From nobody@FreeBSD.org  Sat Jan 31 15:29:46 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0046D1065698
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 31 Jan 2009 15:29:45 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id E2ECB8FC0C
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 31 Jan 2009 15:29:45 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n0VFTjqF014199
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 31 Jan 2009 15:29:45 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n0VFTj73014198;
	Sat, 31 Jan 2009 15:29:45 GMT
	(envelope-from nobody)
Message-Id: <200901311529.n0VFTj73014198@www.freebsd.org>
Date: Sat, 31 Jan 2009 15:29:45 GMT
From: Roar Pettersen <roar.pettersen@it.uib.no>
To: freebsd-gnats-submit@FreeBSD.org
Subject: 7.1-STABLE amd64 crash
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         131209
>Category:       amd64
>Synopsis:       [panic] [bce] 7.1-STABLE amd64 crash - m0 NULL
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-amd64
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jan 31 15:30:02 UTC 2009
>Closed-Date:    Sun Dec 11 09:54:23 UTC 2011
>Last-Modified:  Sun Dec 11 09:54:23 UTC 2011
>Originator:     Roar Pettersen
>Release:        FreeBSD 7.1-STABLE
>Organization:
University of Bergen
>Environment:
FreeBSD proxy-gw2.uib.no 7.1-STABLE FreeBSD 7.1-STABLE #0: Fri Jan 30 16:59:50 CET 2009     root@proxy-gw2.uib.no:/usr/obj/usr/src/sys/PROXY-GW2  amd64
>Description:
After 6 hours the system crash / freeze :

# kgdb kernel.debug /var/crash/vmcore.0
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address   = 0x800000108
fault code              = supervisor read data, page not present
instruction pointer     = 0x8:0xffffffff8037690c
stack pointer           = 0x10:0xfffffffec329e5e0
frame pointer           = 0x10:0x0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 25972 (cron)
trap number             = 12
panic: page fault
cpuid = 1
Uptime: 6h33m10s
Physical memory: 2039 MB
Dumping 411 MB: 396 380 364 348 332 316 300 284 268 252 236 220 204 188 172 156 140 124 108 92 76 60 44 28 12

Reading symbols from /boot/kernel/blank_saver.ko...Reading symbols from /boot/kernel/blank_saver.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/blank_saver.ko
#0  0xffffffff802fa8fa in doadump () at /usr/src/sys/kern/kern_shutdown.c:238
238             if (dumper.dumper == NULL) {


Powe on / Off was the solution to re-start the system.
>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:

From: John Baldwin <jhb@freebsd.org>
To: freebsd-amd64@freebsd.org
Cc: Roar Pettersen <roar.pettersen@it.uib.no>,
        freebsd-gnats-submit@freebsd.org
Subject: Re: amd64/131209: 7.1-STABLE amd64 crash
Date: Mon, 2 Feb 2009 08:49:05 -0500

 On Saturday 31 January 2009 10:29:45 am Roar Pettersen wrote:
 > Fatal trap 12: page fault while in kernel mode
 > cpuid = 1; apic id = 01
 > fault virtual address   = 0x800000108
 > fault code              = supervisor read data, page not present
 > instruction pointer     = 0x8:0xffffffff8037690c
 > stack pointer           = 0x10:0xfffffffec329e5e0
 > frame pointer           = 0x10:0x0
 > code segment            = base 0x0, limit 0xfffff, type 0x1b
 >                         = DPL 0, pres 1, long 1, def32 0, gran 1
 > processor eflags        = interrupt enabled, resume, IOPL = 0
 > current process         = 25972 (cron)
 > trap number             = 12
 > panic: page fault
 > cpuid = 1
 > Uptime: 6h33m10s
 > Physical memory: 2039 MB
 > Dumping 411 MB: 396 380 364 348 332 316 300 284 268 252 236 220 204 188 172 
 156 140 124 108 92 76 60 44 28 12
 > 
 > Reading symbols from /boot/kernel/blank_saver.ko...Reading symbols 
 from /boot/kernel/blank_saver.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/blank_saver.ko
 > #0  0xffffffff802fa8fa in doadump () 
 at /usr/src/sys/kern/kern_shutdown.c:238
 > 238             if (dumper.dumper == NULL) {
 
 Can you provide the full backtrace?  This stack frame is well after the panic 
 in the code that writes out the crash dump, so it is not very useful.
 
 -- 
 John Baldwin

From: Roar Pettersen <roar.pettersen@uib.no>
To: John Baldwin <jhb@freebsd.org>
Cc: freebsd-amd64@freebsd.org, Roar Pettersen <roar.pettersen@it.uib.no>, 
    freebsd-gnats-submit@freebsd.org
Subject: Re: amd64/131209: 7.1-STABLE amd64 crash
Date: Mon, 2 Feb 2009 16:34:39 +0100 (CET)

 Hello !
 
 > Can you provide the full backtrace?  This stack frame is well after the panic
 > in the code that writes out the crash dump, so it is not very useful.
 
