Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 16 Apr 2005 00:11:27 GMT
From:      Stefan Olteanu <stefanolteanu@yahoo.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/79988: page faults while in kernel mode
Message-ID:  <200504160011.j3G0BRhA088045@www.freebsd.org>
Resent-Message-ID: <200504160020.j3G0KNMo067960@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         79988
>Category:       kern
>Synopsis:       page faults while in kernel mode
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Apr 16 00:20:23 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Stefan Olteanu
>Release:        FreeBSD 5.3-RELEASE #0
>Organization:
>Environment:
FreeBSD .romnet.org 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Sun Mar  6 06:05:00 EET 2005     stefan@.romnet.org:/usr/src/sys/i386/compile/FIREWALL3  i386
>Description:
I get this fatal trap while in kernel mode but only when I use dc++ on other machine from the private network. Maybe this is a clue. There is no high network activity, no large amounts of data (netstat). I also try to add more physical memory (160Mb) but no change.

-------------------------
Here is my dmesg output :

Copyright (c) 1992-2004 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD 5.3-RELEASE #0: Sun Mar  6 06:05:00 EET 2005
    [EMAIL PROTECTED]:/usr/src/sys/i386/compile/FIREWALL3
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Pentium/P55C (199.91-MHz 586-class CPU)
  Origin = "GenuineIntel"  Id = 0x543  Stepping = 3
  Features=0x8001bf<FPU,VME,DE,PSE,TSC,MSR,MCE,CX8,MMX>
real memory  = 33554432 (32 MB)
avail memory = 27553792 (26 MB)
Intel Pentium detected, installing workaround for F00F bug
npx0: [FAST]
npx0: <math processor> on motherboard
npx0: INT 16 interface
acpi0: <COMPAQ CPQAE70> on motherboard
Timecounter "ACPI-safe" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0xfc08-0xfc0b on acpi0
cpu0: <ACPI CPU (2 Cx states)> on acpi0
acpi_tz0: <Thermal Zone> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
rl0: <RealTek 8139 10/100BaseTX> port 0x1000-0x10ff mem 0x44000000-0x440000ff irq 11 at device 12.0 on pci0
miibus0: <MII bus> on rl0
rlphy0: <RealTek internal media interface> on miibus0
rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl0: Ethernet address: 00:40:f4:b2:f9:bd
rl1: <RealTek 8139 10/100BaseTX> port 0x1400-0x14ff mem 0x44100000-0x441000ff irq 11 at device 13.0 on pci0
miibus1: <MII bus> on rl1
rlphy1: <RealTek internal media interface> on miibus1
rlphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl1: Ethernet address: 00:40:f4:b2:fe:f4
pci0: <display, VGA> at device 14.0 (no driver attached)
tl0: <Compaq Netelligent 10/100 TX Embedded UTP> port 0x1820-0x182f irq 11 at device 16.0 on pci0
miibus2: <MII bus> on tl0
lxtphy0: <LXT970 10/100 media interface> on miibus2
lxtphy0:  100baseFX, 100baseFX-FDX, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
tlphy0: <ThunderLAN 10baseT media interface> on miibus2
tlphy0:  10base2/BNC, 10base5/AUI
tl0: Ethernet address: 00:80:5f:63:e0:80
tl0: if_start running deferred for Giant
tl0: [GIANT-LOCKED]
isab0: <PCI-ISA bridge> at device 20.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <VIA 82C586B UDMA33 controller> port 0x1830-0x183f,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at device 20.1 on pci0
ata0: channel #0 on atapci0
ata1: channel #1 on atapci0
uhci0: <VIA 83C572 USB controller> port 0x1800-0x181f at device 20.2 on pci0
uhci0: [GIANT-LOCKED]
usb0: <VIA 83C572 USB controller> on uhci0
usb0: USB revision 1.0
uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
pci0: <old, non-VGA display device> at device 20.3 (no driver attached)
acpi_button0: <Power Button> on acpi0
speaker0: <PC speaker> port 0x61 on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x64,0x60 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
ppc0: <ECP parallel printer port> port 0x778-0x77d,0x378-0x37f irq 7 drq 3 on acpi0
ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/8 bytes threshold
ppbus0: <Parallel port bus> on ppc0
plip0: <PLIP network interface> on ppbus0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
sio0: <Standard PC COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A
fdc0: <floppy drive controller> port 0x3f0-0x3f5 irq 6 drq 2 on acpi0
fdc0: [FAST]
sio1: <Standard PC COM port> port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550A
orm0: <ISA Option ROMs> at iomem 0xe7000-0xeffff,0xe0000-0xe6fff,0xc0000-0xc7fff on isa0
pmtimer0 on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 199905462 Hz quality 800
Timecounters tick every 10.000 msec
ad0: 6150MB <ST36421A/8.01> [13330/15/63] at ata0-master UDMA33
Mounting root from ufs:/dev/ad0s1a
WARNING: / was not properly dismounted
WARNING: /tmp was not properly dismounted
WARNING: /usr was not properly dismounted
WARNING: /var was not properly dismounted
IP Filter: v3.4.35 initialized.  Default = pass all, Logging = enabled
tl0: adapter check: 100007

