From owner-freebsd-current@FreeBSD.ORG Sun Nov 27 03:12:24 2005 Return-Path: X-Original-To: current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C27E16A41F for ; Sun, 27 Nov 2005 03:12:24 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id D1A3A43D45 for ; Sun, 27 Nov 2005 03:12:23 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.3/8.13.3) with ESMTP id jAR3CMjv079476 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 27 Nov 2005 06:12:22 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.3/8.13.1/Submit) id jAR3CL6k079475 for current@FreeBSD.org; Sun, 27 Nov 2005 06:12:22 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Sun, 27 Nov 2005 06:12:21 +0300 From: Gleb Smirnoff To: current@FreeBSD.org Message-ID: <20051127031221.GX25711@cell.sick.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.6i Cc: Subject: panic on kldunload X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Nov 2005 03:12:24 -0000 Today running 'kldunload ng_netflow' I have experienced the following panic: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 01 fault virtual address = 0x15 fault code = supervisor read, page not present instruction pointer = 0x20:0xc06568cd stack pointer = 0x28:0xe889fbcc frame pointer = 0x28:0xe889fbec code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 91858 (kldunload) trap number = 12 panic: page fault cpuid = 1 Uptime: 15h36m21s Dumping 1023 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 1023MB (261856 pages) 1007 991 975 959 (CTRL-C to abort) 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 #0 doadump () at pcpu.h:165 During symbol reading, Incomplete CFI data; unspecified registers at 0xc051f7c2. #1 0xc051fe2f in boot (howto=0x104) at /usr/src/sys/kern/kern_shutdown.c:399 #2 0xc052020e in panic (fmt=0xc06d69b8 "%s") at /usr/src/sys/kern/kern_shutdown.c:555 #3 0xc06af7b1 in trap_fatal (frame=0xe889fb8c, eva=0x0) at /usr/src/sys/i386/i386/trap.c:831 #4 0xc06af46f in trap_pfault (frame=0xe889fb8c, usermode=0x0, eva=0x15) at /usr/src/sys/i386/i386/trap.c:742 #5 0xc06aeff9 in trap (frame= {tf_fs = 0xc8d20008, tf_es = 0xe8890028, tf_ds = 0xc0540028, tf_edi = 0xc0c61960, tf_esi = 0xc0c6c8c0, tf_ebp = 0xe889fbec, tf_isp = 0xe889fbb8, tf_ebx = 0x1, tf_edx = 0xc0c6c8c8, tf_ecx = 0x0, tf_eax = 0x18, tf_trapno = 0xc, tf_err = 0x0, tf_eip = 0xc06568cd, tf_cs = 0x20, tf_eflags = 0x10202, tf_esp = 0x0, tf_ss = 0xe889fc10}) at /usr/src/sys/i386/i386/trap.c:432 #6 0xc069a5aa in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #7 0xc06568cd in uma_zfree_internal (zone=0xc0c61960, item=0xcc763c00, udata=0x0, skip=SKIP_DTOR, flags=0x3) at /usr/src/sys/vm/uma_core.c:2465 #8 0xc06567c5 in uma_zfree_arg (zone=0xc0c61960, item=0xcc763c00, udata=0x0) at /usr/src/sys/vm/uma_core.c:2420 #9 0xc0512474 in malloc_uninit (data=0xcc742300) at uma.h:303 #10 0xc050cfb3 in linker_file_sysuninit (lf=0x18) at /usr/src/sys/kern/kern_linker.c:238 #11 0xc050d845 in linker_file_unload (file=0xc9238000, flags=0x0) at /usr/src/sys/kern/kern_linker.c:539 #12 0xc050e104 in kern_kldunload (td=0xc9238000, fileid=0x18, flags=0x18) at /usr/src/sys/kern/kern_linker.c:828 #13 0xc050e1ac in kldunloadf (td=0x18, uap=0xc0c6c8c8) at /usr/src/sys/kern/kern_linker.c:858 #14 0xc06afb6d in syscall (frame= {tf_fs = 0x3b, tf_es = 0x3b, tf_ds = 0x3b, tf_edi = 0x3, tf_esi = 0xbfbfed06, tf_ebp = 0xbfbfebd8, tf_isp = 0xe889fd64, tf_ebx = 0x1, tf_edx = 0xbfbfed06, tf_ecx = 0x1, tf_eax = 0x1bc, tf_trapno = 0xc, tf_err = 0x2, tf_eip = 0xe4b65eb, tf_cs = 0x33, tf_eflags = 0x246, tf_esp = 0xbfbfe76c, tf_ss = 0x3b}) at /usr/src/sys/i386/i386/trap.c:976 #15 0xc069a5ff in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200 What I can't understand here, is why did it panic?! Looking at frame 7 I see a valid pointer and a cast: (kgdb) frame 7 #7 0xc06568cd in uma_zfree_internal (zone=0xc0c61960, item=0xcc763c00, udata=0x0, skip=SKIP_DTOR, flags=0x3) at /usr/src/sys/vm/uma_core.c:2465 2465 slab = (uma_slab_t)mem; (kgdb) list 2460 mem = (u_int8_t *)((unsigned long)item & (~UMA_SLAB_MASK)); 2461 if (keg->uk_flags & UMA_ZONE_HASH) 2462 slab = hash_sfind(&keg->uk_hash, mem); 2463 else { 2464 mem += keg->uk_pgoff; 2465 slab = (uma_slab_t)mem; 2466 } 2467 } else { 2468 slab = (uma_slab_t)udata; 2469 } (kgdb) p mem $9 = (u_int8_t *) 0xc0c6c8c8 "¤/qÀ LnÀs5nÀ" (kgdb) p slab $10 = 0x0 (kgdb) p *(uma_slab_t)mem $11 = { us_head = { us_keg = 0xc0712fa4, us_type = { _us_link = { le_next = 0xc06e4c20, le_prev = 0xc06e3573 }, _us_size = 0xc06e4c20 }, us_hlink = { sle_next = 0x430000 }, us_data = 0x0, us_flags = 0x0, us_freecount = 0x0, us_firstfree = 0x0 }, us_freelist = {{ us_item = 0x0 }} } (kgdb) The panic happened on 6.0-STABLE, but I don't think it isn't applicable to CURRENT. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE