Bug 153175 - [amd64] Kernel Panic on only FreeBSD 8 amd64
Summary: [amd64] Kernel Panic on only FreeBSD 8 amd64
Status: Closed Overcome By Events
Alias: None
Product: Base System
Classification: Unclassified
Component: amd64 (show other bugs)
Version: Unspecified
Hardware: Any Any
: Normal Affects Only Me
Assignee: Mark Linimon
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-12-15 11:30 UTC by Dmitry Rybin
Modified: 2018-05-31 15:38 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dmitry Rybin 2010-12-15 11:30:11 UTC 
I have several DNS servers on FreeBSD 8.1, FreeBSD 7.3 runs on vmware ESXi or as host system.

I Use powerdns-recursor 3.2 (with threads) and isc-bins 9.6, 9.7 (with threads).

FreeBSD 7.3-amd64 works well, but ALL FreeBSD 8.x-amd64 reboot with kernel panic in the interval from some hours to some months.

$ kgdb kernel.debug /var/crash/vmcore.1
Fatal trap 12: page fault while in kernel mode
cpuid = 4; apic id = 04
fault virtual address   = 0xb801
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff806aeb0c
stack pointer           = 0x28:0xffffff8000185920
frame pointer           = 0x28:0xffffff8000185930
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (em0 taskq)
trap number             = 12
panic: page fault
cpuid = 4
Uptime: 50d10h58m27s
Physical memory: 4081 MB
Dumping 1715 MB:

Fatal trap 12: page fault while in kernel mode
cpuid = 5; apic id = 05
fault virtual address   = 0xb801
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff806aeb0c
stack pointer           = 0x28:0xffffff800007c840
frame pointer           = 0x28:0xffffff800007c850
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 12 (swi4: clock)
trap number             = 12
 1700 1684 1668 1652 1636 1620 1604 1588 1572 1556 1540 1524 1508 1492 1476 1460 1444 1428 1412 1396 1380 1364 1348 1332 1316 1300 1284 1268 1252 1236 1220 1204 1188 1172 1156 1140 1124 1108 1092 1076 1060 1044 1028 1012 996 980 964 948 932 916 900 884 868 852 836 820 804 788 772 756 740 724 708 692 676 660 644 628 612 596 580 564 548 532 516 500 484 468 452 436 420 404 388 372 356 340 324 308 292 276 260 244 228 212 196 180 164 148 132 116 100 84 68 52 36 20 4

Reading symbols from /boot/modules/vmmemctl.ko...done.
Loaded symbols for /boot/modules/vmmemctl.ko
#0  doadump () at pcpu.h:224
224             __asm("movq %%gs:0,%0" : "=r" (td));
(kgdb) backtrace
#0  doadump () at pcpu.h:224
#1  0xffffffff805acb2e in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:416
#2  0xffffffff805acf3c in panic (fmt=0x0) at /usr/src/sys/kern/kern_shutdown.c:590
#3  0xffffffff808a9b0d in trap_fatal (frame=0xffffffff80c56c20, eva=Variable "eva" is not available.
)
    at /usr/src/sys/amd64/amd64/trap.c:777
#4  0xffffffff808a9ecf in trap_pfault (frame=0xffffff8000185870, usermode=0)
    at /usr/src/sys/amd64/amd64/trap.c:693
#5  0xffffffff808aa6e2 in trap (frame=0xffffff8000185870) at /usr/src/sys/amd64/amd64/trap.c:451
#6  0xffffffff8088f7b4 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:224
#7  0xffffffff806aeb0c in in_broadcast (in={s_addr = 420128960}, ifp=Variable "ifp" is not available.
)
    at /usr/src/sys/netinet/in.c:1220
#8  0xffffffff807438d8 in udp_input (m=0xffffff006e8cee00, off=Variable "off" is not available.
)
    at /usr/src/sys/netinet/udp_usrreq.c:472
#9  0xffffffff806cc8ff in ip_input (m=0xffffff006e8cee00) at /usr/src/sys/netinet/ip_input.c:793
#10 0xffffffff8066699e in netisr_dispatch_src (proto=1, source=Variable "source" is not available.
) at /usr/src/sys/net/netisr.c:917
#11 0xffffffff8065cdcd in ether_demux (ifp=0xffffff000150b800, m=0xffffff006e8cee00)
    at /usr/src/sys/net/if_ethersubr.c:901
#12 0xffffffff8065d197 in ether_input (ifp=0xffffff000150b800, m=0xffffff006e8cee00)
    at /usr/src/sys/net/if_ethersubr.c:760
#13 0xffffffff80335b02 in lem_handle_rxtx (context=Variable "context" is not available.
) at /usr/src/sys/dev/e1000/if_lem.c:3626
#14 0xffffffff805ea0d4 in taskqueue_run (queue=0xffffff000175d600)
    at /usr/src/sys/kern/subr_taskqueue.c:239
#15 0xffffffff805ea346 in taskqueue_thread_loop (arg=Variable "arg" is not available.
) at /usr/src/sys/kern/subr_taskqueue.c:360
#16 0xffffffff80583968 in fork_exit (callout=0xffffffff805ea300 <taskqueue_thread_loop>, 
    arg=0xffffff80004bb838, frame=0xffffff8000185c80) at /usr/src/sys/kern/kern_fork.c:844
#17 0xffffffff8088fc8e in fork_trampoline () at /usr/src/sys/amd64/amd64/exception.S:566
#18 0x0000000000000000 in ?? ()
#19 0x0000000000000000 in ?? ()
#20 0x0000000000000000 in ?? ()
#21 0x0000000000000000 in ?? ()
#22 0x0000000000000000 in ?? ()
#23 0x0000000000000000 in ?? ()
#24 0x0000000000000000 in ?? ()
#25 0x0000000000000000 in ?? ()
#26 0x0000000000000000 in ?? ()
#27 0x0000000000000000 in ?? ()
#28 0x0000000000000000 in ?? ()
#29 0x0000000000000000 in ?? ()
#30 0x0000000000000000 in ?? ()
#31 0x0000000000000000 in ?? ()
#32 0x0000000000000000 in ?? ()
#33 0x0000000000000000 in ?? ()
#34 0x0000000000000000 in ?? ()
#35 0x0000000000000000 in ?? ()
#36 0x0000000000000000 in ?? ()
#37 0x0000000000000000 in ?? ()
#38 0x0000000000000000 in ?? ()
#39 0x0000000000000000 in ?? ()
#40 0x0000000000000000 in ?? ()
#41 0x0000000000000000 in ?? ()
#42 0x0000000000ec1000 in ?? ()
#43 0x0000000000000000 in ?? ()
#44 0xffffff0001810000 in ?? ()
#45 0xffffffff80c60d40 in affinity ()
#46 0xffffff00014fc3e0 in ?? ()
#47 0xffffff80001854d0 in ?? ()
#48 0xffffff8000185488 in ?? ()
#49 0xffffff0001810000 in ?? ()
#50 0xffffffff805d0eca in sched_switch (td=0xffffff80004bb838, newtd=0xffffffff805ea300, flags=Variable "flags" is not available.
)
    at /usr/src/sys/kern/sched_ule.c:1844
Previous frame inner to this frame (corrupt stack?)

