) at pmap.h:200
lastaddr =3D 0
error =3D 0
nsegs =3D 0
195 vm_paddr_t pa;
196
197 if ((pa =3D PTD[va >> PDRSHIFT]) & PG_PS) {
198 pa =3D (pa & ~(NBPDR - 1)) | (va & (NBPDR - 1));
199 } else {
200 pa =3D *vtopte(va);
201 pa =3D (pa & PG_FRAME) | (va & PAGE_MASK);
202 }
203 return pa;
204 }
#21 0xc04602f1 in em_get_buf (i=3D88, adapter=3D0xc3195000, nmp=3D0x0)
at /usr/src/sys/dev/em/if_em.c:2531
mp =3D (struct mbuf *) 0xc3e55800
rx_buffer =3D (struct em_buffer *) 0xc354f2c0
ifp =3D (struct ifnet *) 0xc354f2c0
paddr =3D 3272850816
error =3D -1021751296
2526
2527 /*
2528 * Using memory from the mbuf cluster pool, invoke the
2529 * bus_dma machinery to arrange the memory mapping.
2530 */
2531 error =3D bus_dmamap_load(adapter->rxtag, rx_buffer->map,
2532 mtod(mp, void *), mp->m_len,
2533 em_dmamap_cb, &paddr, 0);
2534 if (error) {
2535 m_free(mp);
#22 0xc0460b6e in em_process_receive_interrupts (adapter=3D0xc3195000, coun=
t=3D-2)
at /usr/src/sys/dev/em/if_em.c:2852
ifp =3D (struct ifnet *) 0xc3195000
mp =3D (struct mbuf *) 0xc3638500
accept_frame =3D 1 '\001'
eop =3D 1 '\001'
len =3D 60
desc_len =3D 0
prev_len_adj =3D 0
i =3D 88
current_desc =3D (struct em_rx_desc *) 0xc31da580
2847 }
2848 }
2849
2850 if (accept_frame) {
2851
2852 if (em_get_buf(i, adapter, NULL) =3D=3D ENO=
BUFS) {
2853 adapter->dropped_pkts++;
2854 em_get_buf(i, adapter, mp);
2855 if (adapter->fmp !=3D NULL)
2856 m_freem(adapter->fmp);
#23 0xc045d8ae in em_intr (arg=3D0xc3195000) at /usr/src/sys/dev/em/if_em.c=
:1025
loop_cnt =3D 3
reg_icr =3D 0
ifp =3D (struct ifnet *) 0xc3195000
adapter =3D (struct adapter *) 0xc3195000
1021 }
1022
1023 while (loop_cnt > 0) {
1024 if (ifp->if_flags & IFF_RUNNING) {
1025 em_process_receive_interrupts(adapter, -1);
1026 em_clean_transmit_interrupts(adapter);
1027 }
1028 loop_cnt--;
1029 }
#24 0xc04a8e1b in ithread_loop (arg=3D0xc312b480)
at /usr/src/sys/kern/kern_intr.c:547
ithd =3D (struct ithd *) 0xc312b480
ih =3D (struct intrhand *) 0xc31e3400
td =3D (struct thread *) 0xc313bd80
p =3D (struct proc *) 0xc313a54c
count =3D 0
warming =3D 0
warned =3D 0
542 mtx_unlock(&ithd->it_lock);
543 goto restart;
544 }
545 if ((ih->ih_flags & IH_MPSAFE) =3D=
=3D 0)
546 mtx_lock(&Giant);
547 ih->ih_handler(ih->ih_argument);
548 if ((ih->ih_flags & IH_MPSAFE) =3D=
=3D 0)
549 mtx_unlock(&Giant);
550 }
551 if (ithd->it_enable !=3D NULL) {
#25 0xc04a7b8d in fork_exit (callout=3D0xc04a8c77 <ithread_loop>, arg=3D0x0=
,
frame=3D0x0) at /usr/src/sys/kern/kern_fork.c:791
p =3D (struct proc *) 0xc313a54c
td =3D (struct thread *) 0x0
786 * cpu_set_fork_handler intercepts this function call to
787 * have this call a non-return function to stay in kernel m=
ode.
788 * initproc has its own fork handler, but it does return.
789 */
790 KASSERT(callout !=3D NULL, ("NULL callout in fork_exit"));
791 callout(arg, frame);
792
793 /*
794 * Check if a kernel thread misbehaved and returned from it=
s m\
ain
795 * function.
(kgdb) p callout
$1 =3D (void (*)(void *, struct trapframe *)) 0xc04a8c77 <ithread_loop>
#26 0xc05fdcac in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:=
209
No locals.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6eb82e0510270100r3e186770wac250d62d92c931b>