----------------------------------------------------------------------------
Here is my backtrace output :

Script started on Sun Mar  6 12:22:29 2005
[root@ crash]# gdb6 -k kernel.debug.0 vmcore.0
GNU gdb 20040803 [GDB v6.x for FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-portbld-freebsd5.3"...
panic: from debugger
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0xc
fault code		= supervisor read, page not present
instruction pointer	= 0x8:0xc04f4c5c
stack pointer	        = 0x10:0xc3eb7aec
frame pointer	        = 0x10:0xc3eb7af8
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 29 (swi1: net)
panic: from debugger
Uptime: 13m22s
Dumping 32 MB
 16
---
#0  doadump () at pcpu.h:159
159	pcpu.h: No such file or directory.
	in pcpu.h
doadump () at pcpu.h:159
159	in pcpu.h
(kgdb) where
#0  doadump () at pcpu.h:159
#1  0xc04c1ad5 in boot (howto=260) at ../../../kern/kern_shutdown.c:397
#2  0xc04c1dbd in panic (fmt=0xc0617bb0 "from debugger")
    at ../../../kern/kern_shutdown.c:553
#3  0xc0438959 in db_panic (addr=-1068544932, have_addr=0, count=-1, 
    modif=0xc3eb791c "") at ../../../ddb/db_command.c:435
#4  0xc04388f0 in db_command (last_cmdp=0xc066c4c4, cmd_table=0x0, 
    aux_cmd_tablep=0xc063cc54, aux_cmd_tablep_end=0xc063cc58)
    at ../../../ddb/db_command.c:349
#5  0xc04389b8 in db_command_loop () at ../../../ddb/db_command.c:455
#6  0xc043a52d in db_trap (type=12, code=0) at ../../../ddb/db_main.c:221
#7  0xc04d913a in kdb_trap (type=12, code=0, tf=0xc3eb7aac)
    at ../../../kern/subr_kdb.c:418
#8  0xc05f6cc9 in trap_fatal (frame=0xc3eb7aac, eva=12)
    at ../../../i386/i386/trap.c:804
#9  0xc05f6a4f in trap_pfault (frame=0xc3eb7aac, usermode=0, eva=12)
    at ../../../i386/i386/trap.c:727
#10 0xc05f664d in trap (frame=
      {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 56, tf_esi = 0, tf_ebp = -1007977736, tf_isp = -1007977768, tf_ebx = 0, tf_edx = 0, tf_ecx = 0, tf_eax = 3469992, tf_trapno = 12, tf_err = 0, tf_eip = -1068544932, tf_cs = 8, tf_eflags = 66050, tf_esp = 1, tf_ss = -1055494464}) at ../../../i386/i386/trap.c:417
#11 0xc05e6afa in calltrap () at ../../../i386/i386/exception.s:140
#12 0x00000018 in ?? ()
#13 0x00000010 in ?? ()
#14 0x00000010 in ?? ()
#15 0x00000038 in ?? ()
#16 0x00000000 in ?? ()
#17 0xc3eb7af8 in ?? ()
#18 0xc3eb7ad8 in ?? ()
#19 0x00000000 in ?? ()
#20 0x00000000 in ?? ()
#21 0x00000000 in ?? ()
#22 0x0034f2a8 in ?? ()
#23 0x0000000c in ?? ()
#24 0x00000000 in ?? ()