 
 
 # kgdb kernel.debug /var/crash/vmcore.0
 GNU gdb 6.1.1 [FreeBSD]
 Copyright 2004 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and you 
 are
 welcome to change it and/or distribute copies of it under certain 
 conditions.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for 
 details.
 This GDB was configured as "amd64-marcel-freebsd"...
 
 Unread portion of the kernel message buffer:
 
 
 Fatal trap 12: page fault while in kernel mode
 cpuid = 1; apic id = 01
 fault virtual address   = 0x800000108
 fault code              = supervisor read data, page not present
 instruction pointer     = 0x8:0xffffffff8037690c
 stack pointer           = 0x10:0xfffffffec329e5e0
 frame pointer           = 0x10:0x0
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                          = DPL 0, pres 1, long 1, def32 0, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = 25972 (cron)
 trap number             = 12
 panic: page fault
 cpuid = 1
 Uptime: 6h33m10s
 Physical memory: 2039 MB
 Dumping 411 MB: 396 380 364 348 332 316 300 284 268 252 236 220 204 188 
 172 156 140 124 108 92 76 60 44 28 12
 
 Reading symbols from /boot/kernel/blank_saver.ko...Reading symbols from 
 /boot/kernel/blank_saver.ko.symbols...done.
 done.
 Loaded symbols for /boot/kernel/blank_saver.ko
 #0  0xffffffff802fa8fa in doadump () at 
 /usr/src/sys/kern/kern_shutdown.c:238
 238             if (dumper.dumper == NULL) {
 (kgdb) backtrace
 #0  0xffffffff802fa8fa in doadump () at 
 /usr/src/sys/kern/kern_shutdown.c:238
 #1  0x0000000000000004 in ?? ()
 #2  0xffffffff802fae29 in boot (howto=260) at 
 /usr/src/sys/kern/kern_shutdown.c:417
 #3  0xffffffff802fb232 in panic (fmt=Variable "fmt" is not available.
 ) at /usr/src/sys/kern/kern_shutdown.c:572
 #4  0xffffffff804fbc53 in trap_fatal (frame=0xffffff000a5dfa50, 
 eva=Variable "eva" is not available.
 )
      at /usr/src/sys/amd64/amd64/trap.c:735
 #5  0xffffffff804fc025 in trap_pfault (frame=0xfffffffec329e530, 
 usermode=0)
      at /usr/src/sys/amd64/amd64/trap.c:674
 #6  0xffffffff804fc968 in trap (frame=0xfffffffec329e530)
      at /usr/src/sys/amd64/amd64/trap.c:571
 #7  0xffffffff804e23ae in Xtss () at 
 /usr/src/sys/amd64/amd64/exception.S:138
 #8  0xffffffff8037690c in vattr_null (vap=0x0) at 
 /usr/src/sys/kern/vfs_subr.c:536
 #9  0xfffffffec329e640 in ?? ()
 #10 0xffffff000a5dfa50 in ?? ()
 #11 0xfffffffec329ea60 in ?? ()
 #12 0xfffffffec329ea10 in ?? ()
 #13 0x0000000000000000 in ?? ()
 #14 0xffffffff80540f11 in VOP_VPTOFH_APV (vop=0x800000000, a=0x0)
      at vnode_if.c:2767
 #15 0xffffff000439e3f0 in ?? ()
 #16 0xffffff000439e3f0 in ?? ()
 #17 0x0000000000000004 in ?? ()
 #18 0xffffffff8037ac07 in vput (vp=0xffffff000439cb28) at vnode_if.h:31
 #19 0xffffffff80377ede in vaccess (type=Variable "type" is not available.
 ) at /usr/src/sys/kern/vfs_subr.c:3400
 #20 0xffffff0000000000 in ?? ()
 #21 0xffffff007ff8a998 in ?? ()
 #22 0xffffffff804c1805 in uma_zfree_arg (zone=0xffffffff804d9261,
      item=0xffffff000a5dfa50, udata=0x0) at /usr/src/sys/vm/uma_core.c:2367
 #23 0xfffffffec329e8d0 in ?? ()
 #24 0xffffff000439c9d8 in ?? ()
 #25 0xffffff00043829a0 in ?? ()
 #26 0x0000000000000000 in ?? ()
 #27 0x0000000000000100 in ?? ()
 #28 0xffffff000439c9d8 in ?? ()
 #29 0xffffffff804b6d5a in ufs_getattr (ap=Variable "ap" is not available.
 ) at /usr/src/sys/ufs/ufs/ufs_vnops.c:444
 #30 0x0000000000000004 in ?? ()
 #31 0xffffff000156b150 in ?? ()
 #32 0xfffffffec329ea10 in ?? ()
 #33 0x0000000000000000 in ?? ()
 #34 0x0000000000000001 in ?? ()
 #35 0x0000000000000000 in ?? ()
 #36 0x0000000000000100 in ?? ()
 #37 0xffffff000439c9d8 in ?? ()
 #38 0xffffffff804b685a in ufs_whiteout (ap=0x0)
      at /usr/src/sys/ufs/ufs/ufs_vnops.c:941
 #39 0xffffffff803686d6 in breada (vp=0x0, rablkno=0x800, rabsize=0x4000, 
 cnt=0,
      cred=0x1000) at /usr/src/sys/kern/vfs_bio.c:2288
 #40 0x0000000000001001 in ?? ()
 #41 0xffffff000439c9d8 in ?? ()
 #42 0x0000000000000000 in ?? ()
 #43 0xffffff00043829a0 in ?? ()
 #44 0xffffff000439c9d8 in ?? ()
 #45 0xfffffffec329eb10 in ?? ()
 #46 0x000010000439c9d8 in ?? ()
 #47 0x0002000000000002 in ?? ()
 #48 0xffffff000a5dfa50 in ?? ()
 #49 0x0000000000000001 in ?? ()
 #50 0x0000000000000000 in ?? ()
 #51 0x0000000080744500 in ?? ()
 #52 0xffffff0037df6a00 in ?? ()
 #53 0xfffffffe8001a340 in ?? ()
 #54 0x0000000000000000 in ?? ()
 #55 0xffffff000439c9d8 in ?? ()
 #56 0xfffffffec329eb10 in ?? ()
 #57 0xffffff000a5dfa50 in ?? ()
 #58 0xffffffff80388dff in vn_read (fp=0xffffffff803687fa, 
 uio=0xffffffff804ab959,
      active_cred=Variable "active_cred" is not available.
 ) at atomic.h:143
 #59 0xffffffff8033480d in dofileread (td=0xffffff000a5dfa50, fd=3,
      fp=0xffffff0037df6a00, auio=0xfffffffec329eb10, offset=-5315631632, 
 flags=0)
      at file.h:244
 #60 0xffffffff80334b7e in kern_readv (td=0xffffff000a5dfa50, fd=3,
      auio=0xfffffffec329eb10) at /usr/src/sys/kern/sys_generic.c:192
 #61 0xffffffff80334c6c in read (td=0x0, uap=0x0)
      at /usr/src/sys/kern/sys_generic.c:103
 #62 0xffffffff804fc2a7 in syscall (frame=0xfffffffec329ec80)
      at /usr/src/sys/amd64/amd64/trap.c:878
 #63 0xffffffff804e25bb in Xpage () at 
 /usr/src/sys/amd64/amd64/exception.S:268
 #64 0x0000000800932b8c in ?? ()
 Previous frame inner to this frame (corrupt stack?)
 
