118353 – [panic] [ppp] repeatable kernel panic during ppp(4) session in 7.0-BETA3

Bug 118353 - [panic] [ppp] repeatable kernel panic during ppp(4) session in 7.0-BETA3

Summary: [panic] [ppp] repeatable kernel panic during ppp(4) session in 7.0-BETA3

Status:	Closed Overcome By Events

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	usb (show other bugs)
Version:	7.0-BETA3
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Eugene Grosbein

URL:
Keywords:

Depends on:
Blocks:

Reported:	2007-11-30 14:40 UTC by Eugene Grosbein
Modified:	2017-03-11 19:25 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Eugene Grosbein 2007-11-30 14:40:00 UTC

	SMP kernel panices while there is active ppp(4) session using stock
	pppd(8) over umodem(4) - EGPRS session using Nokia smartphone.

	Here is kgdb's output for crashdump:

Script started on Thu Nov 29 19:19:29 2007
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address	= 0x14
fault code		= supervisor read, page not present
instruction pointer	= 0x20:0xc077e8d0
stack pointer	        = 0x28:0xe5b14b7c
frame pointer	        = 0x28:0xe5b14bb4
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 25 (irq16: nvidia0+)
trap number		= 12
panic: page fault
cpuid = 1
KDB: stack backtrace:
db_trace_self_wrapper(c07c9964,e5b14a18,c057e040,c07ea5af,1,...) at 0xc0464f81 = db_trace_self_wrapper+0x26
kdb_backtrace(c07ea5af,1,c07b504c,e5b14a24,1,...) at 0xc05a3b04 = kdb_backtrace+0x29
panic(c07b504c,c07eb867,c560aa18,1,1,...) at 0xc057e040 = panic+0x10f
trap_fatal(c0847760,0,1,0,c0bdcab2,...) at 0xc0780679 = trap_fatal+0x32e
trap_pfault(c0b1e223,c5f49000,6013d4,1f,c,...) at 0xc07808c9 = trap_pfault+0x244
trap(e5b14b3c) at 0xc07811d6 = trap+0x36a
calltrap() at 0xc07686ab = calltrap+0x6
--- trap 0xc, eip = 0xc077e8d0, esp = 0xe5b14b7c, ebp = 0xe5b14bb4 ---
memcpy(c56c1800,6c,c56be500,e5b14bf8,c0500457,...) at 0xc077e8d0 = memcpy+0x14
pppstart(c56c1800,0,0,e5b14be8,0,...) at 0xc06234d5 = pppstart+0x20
ucomwritecb(c61cde00,c56be500,0,19000,0,...) at 0xc0500457 = ucomwritecb+0x104
usb_transfer_complete(c61cde00,c60ee800,0) at 0xc050ef4d = usb_transfer_complete+0x1a3
uhci_transfer_complete(c60ee800,c09e5aec,1) at 0xc0502da2 = uhci_transfer_complete+0xa8
uhci_idone(c56c5e80,c61cdf90,c5667000,c61ce178,c5667000,...) at 0xc0502ed5 = uhci_idone+0x12b
uhci_softintr(c5667000,e5b14cb4,c0503fa0,c5667000,c0d10f08,...) at 0xc050338d = uhci_softintr+0xe4
usb_schedsoftintr(c5667000,c0d10f08,c565d5c0,c5516c00,0,...) at 0xc050ae54 = usb_schedsoftintr+0x12
uhci_intr1(e5b14cf4,c0562278,c5667000,0,c07c569f,...) at 0xc0503fa0 = uhci_intr1+0x1d6
uhci_intr(c5667000,0,c07c569f,46b,0,...) at 0xc0504225 = uhci_intr+0x1d
ithread_loop(c5603230,e5b14d38,ffbfffeb,7fff3ffd,f9fefdff,...) at 0xc0562278 = ithread_loop+0x19d
fork_exit(c05620db,c5603230,e5b14d38) at 0xc055eec1 = fork_exit+0x99
fork_trampoline() at 0xc0768720 = fork_trampoline+0x8
--- trap 0, eip = 0, esp = 0xe5b14d70, ebp = 0 ---
Uptime: 14m52s
Physical memory: 2029 MB
Dumping 111 MB: 96 80 64 48 (CTRL-C to abort)  32 16

