page fault - 6.0-RC1 i386

From: Kernel Jake <kerneljake_at_hotmail.com>
Date: Mon, 17 Oct 2005 21:45:26 -0500
I can make 6.0-RC1 panic deterministically when streaming audio over 802.11g 
using WPA-PSK and a D-Link DWL-G520 revB3.  Below are two crashes.

# uname -a
FreeBSD daemon 6.0-RC1 FreeBSD 6.0-RC1 #0: Thu Oct 13 00:46:47 CDT 2005     
jake_at_daemon:usr/src/sys/i386/compile/DAEMON  i386

# kgdb kernel.debug /var/crash/vmcore.0
[...]
Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x10
fault code                    = supervisor read, page not present
instruction pointer     = 0x20:0xc07ccbec
stack pointer               = 0x28:0xcaf47940
frame pointer              = 0x28:0x0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process          = 35 (swi1: net)
trap number                = 12
panic: page fault
Uptime: 5h19m32s
Dumping 223 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 223MB (57084 pages) 208 192 176 160 144 128 112 96 80 64 48 32 16

#0  doadump () at pcpu.h:165
165             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) where
#0  doadump () at pcpu.h:165
#1  0xc0642a52 in boot (howto=260) at ../../../kern/kern_shutdown.c:399
#2  0xc0642ce8 in panic (fmt=0xc0878301 "%s")
    at ../../../kern/kern_shutdown.c:555
#3  0xc0828d10 in trap_fatal (frame=0xcaf47900, eva=16)
    at ../../../i386/i386/trap.c:831
#4  0xc0828a7b in trap_pfault (frame=0xcaf47900, usermode=0, eva=16)
    at ../../../i386/i386/trap.c:742
#5  0xc08286b9 in trap (frame=
      {tf_fs = 8, tf_es = -65496, tf_ds = 40, tf_edi = 0, tf_esi = 
-812642108, tf_ebp = 0, tf_isp = -889947860, tf_ebx = -812631240, tf_edx = 
787639, tf_ecx = -1073479567, tf_eax = 1, tf_trapno = 12, tf_err = 0, tf_eip 
= -1065563156, tf_cs = 32, tf_eflags = 66050, tf_esp = 16786612, tf_ss = 0})
    at ../../../i386/i386/trap.c:432
#6  0xc0817eba in calltrap () at ../../../i386/i386/exception.s:139
#7  0xc07ccbec in zz0e373a4d ()

# kgdb kernel.debug /var/crash/vmcore.1
[...]
Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x10
fault code                    = supervisor read, page not present
instruction pointer     = 0x20:0xc07ccbec
stack pointer               = 0x28:0xcaf47940
frame pointer              = 0x28:0x0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                                      = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process          = 35 (swi1: net)
trap number               = 12
panic: page fault
Uptime: 13h50m32s
Dumping 223 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 223MB (57084 pages) 208 192 176 160 144 128 112 96 80 64 48 32 16

#0  doadump () at pcpu.h:165
165             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) where
#0  doadump () at pcpu.h:165
#1  0xc0642a52 in boot (howto=260) at ../../../kern/kern_shutdown.c:399
#2  0xc0642ce8 in panic (fmt=0xc0878301 "%s")
    at ../../../kern/kern_shutdown.c:555
#3  0xc0828d10 in trap_fatal (frame=0xcaf47900, eva=16)
    at ../../../i386/i386/trap.c:831
#4  0xc0828a7b in trap_pfault (frame=0xcaf47900, usermode=0, eva=16)
    at ../../../i386/i386/trap.c:742
#5  0xc08286b9 in trap (frame=
      {tf_fs = 8, tf_es = 4259880, tf_ds = 40, tf_edi = 0, tf_esi = 
-812645188, tf_ebp = 0, tf_isp = -889947860, tf_ebx = -812644440, tf_edx = 
787639, tf_ecx = -1073479567, tf_eax = 1, tf_trapno = 12, tf_err = 0, tf_eip 
= -1065563156, tf_cs = 32, tf_eflags = 590338, tf_esp = 16783132, tf_ss = 
0})
    at ../../../i386/i386/trap.c:432
#6  0xc0817eba in calltrap () at ../../../i386/i386/exception.s:139
#7  0xc07ccbec in zz0e373a4d ()
(kgdb) list *0xc07ccbec
No source file for address 0xc07ccbec.