 
 --
 Med vennlig hilsen / Regards;
 
    Roar Pettersen
    Universitetet i Bergen -  The University of Bergen
    Nygardsgt. 5  -  N-5020 BERGEN  - Norway

From: John Baldwin <jhb@freebsd.org>
To: Roar Pettersen <roar.pettersen@uib.no>
Cc: freebsd-amd64@freebsd.org, Roar Pettersen <roar.pettersen@it.uib.no>,
        freebsd-gnats-submit@freebsd.org
Subject: Re: amd64/131209: 7.1-STABLE amd64 crash
Date: Mon, 2 Feb 2009 10:59:27 -0500

 On Monday 02 February 2009 10:34:39 am Roar Pettersen wrote:
 > Hello !
 > 
 > > Can you provide the full backtrace?  This stack frame is well after the 
 panic
 > > in the code that writes out the crash dump, so it is not very useful.
 > 
 > 
 > 
 > # kgdb kernel.debug /var/crash/vmcore.0
 > GNU gdb 6.1.1 [FreeBSD]
 > Copyright 2004 Free Software Foundation, Inc.
 > GDB is free software, covered by the GNU General Public License, and you 
 > are
 > welcome to change it and/or distribute copies of it under certain 
 > conditions.
 > Type "show copying" to see the conditions.
 > There is absolutely no warranty for GDB.  Type "show warranty" for 
 > details.
 > This GDB was configured as "amd64-marcel-freebsd"...
 > 
 > Unread portion of the kernel message buffer:
 > 
 > 
 > Fatal trap 12: page fault while in kernel mode
 > cpuid = 1; apic id = 01
 > fault virtual address   = 0x800000108
 > fault code              = supervisor read data, page not present
 > instruction pointer     = 0x8:0xffffffff8037690c
 > stack pointer           = 0x10:0xfffffffec329e5e0
 > frame pointer           = 0x10:0x0
 > code segment            = base 0x0, limit 0xfffff, type 0x1b
 >                          = DPL 0, pres 1, long 1, def32 0, gran 1
 > processor eflags        = interrupt enabled, resume, IOPL = 0
 > current process         = 25972 (cron)
 > trap number             = 12
 > panic: page fault
 > cpuid = 1
 > Uptime: 6h33m10s
 > Physical memory: 2039 MB
 > Dumping 411 MB: 396 380 364 348 332 316 300 284 268 252 236 220 204 188 
 > 172 156 140 124 108 92 76 60 44 28 12
 > 
 > Reading symbols from /boot/kernel/blank_saver.ko...Reading symbols from 
 > /boot/kernel/blank_saver.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/blank_saver.ko
 > #0  0xffffffff802fa8fa in doadump () at 
 > /usr/src/sys/kern/kern_shutdown.c:238
 > 238             if (dumper.dumper == NULL) {
 > (kgdb) backtrace
 > #0  0xffffffff802fa8fa in doadump () at 
 > /usr/src/sys/kern/kern_shutdown.c:238
 > #1  0x0000000000000004 in ?? ()
 > #2  0xffffffff802fae29 in boot (howto=260) at 
 > /usr/src/sys/kern/kern_shutdown.c:417
 > #3  0xffffffff802fb232 in panic (fmt=Variable "fmt" is not available.
 > ) at /usr/src/sys/kern/kern_shutdown.c:572
 > #4  0xffffffff804fbc53 in trap_fatal (frame=0xffffff000a5dfa50, 
 > eva=Variable "eva" is not available.
 > )
 >      at /usr/src/sys/amd64/amd64/trap.c:735
 > #5  0xffffffff804fc025 in trap_pfault (frame=0xfffffffec329e530, 
 > usermode=0)
 >      at /usr/src/sys/amd64/amd64/trap.c:674
 > #6  0xffffffff804fc968 in trap (frame=0xfffffffec329e530)
 >      at /usr/src/sys/amd64/amd64/trap.c:571
 > #7  0xffffffff804e23ae in Xtss () at 
 > /usr/src/sys/amd64/amd64/exception.S:138
 > #8  0xffffffff8037690c in vattr_null (vap=0x0) at 
 > /usr/src/sys/kern/vfs_subr.c:536
 