#0  doadump () at pcpu.h:195
195		__asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt full
#0  doadump () at pcpu.h:195
No locals.
#1  0xc057dd82 in boot (howto=260) at /usr/local/src/sys/kern/kern_shutdown.c:409
	_giantcnt = Variable "_giantcnt" is not available.
(kgdb) bt
#0  doadump () at pcpu.h:195
#1  0xc057dd82 in boot (howto=260) at /usr/local/src/sys/kern/kern_shutdown.c:409
#2  0xc057e06f in panic (fmt=Variable "fmt" is not available.
) at /usr/local/src/sys/kern/kern_shutdown.c:563
#3  0xc0780679 in trap_fatal (frame=0xe5b14b3c, eva=20)
    at /usr/local/src/sys/i386/i386/trap.c:872
#4  0xc07808c9 in trap_pfault (frame=0xe5b14b3c, usermode=0, eva=20)
    at /usr/local/src/sys/i386/i386/trap.c:785
#5  0xc07811d6 in trap (frame=0xe5b14b3c) at /usr/local/src/sys/i386/i386/trap.c:463
#6  0xc07686ab in calltrap () at /usr/local/src/sys/i386/i386/exception.s:139
#7  0xc077e8d0 in memcpy () at /usr/local/src/sys/i386/i386/support.s:692
Previous frame inner to this frame (corrupt stack?)
(kgdb) quit

Script done on Thu Nov 29 19:19:45 2007


	I've mostly monotithic kernel but with some external modules
	loaded:

$ kldstat
Id Refs Address    Size     Name
 1   11 0xc0400000 52a478   kernel
 2    1 0xc092b000 79f118   nvidia.ko
 3    1 0xc10cb000 1fd18    kqemu.ko
 4    1 0xc10eb000 67174    acpi.ko
 5    1 0xc5c2d000 e000     fuse.ko
 6    1 0xc5f12000 2000     rtc.ko

	But no fuse filesystem mounted ever and qemu not ever started
	since boot.

Fix: 

Unknown.
How-To-Repeat: 	Connect machine using ppp(4) and make traffic flow.
	I had ssh interactive session all the times it paniced.

	There were no panics with such configuration in 6.2-STABLE
	which kernel had IPSEC compiled in, so debug.mpsafenet was forced to 0.
	But recently I've upgraded to RELENG_7 that has MPSAFE
	IPSEC implementation and has no debug.mpsafenet tunnable
	so I can't make it off to test.

	Here come kernel config file and /var/run/dmesg.boot:

machine		i386
cpu		I686_CPU
ident		DADV

options		INCLUDE_CONFIG_FILE	# Include this file in kernel
options		SMP
device		apic			# I/O APIC
options 	PREEMPTION		# Enable kernel thread preemption
options		ADAPTIVE_GIANT
options		IPI_PREEMPTION

# To statically compile in device wiring instead of /boot/device.hints
#hints		"GENERIC.hints"		# Default places to look for devices.

makeoptions	DEBUG=-g		# Build kernel with gdb(1) debug symbols

options 	SCHED_ULE		# ULE scheduler
#options 	SCHED_4BSD		# 4BSD scheduler

options 	INET			# InterNETworking
#options 	INET6			# IPv6 communications protocols
options 	FFS			# Berkeley Fast Filesystem
options 	SOFTUPDATES		# Enable FFS soft updates support
#options 	UFS_ACL			# Support for access control lists
options 	UFS_DIRHASH		# Improve performance on big directories
#options 	MD_ROOT			# MD is a potential root device
options 	NFSCLIENT		# Network Filesystem Client
options 	NFSSERVER		# Network Filesystem Server
#options 	NFS_ROOT		# NFS usable as /, requires NFSCLIENT
options 	MSDOSFS			# MSDOS Filesystem
options		NTFS
options 	LIBICONV
options 	MSDOSFS_ICONV
options 	NTFS_ICONV

options 	CD9660			# ISO 9660 Filesystem
options		CD9660_ICONV
options 	PROCFS			# Process filesystem (requires PSEUDOFS)
options 	PSEUDOFS		# Pseudo-filesystem framework
#options 	GEOM_GPT		# GUID Partition Tables.
options 	COMPAT_43TTY		# Compatible with BSD 4.3 [KEEP THIS!]
options 	COMPAT_FREEBSD4		# Compatible with FreeBSD4
options 	COMPAT_FREEBSD5		# Compatible with FreeBSD5
options 	COMPAT_FREEBSD6		# Compatible with FreeBSD5
options 	SCSI_DELAY=3000		# Delay (in ms) before probing SCSI
options 	KTRACE			# ktrace(1) support
options 	SYSVSHM			# SYSV-style shared memory
options 	SYSVMSG			# SYSV-style message queues
options 	SYSVSEM			# SYSV-style semaphores
options 	_KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev

# Bus support.
#device		eisa
device		pci

# Floppy drives
#device		fdc

# ATA and ATAPI devices
device		ata
device		atadisk		# ATA disk drives
#device		ataraid		# ATA RAID drives
device		atapicd		# ATAPI CDROM drives
#device		atapifd		# ATAPI floppy drives
#device		atapist		# ATAPI tape drives
options 	ATA_STATIC_ID	# Static device numbering
device		atapicam

# SCSI peripherals
device		scbus		# SCSI bus (required for SCSI)
device		da		# Direct Access (disks)
device		cd		# CD
device		pass		# Passthrough device (direct SCSI access)

# atkbdc0 controls both the keyboard and the PS/2 mouse
device		atkbdc		# AT keyboard controller
device		atkbd		# AT keyboard
device		psm		# PS/2 mouse
#options		KBD_RESETDELAY=500
#options		KBD_MAXWAIT=10
#options		KBD_MAXRETRY=10
#options		PSM_DEBUG=2


device		vga		# VGA video card driver

# syscons is the default console driver, resembling an SCO console
device		sc
options		SC_HISTORY_SIZE=1000

# Serial (COM) ports
device		sio		# 8250, 16[45]50 based serial ports

# Parallel port
device		ppc
device		ppbus		# Parallel port bus (required)
device		lpt		# Printer
#device		ppi		# Parallel port interface device

# PCI Ethernet NICs.
#device		de		# DEC/Intel DC21x4x (``Tulip'')
device		em		# Intel PRO/1000 adapter Gigabit Ethernet Card
#device		ixgb		# Intel PRO/10GbE Ethernet Card
#device		txp		# 3Com 3cR990 (``Typhoon'')
#device		vx		# 3Com 3c590, 3c595 (``Vortex'')

# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
#device		miibus		# MII bus support
#device		bfe		# Broadcom BCM440x 10/100 Ethernet
#device		bge		# Broadcom BCM570xx Gigabit Ethernet
#device		dc		# DEC/Intel 21143 and various workalikes
#device		fxp		# Intel EtherExpress PRO/100B (82557, 82558)
#device		em
#device		lge		# Level 1 LXT1001 gigabit Ethernet
#device		nge		# NatSemi DP83820 gigabit Ethernet
#device		nve		# nVidia nForce MCP on-board Ethernet Networking
#device		pcn		# AMD Am79C97x PCI 10/100(precedence over 'lnc')
#device		re		# RealTek 8139C+/8169/8169S/8110S
#device		rl		# RealTek 8129/8139
#device		sf		# Adaptec AIC-6915 (``Starfire'')
#device		sis		# Silicon Integrated Systems SiS 900/SiS 7016
#device		sk		# SysKonnect SK-984x & SK-982x gigabit Ethernet
#device		ste		# Sundance ST201 (D-Link DFE-550TX)
#device		ti		# Alteon Networks Tigon I/II gigabit Ethernet
#device		tl		# Texas Instruments ThunderLAN
#device		tx		# SMC EtherPower II (83c170 ``EPIC'')
#device		vge		# VIA VT612x gigabit Ethernet
#device		vr		# VIA Rhine, Rhine II
#device		wb		# Winbond W89C840F
#device		xl		# 3Com 3c90x (``Boomerang'', ``Cyclone'')

