Date: Fri, 8 Dec 2000 15:48:18 GMT From: Jonathan Perkin <sketchy@netcraft.com> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/23379: Reproducable kernel panic with 4.2-STABLE and slip null-modem connection Message-ID: <200012081548.eB8FmIj00462@weirdo.netcraft.com> Resent-Message-ID: <200012081550.eB8Fo2R52638@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 23379
>Category: kern
>Synopsis: panic: page fault
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Dec 08 07:50:01 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: Jonathan Perkin
>Release: FreeBSD 4.2-STABLE i386
>Organization:
Netcraft Ltd
>Environment:
FreeBSD weirdo.netcraft.com 4.2-STABLE FreeBSD 4.2-STABLE #0: Thu Dec 7 15:12:17 GMT 2000 sketchy@weirdo.netcraft.com:/usr/obj/usr/src/sys/WEIRDO i386
Does exactly the same on 4.2-RELEASE
>Description:
Null-modem connection between 2 machines (both running 4.2-S),
connected via SLIP. Transfer data between machines for a while, the
"server" will lock up.
server# /sbin/ifconfig sl0 inet 195.92.95.128 195.92.95.129 netmask 0xffffffff
server# /sbin/sysctl -w net.inet.ip.forwarding=1
server# /sbin/slattach -a -c -s 115200 -L -l cuaa0
server# /usr/sbin/arp -s 195.92.95.129 0:90:27:b0:b2:2b pub
client# /sbin/ifconfig sl0 inet 195.92.95.129 195.92.95.128 netmask 0xffffffff
client# /sbin/slattach -a -c -s 115200 -L -l cuaa0
client# route add default 195.92.95.128
client$ ftp something, run cvsup, whatever.
server# gdb -k /usr/obj/usr/src/sys/WEIRDO/kernel.debug /var/crash/vmcore.0
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-unknown-freebsd"...
IdlePTD 3940352
initial pcb at 2d9f00
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x1ee9b6cf
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc015d2a4
stack pointer = 0x10:0xc02937ec
frame pointer = 0x10:0xc02937f8
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = Idle
interrupt mask = net
trap number = 12
panic: page fault
syncing disks...
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x30
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc01dbf40
stack pointer = 0x10:0xc0293624
frame pointer = 0x10:0xc0293628
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = Idle
interrupt mask = net bio cam
trap number = 12
panic: page fault
Uptime: 25m31s
dumping to dev #ad/0x20006, offset 0
dump ata0: resetting devices .. done
256 255 254 253 252 251 250 249 248 247 246 245 244 243 242 241 240 239 238 237
236 235 234 233 232 231 230 229 228 227 226 225 224 223 222 221 220 219 218 217
216 215 214 213 212 211 210 209 208 207 206 205 204 203 202 201 200 199 198 197
196 195 194 193 192 191 190 189 188 187 186 185 184 183 182 181 180 179 178 177
176 175 174 173 172 171 170 169 168 167 166 165 164 163 162 161 160 159 158 157
156 155 154 153 152 151 150 149 148 147 146 145 144 143 142 141 140 139 138 137
136 135 134 133 132 131 130 129 128 127 126 125 124 123 122 121 120 119 118 117
116 115 114 113 112 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96
95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69
68 67 66 65 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43
42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
---
#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:469