 Is your source tree out of date wrt your kernel?  The kernel messages clearly 
 show a page fault, not a TSS fault as Xtss() would indicate.  Also, if 
 vattr_null() was passed a NULL pointer, it should have faulted at the start 
 of its routine rather than halfway through it.
 
 -- 
 John Baldwin

From: Roar Pettersen <roar.pettersen@uib.no>
To: John Baldwin <jhb@freebsd.org>
Cc: freebsd-amd64@freebsd.org, freebsd-gnats-submit@freebsd.org
Subject: Re: amd64/131209: 7.1-STABLE amd64 crash
Date: Tue, 3 Feb 2009 08:34:04 +0100 (CET)

 Hello John !
 
 > Is your source tree out of date wrt your kernel?  The kernel messages clearly
 > show a page fault, not a TSS fault as Xtss() would indicate.  Also, if
 > vattr_null() was passed a NULL pointer, it should have faulted at the start
 > of its routine rather than halfway through it.
 
 Yes, forgot that I had done a buildworld and build kernel to get all new
 patches installed.
 
 
 No crash yet, but each time we do a "shutdown -r now" because the system 
 get unstable/unusable after some hours (4-6), we now get a dump each time 
 :
 
 # kgdb kernel.debug /var/crash/vmcore.6
 GNU gdb 6.1.1 [FreeBSD]
 Copyright 2004 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and you 
 are
 welcome to change it and/or distribute copies of it under certain 
 conditions.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for 
 details.
 This GDB was configured as "amd64-marcel-freebsd"...
 
 Unread portion of the kernel message buffer:
 <118>Feb  3 07:27:50 proxy-gw syslogd: exiting on signal 15
 Waiting (max 60 seconds) for system process `vnlru' to stop...done
 WaitSiynncing dgi s(kmsa,x  v6n0o dseesc ornedmsa)i nfionrg .s.y.st6e m 
 process `syncer' to stop...5 1 2 2 1 1 0 0 0 done
 Waiting (max 60 seconds) for system process `bufdaemon' to stop...done
 All buffers synced.
 Uptime: 7h8m11s
 
 
 Fatal trap 12: page fault while in kernel mode
 cpuid = 1; apic id = 01
 fault virtual address   = 0x10
 fault code              = supervisor read data, page not present
 instruction pointer     = 0x8:0xffffffff8021d746
 stack pointer           = 0x10:0xfffffffef7cf3b20
 frame pointer           = 0x10:0x12000
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                          = DPL 0, pres 1, long 1, def32 0, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = 29 (irq257: bce1)
 trap number             = 12
 panic: page fault
 cpuid = 1
 Uptime: 7h8m11s
 Physical memory: 4087 MB
 Dumping 362 MB: 347 331 315 299 283 267 251 235 219 203 187 171 155 139 
 123 107 91 75 59 43 27 11
 
