129316 – [sio] [panic] kernel panic (pcpu.h:195; support.s:499)

Bug 129316 - [sio] [panic] kernel panic (pcpu.h:195; support.s:499)

Summary: [sio] [panic] kernel panic (pcpu.h:195; support.s:499)

Status:	Open

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	7.0-RELEASE
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:	crash

Depends on:
Blocks:

Reported:	2008-11-30 23:00 UTC by Denis
Modified:	2022-10-17 12:17 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Denis 2008-11-30 23:00:05 UTC

Problem occurs probably because of malfunction of sio subsystem with NetMos NM9845 Quad UART.

Backtrace and other potentially needed information below.

# kgdb kernel.debug /log/crash/vmcore.4
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address   = 0x14
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc082e6e6
stack pointer           = 0x28:0xf13fdc20
frame pointer           = 0x28:0xf13fdc50
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 35 (swi0: sio)
trap number             = 12
panic: page fault
cpuid = 1
Uptime: 3h40m37s
Physical memory: 503 MB
Dumping 126 MB: 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:195
195             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt
#0  doadump () at pcpu.h:195
#1  0xc0667823 in boot (howto=260) at ../../../kern/kern_shutdown.c:409
#2  0xc0667ae9 in panic (fmt=Variable "fmt" is not available.
) at ../../../kern/kern_shutdown.c:563
#3  0xc083051c in trap_fatal (frame=0xf13fdbe0, eva=20) at ../../../i386/i386/trap.c:899
#4  0xc0830780 in trap_pfault (frame=0xf13fdbe0, usermode=0, eva=20) at ../../../i386/i386/trap.c:812
#5  0xc0831139 in trap (frame=0xf13fdbe0) at ../../../i386/i386/trap.c:490
#6  0xc0817f9b in calltrap () at ../../../i386/i386/exception.s:139
#7  0xc082e6e6 in generic_bcopy () at ../../../i386/i386/support.s:498
Previous frame inner to this frame (corrupt stack?)
(kgdb) list 0xc082e6e6
Function "0xc082e6e6" not defined.
(kgdb) list *0xc082e6e6
0xc082e6e6 is at ../../../i386/i386/support.s:499.
494             cmpl    %ecx,%eax                       /* overlapping && src < dst? */
495             jb      1f
496
497             shrl    $2,%ecx                         /* copy by 32-bit words */
498             cld                                     /* nope, copy forwards */
499             rep
500             movsl
501             movl    20(%esp),%ecx
502             andl    $3,%ecx                         /* any bytes left? */
503             rep
(kgdb)


# cat /var/run/dmesg.boot
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ (2010.32-MHz 686-class CPU)
  Origin = "AuthenticAMD"  Id = 0x40fb2  Stepping = 2
  Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
  Features2=0x2001<SSE3,CX16>
  AMD Features=0xea500800<SYSCALL,NX,MMX+,FFXSR,RDTSCP,LM,3DNow!+,3DNow!>
  AMD Features2=0x1f<LAHF,CMP,SVM,ExtAPIC,CR8>
  Cores per package: 2
real memory  = 536805376 (511 MB)
avail memory = 514695168 (490 MB)
ACPI APIC Table: <Nvidia AWRDACPI>
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP): APIC ID:  1
<<<< skip >>>>
puc0: <NetMos NM9845 Quad UART and 1284 Printer port> port 0xb400-0xb407,0xb000-0xb007,0xac00-0xac07,0xa800-0xa807,0xa400-0xa407,0xa000-0xa00f irq 18 at device 10.0 on pci1
puc0: [FILTER]
sio0 on puc0
sio0: type 16550A
sio0: [FILTER]
sio1 on puc0
sio1: type 16550A
sio1: [FILTER]
sio2 on puc0
sio2: type 16550A
sio2: [FILTER]
sio3 on puc0
sio3: type 16550A
sio3: [FILTER]
ppc0: <Parallel port> on puc0
ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode


# pciconf -l
none0@pci0:0:0:0:       class=0x050000 card=0xcb8410de chip=0x036910de rev=0xa1 hdr=0x00
isab0@pci0:0:1:0:       class=0x060100 card=0x34051565 chip=0x036310de rev=0xa2 hdr=0x00
none1@pci0:0:1:1:       class=0x0c0500 card=0x34051565 chip=0x036810de rev=0xa2 hdr=0x00
none2@pci0:0:1:2:       class=0x050000 card=0x34051565 chip=0x036a10de rev=0xa2 hdr=0x00
ohci0@pci0:0:2:0:       class=0x0c0310 card=0x34051565 chip=0x036c10de rev=0xa1 hdr=0x00
ehci0@pci0:0:2:1:       class=0x0c0320 card=0x34051565 chip=0x036d10de rev=0xa2 hdr=0x00
atapci0@pci0:0:4:0:     class=0x01018a card=0x34051565 chip=0x036e10de rev=0xa1 hdr=0x00
atapci1@pci0:0:5:0:     class=0x010185 card=0x54031565 chip=0x037f10de rev=0xa2 hdr=0x00
atapci2@pci0:0:5:1:     class=0x010185 card=0x54031565 chip=0x037f10de rev=0xa2 hdr=0x00
pcib1@pci0:0:6:0:       class=0x060401 card=0x00000000 chip=0x037010de rev=0xa2 hdr=0x01
none3@pci0:0:6:1:       class=0x040300 card=0x820a1565 chip=0x037110de rev=0xa2 hdr=0x00
nfe0@pci0:0:8:0:        class=0x068000 card=0x25031565 chip=0x037310de rev=0xa2 hdr=0x00
pcib2@pci0:0:11:0:      class=0x060400 card=0x000010de chip=0x037410de rev=0xa2 hdr=0x01
pcib3@pci0:0:12:0:      class=0x060400 card=0x000010de chip=0x037410de rev=0xa2 hdr=0x01
pcib4@pci0:0:13:0:      class=0x060400 card=0x000010de chip=0x037810de rev=0xa2 hdr=0x01
pcib5@pci0:0:14:0:      class=0x060400 card=0x000010de chip=0x037510de rev=0xa2 hdr=0x01
pcib6@pci0:0:15:0:      class=0x060400 card=0x000010de chip=0x037710de rev=0xa2 hdr=0x01
hostb0@pci0:0:24:0:     class=0x060000 card=0x00000000 chip=0x11001022 rev=0x00 hdr=0x00
hostb1@pci0:0:24:1:     class=0x060000 card=0x00000000 chip=0x11011022 rev=0x00 hdr=0x00
hostb2@pci0:0:24:2:     class=0x060000 card=0x00000000 chip=0x11021022 rev=0x00 hdr=0x00
hostb3@pci0:0:24:3:     class=0x060000 card=0x00000000 chip=0x11031022 rev=0x00 hdr=0x00
vgapci0@pci0:1:7:0:     class=0x030000 card=0x8a015333 chip=0x8a015333 rev=0x01 hdr=0x00
rl0@pci0:1:8:0: class=0x020000 card=0x813910ec chip=0x813910ec rev=0x10 hdr=0x00
vr0@pci0:1:9:0: class=0x020000 card=0x14051186 chip=0x31061106 rev=0x86 hdr=0x00
puc0@pci0:1:10:0:       class=0x070002 card=0x00041000 chip=0x98459710 rev=0x01 hdr=0x00

Kernel options:
options         SMP
options         SCHED_4BSD
options         PREEMPTION
options         IPFIREWALL
options         IPFIREWALL_FORWARD
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=5
options         IPDIVERT
options         IPFILTER
options         DUMMYNET
options         MSIZE=256
options         TTYHOG=4096
options         DEVICE_POLLING
options         HZ=1000
options         GEOM_MIRROR
options         NETGRAPH
options         NETGRAPH_SOCKET
options         NETGRAPH_IFACE
options         NETGRAPH_PPP
options         NETGRAPH_BPF
options         NETGRAPH_VJC
options         NETGRAPH_KSOCKET
device          acpi
device          puc

How-To-Repeat: Use NetMos NM9845 Quad UART as multiport for dial-in server.

Comment 1 Kris Kennaway freebsd_committer

2008-11-30 23:22:01 UTC

Denis wrote:

> Previous frame inner to this frame (corrupt stack?)

Unfortunately this means that no useful information was captured.

Kris

Comment 2 Denis 2008-12-01 07:44:10 UTC

I also have another crash dump on that system. Hope it will be more useful.

Fatal trap 12: page fault while in kernel mode
cpuid =3D 1; apic id =3D 01
fault virtual address =3D 0xc5544000
fault code =3D supervisor read, page not present
instruction pointer =3D 0x20:0xc0808e35
stack pointer =3D 0x28:0xe1705bd0
frame pointer =3D 0x28:0xe1705bf4
code segment =3D base rx0, limit 0xfffff, type 0x1b
=3D DPL 0, pres 1, def32 1, gran 1
processor eflags =3D resume, IOPL =3D 0
current process =3D 11 (idle: cpu1)
trap number =3D 12
panic: page fault
cpuid =3D 1
Uptime: 1m27s
Physical memory: 503 MB
Dumping 107 MB: 92 76 60 44 28 12

