Date: Tue, 10 Jan 2006 13:52:11 GMT From: Aleksey Ovcharenko <aleksey.ovcharenko@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/91597: PC crashed after cold reboot in 2 minutes. Message-ID: <200601101352.k0ADqBhf068306@www.freebsd.org> Resent-Message-ID: <200601101400.k0AE0I6i002322@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 91597
>Category: kern
>Synopsis: PC crashed after cold reboot in 2 minutes.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jan 10 14:00:17 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Aleksey Ovcharenko
>Release: FreeBSD 6.0-STABLE
>Organization:
>Environment:
FreeBSD localhost 6.0-STABLE FreeBSD 6.0-STABLE #0: Tue Jan 10 14:39:26 EET 2006 root@localhost:/usr/obj/usr/src/sys/KERNEL i386
>Description:
After power on PC it crashed in 2 minutes with following error:
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x88
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc047b634
stack pointer = 0x28:0xd5232c08
frame pointer = 0x28:0xd5232c24
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 36 (swi4: clock sio)
It happens only once per power on. It doesn't happen of PC was rebooted.
Kernel configured without options INET6.
Here comes backtrace:
#0 doadump () at pcpu.h:165
in pcpu.h
(kgdb) where
#0 doadump () at pcpu.h:165
#1 0xc05c0320 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
#2 0xc05c069d in panic (fmt=0xc07beeb0 "from debugger") at /usr/src/sys/kern/kern_shutdown.c:555
#3 0xc049dbd2 in db_panic (addr=-1069042124, have_addr=0, count=-1, modif=0xd52329f8 "") at /usr/src/sys/ddb/db_command.c:438
#4 0xc049db42 in db_command (last_cmdp=0xc0835ae4, cmd_table=0x0, aux_cmd_tablep=0xc07f1b54, aux_cmd_tablep_end=0xc07f1b58)
at /usr/src/sys/ddb/db_command.c:350
#5 0xc049dc55 in db_command_loop () at /usr/src/sys/ddb/db_command.c:458
#6 0xc049fe85 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:221
#7 0xc05df657 in kdb_trap (type=0, code=0, tf=0xd5232bc8) at /usr/src/sys/kern/subr_kdb.c:473
#8 0xc078c22b in trap_fatal (frame=0xd5232bc8, eva=0) at /usr/src/sys/i386/i386/trap.c:827
#9 0xc078bf02 in trap_pfault (frame=0xd5232bc8, usermode=0, eva=136) at /usr/src/sys/i386/i386/trap.c:744
#10 0xc078ba70 in trap (frame=
{tf_fs = 8, tf_es = 40, tf_ds = 1862271016, tf_edi = 7, tf_esi = -1018524584, tf_ebp = -719115228, tf_isp = -719115276, tf_ebx = -1017757184, tf_edx =
-1017757184, tf_ecx = -1020748672, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1069042124, tf_cs = 32, tf_eflags = 590406, tf_esp = -1017757184, tf_ss
= 0}) at /usr/src/sys/i386/i386/trap.c:434
#11 0xc07780ba in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#12 0xc047b634 in fr_derefrule (frp=0xc34a8c58) at /usr/src/sys/contrib/ipfilter/netinet/fil.c:4507
#13 0xc0495d97 in fr_delstate (is=0xc34a8c00, why=65535) at /usr/src/sys/contrib/ipfilter/netinet/ip_state.c:2779
#14 0xc0495e61 in fr_timeoutstate () at /usr/src/sys/contrib/ipfilter/netinet/ip_state.c:2815
#15 0xc04815ba in fr_slowtimer (ptr=0x0) at /usr/src/sys/contrib/ipfilter/netinet/ip_frag.c:828
#16 0xc05cf726 in softclock (dummy=0x0) at /usr/src/sys/kern/kern_timeout.c:290
#17 0xc05a44f8 in ithread_loop (arg=0xc327d200) at /usr/src/sys/kern/kern_intr.c:547
#18 0xc05a33cf in fork_exit (callout=0xc05a4340 <ithread_loop>, arg=0x0, frame=0x0) at /usr/src/sys/kern/kern_fork.c:789
#19 0xc077811c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc05c0320 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
first_buf_printf = 1
#2 0xc05c069d in panic (fmt=0xc07beeb0 "from debugger") at /usr/src/sys/kern/kern_shutdown.c:555
td = (struct thread *) 0xc3289c80
bootopt = 256
newpanic = 1
ap = 0xc3289c80 "\030\204(ц a\"ц"
buf = "from debugger", '\0' <repeats 242 times>
#3 0xc049dbd2 in db_panic (addr=-1069042124, have_addr=0, count=-1, modif=0xd52329f8 "") at /usr/src/sys/ddb/db_command.c:438
No locals.
#4 0xc049db42 in db_command (last_cmdp=0xc0835ae4, cmd_table=0x0, aux_cmd_tablep=0xc07f1b54, aux_cmd_tablep_end=0xc07f1b58)
at /usr/src/sys/ddb/db_command.c:350
cmd = (struct command *) 0xc07a5e60
t = 0
modif = "\000c\203ю\f\000\000\000\024*#у\r\000\000\000\000\027\207ю\r\000\000\000\001\000\000\0004*#уf\201vююъ\205ю\aK\000 \204\027\207ю\2004\204юЮc\203юx\000\000\000Юc\203ю\f\000\000\000X*#уя\002Jю\226L}юPЪIю\000\000\000\000\020\000\000\000\f\000\000\000Юc\203юfУIюЮc\203ю [\203юx\000\000\000╪*#у"
addr = -1069042124
count = -1
have_addr = 0
result = 0
#5 0xc049dc55 in db_command_loop () at /usr/src/sys/ddb/db_command.c:458
No locals.
#6 0xc049fe85 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:221
jb = {{_jb = {-719115588, -719115616, -719115536, -719115320, 12, -1068892634, -719115516, -1067574971, -1065428601, -1067574800, -719115536,
-1067584048}}}
prev_jb = (void *) 0x0
bkpt = 0
#7 0xc05df657 in kdb_trap (type=0, code=0, tf=0xd5232bc8) at /usr/src/sys/kern/subr_kdb.c:473
handled = -719115320
#8 0xc078c22b in trap_fatal (frame=0xd5232bc8, eva=0) at /usr/src/sys/i386/i386/trap.c:827
eflags = 524802
code = 524802
type = 12
ss = 524802
esp = 0
softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_xx = 4, ssd_xx1 = 0, ssd_def32 = 1, ssd_gran = 1}
msg = 0x0
#9 0xc078bf02 in trap_pfault (frame=0xd5232bc8, usermode=0, eva=136) at /usr/src/sys/i386/i386/trap.c:744
va = 0
vm = (struct vmspace *) 0x0
map = 0x1
rv = 1
ftype = 1 '\001'
td = (struct thread *) 0xc3289c80
p = (struct proc *) 0xc3288418
#10 0xc078ba70 in trap (frame=
{tf_fs = 8, tf_es = 40, tf_ds = 1862271016, tf_edi = 7, tf_esi = -1018524584, tf_ebp = -719115228, tf_isp = -719115276, tf_ebx = -1017757184, tf_edx =
-1017757184, tf_ecx = -1020748672, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1069042124, tf_cs = 32, tf_eflags = 590406, tf_esp = -1017757184, tf_ss
= 0}) at /usr/src/sys/i386/i386/trap.c:434
td = (struct thread *) 0xc3289c80
p = (struct proc *) 0xc3288418
sticks = 0
i = 0
ucode = 0
type = 12
code = 0
eva = 136
#11 0xc07780ba in calltrap () at /usr/src/sys/i386/i386/exception.s:139
No locals.
#12 0xc047b634 in fr_derefrule (frp=0xc34a8c58) at /usr/src/sys/contrib/ipfilter/netinet/fil.c:4507
fr = (frentry_t *) 0xc3564200
#13 0xc0495d97 in fr_delstate (is=0xc34a8c00, why=65535) at /usr/src/sys/contrib/ipfilter/netinet/ip_state.c:2779
No locals.
#14 0xc0495e61 in fr_timeoutstate () at /usr/src/sys/contrib/ipfilter/netinet/ip_state.c:2815
ifq = (ipftq_t *) 0xc0834c40
ifqnext = (ipftq_t *) 0x7
tqe = (ipftqent_t *) 0xc3564200
tqn = (ipftqent_t *) 0xc339e8c8
is = (ipstate_t *) 0x0
#15 0xc04815ba in fr_slowtimer (ptr=0x0) at /usr/src/sys/contrib/ipfilter/netinet/ip_frag.c:828
No locals.
#16 0xc05cf726 in softclock (dummy=0x0) at /usr/src/sys/kern/kern_timeout.c:290
c_func = (void (*)(void *)) 0xc0481560 <fr_slowtimer>
c_arg = (void *) 0x0
c_mtx = (struct mtx *) 0xc083d600
c_flags = 7
c = (struct callout *) 0xc3289c80
bucket = (struct callout_tailq *) 0xcd4628b8
curticks = 128501
steps = -1065101824
depth = 1
mpcalls = 0
mtxcalls = 0
gcalls = 1
wakeup_cookie = -1065101824
#17 0xc05a44f8 in ithread_loop (arg=0xc327d200) at /usr/src/sys/kern/kern_intr.c:547
ithd = (struct ithd *) 0xc327d200
ih = (struct intrhand *) 0xc3265c40
td = (struct thread *) 0xc3289c80
p = (struct proc *) 0xc3288418
count = 0
warned = 0
#18 0xc05a33cf in fork_exit (callout=0xc05a4340 <ithread_loop>, arg=0x0, frame=0x0) at /usr/src/sys/kern/kern_fork.c:789
p = (struct proc *) 0xc3288418
td = (struct thread *) 0xc3564200
#19 0xc077811c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208
No locals.