 #0  doadump () at pcpu.h:195
 195             __asm __volatile("movq %%gs:0,%0" : "=r" (td));
 (kgdb)
 (kgdb) backtrace
 #0  doadump () at pcpu.h:195
 #1  0x0000000000000004 in ?? ()
 #2  0xffffffff802fae39 in boot (howto=260) at 
 /usr/src/sys/kern/kern_shutdown.c:418
 #3  0xffffffff802fb242 in panic (fmt=0x104 <Address 0x104 out of bounds>)
      at /usr/src/sys/kern/kern_shutdown.c:574
 #4  0xffffffff804fbd63 in trap_fatal (frame=0xffffff0001559000, 
 eva=Variable "eva" is not available.
 ) at /usr/src/sys/amd64/amd64/trap.c:764
 #5  0xffffffff804fc135 in trap_pfault (frame=0xfffffffef7cf3a70, 
 usermode=0)
      at /usr/src/sys/amd64/amd64/trap.c:680
 #6  0xffffffff804fca78 in trap (frame=0xfffffffef7cf3a70) at 
 /usr/src/sys/amd64/amd64/trap.c:449
 #7  0xffffffff804e24be in calltrap () at 
 /usr/src/sys/amd64/amd64/exception.S:209
 #8  0xffffffff8021d746 in bce_intr (xsc=Variable "xsc" is not available.
 ) at /usr/src/sys/dev/bce/if_bce.c:5748
 #9  0xffffffff802db730 in ithread_loop (arg=0xffffff0001584080) at 
 /usr/src/sys/kern/kern_intr.c:1088
 #10 0xffffffff802d85d3 in fork_exit (callout=0xffffffff802db5c0 
 <ithread_loop>, arg=0xffffff0001584080,
      frame=0xfffffffef7cf3c80) at /usr/src/sys/kern/kern_fork.c:804
 #11 0xffffffff804e288e in fork_trampoline () at 
 /usr/src/sys/amd64/amd64/exception.S:455
 #12 0x0000000000000000 in ?? ()
 #13 0x0000000000000000 in ?? ()
 #14 0x0000000000000001 in ?? ()
 #15 0x0000000000000000 in ?? ()
 #16 0x0000000000000000 in ?? ()
 #17 0x0000000000000000 in ?? ()
 #18 0x0000000000000000 in ?? ()
 #19 0x0000000000000000 in ?? ()
 #20 0x0000000000000000 in ?? ()
 #21 0x0000000000000000 in ?? ()
 #22 0x0000000000000000 in ?? ()
 #23 0x0000000000000000 in ?? ()
 #24 0x0000000000000000 in ?? ()
 #25 0x0000000000000000 in ?? ()
 #26 0x0000000000000000 in ?? ()
 #27 0x0000000000000000 in ?? ()
 #28 0x0000000000000000 in ?? ()
 #29 0x0000000000000000 in ?? ()
 #30 0x0000000000000000 in ?? ()
 #31 0x0000000000000000 in ?? ()
 #32 0x0000000000000000 in ?? ()
 #33 0x0000000000000000 in ?? ()
 #34 0x0000000000000000 in ?? ()
 #35 0x0000000000000000 in ?? ()
 #36 0x00000000008b2000 in ?? ()
 #37 0xffffffff80768fc0 in tdq_cpu ()
 #38 0xffffffff80774bc0 in tdq_groups ()
 #39 0xffffffff80774b40 in tdq_cpu ()
 #40 0xffffff0001559000 in ?? ()
 #41 0xffffffff80768340 in tdg_maxid ()
 #42 0xfffffffef7cf36e8 in ?? ()
 #43 0xffffff0001559000 in ?? ()
 #44 0xffffffff8031be88 in sched_switch (td=0xffffffff802db5c0, 
 newtd=0x800602040, flags=Variable "flags" is not available.
 )
      at /usr/src/sys/kern/sched_ule.c:1938
 #45 0x0000000000000000 in ?? ()
 #46 0x0000000000000000 in ?? ()
 #47 0x0000000000000000 in ?? ()
 #48 0x0000000000000000 in ?? ()
 #49 0x0000000000000000 in ?? ()
 #50 0x0000000000000000 in ?? ()
 #51 0x0000000000000000 in ?? ()
 #52 0x0000000000000000 in ?? ()
 #53 0x0000000000000000 in ?? ()
 #54 0x0000000000000000 in ?? ()
 #55 0x0000000000000000 in ?? ()
 #56 0x0000000000000000 in ?? ()
 #57 0x0000000000000000 in ?? ()
 #58 0x0000000000000000 in ?? ()
 #59 0x0000000000000000 in ?? ()
 #60 0x0000000000000000 in ?? ()
 #61 0x0000000000000000 in ?? ()
 #62 0x0000000000000000 in ?? ()
 #63 0x0000000000000000 in ?? ()
 #64 0x0000000000000000 in ?? ()
 #65 0x0000000000000000 in ?? ()
 #66 0x0000000000000000 in ?? ()
 #67 0x0000000000000000 in ?? ()
 #68 0x0000000000000000 in ?? ()
 #69 0x0000000000000000 in ?? ()
 #70 0x0000000000000000 in ?? ()
 #71 0x0000000000000000 in ?? ()
 #72 0x0000000000000000 in ?? ()
 #73 0x0000000000000000 in ?? ()
 #74 0x0000000000000000 in ?? ()
 ---Type <return> to continue, or q <return> to quit---
 #75 0x0000000000000000 in ?? ()
 #76 0x0000000000000000 in ?? ()
 #77 0x0000000000000000 in ?? ()
 #78 0x0000000000000000 in ?? ()
 #79 0x0000000000000000 in ?? ()
 #80 0x0000000000000000 in ?? ()
 #81 0x0000000000000000 in ?? ()
 #82 0x0000000000000000 in ?? ()
 #83 0x0000000000000000 in ?? ()
 #84 0x0000000000000000 in ?? ()
 #85 0x0000000000000000 in ?? ()
 #86 0x0000000000000000 in ?? ()
 #87 0x0000000000000000 in ?? ()
 #88 0x0000000000000000 in ?? ()
 #89 0x0000000000000000 in ?? ()
 #90 0x0000000000000000 in ?? ()
 #91 0x0000000000000000 in ?? ()
 #92 0x0000000000000000 in ?? ()
 #93 0x0000000000000000 in ?? ()
 #94 0x0000000000000000 in ?? ()
 #95 0x0000000000000000 in ?? ()
 #96 0x0000000000000000 in ?? ()
 #97 0x0000000000000000 in ?? ()
 #98 0x0000000000000000 in ?? ()
 #99 0x0000000000000000 in ?? ()
 #100 0x0000000000000000 in ?? ()
 #101 0x0000000000000000 in ?? ()
 #102 0x0000000000000000 in ?? ()
 #103 0x0000000000000000 in ?? ()
 #104 0x0000000000000000 in ?? ()
 #105 0x0000000000000000 in ?? ()
 #106 0x0000000000000000 in ?? ()
 #107 0x0000000000000000 in ?? ()
 #108 0x0000000000000000 in ?? ()
 #109 0x0000000000000000 in ?? ()
 #110 0x0000000000000000 in ?? ()
 #111 0x0000000000000000 in ?? ()
 #112 0x0000000000000000 in ?? ()
 Cannot access memory at address 0xfffffffef7cf4000
 