Changes from original system:
====
/boot/loader.conf 
kern.maxdsiz="4G"
kern.dfldsiz="4G"
kern.maxssiz="512M"
vmxnet_load="YES"
====
/etc/sysctl.conf 
security.bsd.see_other_uids=0
net.inet.icmp.icmplim=2000
kern.ipc.nmbclusters=100000
kern.ipc.maxsockbuf=10485760
kern.maxfiles=131072
kern.maxfilesperproc=32768
net.inet.tcp.nolocaltimewait=1
====
to KERNEL add
options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=100
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         IPFIREWALL_FORWARD
options         IPDIVERT
options         IPSTEALTH
options         DUMMYNET
options         ZERO_COPY_SOCKETS
====

Fix: 

Run i386
How-To-Repeat: Install FreeBSD 8 amd64 on server or virtual server, runs heavy loaded DNS servers on it.
Comment 1 Dmitry Rybin 2011-01-31 07:41:25 UTC 
kgdb /usr/obj/usr/src/sys/MOONRAKER/kernel.debug /var/crash/vmcore.0
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Fatal trap 12: page fault while in kernel mode
cpuid = 4; apic id = 04
fault virtual address   = 0xb801
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff806aeb0c
stack pointer           = 0x28:0xffffff8000185920
frame pointer           = 0x28:0xffffff8000185930
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (em0 taskq)
trap number             = 12
panic: page fault
cpuid = 4
Uptime: 8d3h32m20s
Physical memory: 4081 MB
Dumping 1688 MB: 1673 1657 1641 1625 1609 1593 1577 1561 1545 1529
1513 1497 1481 1465 1449 1433 1417 1401 1385 1369 1353 1337 1321 1305
1289 1273 1257 1241 1225 1209 1193 1177 1161 1145 1129 1113 1097 1081
1065 1049 1033 1017 1001 985 969 953 937 921 905 889 873 857 841 825
809 793 777 761 745 729 713 697 681 665 649 633 617 601 585 569 553
537 521 505 489 473 457 441 425 409 393 377 361 345 329 313 297 281
265 249 233 217 201 185 169 153 137 121 105 89 73 57 41 25 9


Reading symbols from /boot/modules/vmxnet.ko...done.
Loaded symbols for /boot/modules/vmxnet.ko
Reading symbols from /boot/modules/vmmemctl.ko...done.
Loaded symbols for /boot/modules/vmmemctl.ko
#0  doadump () at pcpu.h:224
224     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) list *0xffffffff806aeb0c
0xffffffff806aeb0c is in in_broadcast (/usr/src/sys/netinet/in.c:1221).
1216             * Look through the list of addresses for a match
1217             * with a broadcast address.
1218             */
1219    #define ia ((struct in_ifaddr *)ifa)
1220            TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link)
1221                    if (ifa->ifa_addr->sa_family == AF_INET &&
1222                        (in.s_addr == ia->ia_broadaddr.sin_addr.s_addr ||
1223                         in.s_addr == ia->ia_netbroadcast.s_addr ||
1224                         /*
1225                          * Check for old-style (host 0) broadcast.