# Pseudo devices.
device		loop		# Network loopback
device		random		# Entropy device
device		ether		# Ethernet support
device		ppp 		# Kernel PPP
#device		tun		# Packet tunnel.
device		pty		# Pseudo-ttys (telnet etc)
device		md		# Memory "disks"
device		gif		# IPv6 and IPv4 tunneling
#device		faith		# IPv6-to-IPv4 relaying (translation)
device		tap			#Virtual Ethernet driver

# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device		bpf		# Berkeley packet filter

# USB support
device		uhci		# UHCI PCI->USB interface
device		ohci		# OHCI PCI->USB interface
device		ehci		# EHCI PCI->USB interface (USB 2.0)
device		usb		# USB Bus (required)
#device		udbp		# USB Double Bulk Pipe devices
device		ugen		# Generic
#device		uhid		# "Human Interface Devices"
#device		ukbd		# Keyboard
#device		ulpt		# Printer
device		umass		# Disks/Mass storage - Requires scbus and da
#device		ums		# Mouse
#device		ural		# Ralink Technology RT2500USB wireless NICs
#device		urio		# Diamond Rio 500 MP3 player
#device		uscanner	# Scanners
device		if_bridge

device		crypto
options		IPSEC
options		IPSEC_FILTERTUNNEL
options		IPFIREWALL
#options		IPFIREWALL_VERBOSE
options		IPFIREWALL_FORWARD
options		IPDIVERT
options		DUMMYNET

options 	NETGRAPH		# netgraph(4) system
options 	NETGRAPH_ETHER
options 	NETGRAPH_PPPOE
options 	NETGRAPH_SOCKET
options 	NETGRAPH_BLUETOOTH		# ng_bluetooth(4)
options 	NETGRAPH_BLUETOOTH_SOCKET	# ng_btsocket(4)
options 	NETGRAPH_BLUETOOTH_UBT
options		NETGRAPH_BLUETOOTH_HCI
options		NETGRAPH_BLUETOOTH_L2CAP

device		ucom
device		umodem

option		VFS_AIO

device		sound
device		snd_hda

options		COMPAT_LINUX
options		LINPROCFS

options 	KDB
options 	KDB_TRACE
options 	KDB_UNATTENDED
options 	DDB
options 	DDB_NUMSYM
options 	GDB

#options		INVARIANTS
#options		INVARIANT_SUPPORT
#options		WITNESS
#options		WITNESS_KDB
#options		DEBUG_MEMGUARD
#options		MUTEX_DEBUG

#options         USB_DEBUG

#options		MAXMEM=(32*1024)
options		ALT_BREAK_TO_DEBUGGER
#options		DEVICE_POLLING


	As for dmesg.boot:

Copyright (c) 1992-2007 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 7.0-BETA3 #2: Thu Nov 29 18:57:19 KRAT 2007
    eu@grosbein.pp.ru:/usr/local/obj/usr/local/src/sys/DADV
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Pentium(R) D CPU 2.80GHz (2805.72-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0xf62  Stepping = 2
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0xe43d<SSE3,RSVD2,MON,DS_CPL,VMX,CNXT-ID,CX16,xTPR,PDCM>
  AMD Features=0x20100000<NX,LM>
  AMD Features2=0x1<LAHF>
  Cores per package: 2
real memory  = 2146050048 (2046 MB)
avail memory = 2085523456 (1988 MB)
ACPI APIC Table: <INTEL  D975XBX >
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP): APIC ID:  1
ioapic0: Changing APIC ID to 2
ioapic0 <Version 2.0> irqs 0-23 on motherboard
kqemu version 0x00010300
kqemu: KQEMU installed, max_locked_mem=1039036kB.
acpi0: <INTEL D975XBX> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
Timecounter "ACPI-safe" frequency 3579545 Hz quality 850
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
cpu0: <ACPI CPU> on acpi0
cpu1: <ACPI CPU> on acpi0
acpi_button0: <Sleep Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0
pci1: <ACPI PCI bus> on pcib1
nvidia0: <GeForce 7600 GS> port 0x3000-0x307f mem 0x91000000-0x91ffffff,0x80000000-0x8fffffff,0x90000000-0x90ffffff irq 16 at device 0.0 on pci1
nvidia0: [GIANT-LOCKED]
nvidia0: [ITHREAD]
pcm0: <Intel 82801G High Definition Audio Controller> mem 0x92200000-0x92203fff irq 22 at device 27.0 on pci0
pcm0: [ITHREAD]
pcib2: <ACPI PCI-PCI bridge> at device 28.0 on pci0
pci2: <ACPI PCI bus> on pcib2
pcib3: <ACPI PCI-PCI bridge> at device 28.4 on pci0
pci3: <ACPI PCI bus> on pcib3
pcib4: <ACPI PCI-PCI bridge> at device 28.5 on pci0
pci4: <ACPI PCI bus> on pcib4
em0: <Intel(R) PRO/1000 Network Connection Version - 6.5.3> port 0x2000-0x201f mem 0x92100000-0x9211ffff irq 17 at device 0.0 on pci4
em0: Ethernet address: 00:16:76:6b:04:d7
em0: [FILTER]
uhci0: <UHCI (generic) USB controller> port 0x4080-0x409f irq 23 at device 29.0 on pci0
uhci0: [GIANT-LOCKED]
uhci0: [ITHREAD]
usb0: <UHCI (generic) USB controller> on uhci0
usb0: USB revision 1.0
uhub0: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb0
uhub0: 2 ports with 2 removable, self powered
uhci1: <UHCI (generic) USB controller> port 0x4060-0x407f irq 19 at device 29.1 on pci0
uhci1: [GIANT-LOCKED]
uhci1: [ITHREAD]
usb1: <UHCI (generic) USB controller> on uhci1
usb1: USB revision 1.0
uhub1: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb1
uhub1: 2 ports with 2 removable, self powered
uhci2: <UHCI (generic) USB controller> port 0x4040-0x405f irq 18 at device 29.2 on pci0
uhci2: [GIANT-LOCKED]
uhci2: [ITHREAD]
usb2: <UHCI (generic) USB controller> on uhci2
usb2: USB revision 1.0
uhub2: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb2
uhub2: 2 ports with 2 removable, self powered
uhci3: <UHCI (generic) USB controller> port 0x4020-0x403f irq 16 at device 29.3 on pci0
uhci3: [GIANT-LOCKED]
uhci3: [ITHREAD]
usb3: <UHCI (generic) USB controller> on uhci3
usb3: USB revision 1.0
uhub3: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb3
uhub3: 2 ports with 2 removable, self powered
ehci0: <Intel 82801GB/R (ICH7) USB 2.0 controller> mem 0x92204400-0x922047ff irq 23 at device 29.7 on pci0
ehci0: [GIANT-LOCKED]
ehci0: [ITHREAD]
usb4: EHCI version 1.0
usb4: companion controllers, 2 ports each: usb0 usb1 usb2 usb3