 
 
 --
 Med vennlig hilsen / Regards;
 
    Roar Pettersen
    Universitetet i Bergen -  The University of Bergen
    Nygardsgt. 5  -  N-5020 BERGEN  - Norway
    Tlf: +47 55 58 40 55  fax: +47 55 58 40 70
    roar.pettersen@it.uib.no - IT-Avd, UiB - http://www.uib.no

From: John Baldwin <jhb@freebsd.org>
To: Roar Pettersen <roar.pettersen@uib.no>
Cc: freebsd-amd64@freebsd.org, freebsd-gnats-submit@freebsd.org
Subject: Re: amd64/131209: 7.1-STABLE amd64 crash
Date: Tue, 3 Feb 2009 10:20:32 -0500

 On Tuesday 03 February 2009 2:34:04 am Roar Pettersen wrote:
 > Hello John !
 > 
 > > Is your source tree out of date wrt your kernel?  The kernel messages 
 clearly
 > > show a page fault, not a TSS fault as Xtss() would indicate.  Also, if
 > > vattr_null() was passed a NULL pointer, it should have faulted at the 
 start
 > > of its routine rather than halfway through it.
 > 
 > Yes, forgot that I had done a buildworld and build kernel to get all new
 > patches installed.
 > 
 > 
 > No crash yet, but each time we do a "shutdown -r now" because the system 
 > get unstable/unusable after some hours (4-6), we now get a dump each time 
 > :
 > 
 > # kgdb kernel.debug /var/crash/vmcore.6
 > GNU gdb 6.1.1 [FreeBSD]
 > Copyright 2004 Free Software Foundation, Inc.
 > GDB is free software, covered by the GNU General Public License, and you 
 > are
 > welcome to change it and/or distribute copies of it under certain 
 > conditions.
 > Type "show copying" to see the conditions.
 > There is absolutely no warranty for GDB.  Type "show warranty" for 
 > details.
 > This GDB was configured as "amd64-marcel-freebsd"...
 > 
 > Unread portion of the kernel message buffer:
 > <118>Feb  3 07:27:50 proxy-gw syslogd: exiting on signal 15
 > Waiting (max 60 seconds) for system process `vnlru' to stop...done
 > WaitSiynncing dgi s(kmsa,x  v6n0o dseesc ornedmsa)i nfionrg .s.y.st6e m 
 > process `syncer' to stop...5 1 2 2 1 1 0 0 0 done
 > Waiting (max 60 seconds) for system process `bufdaemon' to stop...done
 > All buffers synced.
 > Uptime: 7h8m11s
 > 
 > 
 > Fatal trap 12: page fault while in kernel mode
 > cpuid = 1; apic id = 01
 > fault virtual address   = 0x10
 > fault code              = supervisor read data, page not present
 > instruction pointer     = 0x8:0xffffffff8021d746
 > stack pointer           = 0x10:0xfffffffef7cf3b20
 > frame pointer           = 0x10:0x12000
 > code segment            = base 0x0, limit 0xfffff, type 0x1b
 >                          = DPL 0, pres 1, long 1, def32 0, gran 1
 > processor eflags        = interrupt enabled, resume, IOPL = 0
 > current process         = 29 (irq257: bce1)
 > trap number             = 12
 > panic: page fault
 > cpuid = 1
 > Uptime: 7h8m11s
 > Physical memory: 4087 MB
 > Dumping 362 MB: 347 331 315 299 283 267 251 235 219 203 187 171 155 139 
 > 123 107 91 75 59 43 27 11
 > 
 > #0  doadump () at pcpu.h:195
 > 195             __asm __volatile("movq %%gs:0,%0" : "=r" (td));
 > (kgdb)
 > (kgdb) backtrace
 > #0  doadump () at pcpu.h:195
 > #1  0x0000000000000004 in ?? ()
 > #2  0xffffffff802fae39 in boot (howto=260) at 
 > /usr/src/sys/kern/kern_shutdown.c:418
 > #3  0xffffffff802fb242 in panic (fmt=0x104 <Address 0x104 out of bounds>)
 >      at /usr/src/sys/kern/kern_shutdown.c:574
 > #4  0xffffffff804fbd63 in trap_fatal (frame=0xffffff0001559000, 
 > eva=Variable "eva" is not available.
 > ) at /usr/src/sys/amd64/amd64/trap.c:764
 > #5  0xffffffff804fc135 in trap_pfault (frame=0xfffffffef7cf3a70, 
 > usermode=0)
 >      at /usr/src/sys/amd64/amd64/trap.c:680
 > #6  0xffffffff804fca78 in trap (frame=0xfffffffef7cf3a70) at 
 > /usr/src/sys/amd64/amd64/trap.c:449
 > #7  0xffffffff804e24be in calltrap () at 
 > /usr/src/sys/amd64/amd64/exception.S:209
 > #8  0xffffffff8021d746 in bce_intr (xsc=Variable "xsc" is not available.
 > ) at /usr/src/sys/dev/bce/if_bce.c:5748
 
