kern/89864: [if_vr] [panic] if_vr panic under FreeBSD 6
Travis Mikalson
bofh at terranova.net
Fri Dec 2 19:40:03 GMT 2005
>Number: 89864
>Category: kern
>Synopsis: [if_vr] [panic] if_vr panic under FreeBSD 6
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Dec 02 19:40:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Travis Mikalson
>Release: 6.0-RELEASE
>Organization:
TerraNovaNet, Inc.
>Environment:
FreeBSD tnn1.wlb.terranova.net 6.0-RELEASE FreeBSD 6.0-RELEASE #3: Sun Nov 27 00
:04:47 EST 2005 root at freebsd6.tog.net:/usr/cfobj/usr/src/sys/cfbsd-desktop-debug i386
>Description:
I am using 6.0-RELEASE on this system, BUT I am using if_vr.c and if_vrreg.h from RELENG_6, if_vr.c revision 1.104.2.5 and if_vrreg.h revision 1.22.2.1.
I am using it in an if_bridge bridge:
$ ifconfig bridge0
bridge0: flags=8041<UP,RUNNING,MULTICAST> mtu 1500
ether ac:de:48:e8:b9:99
priority 32768 hellotime 2 fwddelay 15 maxage 20
member: ath0 flags=3<LEARNING,DISCOVER>
member: vr0 flags=3<LEARNING,DISCOVER>
I have two different crashdumps from the last 12 hours exactly like this so I figured it was worth reporting. The backtrace doesn't look like much to go on, but I'm not very good at reading them.
The hardware is a VIA EPIA 5000 (the first VIA EPIA board made, the 533MHz one) using the on-board NIC:
vr0: <VIA VT6102 Rhine II 10/100BaseTX> port 0xec00-0xecff mem 0xd3410000-0xd34100ff irq 10 at device 18.0 on pci0
$ pciconf -l
hostb0 at pci0:0:0: class=0x060000 card=0x60101106 chip=0x06011106 rev=0x05
hdr=0x00
pcib1 at pci0:1:0: class=0x060400 card=0x00000080 chip=0x86011106 rev=0x00 hdr=0x01
isab0 at pci0:17:0: class=0x060100 card=0x60101106 chip=0x82311106 rev=0x10
hdr=0x00
atapci0 at pci0:17:1: class=0x01018a card=0x60101106 chip=0x05711106 rev=0x06
hdr=0x00
none0 at pci0:17:4: class=0x068000 card=0x60101106 chip=0x82351106 rev=0x10
hdr=0x00
vr0 at pci0:18:0: class=0x020000 card=0x01021106 chip=0x30651106 rev=0x51 hdr=0x00
ath0 at pci0:20:0: class=0x020000 card=0x1012185f chip=0x0013168c rev=0x01 hdr=0x00
none1 at pci1:0:0: class=0x030000 card=0x85001023 chip=0x85001023 rev=0x6a hdr=0x00
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x1
fault code = supervisor write, page not present
instruction pointer = 0x20:0xc06a5aaa
stack pointer = 0x28:0xc7895c50
frame pointer = 0x28:0xc7895c9c
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 20 (irq10: vr0)
trap number = 12
panic: page fault
Uptime: 10h29m27s
Dumping 125 MB (2 chunks)
chunk 0: 1MB (160 pages) ... ok
chunk 1: 125MB (31984 pages) 109 93 77 61 45 29 13
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc0503b36 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
first_buf_printf = 1
#2 0xc0503dcc in panic (fmt=0xc06d1966 "%s")
at /usr/src/sys/kern/kern_shutdown.c:555
td = (struct thread *) 0xc0ecb000
bootopt = 260
newpanic = 0
ap = 0xc0ecb000 "H¬ìÀ \212ìÀ"
buf = "page fault", '\0' <repeats 245 times>
#3 0xc06a7de4 in trap_fatal (frame=0xc7895c10, eva=1)
at /usr/src/sys/i386/i386/trap.c:831
code = 40
type = 12
ss = 40
esp = 0
softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27,
ssd_dpl = 0, ssd_p = 1, ssd_xx = 12, ssd_xx1 = 2, ssd_def32 = 1,
ssd_gran = 1}
#4 0xc06a7b4f in trap_pfault (frame=0xc7895c10, usermode=0, eva=1)
at /usr/src/sys/i386/i386/trap.c:742
va = 0
vm = (struct vmspace *) 0x0
map = 0xc0760920
rv = 1
ftype = 1 '\001'
td = (struct thread *) 0xc0ecb000
p = (struct proc *) 0xc0ecac48
#5 0xc06a778d in trap (frame=
{tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = 1, tf_esi = -1056147448, tf_ebp = -947299172, tf_isp = -947299268, tf_ebx = -1054614016, tf_edx = 2, tf_ecx = 378, tf_eax = 1056147449, tf_trapno = 12, tf_err = 2, tf_eip = -1066771798, tf_cs = 32, tf_eflags = 66067, tf_esp = 1514, tf_ss = 1514})
at /usr/src/sys/i386/i386/trap.c:432
td = (struct thread *) 0xc0ecb000
p = (struct proc *) 0xc0ecac48
sticks = 477372156
i = 0
ucode = 0
type = 12
code = 2
eva = 1
#6 0xc06974ba in calltrap () at /usr/src/sys/i386/i386/exception.s:139
No locals.
#7 0xc06a5aaa in generic_bcopy () at /usr/src/sys/i386/i386/support.s:489
No locals.
Previous frame inner to this frame (corrupt stack?)