(kgdb) backtrace
#0  doadump () at pcpu.h:224
#1  0xffffffff805acb2e in boot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:416
#2  0xffffffff805acf3c in panic (fmt=0x0) at
/usr/src/sys/kern/kern_shutdown.c:590
#3  0xffffffff808a9b0d in trap_fatal (frame=0xffffffff80c56c20,
eva=Variable "eva" is not available.
)
    at /usr/src/sys/amd64/amd64/trap.c:777
#4  0xffffffff808a9ecf in trap_pfault (frame=0xffffff8000185870, usermode=0)
    at /usr/src/sys/amd64/amd64/trap.c:693
#5  0xffffffff808aa6e2 in trap (frame=0xffffff8000185870) at
/usr/src/sys/amd64/amd64/trap.c:451
#6  0xffffffff8088f7b4 in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:224
#7  0xffffffff806aeb0c in in_broadcast (in={s_addr = 420325568},
ifp=Variable "ifp" is not available.
) at /usr/src/sys/netinet/in.c:1220
#8  0xffffffff807438d8 in udp_input (m=0xffffff008e9a5c00,
off=Variable "off" is not available.
) at /usr/src/sys/netinet/udp_usrreq.c:472
#9  0xffffffff806cc8ff in ip_input (m=0xffffff008e9a5c00) at
/usr/src/sys/netinet/ip_input.c:793
#10 0xffffffff8066699e in netisr_dispatch_src (proto=1,
source=Variable "source" is not available.
) at /usr/src/sys/net/netisr.c:917
#11 0xffffffff8065cdcd in ether_demux (ifp=0xffffff000150b800,
m=0xffffff008e9a5c00)
    at /usr/src/sys/net/if_ethersubr.c:901
#12 0xffffffff8065d197 in ether_input (ifp=0xffffff000150b800,
m=0xffffff008e9a5c00)
    at /usr/src/sys/net/if_ethersubr.c:760
#13 0xffffffff80335b02 in lem_handle_rxtx (context=Variable "context"
is not available.
) at /usr/src/sys/dev/e1000/if_lem.c:3626
#14 0xffffffff805ea0d4 in taskqueue_run (queue=0xffffff0001760400)
    at /usr/src/sys/kern/subr_taskqueue.c:239
#15 0xffffffff805ea346 in taskqueue_thread_loop (arg=Variable "arg" is
not available.
) at /usr/src/sys/kern/subr_taskqueue.c:360
#16 0xffffffff80583968 in fork_exit (callout=0xffffffff805ea300
<taskqueue_thread_loop>,
    arg=0xffffff80004be838, frame=0xffffff8000185c80) at
/usr/src/sys/kern/kern_fork.c:844
#17 0xffffffff8088fc8e in fork_trampoline () at
/usr/src/sys/amd64/amd64/exception.S:566
#18 0x0000000000000000 in ?? ()
#19 0x0000000000000000 in ?? ()
#20 0x0000000000000000 in ?? ()
#21 0x0000000000000000 in ?? ()
#22 0x0000000000000000 in ?? ()
#23 0x0000000000000000 in ?? ()
#24 0x0000000000000000 in ?? ()
#25 0x0000000000000000 in ?? ()
#26 0x0000000000000000 in ?? ()
#27 0x0000000000000000 in ?? ()
#28 0x0000000000000000 in ?? ()
#29 0x0000000000000000 in ?? ()
#30 0x0000000000000000 in ?? ()
#31 0x0000000000000000 in ?? ()
#32 0x0000000000000000 in ?? ()
#33 0x0000000000000000 in ?? ()
#34 0x0000000000000000 in ?? ()
#35 0x0000000000000000 in ?? ()
#36 0x0000000000000000 in ?? ()
#37 0x0000000000000000 in ?? ()
#38 0x0000000000000000 in ?? ()
#39 0x0000000000000000 in ?? ()
#40 0x0000000000000000 in ?? ()
#41 0x0000000000000000 in ?? ()
#42 0x0000000000ec6000 in ?? ()
#43 0x0000000000000000 in ?? ()
#44 0xffffff0001812000 in ?? ()
#45 0xffffffff80c60d40 in affinity ()
#46 0xffffff00014fc3e0 in ?? ()
#47 0xffffff80001854d0 in ?? ()
#48 0xffffff8000185488 in ?? ()
#49 0xffffff0001812000 in ?? ()
#50 0xffffffff805d0eca in sched_switch (td=0xffffff80004be838,
newtd=0xffffffff805ea300, flags=Variable "flags" is not available.
)
    at /usr/src/sys/kern/sched_ule.c:1844
Previous frame inner to this frame (corrupt stack?)
(kgdb)
Comment 2 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 08:00:20 UTC 
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped
Comment 3 Mark Linimon freebsd_committer freebsd_triage 2018-05-31 15:38:51 UTC 
Unfortunately this PR was never addressed before these versions of FreeBSD went out of support.  Sorry.

If this is still a problem, please open a new PR.  Thanks.