usb4: <Intel 82801GB/R (ICH7) USB 2.0 controller> on ehci0
usb4: USB revision 2.0
uhub4: <Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1> on usb4
uhub4: 8 ports with 8 removable, self powered
pcib5: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci5: <ACPI PCI bus> on pcib5
atapci0: <Promise PDC20268 UDMA100 controller> port 0x1018-0x101f,0x1024-0x1027,0x1010-0x1017,0x1020-0x1023,0x1000-0x100f mem 0x92004000-0x92007fff irq 18 at device 2.0 on pci5
atapci0: [ITHREAD]
ata2: <ATA channel 0> on atapci0
ata2: [ITHREAD]
ata3: <ATA channel 1> on atapci0
ata3: [ITHREAD]
pci5: <serial bus, FireWire> at device 4.0 (no driver attached)
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci1: <Intel ICH7 UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x40b0-0x40bf irq 18 at device 31.1 on pci0
ata0: <ATA channel 0> on atapci1
ata0: [ITHREAD]
ata1: <ATA channel 1> on atapci1
ata1: [ITHREAD]
atapci2: <Intel AHCI controller> port 0x40c8-0x40cf,0x40e4-0x40e7,0x40c0-0x40c7,0x40e0-0x40e3,0x40a0-0x40af mem 0x92204000-0x922043ff irq 19 at device 31.2 on pci0
atapci2: [ITHREAD]
atapci2: AHCI Version 01.10 controller with 4 ports detected
ata4: <ATA channel 0> on atapci2
ata4: [ITHREAD]
ata5: <ATA channel 1> on atapci2
ata5: [ITHREAD]
ata6: <ATA channel 2> on atapci2
ata6: [ITHREAD]
ata7: <ATA channel 3> on atapci2
ata7: [ITHREAD]
pci0: <serial bus, SMBus> at device 31.3 (no driver attached)
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: [ITHREAD]
psm0: model IntelliMouse, device ID 3
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A
sio0: [FILTER]
cryptosoft0: <software crypto> on motherboard
orm0: <ISA Option ROM> at iomem 0xcf000-0xd17ff pnpid ORM0000 on isa0
ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/8 bytes threshold
ppbus0: <Parallel port bus> on ppc0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppc0: [GIANT-LOCKED]
ppc0: [ITHREAD]
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
ugen0: <American Power Conversion Back-UPS 500 FW: 6.5.I USB FW: c1, class 0/0, rev 1.10/1.00, addr 2> on uhub0
ugen1: <Hewlett-Packard HP ScanJet 2200C, class 255/0, rev 1.10/1.00, addr 2> on uhub1
ucom0: <Nokia Nokia E50, class 2/0, rev 2.00/1.00, addr 2> on uhub3
ucom0: iclass 2/2
ucom0: data interface 11, has no CM over data, has break
ucom0: status change notification available
Timecounters tick every 1.000 msec
Fast IPsec: Initialized Security Association Processing.
ipfw2 initialized, divert enabled, rule-based forwarding enabled, default to deny, logging disabled
acd0: DVDR <NEC DVD RW ND-3500AG/2.18> at ata0-master UDMA33
ad4: 190782MB <WDC WD2000JB-00REA0 20.00K20> at ata2-master UDMA100
ad8: 238475MB <Seagate ST3250620AS 3.AAK> at ata4-master SATA300
pcm0: <HDA Codec: Sigmatel STAC9221D>
pcm0: <HDA Driver Revision: 20071122_0049>
cd0 at ata0 bus 0 target 0 lun 0
cd0: <_NEC DVD_RW ND-3500AG 2.18> Removable CD-ROM SCSI-0 device 
cd0: 33.000MB/s transfers
cd0: cd present [2055760 x 2048 byte records]
SMP: AP CPU #1 Launched!
Trying to mount root from ufs:/dev/ad4s1a
tap0: Ethernet address: 00:bd:b5:16:00:00
bridge0: Ethernet address: 26:27:e6:0a:7b:50
em0: link state changed to UP
fuse4bsd: version 0.3.9-pre1, FUSE ABI 7.8
lpt0: switched to polled extended mode
ppp0: no compressor for [15 3 29], 3
ppp0: no compressor for [1a 4 8], 4
ppp0: no compressor for [18 4 8], 4


Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address	= 0x14
fault code		= supervisor read, page not present
instruction pointer	= 0x20:0xc077e8d0
stack pointer	        = 0x28:0xe5b14b7c
frame pointer	        = 0x28:0xe5b14bb4
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 25 (irq16: nvidia0+)
trap number		= 12
panic: page fault
cpuid = 1
KDB: stack backtrace:
db_trace_self_wrapper(c07c9964,e5b14a18,c057e040,c07ea5af,1,...) at 0xc0464f81 = db_trace_self_wrapper+0x26
kdb_backtrace(c07ea5af,1,c07b504c,e5b14a24,1,...) at 0xc05a3b04 = kdb_backtrace+0x29
panic(c07b504c,c07eb867,c560aa18,1,1,...) at 0xc057e040 = panic+0x10f
trap_fatal(c0847760,0,1,0,c0bdcab2,...) at 0xc0780679 = trap_fatal+0x32e
trap_pfault(c0b1e223,c5f49000,6013d4,1f,c,...) at 0xc07808c9 = trap_pfault+0x244
trap(e5b14b3c) at 0xc07811d6 = trap+0x36a
calltrap() at 0xc07686ab = calltrap+0x6
--- trap 0xc, eip = 0xc077e8d0, esp = 0xe5b14b7c, ebp = 0xe5b14bb4 ---
memcpy(c56c1800,6c,c56be500,e5b14bf8,c0500457,...) at 0xc077e8d0 = memcpy+0x14
pppstart(c56c1800,0,0,e5b14be8,0,...) at 0xc06234d5 = pppstart+0x20
ucomwritecb(c61cde00,c56be500,0,19000,0,...) at 0xc0500457 = ucomwritecb+0x104
usb_transfer_complete(c61cde00,c60ee800,0) at 0xc050ef4d = usb_transfer_complete+0x1a3
uhci_transfer_complete(c60ee800,c09e5aec,1) at 0xc0502da2 = uhci_transfer_complete+0xa8
uhci_idone(c56c5e80,c61cdf90,c5667000,c61ce178,c5667000,...) at 0xc0502ed5 = uhci_idone+0x12b
uhci_softintr(c5667000,e5b14cb4,c0503fa0,c5667000,c0d10f08,...) at 0xc050338d = uhci_softintr+0xe4
usb_schedsoftintr(c5667000,c0d10f08,c565d5c0,c5516c00,0,...) at 0xc050ae54 = usb_schedsoftintr+0x12
uhci_intr1(e5b14cf4,c0562278,c5667000,0,c07c569f,...) at 0xc0503fa0 = uhci_intr1+0x1d6
uhci_intr(c5667000,0,c07c569f,46b,0,...) at 0xc0504225 = uhci_intr+0x1d
ithread_loop(c5603230,e5b14d38,ffbfffeb,7fff3ffd,f9fefdff,...) at 0xc0562278 = ithread_loop+0x19d
fork_exit(c05620db,c5603230,e5b14d38) at 0xc055eec1 = fork_exit+0x99
fork_trampoline() at 0xc0768720 = fork_trampoline+0x8
--- trap 0, eip = 0, esp = 0xe5b14d70, ebp = 0 ---
Uptime: 14m52s
Physical memory: 2029 MB
Dumping 111 MB: 96 80 64 48 (CTRL-C to abort)  32 16
Dump complete
Automatic reboot in 15 seconds - press a key on the console to abort
--> Press a key on the console to reboot,
--> or switch off the system now.
Rebooting...
cpu_reset: Stopping other CPUs