469 if (dumping++) {
(kgdb) where
#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:469
#1 0xc01431cf in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:309
#2 0xc0143565 in panic (fmt=0xc028ae0f "page fault")
at /usr/src/sys/kern/kern_shutdown.c:556
#3 0xc024d94e in trap_fatal (frame=0xc02935e4, eva=48)
at /usr/src/sys/i386/i386/trap.c:951
#4 0xc024d601 in trap_pfault (frame=0xc02935e4, usermode=0, eva=48)
at /usr/src/sys/i386/i386/trap.c:844
#5 0xc024d1a3 in trap (frame={tf_fs = 6684688, tf_es = -1071054832
tf_ds = -1054474224, tf_edi = 0, tf_esi = -1054424576,
tf_ebp = -1071040984, tf_isp = -1071041008, tf_ebx = -1070970340,
tf_edx = 6864960, tf_ecx = -880820032, tf_eax = 0, tf_trapno = 12,
tf_err = 0, tf_eip = -1071792320, tf_cs = 8, tf_eflags = 66050,
tf_esp = -1054424576, tf_ss = -1071040952})
at /usr/src/sys/i386/i386/trap.c:443
#6 0xc01dbf40 in acquire_lock (lk=0xc02a4a1c)
at /usr/src/sys/ufs/ffs/ffs_softdep.c:267
#7 0xc01dfc28 in softdep_update_inodeblock (ip=0xc126c200, bp=0xc61c1838,
waitfor=0) at /usr/src/sys/ufs/ffs/ffs_softdep.c:3592
#8 0xc01db211 in ffs_update (vp=0xcb7fc0c0, waitfor=0)
at /usr/src/sys/ufs/ffs/ffs_inode.c:106
#9 0xc01e2f34 in ffs_sync (mp=0xc0f96600, waitfor=2, cred=0xc0a5f580,
p=0xc02f1920) at /usr/src/sys/ufs/ffs/ffs_vfsops.c:987
---Type <return> to continue, or q <return> to quit---
#10 0xc01707df in sync (p=0xc02f1920, uap=0x0)
at /usr/src/sys/kern/vfs_syscalls.c:545
#11 0xc0142faa in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:233
#12 0xc0143565 in panic (fmt=0xc028ae0f "page fault")
at /usr/src/sys/kern/kern_shutdown.c:556
#13 0xc024d94e in trap_fatal (frame=0xc02937ac, eva=518633167)
at /usr/src/sys/i386/i386/trap.c:951
#14 0xc024d601 in trap_pfault (frame=0xc02937ac, usermode=0, eva=518633167)
at /usr/src/sys/i386/i386/trap.c:844
#15 0xc024d1a3 in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = -1071054832,
tf_edi = 6686720, tf_esi = -1062538496, tf_ebp = -1071040520,
tf_isp = -1071040552, tf_ebx = 518633149, tf_edx = 0,
tf_ecx = -1062656000, tf_eax = -6686721, tf_trapno = 12, tf_err = 0,
tf_eip = -1072311644, tf_cs = 8, tf_eflags = 66054,
tf_esp = -1062538752, tf_ss = -1062538496})
at /usr/src/sys/i386/i386/trap.c:443
#16 0xc015d2a4 in m_freem (m=0x1ee9b6bd) at /usr/src/sys/kern/uipc_mbuf.c:525
#17 0xc015d2b8 in m_freem (m=0xc0a90a00) at /usr/src/sys/kern/uipc_mbuf.c:534
#18 0xc01d1502 in fxp_stats_update (arg=0xc0ee2a00) at /usr/src/sys/pci/if_fxp.c:1366
#19 0xc0148c7d in softclock () at /usr/src/sys/kern/kern_timeout.c:131
server#
machine i386
cpu I686_CPU
ident WEIRDO
maxusers 64
makeoptions DEBUG=-g
options INET
options INET6
options FFS
options FFS_ROOT
options SOFTUPDATES
options NFS
options CD9660
options PROCFS
options COMPAT_43
options UCONSOLE
options USERCONFIG
options SYSVSHM
options SYSVMSG
options SYSVSEM
options P1003_1B
options KBD_INSTALL_CDEV
options _KPOSIX_PRIORITY_SCHEDULING
device isa
device pci
device fdc0 at isa? port IO_FD1 irq 6 drq 2
device fd0 at fdc0 drive 0
device ata
device atadisk
device atapicd
options ATA_STATIC_ID
options ATA_ENABLE_ATAPI_DMA
device atkbdc0 at isa? port IO_KBD
device atkbd0 at atkbdc? irq 1 flags 0x1
device psm0 at atkbdc? irq 12
device vga0 at isa?