 Looks to be a bug here.  Can you do 'frame 8' followed by 'l' in kgdb?
 
 -- 
 John Baldwin

From: Roar Pettersen <roar.pettersen@uib.no>
To: John Baldwin <jhb@freebsd.org>
Cc: Roar Pettersen <roar.pettersen@uib.no>, freebsd-amd64@freebsd.org, 
    freebsd-gnats-submit@freebsd.org
Subject: Re: amd64/131209: 7.1-STABLE amd64 crash
Date: Tue, 3 Feb 2009 18:32:47 +0100 (CET)

 Hello John !
 
 > Looks to be a bug here.  Can you do 'frame 8' followed by 'l' in kgdb?
 
 (kgdb) frame 8
 #8  0xffffffff8021d746 in bce_intr (xsc=Variable "xsc" is not available.
 ) at /usr/src/sys/dev/bce/if_bce.c:5748
 5748                    sc->rx_mbuf_ptr[sw_rx_cons_idx] = NULL;
 
 (kgdb) l
 5743                    bus_dmamap_unload(sc->rx_mbuf_tag,
 5744                        sc->rx_mbuf_map[sw_rx_cons_idx]);
 5745
 5746                    /* Remove the mbuf from the RX chain. */
 5747                    m0 = sc->rx_mbuf_ptr[sw_rx_cons_idx];
 5748                    sc->rx_mbuf_ptr[sw_rx_cons_idx] = NULL;
 5749                    DBRUN(sc->debug_rx_mbuf_alloc--);
 5750                    sc->free_rx_bd++;
 5751
 5752                    /*
 
 
 --
 Med vennlig hilsen / Regards;
 
    Roar Pettersen
    Universitetet i Bergen -  The University of Bergen
    Nygardsgt. 5  -  N-5020 BERGEN  - Norway
    Tlf: +47 55 58 40 55  fax: +47 55 58 40 70
    roar.pettersen@it.uib.no - IT-Avd, UiB - http://www.uib.no

From: John Baldwin <jhb@freebsd.org>
To: Roar Pettersen <roar.pettersen@uib.no>
Cc: freebsd-amd64@freebsd.org, freebsd-gnats-submit@freebsd.org
Subject: Re: amd64/131209: 7.1-STABLE amd64 crash
Date: Tue, 3 Feb 2009 12:55:29 -0500

 On Tuesday 03 February 2009 12:32:47 pm Roar Pettersen wrote:
 > Hello John !
 > 
 > > Looks to be a bug here.  Can you do 'frame 8' followed by 'l' in kgdb?
 > 
 > (kgdb) frame 8
 > #8  0xffffffff8021d746 in bce_intr (xsc=Variable "xsc" is not available.
 > ) at /usr/src/sys/dev/bce/if_bce.c:5748
 > 5748                    sc->rx_mbuf_ptr[sw_rx_cons_idx] = NULL;
 > 
 > (kgdb) l
 > 5743                    bus_dmamap_unload(sc->rx_mbuf_tag,
 > 5744                        sc->rx_mbuf_map[sw_rx_cons_idx]);
 > 5745
 > 5746                    /* Remove the mbuf from the RX chain. */
 > 5747                    m0 = sc->rx_mbuf_ptr[sw_rx_cons_idx];
 > 5748                    sc->rx_mbuf_ptr[sw_rx_cons_idx] = NULL;
 > 5749                    DBRUN(sc->debug_rx_mbuf_alloc--);
 > 5750                    sc->free_rx_bd++;
 > 5751
 > 5752                    /*
 
 Hmm, it shouldn't be faulting here. :(  Can you do 'p m0' 'p sw_rx_cons_idx' 
 and 'p sc->rx_mbuf_ptr[sw_rx_cons_idx]'?  Also, 'x/i 0xffffffff8021d746'.
 