(kgdb) up
#1 0xc0503b36 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
399 doadump();
(kgdb) up
#2 0xc0503dcc in panic (fmt=0xc06d1966 "%s")
at /usr/src/sys/kern/kern_shutdown.c:555
555 boot(bootopt);
(kgdb) up
#3 0xc06a7de4 in trap_fatal (frame=0xc7895c10, eva=1)
at /usr/src/sys/i386/i386/trap.c:831
831 panic("%s", trap_msg[type]);
(kgdb) up
#4 0xc06a7b4f in trap_pfault (frame=0xc7895c10, usermode=0, eva=1)
at /usr/src/sys/i386/i386/trap.c:742
742 trap_fatal(frame, eva);
(kgdb) up
#5 0xc06a778d in trap (frame=
{tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = 1, tf_esi = -1056147448, tf_ebp = -947299172, tf_isp = -947299268, tf_ebx = -1054614016, tf_edx = 2, tf_ecx = 378, tf_eax = 1056147449, tf_trapno = 12, tf_err = 2, tf_eip = -1066771798, tf_cs = 32, tf_eflags = 66067, tf_esp = 1514, tf_ss = 1514})
at /usr/src/sys/i386/i386/trap.c:432
432 (void) trap_pfault(&frame, FALSE, eva);
(kgdb) up
#6 0xc06974ba in calltrap () at /usr/src/sys/i386/i386/exception.s:139
139 call trap
Current language: auto; currently asm
(kgdb) up
#7 0xc06a5aaa in generic_bcopy () at /usr/src/sys/i386/i386/support.s:489
489 cld /* nope, copy forwards */
(kgdb) up
Initial frame selected; you cannot go up.
(kgdb) list
484 subl %esi,%eax
485 cmpl %ecx,%eax /* overlapping && src < dst? */
486 jb 1f
487
488 shrl $2,%ecx /* copy by 32-bit words */
489 cld /* nope, copy forwards */
490 rep
491 movsl
492 movl 20(%esp),%ecx
493 andl $3,%ecx /* any bytes left? */
(kgdb) down
#6 0xc06974ba in calltrap () at /usr/src/sys/i386/i386/exception.s:139
139 call trap
(kgdb) list
134 movl %eax,%es
135 movl $KPSEL,%eax
136 movl %eax,%fs
137 FAKE_MCOUNT(TF_EIP(%esp))
138 calltrap:
139 call trap
140
141 /*
142 * Return via doreti to handle ASTs.
143 */
(kgdb) down
#5 0xc06a778d in trap (frame=
{tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = 1, tf_esi = -1056147448, tf_ebp = -947299172, tf_isp = -947299268, tf_ebx = -1054614016, tf_edx = 2, tf_ecx = 378, tf_eax = 1056147449, tf_trapno = 12, tf_err = 2, tf_eip = -1066771798, tf_cs = 32, tf_eflags = 66067, tf_esp = 1514, tf_ss = 1514})
at /usr/src/sys/i386/i386/trap.c:432
432 (void) trap_pfault(&frame, FALSE, eva);
Current language: auto; currently c
(kgdb) list
427
428 KASSERT(cold || td->td_ucred != NULL,
429 ("kernel trap doesn't have ucred"));
430 switch (type) {
431 case T_PAGEFLT: /* page fault */
432 (void) trap_pfault(&frame, FALSE, eva);
433 goto out;
434
435 case T_DNA:
436 #ifdef DEV_NPX
(kgdb) down
#4 0xc06a7b4f in trap_pfault (frame=0xc7895c10, usermode=0, eva=1)
at /usr/src/sys/i386/i386/trap.c:742
742 trap_fatal(frame, eva);
(kgdb) list
737 if (td->td_intr_nesting_level == 0 &&
738 PCPU_GET(curpcb)->pcb_onfault != NULL) {
739 frame->tf_eip = (int)PCPU_GET(curpcb)->pcb_onfault;
740 return (0);
741 }
742 trap_fatal(frame, eva);
743 return (-1);
744 }
745
746 /* kludge to pass faulting virtual address to sendsig */
(kgdb) down
#3 0xc06a7de4 in trap_fatal (frame=0xc7895c10, eva=1)
at /usr/src/sys/i386/i386/trap.c:831
831 panic("%s", trap_msg[type]);
(kgdb) list
826 intr_restore(eflags);
827 }
828 #endif
829 printf("trap number = %d\n", type);
830 if (type <= MAX_TRAP_MSG)
831 panic("%s", trap_msg[type]);
832 else
833 panic("unknown/reserved trap");
834 }
835
(kgdb) down
#2 0xc0503dcc in panic (fmt=0xc06d1966 "%s")
at /usr/src/sys/kern/kern_shutdown.c:555
555 boot(bootopt);
(kgdb) list
550 mtx_lock_spin(&sched_lock);
551 td->td_flags |= TDF_INPANIC;
552 mtx_unlock_spin(&sched_lock);
553 if (!sync_on_panic)
554 bootopt |= RB_NOSYNC;
555 boot(bootopt);
556 }
557
558 /*
559 * Support for poweroff delay.
(kgdb) down
#1 0xc0503b36 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
399 doadump();
(kgdb) list
394
395 /* XXX This doesn't disable interrupts any more. Reconsider? */
396 splhigh();
397
398 if ((howto & (RB_HALT|RB_DUMP)) == RB_DUMP && !cold && !dumping)
399 doadump();
400
401 /* Now that we're going to really halt the system... */
402 EVENTHANDLER_INVOKE(shutdown_final, howto);
403
(kgdb)
>How-To-Repeat:
Run if_vr with steady load for a while with if_bridge, at least that's how I'm reproducing it.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list