#25 0xc04f4c5c in m_copydata (m=0x0, off=0, len=56, cp=0xc1166ec0 "")
    at ../../../kern/uipc_mbuf.c:513
#26 0xc0ea0ac9 in ?? ()
#27 0xc0e18d00 in ?? ()
#28 0x00000000 in ?? ()
#29 0x00000038 in ?? ()
#30 0xc1166ec0 in ?? ()
#31 0x00000000 in ?? ()
#32 0xc3eb7bd8 in ?? ()
#33 0x00000038 in ?? ()
#34 0xc3eb7b94 in ?? ()
#35 0xc0ea095f in ?? ()
#36 0x00000000 in ?? ()
#37 0xc3eb7bd8 in ?? ()
#38 0xc3eb7b50 in ?? ()
#39 0xc3eb7b48 in ?? ()
#40 0xc3eb7b40 in ?? ()
#41 0x00000002 in ?? ()
#42 0xc0d8c000 in ?? ()
#43 0x00000000 in ?? ()
#44 0x00000001 in ?? ()
#45 0x00000028 in ?? ()
#46 0x00000038 in ?? ()
#47 0xc3eb7b58 in ?? ()
#48 0xc0e18d00 in ?? ()
#49 0x00000000 in ?? ()
#50 0x00306c72 in ?? ()
#51 0x00000000 in ?? ()
#52 0x00000000 in ?? ()
#53 0x00000000 in ?? ()
#54 0xffff3800 in ?? ()
#55 0x0000000c in ?? ()
#56 0x00000000 in ?? ()
#57 0x00004019 in ?? ()
#58 0x00000000 in ?? ()
#59 0x0000000c in ?? ()
#60 0xc3eb7bdc in ?? ()
#61 0x00004019 in ?? ()
#62 0xc0ebc800 in ?? ()
#63 0xc0e18d50 in ?? ()
#64 0xc3eb7c44 in ?? ()
#65 0xc0ea4280 in ?? ()
#66 0x00004019 in ?? ()
#67 0xc0e18d50 in ?? ()
#68 0xc3eb7bd8 in ?? ()
#69 0xc0e18d00 in ?? ()
#70 0xffffffff in ?? ()
#71 0x00000000 in ?? ()
#72 0x00000000 in ?? ()
#73 0xc0e18d00 in ?? ()
#74 0x00000000 in ?? ()
#75 0xc0ebe600 in ?? ()
#76 0x00000004 in ?? ()
#77 0x00000041 in ?? ()
#78 0x00000000 in ?? ()
#79 0xc0ea9740 in ?? ()
#80 0x00000000 in ?? ()
#81 0xc0d8c000 in ?? ()
#82 0x013ec004 in ?? ()
#83 0x8ac213c1 in ?? ()
#84 0x00000000 in ?? ()
#85 0x00000000 in ?? ()
#86 0x00000000 in ?? ()
#87 0xd5662ac2 in ?? ()
#88 0x00000000 in ?? ()
#89 0x00000000 in ?? ()
#90 0x00000000 in ?? ()
#91 0x00000000 in ?? ()
#92 0x00000000 in ?? ()
#93 0x00000003 in ?? ()
#94 0x00000000 in ?? ()
#95 0x00000014 in ?? ()
#96 0x00000000 in ?? ()
#97 0x0000000c in ?? ()
#98 0x00000000 in ?? ()
#99 0xc0ebe600 in ?? ()
#100 0xc0e1a844 in ?? ()
#101 0x000000b5 in ?? ()
#102 0x48fb00a1 in ?? ()
#103 0x00000000 in ?? ()
#104 0xc3eb7c80 in ?? ()
#105 0xc0e7a140 in ?? ()
#106 0xc067cee0 in ip_rsvpd ()
#107 0x00000001 in ?? ()
#108 0xc3eb7c60 in ?? ()
#109 0xc0ea0d06 in ?? ()
#110 0xc0e18d50 in ?? ()
#111 0x00000014 in ?? ()
#112 0xc0d8c000 in ?? ()
#113 0x00000000 in ?? ()
#114 0xc3eb7c80 in ?? ()
#115 0xc3eb7c90 in ?? ()
#116 0xc0532f7f in pfil_run_hooks (ph=0xc1166ec0, mp=0xc3eb7bd8, 
    ifp=0xc3eb7b50, dir=-1055494528, inp=0xc3eb7b40) at ../../../net/pfil.c:137
Previous frame inner to this frame (corrupt stack?)
(kgdb)

