kern/112534: freebsd6-stable SMP kernel crash, maybe pf related

Stefan Krüger skrueger at europe.com
Tue May 8 21:00:11 UTC 2007 

>Number:         112534
>Category:       kern
>Synopsis:       freebsd6-stable SMP kernel crash, maybe pf related
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 08 21:00:10 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Stefan Krüger
>Release:        FreeBSD 6.2-STABLE
>Organization:
>Environment:
FreeBSD 6.2-STABLE #0: Sun May  6 02:06:28 CEST 2007 root at localhost:/usr/obj/usr
/src/sys/SMP_ALTQ
>Description:
# cat /var/run/info.1
Dump header from device /dev/da0s1b
  Architecture: i386
  Architecture Version: 2
  Dump Length: 1073283072B (1023 MB)
  Blocksize: 512
  Dumptime: Tue May  8 19:19:29 2007
  Hostname: beastie.example.net
  Magic: FreeBSD Kernel Dump
  Version String: FreeBSD 6.2-STABLE #0: Sun May  6 02:06:28 CEST 2007
    space7 at localhost:/usr/obj/usr/src/sys/SMP_ALTQ
  Panic String: page fault
  Dump Parity: 1167164788
  Bounds: 1
  Dump Status: good

# kgdb /var/crash/kernel.debug /var/crash/vmcore.1
[snip]

Unread portion of the kernel message buffer:
kernel trap 12 with interrupts disabled


Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address   = 0x104
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc0705c9c
stack pointer           = 0x28:0xeb8c2944
frame pointer           = 0x28:0xeb8c2958
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = resume, IOPL = 0
current process         = 8410 (pfctl)
trap number             = 12
panic: page fault
cpuid = 1
Uptime: 3h37m8s
Dumping 1023 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 1023MB (261872 pages) 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
165     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:165
#1  0xc0711271 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2  0xc0711664 in panic (fmt=0xc09fbbb2 "%s")
    at /usr/src/sys/kern/kern_shutdown.c:565
#3  0xc099975c in trap_fatal (frame=0xeb8c2904, eva=0)
    at /usr/src/sys/i386/i386/trap.c:837
#4  0xc0998d74 in trap (frame=
      {tf_fs = -343146488, tf_es = -989134808, tf_ds = -343146456, tf_edi = -986735616, tf_esi = 4, tf_ebp = -343135912, tf_isp = -343135952, tf_ebx = -987756276, tf_edx = 6, tf_ecx = -986735616, tf_eax = 1, tf_trapno = 12, tf_err = 0, tf_eip = -1066378084, tf_cs = 32, tf_eflags = 65538, tf_esp = -987756276, tf_ss = -1069048717}) at /usr/src/sys/i386/i386/trap.c:270
#5  0xc097ff3a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#6  0xc0705c9c in _mtx_lock_sleep (m=0xc520090c, tid=3308231680, opts=0, 
    file=0x0, line=0) at /usr/src/sys/kern/kern_mutex.c:546
#7  0xc0478419 in priq_class_destroy (cl=0xc5934540)
    at /usr/src/sys/contrib/altq/altq/altq_priq.c:416
#8  0xc0478110 in priq_clear_interface (pif=0xc6917c80)
    at /usr/src/sys/contrib/altq/altq/altq_priq.c:252
#9  0xc0477f55 in priq_remove_altq (a=0x6)
    at /usr/src/sys/contrib/altq/altq/altq_priq.c:161
#10 0xc0479833 in altq_remove (a=0x6)
    at /usr/src/sys/contrib/altq/altq/altq_subr.c:647
#11 0xc535688c in pf_commit_altq ()
#12 0xc53590ba in pfioctl ()
#13 0xc06af017 in devfs_ioctl_f (fp=0xc69e4990, com=3222029394, 
    data=0xc520b980, cred=0xc657ac80, td=0xc52f9c00)
    at /usr/src/sys/fs/devfs/devfs_vnops.c:479
#14 0xc073e56b in ioctl (td=0xc52f9c00, uap=0xeb8c2d04) at file.h:265
#15 0xc0999b80 in syscall (frame=
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = -1077944980, tf_esi = 0, tf_ebp = -1077944968, tf_isp = -343134876, tf_ebx = -1077942416, tf_edx = 134737920, tf_ecx = 0, tf_eax = 54, tf_trapno = 12, tf_err = 2, tf_eip = 672783783, tf_cs = 51, tf_eflags = 582, tf_esp = -1077945012, tf_ss = 59})
    at /usr/src/sys/i386/i386/trap.c:983
#16 0xc097ff8f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200
#17 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)

if you need more info, feel free to mail me instructions

kernel.debug + vmcore.1 available on request
>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list