Comment 1 Eugene Grosbein 2007-11-30 16:41:19 UTC

Hi!

Yesterday evening I had five crashes and have five crashdumps now.
One of them looks better than others, here is backtrace:

Script started on Thu Nov 29 23:05:25 2007
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so:=
 Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain condition=
s.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:


#0  doadump () at pcpu.h:195
195		__asm __volatile("movl %%fs:0,%0" : "=3Dr" (td));
(kgdb) btr=08 =08
#0  doadump () at pcpu.h:195
#1  0xc057dd82 in boot (howto=3D260) at /usr/local/src/sys/kern/kern_shutdo=
wn.c:409
#2  0xc057e06f in panic (fmt=3DVariable "fmt" is not available.
) at /usr/local/src/sys/kern/kern_shutdown.c:563
#3  0xc0780679 in trap_fatal (frame=3D0xe805b9cc, eva=3D8) at /usr/local/sr=
c/sys/i386/i386/trap.c:872
#4  0xc07808c9 in trap_pfault (frame=3D0xe805b9cc, usermode=3D0, eva=3D8) a=
t /usr/local/src/sys/i386/i386/trap.c:785
#5  0xc07811d6 in trap (frame=3D0xe805b9cc) at /usr/local/src/sys/i386/i386=
/trap.c:463
#6  0xc07686ab in calltrap () at /usr/local/src/sys/i386/i386/exception.s:1=
39
#7  0xc0502aff in uhci_device_bulk_done (xfer=3D0xc5ea9600) at /usr/local/s=
rc/sys/dev/usb/uhci.c:1114
#8  0xc050ef33 in usb_transfer_complete (xfer=3D0xc5ea9600) at /usr/local/s=
rc/sys/dev/usb/usbdi.c:975
#9  0xc0502da2 in uhci_transfer_complete (xfer=3D0xc5ea9600) at /usr/local/=
src/sys/dev/usb/uhci.c:2109
#10 0xc050353d in uhci_abort_xfer (xfer=3D0xc5ea9600, status=3D921) at /usr=
/local/src/sys/dev/usb/uhci.c:2068
#11 0xc0503587 in uhci_device_bulk_abort (xfer=3D0xc5ea9600) at /usr/local/=
src/sys/dev/usb/uhci.c:1967
#12 0xc050e9f9 in usbd_abort_pipe (pipe=3D0xc616f680) at /usr/local/src/sys=
/dev/usb/usbdi.c:879
#13 0xc04ff95f in ucomstopread (sc=3D0x399) at /usr/local/src/sys/dev/usb/u=
com.c:861
#14 0xc0500053 in ucomstop (tp=3D0xc56c1800, flag=3D3) at /usr/local/src/sy=
s/dev/usb/ucom.c:633
#15 0xc05bdf72 in ttyflush (tp=3D0xc56c1800, rw=3D3) at tty.h:408
#16 0xc0623891 in pppclose (tp=3D0xc56c1800, flag=3D3) at /usr/local/src/sy=
s/net/ppp_tty.c:250
#17 0xc05c11fa in ttioctl (tp=3D0xc56c1800, cmd=3D2147775515, data=3D0xc59b=
cac0, flag=3D3) at linedisc.h:93
#18 0xc05c1af7 in ttyioctl (dev=3D0xc56be900, cmd=3D2147775515, data=3D0xc5=
9bcac0 "", flag=3D3, td=3D0xc5c3c220)
    at /usr/local/src/sys/kern/tty.c:3285
#19 0xc054c077 in giant_ioctl (dev=3D0xc56be900, cmd=3D2147775515, data=3D0=
xc59bcac0 "", fflag=3D3, td=3D0xc5c3c220)
    at /usr/local/src/sys/kern/kern_conf.c:349
#20 0xc05150f6 in devfs_ioctl_f (fp=3D0xc6020510, com=3D2147775515, data=3D=
0xc59bcac0, cred=3D0xc626e300,=20
    td=3D0xc5c3c220) at /usr/local/src/sys/fs/devfs/devfs_vnops.c:494
#21 0xc05afd15 in kern_ioctl (td=3D0xc5c3c220, fd=3D6, com=3D2147775515, da=
ta=3D0xc59bcac0 "") at file.h:266
#22 0xc05afe5a in ioctl (td=3D0xc5c3c220, uap=3D0xe805bcfc) at /usr/local/s=
rc/sys/kern/sys_generic.c:570
#23 0xc0780bfc in syscall (frame=3D0xe805bd38) at /usr/local/src/sys/i386/i=
386/trap.c:1008
#24 0xc0768710 in Xint0x80_syscall () at /usr/local/src/sys/i386/i386/excep=
tion.s:196
#25 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) frame 7
#7  0xc0502aff in uhci_device_bulk_done (xfer=3D0xc5ea9600) at /usr/local/s=
rc/sys/dev/usb/uhci.c:1114
1114		pqh =3D uhci_find_prev_qh(sc->sc_bulk_start, sqh);
(kgdb) p sc->sc_bulk_start
$1 =3D (uhci_soft_qh_t *) 0xc5669fc0
(kgdb) p pqh
No symbol "pqh" in current context.
(kgdb) p sqh
No symbol "sqh" in current context.
(kgdb) quit

Script done on Thu Nov 29 23:06:00 2007

Comment 2 Remko Lodder freebsd_committer

2007-11-30 18:02:37 UTC

Responsible Changed
From-To: freebsd-bugs->freebsd-usb

The dump tells me something 'uhci' related. Could the USB team look into 
that please?

Comment 3 Eugene Grosbein freebsd_committer

2017-03-11 19:25:13 UTC

The ppp(4) driver in 7.0 was not SMP-safe and lead to crashes. It was later removed and does not exist in any supported FreeBSD branch.