Date: Mon, 24 Dec 2007 16:57:41 +0300 (MSK) From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: FreeBSD-gnats-submit@FreeBSD.org Cc: maksim_l@mail.ru Subject: kern/118993: [ipfw] page fault - probably it's a locking problem Message-ID: <20071224135741.411A8B8054@mail.kirov.so-cdu.ru> Resent-Message-ID: <200712241430.lBOEU3iJ079221@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 118993
>Category: kern
>Synopsis: [ipfw] page fault - probably it's a locking problem
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Dec 24 14:30:03 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator: Andrey V. Elsukov
>Release: FreeBSD 6.2-STABLE #6: Mon Jul 30
>Organization:
>Environment:
FreeBSD 6.2-STABLE i386 SMP
>Description:
It's my friends system, not my. Just for record.
System has panic when an operator starts `sh /etc/rc.firewall`.
This is production system and it uses ipfw2, ng_ipfw, ng_nat, ng_netflow, dummynet, mpd4.
# ident /sys/netinet/ip_fw2.c
$FreeBSD: src/sys/netinet/ip_fw2.c,v 1.106.2.40 2007/06/07 09:50:53 bz Exp $
Unread portion of the kernel message buffer:
ipfw: ouch!, skip past end of rules, denying packet
ipfw: ouch!, skip past end of rules, denying packet
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x2910
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc05ac561
stack pointer = 0x28:0xe35a3a00
frame pointer = 0x28:0xe35a3ac4
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 14 (swi1: net)
panic: from debugger
cpuid = 0
panic: smp_tlb_shootdown: interrupts disabled
cpuid = 0
KDB: enter: panic
panic: from debugger
cpuid = 0
Uptime: 122d2h32m52s
Physical memory: 1013 MB
Dumping 439 MB: 424 408 392 376 360 344 328 312 296 280 264 248 232 216 200 184 168 152 136 120 104 88 72 56 40 24 8
#0 doadump () at pcpu.h:165
165 pcpu.h: No such file or directory.
in pcpu.h
#1 0xc0514cbe in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2 0xc0515015 in panic (fmt=0xc06ac929 "from debugger") at /usr/src/sys/kern/kern_shutdown.c:565
#3 0xc044f38d in db_panic (addr=-1068307841, have_addr=0, count=1, modif=0xe35a3434 "")
at /usr/src/sys/ddb/db_command.c:438
#4 0xc044f324 in db_command (last_cmdp=0xc0713b44, cmd_table=0xc06dd280, aux_cmd_tablep=0xc06d72f4,
aux_cmd_tablep_end=0xc06d72f8) at /usr/src/sys/ddb/db_command.c:350
#5 0xc044f3ec in db_command_loop () at /usr/src/sys/ddb/db_command.c:458
#6 0xc0451005 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:222
#7 0xc052ed18 in kdb_trap (type=3, code=0, tf=0xe35a3578) at /usr/src/sys/kern/subr_kdb.c:473
#8 0xc0682fb0 in trap (frame=
{tf_fs = -480641016, tf_es = -1068302296, tf_ds = -1066729432, tf_edi = -1066593057, tf_esi = 0, tf_ebp = -480627272, t f_isp = -480627292, tf_ebx = -480627228, tf_edx = 0, tf_ecx = -1056755712, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = - 1068307841, tf_cs = 32, tf_eflags = 134, tf_esp = -480627240, tf_ss = -1068413053}) at /usr/src/sys/i386/i386/trap.c:594
#9 0xc066e10a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#10 0xc052ea7f in kdb_enter (msg=0x12 <Address 0x12 out of bounds>) at cpufunc.h:60
#11 0xc0514f83 in panic (fmt=0xc06d14df "%s: interrupts disabled") at /usr/src/sys/kern/kern_shutdown.c:549
#12 0xc067a608 in smp_tlb_shootdown (vector=245, addr1=18, addr2=18) at /usr/src/sys/i386/i386/mp_machdep.c:1023
#13 0xc067a8dc in smp_invlpg_range (addr1=3693789184, addr2=3693805568) at /usr/src/sys/i386/i386/mp_machdep.c:1111