(kgdb) frame 12
#12 0xc047b634 in fr_derefrule (frp=0xc34a8c58) at /usr/src/sys/contrib/ipfilter/netinet/fil.c:4507
4507 if (fr->fr_type == FR_T_IPF && fr->fr_satype == FRI_LOOKUP)
(kgdb) list
4502 if (fr->fr_ref == 0) {
4503 MUTEX_EXIT(&fr->fr_lock);
4504 MUTEX_DESTROY(&fr->fr_lock);
4505
4506 #ifdef IPFILTER_LOOKUP
4507 if (fr->fr_type == FR_T_IPF && fr->fr_satype == FRI_LOOKUP)
4508 ip_lookup_deref(fr->fr_srctype, fr->fr_srcptr);
4509 if (fr->fr_type == FR_T_IPF && fr->fr_datype == FRI_LOOKUP)
4510 ip_lookup_deref(fr->fr_dsttype, fr->fr_dstptr);
4511 #endif
(kgdb) p *fr
$1 = {fr_lock = {ipf_lkun_s = {ipf_slk = {mtx_object = {lo_class = 0xc0811004, lo_name = 0xc07beba9 "state filter rule lock",
lo_type = 0xc07beba9 "state filter rule lock", lo_flags = 131072, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4,
mtx_recurse = 0}, ipf_lname = 0x0}, ipf_emu = {eMm_owner = 0xc0811004 "{l~ю\t", eMm_heldin = 0xc07beba9 "state filter rule lock",
eMm_magic = 3229346729, eMm_held = 131072, eMm_heldat = 0}}, fr_next = 0xc3650800, fr_grp = 0x0, fr_isc = 0xffffffff, fr_ifas = {0x0, 0x0, 0x0, 0x0},
fr_ptr = 0x0, fr_comment = 0x0, fr_ref = 0, fr_statecnt = 1, fr_hits = 7, fr_bytes = 503, fr_lastpkt = {tv_sec = 0, tv_usec = 0}, fr_curpps = 0,
fr_dun = {fru_data = 0x0, fru_caddr = 0x0, fru_ipf = 0x0, fru_func = 0}, fr_func = 0, fr_dsize = 0, fr_pps = 0, fr_statemax = 0, fr_flineno = 0,
fr_type = 1, fr_flags = 1073759490, fr_logtag = 0, fr_collect = 0, fr_arg = 0, fr_loglevel = 65535, fr_age = {0, 0}, fr_v = 4 '\004', fr_icode = 0 '\0',
fr_group = '\0' <repeats 15 times>, fr_grhead = '\0' <repeats 15 times>, fr_nattag = {ipt_un = {iptu_num = {0, 0, 0, 0},
iptu_tag = '\0' <repeats 15 times>}, ipt_not = 0}, fr_ifnames = {'\0' <repeats 15 times>, '\0' <repeats 15 times>, '\0' <repeats 15 times>,
'\0' <repeats 15 times>}, fr_isctag = '\0' <repeats 15 times>, fr_tifs = {{fd_ifp = 0x0, fd_ip6 = {i6 = {0, 0, 0, 0}, in4 = {s_addr = 0}, vptr = {0x0,
0x0}, lptr = {0, 0}}, fd_ifname = '\0' <repeats 15 times>}, {fd_ifp = 0x0, fd_ip6 = {i6 = {0, 0, 0, 0}, in4 = {s_addr = 0}, vptr = {0x0, 0x0},
lptr = {0, 0}}, fd_ifname = '\0' <repeats 15 times>}}, fr_dif = {fd_ifp = 0x0, fd_ip6 = {i6 = {0, 0, 0, 0}, in4 = {s_addr = 0}, vptr = {0x0, 0x0},
lptr = {0, 0}}, fd_ifname = '\0' <repeats 15 times>}, fr_cksum = 1090602426}
(kgdb) p fr->fr_type
$2 = 1
(kgdb) p fr->fr_satype
(kgdb)
>How-To-Repeat:
1. Enable ipfilter="YES" and ipfs_enable="YES" on /etc/rc.conf.
2. Shutdown PC.
3. Power on PC.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601101352.k0ADqBhf068306>