-------------------------------------------------------------------------------
Here is my ipf.rules :

#################################################################
# Outside Interface 
#################################################################

pass out quick on rl0 proto tcp from any to any keep state
pass out quick on rl0 proto udp from any to any keep state
pass out quick on rl0 proto icmp from any to any keep state
block out quick on rl0 all

#-----------------------------------------------------------------------
# Block all inbound traffic from non-routable or reserved address spaces
#-----------------------------------------------------------------------
block in log quick on rl0 from 192.168.0.0/16 to any  #RFC 1918 private IP
block in log quick on rl0 from 172.16.0.0/12 to any   #RFC 1918 private IP
block in log quick on rl0 from 10.0.0.0/8 to any      #RFC 1918 private IP
block in log quick on rl0 from 127.0.0.0/8 to any     #loopback
block in log quick on rl0 from 0.0.0.0/8 to any       #loopback
block in log quick on rl0 from 169.254.0.0/16 to any  #DHCP auto-config
block in log quick on rl0 from 192.0.2.0/24 to any    #reserved for doc's
block in log quick on rl0 from 204.152.64.0/23 to any #Sun cluster interconnect
block in quick on rl0 from 224.0.0.0/3 to any         #Class D & E multicast

#----------------------------------------------------------------
# Allow bootp traffic in from your ISP's DHCP server only. 
#----------------------------------------------------------------
pass in quick on rl0 proto udp from 194.42.102.129/32 to any port = 68 keep state


block return-rst in log quick on rl0 proto tcp from any to any
block return-icmp-as-dest(port-unr) in log quick on rl0 proto udp from any to any
block in log quick on rl0 all 

################################################################# 
# Inside Interface 
################################################################# 

#---------------------------------------------------------------- 
# Allow out all TCP, UDP, and ICMP traffic & keep state 
#---------------------------------------------------------------- 
pass out quick on rl1 proto tcp from any to any keep state 
pass out quick on rl1 proto udp from any to any keep state 
pass out quick on rl1 proto icmp from any to any keep state 
block out quick on rl1 all 

pass out quick on tl0 proto tcp from any to any keep state 
pass out quick on tl0 proto udp from any to any keep state 
pass out quick on tl0 proto icmp from any to any keep state 
block out quick on tl0 all 

#----------------------------------------------------------------
# Allow in all TCP, UDP, and ICMP traffic & keep state 
#---------------------------------------------------------------- 
pass in quick on rl1 proto tcp from any to any keep state 
pass in quick on rl1 proto udp from any to any keep state 
pass in quick on rl1 proto icmp from any to any keep state 
block in quick on rl1 all 

pass in quick on tl0 proto tcp from any to any keep state 
pass in quick on tl0 proto udp from any to any keep state 
pass in quick on tl0 proto icmp from any to any keep state 
block in quick on tl0 all 

################################################################# 
# Loopback Interface 
################################################################# 

#---------------------------------------------------------------- 
# ping
#---------------------------------------------------------------- 
pass in quick on lo0 all 
pass out quick on lo0 all 


Maybe this help to improve the system.
Thank you very much,
Stefan Olteanu

>How-To-Repeat:
Don't know exactly. I notice that problem occur when I use dc++ on other machine from the private network. No high network activity.
>Fix:
No
>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504160011.j3G0BRhA088045>