device sc0 at isa? flags 0x100
device npx0 at nexus? port IO_NPX irq 13
device sio0 at isa? port IO_COM1 flags 0x10 irq 4
device ppc0 at isa? irq 7
device ppbus
device lpt
device plip
device fxp0
pseudo-device loop
pseudo-device ether
pseudo-device sl 1
pseudo-device gif 1
pseudo-device pty
pseudo-device splash
pseudo-device gzip
pseudo-device bpf
options VESA
options DDB
options CPU_FASTER_5X86_FPU
options NFS_NOSERVER
options SC_DISABLE_REBOOT
options SC_HISTORY_SIZE=1000
options COMPAT_LINUX
options INCLUDE_CONFIG_FILE
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPV6FIREWALL
options TCP_RESTRICT_RST
options IPDIVERT
options DUMMYNET
options BRIDGE
device pcm
device usb
device ugen
device uhid
device ums
device smb
device smbus
device intpm
device ichsmb
device ic
device iic
device iicsmb
device iicbus
device iicbb
server# dmesg
Copyright (c) 1992-2000 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 4.2-STABLE #0: Thu Dec 7 15:12:17 GMT 2000
sketchy@weirdo.netcraft.com:/usr/obj/usr/src/sys/WEIRDO
Timecounter "i8254" frequency 1193182 Hz
Timecounter "TSC" frequency 598624822 Hz
CPU: Pentium III/Pentium III Xeon/Celeron (598.62-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x673 Stepping = 3
Features=0x383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
real memory = 268435456 (262144K bytes)
avail memory = 257482752 (251448K bytes)
Preloaded elf kernel "kernel" at 0xc03a3000.
Preloaded elf module "splash_bmp.ko" at 0xc03a309c.
Preloaded splash_image_data "/boot/splash.bmp" at 0xc03a3140.
VESA: v2.0, 32768k memory, flags:0x1, mode table:0xc00c6954
(c0006954)
VESA: Matrox Graphics Inc.
Pentium Pro MTRR support enabled
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcib0: <Intel 82443BX (440 BX) host to PCI bridge> on motherboard
pci0: <PCI bus> on pcib0
pcib1: <Intel 82443BX (440 BX) PCI-PCI (AGP) bridge> at device 1.0
on pci0
pci1: <PCI bus> on pcib1
pci1: <Matrox MGA G400 AGP graphics accelerator> at 0.0 irq 11
isab0: <Intel 82371AB PCI to ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel PIIX4 ATA33 controller> port 0x10a0-0x10af at device 7.1 on pci0
ata0: at 0x1f0 irq 14 on atapci0
ata1: at 0x170 irq 15 on atapci0
pci0: <Intel 82371AB/EB (PIIX4) USB controller> at 7.2 irq 9
intpm0: <Intel 82371AB Power management controller> port 0x7000-0x700f irq 9 at device 7.3 on pci
intpm0: I/O mapped 7000
fxp0: <Intel Pro 10/100B/100+ Ethernet> port 0x1000-0x103f mem 0xd0000000-0xd00fffff,0xd0100000-0xd0100fff irq 11 at device 13.0 on pci0
fxp0: Ethernet address 00:90:27:b0:b2:2b
pcm0: <AudioPCI ES1371> port 0x1040-0x107f irq 10 at device 14.0 on
pci0
fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on
isa0
fdc0: FIFO enabled, 8 bytes threshold
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
kbd0 at atkbd0
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: model Generic PS/2 mouse, device ID 0
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A
ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
ppc0: Generic chipset (EPP/NIBBLE) in COMPATIBLE mode
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
plip0: <PLIP network interface> on ppbus0
DUMMYNET initialized (000608)
IPv6 packet filtering initialized, logging disabled
IP packet filtering initialized, divert enabled, rule-based forwarding disabled, default to accept, unlimited logging
BRIDGE 990810, have 5 interfaces
-- index 1 type 6 phy 0 addrl 6 addr 00.90.27.b0.b2.2b
ad0: 14324MB <QUANTUM FIREBALLlct10 15> [29104/16/63] at ata0-master
UDMA33
acd0: CDROM <MATSHITA CR-583> at ata1-master using PIO3
Mounting root from ufs:/dev/ad0s1a
>How-To-Repeat:
The above crashes the server box 100% of the time, usually within 5/10
minutes. Has done for both 4.2-RELEASE and for every version of
-stable since.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012081548.eB8FmIj00462>