#14 0xc067d6ab in pmap_invalidate_range (pmap=0xc1033000, sva=3693789184, eva=0) at /usr/src/sys/i386/i386/pmap.c:683
#15 0xc067dddd in pmap_qremove (sva=3693789184, count=0) at /usr/src/sys/i386/i386/pmap.c:1057
#16 0xc055e990 in vfs_vmio_release (bp=0xd8c6ef70) at /usr/src/sys/kern/vfs_bio.c:1517
#17 0xc055f038 in getnewbuf (slpflag=0, slptimeo=0, size=12288, maxsize=16384) at /usr/src/sys/kern/vfs_bio.c:1798
#18 0xc0560748 in geteblk (size=12288) at /usr/src/sys/kern/vfs_bio.c:2599
#19 0xc061bbad in ffs_bufwrite (bp=0xd8c62790) at /usr/src/sys/ufs/ffs/ffs_vfsops.c:1705
#20 0xc055d90b in bawrite (bp=0x12) at buf.h:410
#21 0xc0565fac in vop_stdfsync (ap=0xe35a375c) at /usr/src/sys/kern/vfs_default.c:431
#22 0xc04c57b3 in devfs_fsync (ap=0xe35a375c) at /usr/src/sys/fs/devfs/devfs_vnops.c:379
#23 0xc0697318 in VOP_FSYNC_APV (vop=0x12, a=0x0) at vnode_if.c:1020
#24 0xc061aeeb in ffs_sync (mp=0xc4df1cf8, waitfor=2, td=0xc4af2c00) at vnode_if.h:537
#25 0xc057298e in sync (td=0xc4af2c00, uap=0x0) at /usr/src/sys/kern/vfs_syscalls.c:138
#26 0xc051498e in boot (howto=256) at pcpu.h:162
#27 0xc0515015 in panic (fmt=0xc06ac929 "from debugger") at /usr/src/sys/kern/kern_shutdown.c:565
#28 0xc044f38d in db_panic (addr=-1067793055, have_addr=0, count=-1, modif=0xe35a3828 "")
at /usr/src/sys/ddb/db_command.c:438
#29 0xc044f324 in db_command (last_cmdp=0xc0713b44, cmd_table=0x0, aux_cmd_tablep=0xc06d72f4, aux_cmd_tablep_end=0xc06d72f8)
at /usr/src/sys/ddb/db_command.c:350
#30 0xc044f3ec in db_command_loop () at /usr/src/sys/ddb/db_command.c:458
#31 0xc0451005 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:222
#32 0xc052ed18 in kdb_trap (type=12, code=0, tf=0xe35a39c0) at /usr/src/sys/kern/subr_kdb.c:473
#33 0xc06834e4 in trap_fatal (frame=0xe35a39c0, eva=10512) at /usr/src/sys/i386/i386/trap.c:828
#34 0xc0683227 in trap_pfault (frame=0xe35a39c0, usermode=0, eva=10512) at /usr/src/sys/i386/i386/trap.c:745
#35 0xc0682e3d in trap (frame=
{tf_fs = 180682760, tf_es = -993787864, tf_ds = -1067843544, tf_edi = 5, tf_esi = 180690860, tf_ebp = -480625980, tf_isp = -480626196, tf_ebx = -958182940, tf_edx = 0, tf_ecx = 10498, tf_eax = 10498, tf_trapno = 12, tf_err = 0, tf_eip = -1067793055, tf_cs = 32, tf_eflags = 66050, tf_esp = -480626144, tf_ss = -1067870963}) at /usr/src/sys/i386/i386/trap.c:435
#36 0xc066e10a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#37 0xc05ac561 in ipfw_chk (args=0xe35a3ad0) at /usr/src/sys/netinet/ip_fw2.c:2538
#38 0xc05af6b9 in ipfw_check_out (arg=0x0, m0=0xe35a3bdc, ifp=0xc4c49c00, dir=2, inp=0x0)
at /usr/src/sys/netinet/ip_fw_pfil.c:248
#39 0xc0591317 in pfil_run_hooks (ph=0xc0723a00, mp=0xe35a3c54, ifp=0xc4c49c00, dir=2, inp=0x0)
at /usr/src/sys/net/pfil.c:139
#40 0xc05b2f32 in ip_output (m=0xd04c4d00, opt=0xc4c49c00, ro=0xe35a3c20, flags=1, imo=0x0, inp=0x0)
at /usr/src/sys/netinet/ip_output.c:679
#41 0xc07e4b06 in ?? ()
#42 0xd04c4d00 in ?? ()
#43 0x00000000 in ?? ()
#44 0xe35a3c20 in ?? ()
#45 0x00000001 in ?? ()
#46 0x00000000 in ?? ()
#47 0x00000000 in ?? ()
#48 0xd1205930 in ?? ()
#49 0xe35a3c94 in ?? ()
#50 0xc05998ec in ng_apply_item (node=0xc51ffe00, item=0xd04c4d00, rw=0) at /usr/src/sys/netgraph/ng_base.c:2372
Previous frame identical to this frame (corrupt stack?)
>How-To-Repeat:
This panic seems not easy repeatable.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071224135741.411A8B8054>