7.0 kernel crash: page fault while in kernel mode

Mon Apr 21 17:18:41 UTC 2008

Toni Schmidbauer wrote:
> hi,
> 
> i'm running 
> 
> FreeBSD murus 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Mon Mar 3 20:53:07
> CET 2008 root at murus:/usr/obj/usr/src/sys/GENERIC i386
> 
> today this machine crashed, but lucky me i did get a crash dump. i'm
> not a kernel developer so any help would be great in finding out the
> reason for the crash.
> 
> the machine is running as a firewall with various services (imap,
> smtp,dns ...). i'm also using if_bridge/vlans to filter traffic for
> internal clients.
> 
> thanks for your time
> 
> toni
> 
> ========================================
> root at murus /usr/obj/usr/src/sys/GENERIC {1027}# kgdb kernel.debug /var/crash/vmcore.0
> [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "i386-marcel-freebsd".
> 
> Unread portion of the kernel message buffer:
> 
> 
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 00
> fault virtual address   = 0xbc
> fault code              = supervisor read, page not present
> instruction pointer     = 0x20:0xc078075e
> stack pointer           = 0x28:0xe5550ab4
> frame pointer           = 0x28:0xe5550ac4
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 950 (apcupsd)
> trap number             = 12
> panic: page fault
> cpuid = 0
> Uptime: 48d14h37m48s
> Physical memory: 946 MB
> Dumping 202 MB: 187 171 155 139 123 107 91 75 59 43 27 11
> 
> #0  doadump () at pcpu.h:195
> 195             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
> (kgdb) bt
> #0  doadump () at pcpu.h:195
> #1  0xc0754457 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
> #2  0xc0754719 in panic (fmt=Variable "fmt" is not available.
> ) at /usr/src/sys/kern/kern_shutdown.c:563
> #3  0xc0a4905c in trap_fatal (frame=0xe5550a74, eva=188) at /usr/src/sys/i386/i386/trap.c:899
> #4  0xc0a492e0 in trap_pfault (frame=0xe5550a74, usermode=0, eva=188) at /usr/src/sys/i386/i386/trap.c:812
> #5  0xc0a49c8c in trap (frame=0xe5550a74) at /usr/src/sys/i386/i386/trap.c:490
> #6  0xc0a2fc0b in calltrap () at /usr/src/sys/i386/i386/exception.s:139
> #7  0xc078075e in rman_reserve_resource_bound (rm=0x0, start=0, end=3232598804, count=753, bound=0, flags=590486, dev=0xe5550b2c)
>     at /usr/src/sys/kern/subr_rman.c:325
> #8  0xc0788b72 in kern_select (td=0xc437a420, nd=5, fd_in=0xbfbfecc0, fd_ou=0x0, fd_ex=0x0, tvp=0xe5550c70)
>     at /usr/src/sys/kern/sys_generic.c:845
> #9  0xc07890de in select (td=0xc437a420, uap=0xe5550cfc) at /usr/src/sys/kern/sys_generic.c:663
> #10 0xc0a49635 in syscall (frame=0xe5550d38) at /usr/src/sys/i386/i386/trap.c:1035
> #11 0xc0a2fc70 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:196
> #12 0x00000033 in ?? ()

kern_select() does not call rman_reserve_resource_bound() so ether this 
trace is corrupt or you have a RAM error.  Note that the IP for this 
function (0xc078075e) is a single bit flip from being very close to 
kern_select (0xc0788b72), which is what you would expect if kern_select 
tried to call an associated function in the same source file but the 
address was corrupted in RAM.

Kris