 -- 
 John Baldwin

From: Roar Pettersen <roar.pettersen@uib.no>
To: John Baldwin <jhb@freebsd.org>
Cc: freebsd-amd64@freebsd.org, freebsd-gnats-submit@freebsd.org
Subject: Re: amd64/131209: 7.1-STABLE amd64 crash
Date: Tue, 3 Feb 2009 19:02:04 +0100 (CET)

 Hello !
 
 > Hmm, it shouldn't be faulting here. :(  Can you do 'p m0' 'p sw_rx_cons_idx'
 > and 'p sc->rx_mbuf_ptr[sw_rx_cons_idx]'?  Also, 'x/i 0xffffffff8021d746'.
 
 
 (kgdb) p m0
 No symbol "m0" in current context.
 (kgdb) p sw_rx_cons_idx
 No symbol "sw_rx_cons_idx" in current context.
 (kgdb) p sc->rx_mbuf_ptr[sw_rx_cons_idx]
 No symbol "sc" in current context.
 (kgdb) x/i 0xffffffff8021d746
 0xffffffff8021d746 <bce_intr+710>:      mov    0x10(%r14),%r10
 
 
 Just re-loaded the system, uptime is now only 3-4 hours between each
 manually reboot.
 
 
 --
 Med vennlig hilsen / Regards;
 
    Roar Pettersen
    Universitetet i Bergen -  The University of Bergen
    Nygardsgt. 5  -  N-5020 BERGEN  - Norway
    Tlf: +47 55 58 40 55  fax: +47 55 58 40 70
    roar.pettersen@it.uib.no - IT-Avd, UiB - http://www.uib.no

From: John Baldwin <jhb@freebsd.org>
To: Roar Pettersen <roar.pettersen@uib.no>
Cc: freebsd-amd64@freebsd.org, freebsd-gnats-submit@freebsd.org
Subject: Re: amd64/131209: 7.1-STABLE amd64 crash
Date: Tue, 3 Feb 2009 13:40:08 -0500

 On Tuesday 03 February 2009 1:02:04 pm Roar Pettersen wrote:
 > Hello !
 > 
 > > Hmm, it shouldn't be faulting here. :(  Can you do 'p m0' 'p 
 sw_rx_cons_idx'
 > > and 'p sc->rx_mbuf_ptr[sw_rx_cons_idx]'?  Also, 'x/i 0xffffffff8021d746'.
 > 
 > 
 > (kgdb) p m0
 > No symbol "m0" in current context.
 > (kgdb) p sw_rx_cons_idx
 > No symbol "sw_rx_cons_idx" in current context.
 > (kgdb) p sc->rx_mbuf_ptr[sw_rx_cons_idx]
 > No symbol "sc" in current context.
 
 You have to be at 'frame 8' for these to work.
 
 > (kgdb) x/i 0xffffffff8021d746
 > 0xffffffff8021d746 <bce_intr+710>:      mov    0x10(%r14),%r10
 
 Ok, so %r14 is presumably NULL.  Looking at the disassembly, I think m0 is 
 NULL.  This is a bug in bce(4) of some sort.  You can try e-mailing davidch@.
 
 -- 
 John Baldwin

From: Andriy Gapon <avg@freebsd.org>
To: bug-followup@freebsd.org, roar.pettersen@it.uib.no
Cc:  
Subject: Re: amd64/131209: [panic] [bce] 7.1-STABLE amd64 crash - m0 NULL
Date: Sun, 05 Dec 2010 14:17:15 +0200

 Is this still an issue?
 Have you tried contacting davidch@ and/or discussing the bug on the appropriate
 mailing lists (net@, stable@)?
 
 -- 
 Andriy Gapon
State-Changed-From-To: open->suspended 
State-Changed-By: avg 
State-Changed-When: Sun Dec 5 12:32:08 UTC 2010 
State-Changed-Why:  
Originator's email address seems to bounce, so I am not 
sure about the current status of this issue. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=131209 

From: Konstantin Malov <Konstantin.Malov@kaspersky.com>
To: "bug-followup@FreeBSD.org" <bug-followup@FreeBSD.org>
Cc:  
Subject: Re: amd64/131209: [panic] [bce] 7.1-STABLE amd64 crash - m0 NULL
Date: Tue, 1 Mar 2011 15:56:46 +0300

 --_000_6C8693CFEE208243A988360589D6145A013697A0A27CKLMAILCCRav_
 Content-Type: text/plain; charset="us-ascii"
 Content-Transfer-Encoding: quoted-printable
 
 We faced the same problem, see http://www.freebsd.org/cgi/query-pr.cgi?pr=
 =3D155004
 
 --
 Konstantin Malov
 External Services Group system administrator
 Kaspersky Lab. - Russian Federation
 Tel: +7(495)797-8700 (ext. 2867)
 http://www.kaspersky.com<http://www.kaspersky.com/>
 
 --_000_6C8693CFEE208243A988360589D6145A013697A0A27CKLMAILCCRav_--
State-Changed-From-To: suspended->closed 
State-Changed-By: jh 
State-Changed-When: Sun Dec 11 09:54:20 UTC 2011 
State-Changed-Why:  
Apparently a duplicate of kern/155004. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=131209 
>Unformatted:
