Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 25 Oct 2007 20:11:56 +0200
From:      Kris Kennaway <kris@FreeBSD.org>
To:        Doug Poland <doug@polands.org>
Cc:        freebsd-stable@FreeBSD.org
Subject:   Re: Fatal trap 12 on 7.0-BETA1 i386
Message-ID:  <4720DC6C.5010006@FreeBSD.org>
In-Reply-To: <20071025015044.GA67928@polands.org>
References:  <471FA648.7020407@polands.org> <471FD292.7070800@FreeBSD.org> <20071025015044.GA67928@polands.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Doug Poland wrote:
> On Thu, Oct 25, 2007 at 01:17:38AM +0200, Kris Kennaway wrote:
>> Doug Poland wrote:
>>> Hello,
>>>
>>> I just had a kernel panic using BETA1.  According to the Developer 
>>> Handbook Kernel Debugging, I'm supplying the following information in 
>>> hopes that it is useful.  Please note:  I'm not familiar with this 
>>> process so you need more data, just ask:
>>>
>>>
>>> snip
>>>
> 
>> Almost :)
>>
>> What does 'bt' show in kgdb?
>>
> 
> kgdb kernel.debug /var/crash/vmcore.0
> [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "i386-marcel-freebsd".
> 
> Unread portion of the kernel message buffer:
> 
> 
> Fatal trap 12: page fault while in kernel mode
> cpuid = 1; apic id = 01
> fault virtual address	= 0x9006004
> fault code		= supervisor read, page not present
> instruction pointer	= 0x20:0xc079c961
> stack pointer	        = 0x28:0xe74a7bcc
> frame pointer	        = 0x28:0xe74a7be0
> code segment		= base 0x0, limit 0xfffff, type 0x1b
> 			= DPL 0, pres 1, def32 1, gran 1
> processor eflags	= interrupt enabled, resume, IOPL = 0
> current process		= 46 (ath0 taskq)
> trap number		= 12
> panic: page fault
> cpuid = 1
> Uptime: 4h9m30s
> Physical memory: 3435 MB
> Dumping 214 MB: 199 183 167 151 135 119 103 87 71 55 39 23 7
> 
> #0  doadump () at pcpu.h:195
> 195		__asm __volatile("movl %%fs:0,%0" : "=r" (td));
> (kgdb) list *0xc079c961
> 0xc079c961 is in mb_free_ext (/usr/src/sys/kern/uipc_mbuf.c:226).
> 221		 * check if the header is embedded in the cluster
> 222		 */     
> 223		skipmbuf = (m->m_flags & M_NOFREE);
> 224		
> 225		/* Free attached storage if this mbuf is the only reference to it. */
> 226		if (*(m->m_ext.ref_cnt) == 1 ||
> 227		    atomic_fetchadd_int(m->m_ext.ref_cnt, -1) == 1) {
> 228			switch (m->m_ext.ext_type) {
> 229			case EXT_PACKET:	/* The packet zone is special. */
> 230				if (*(m->m_ext.ref_cnt) == 0)
> (kgdb) backtrace
> #0  doadump () at pcpu.h:195
> #1  0xc074fed7 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
> #2  0xc0750199 in panic (fmt=Variable "fmt" is not available.
> ) at /usr/src/sys/kern/kern_shutdown.c:563
> #3  0xc0a1485c in trap_fatal (frame=0xe74a7b8c, eva=151019524) at /usr/src/sys/i386/i386/trap.c:872
> #4  0xc0a14ae0 in trap_pfault (frame=0xe74a7b8c, usermode=0, eva=151019524) at /usr/src/sys/i386/i386/trap.c:785
> #5  0xc0a15455 in trap (frame=0xe74a7b8c) at /usr/src/sys/i386/i386/trap.c:463
> #6  0xc09fb46b in calltrap () at /usr/src/sys/i386/i386/exception.s:139
> #7  0xc079c961 in mb_free_ext (m=0xc7151e00) at /usr/src/sys/kern/uipc_mbuf.c:226
> #8  0xc079cfc1 in m_freem (mb=0x0) at mbuf.h:510
> #9  0xc051e39e in ath_rxbuf_init (sc=0xc6e95000, bf=0xc6e9cc94) at /usr/src/sys/dev/ath/if_ath.c:3257
> #10 0xc052595d in ath_rx_proc (arg=0xc6e95000, npending=1) at /usr/src/sys/dev/ath/if_ath.c:3711
> #11 0xc07809c5 in taskqueue_run (queue=0xc6dd8300) at /usr/src/sys/kern/subr_taskqueue.c:255
> #12 0xc0780bcb in taskqueue_thread_loop (arg=0xc6e96664) at /usr/src/sys/kern/subr_taskqueue.c:374
> #13 0xc07304b9 in fork_exit (callout=0xc0780b10 <taskqueue_thread_loop>, arg=0xc6e96664, frame=0xe74a7d38) at /usr/src/sys/kern/kern_fork.c:796
> #14 0xc09fb4e0 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:205
> (kgdb) 
> 
> 
> Here's the whole thing with a backtrace.  Thanks for your patience...
> 
> 

I asked Sam about this and he says he has seen it reported before but 
not with enough details to track it down further.  Can you file a PR and 
describe your system network configuration in more detail, including 
kernel config, dmesg, rc.conf and other settings, and any firewall rules 
that are applied?

Kris




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4720DC6C.5010006>