#0 doadump () at pcpu.h:195
195 __asm __volatile("movl %%fs:0,%0" : "=3Dr" (td));
(kgdb) bt
#0 doadump () at pcpu.h:195
#1 0xc0667823 in boot (howto=3D260) at ../../../kern/kern_shutdown.c:409
#2 0xc0667ae9 in panic (fmt=3DVariable "fmt" is not available.
) at ../../../kern/kern_shutdown.c:563
#3 0xc083051c in trap_fatal (frame=3D0xe1705b90, eva=3D3310632960) at ../..=
/../i386/i386/trap.c:899
#4 0xc0830eb5 in trap (frame=3D0xe1705b90) at ../../../i386/i386/trap.c:280
#5 0xc0817f9b in calltrap () at ../../../i386/i386/exception.s:139
#6 0xc0808e35 in siointr1 (com=3D0xc472c400) at ../../../dev/sio/sio.c:1617
#7 0xc080a530 in siointr (arg=3D0xc472c400) at ../../../dev/sio/sio.c:1392
#8 0xc081ca3c in intr_execute_handlers (isrc=3D0xc46002c8, frame=3D0xe1705c=
5c) at ../../../i386/i386/intr_machdep.c:364
#9 0xc081fe2f in lapic_handle_intr (vector=3D57, frame=3D0xe1705c5c) at ../=
../../i386/i386/local_apic.c:641
#10 0xc0818364 in Xapic_isr1 () at apic_vector.s:90
#11 0xc080f3a5 in acpi_cpu_c1 () at ../../../i386/acpica/acpi_machdep.c:550
#12 0xc04a4e23 in acpi_cpu_idle () at ../../../dev/acpica/acpi_cpu.c:939
#13 0xc0822468 in cpu_idle () at ../../../i386/i386/machdep.c:1181
#14 0xc0683a95 in sched_idletd (dummy=3D0x0) at ../../../kern/sched_4bsd.c:=
1377
#15 0xc0646997 in fork_exit (callout=3D0xc0683a80 <sched_idletd>, arg=3D0x0=
, frame=3D0xe1705d38) at ../../../kern/kern_fork.c:781
#16 0xc0818010 in fork_trampoline () at ../../../i386/i386/exception.s:205
(kgdb) list *0xc0808e35
0xc0808e35 is in siointr1 (cpufunc.h:270).
265 * This make a large difference for gcc-1.40 and a tiny difference
266 * for gcc-2.6.0. For gcc-1.40, al had to be ``asm("ax")'' for
267 * best results. gcc-2.6.0 can't handle this.
268 */
269 al =3D data;
270 __asm __volatile("outb %0,%%dx" : : "a" (al), "d" (port));
271 }
272
273 static __inline void
274 outl(u_int port, u_int data)
(kgdb)

-- =F0=E5=EA=EB=E0=EC=E0 --------------------------------------------------=
---------
=C4=EE=EC=E5=ED =C1=C5=D1=CF=CB=C0=D2=CD=CE!
=D1 =F5=EE=F1=F2=E8=ED=E3-=EF=EB=E0=ED=EE=EC =ED=E0 http://www.hostpro.ua

Comment 3 Denis 2008-12-12 20:05:59 UTC

Recompiling kernel without sio but with uart changes nothing. Replacing Net=
Mos by MOXA multiport card also changes nothing. But recompiling kernel wit=
hout SMP changed time between panics from 6-12 hours to 1-1,5 weeks. But pa=
nic still occurs with
#0 doadump () at pcpu.h:195
195 __asm __volatile("movl %%fs:0,%0" : "=3Dr" (td));
and corrupted stack. So, seems that problem is not in sio.

-- =F0=E5=EA=EB=E0=EC=E0 --------------------------------------------------=
---------
=CA=EB=E0=F1=F2=E5=F0=ED=FB=E9 =F5=EE=F1=F2=E8=ED=E3 =EE=F2 http://www.host=
pro.ua
2 =EC=E5=F1=FF=F6=E0 =E1=E5=F1=EF=EB=E0=F2=ED=EE + =E4=EE=EC=E5=ED =E2 =EF=
=EE=E4=E0=F0=EE=EA.

Comment 4 Eitan Adler freebsd_committer

2017-12-31 07:59:25 UTC

For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped

Comment 5 Graham Perrin freebsd_committer

2022-10-17 12:17:40 UTC

Keyword: 

    crash

– in lieu of summary line prefix: 

    [panic]

* bulk change for the keyword
* summary lines may be edited manually (not in bulk). 

Keyword descriptions and search interface: 

    <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>