# dmesg
Copyright (c) 1992-2005 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD 6.0-RC1 #0: Thu Oct 13 00:46:47 CDT 2005
    jake_at_daemon:/usr/src/sys/i386/compile/DAEMON
ACPI APIC Table: <ASUS   P4S533VM>
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Celeron(R) CPU 1.70GHz (1693.13-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0xf13  Stepping = 3
Features=0x3febfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM>
real memory  = 234864640 (223 MB)
avail memory = 220332032 (210 MB)
ioapic0: Changing APIC ID to 2
ioapic0 <Version 8.0> irqs 0-23 on motherboard
ath_hal: 0.9.14.9 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413)
npx0: [FAST]
npx0: <math processor> on motherboard
npx0: INT 16 interface
acpi0: <ASUS P4S533VM> on motherboard
acpi0: Overriding SCI Interrupt from IRQ 9 to IRQ 20
acpi0: Power Button (fixed)
pci_link0: <ACPI PCI Link LNKA> irq 11 on acpi0
pci_link1: <ACPI PCI Link LNKB> irq 10 on acpi0
pci_link2: <ACPI PCI Link LNKC> on acpi0
pci_link3: <ACPI PCI Link LNKD> irq 12 on acpi0
pci_link4: <ACPI PCI Link LNKE> irq 5 on acpi0
pci_link5: <ACPI PCI Link LNKF> irq 9 on acpi0
pci_link6: <ACPI PCI Link LNKG> irq 9 on acpi0
pci_link7: <ACPI PCI Link LNKH> irq 9 on acpi0
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0xe408-0xe40b on acpi0
cpu0: <ACPI CPU> on acpi0
acpi_throttle0: <ACPI CPU Throttling> on cpu0
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
agp0: <SiS 651 host to AGP bridge> mem 0xe8000000-0xebffffff at device 0.0 
on pci0
pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0
pci1: <ACPI PCI bus> on pcib1
pci1: <display, VGA> at device 0.0 (no driver attached)
isab0: <PCI-ISA bridge> at device 2.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <SiS 962 UDMA133 controller> port 
0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xa400-0xa40f irq 16 at device 2.5 on 
pci0
ata0: <ATA channel 0> on atapci0
ata1: <ATA channel 1> on atapci0
ohci0: <SiS 5571 USB controller> mem 0xe6800000-0xe6800fff irq 20 at device 
3.0 on pci0
ohci0: [GIANT-LOCKED]
usb0: OHCI version 1.0, legacy support
usb0: <SiS 5571 USB controller> on ohci0
usb0: USB revision 1.0
uhub0: SiS OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
ohci1: <SiS 5571 USB controller> mem 0xe6000000-0xe6000fff irq 21 at device 
3.1 on pci0
ohci1: [GIANT-LOCKED]
usb1: OHCI version 1.0, legacy support
usb1: <SiS 5571 USB controller> on ohci1
usb1: USB revision 1.0
uhub1: SiS OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
ohci2: <SiS 5571 USB controller> mem 0xe5800000-0xe5800fff irq 22 at device 
3.2 on pci0
ohci2: [GIANT-LOCKED]
usb2: OHCI version 1.0, legacy support
usb2: <SiS 5571 USB controller> on ohci2
usb2: USB revision 1.0
uhub2: SiS OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0: <EHCI (generic) USB 2.0 controller> mem 0xe5000000-0xe5000fff irq 23 
at device 3.3 on pci0
ehci0: [GIANT-LOCKED]
usb3: EHCI version 1.0
usb3: companion controllers, 2 ports each: usb0 usb1 usb2
usb3: <EHCI (generic) USB 2.0 controller> on ehci0
usb3: USB revision 2.0
uhub3: SiS EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
sis0: <SiS 900 10/100BaseTX> port 0x8800-0x88ff mem 0xe4800000-0xe4800fff 
irq 19 at device 4.0 on pci0
miibus0: <MII bus> on sis0
rlphy0: <RTL8201L 10/100 media interface> on miibus0
rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
sis0: Ethernet address: 00:e0:18:bc:ae:d3
ath0: <Atheros 5212> mem 0xe4000000-0xe400ffff irq 17 at device 14.0 on pci0
ath0: Ethernet address: 00:11:95:92:72:55
ath0: mac 7.9 phy 4.5 radio 5.6
twe0: <3ware Storage Controller. Driver version 1.50.01.002> port 
0x8400-0x840f mem 0xe3000000-0xe37fffff irq 19 at device 16.0 on pci0
twe0: [GIANT-LOCKED]
twe0: 4 ports, Firmware FE7X 1.05.00.063, BIOS BE7X 1.08.00.048
fdc0: <floppy drive controller> port 0x3f2-0x3f5,0x3f7 irq 6 drq 2 on acpi0
fdc0: [FAST]
ppc0: <ECP parallel printer port> port 0x378-0x37f,0x778-0x77b irq 7 drq 3 
on acpi0
ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/16 bytes threshold
ppbus0: <Parallel port bus> on ppc0
plip0: <PLIP network interface> on ppbus0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on 
acpi0
sio0: type 16550A
sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550A
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
pmtimer0 on isa0
orm0: <ISA Option ROMs> at iomem 0xc0000-0xcbfff,0xcc000-0xccfff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 1693134912 Hz quality 800
Timecounters tick every 1.000 msec
acd0: DVDROM <DVD-ROM BDV316C/VER .20R> at ata0-master UDMA33
ad1: 239372MB <Maxtor 5A250J0 RAMB1TU0> at ata0-slave UDMA133
twed0: <Unit 0, TwinStor, Normal> on twe0
twed0: 19535MB (40009252 sectors)
Trying to mount root from ufs:/dev/twed0s1a
Received on Tue Oct 18 2005 - 00:45:26 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:45 UTC