From owner-freebsd-current@FreeBSD.ORG  Sat Sep  4 04:57:31 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D72CF16A4CE
	for <current@freebsd.org>; Sat,  4 Sep 2004 04:57:31 +0000 (GMT)
Received: from creme-brulee.marcuscom.com
	(rrcs-midsouth-24-172-16-118.biz.rr.com [24.172.16.118])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 604DC43D46
	for <current@freebsd.org>; Sat,  4 Sep 2004 04:57:31 +0000 (GMT)
	(envelope-from marcus@marcuscom.com)
Received: from [192.168.1.4] (shumai.marcuscom.com [192.168.1.4])
	i844svYj058789
	for <current@freebsd.org>; Sat, 4 Sep 2004 00:54:57 -0400 (EDT)
	(envelope-from marcus@marcuscom.com)
From: Joe Marcus Clarke <marcus@marcuscom.com>
To: current@freebsd.org
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="=-0FvFg+w190Eiuuw8xz09"
Organization: MarcusCom, Inc.
Message-Id: <1094273843.92485.11.camel@shumai.marcuscom.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6 
Date: Sat, 04 Sep 2004 00:57:24 -0400
X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=ham 
	version=2.64
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on 
	creme-brulee.marcuscom.com
Subject: Kernel panic in 6.0 revisited
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Sep 2004 04:57:32 -0000


--=-0FvFg+w190Eiuuw8xz09
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

A few days ago, I reported a kernel panic in HEAD while building
packages on my tinderbox machine.  I was unable to get a core dump fro
that crash, and after switching from ULE to 4BSD, I had thought it had
gone away.

Well, today, the machine panicked twice.  It was the same panic both
times, and the same panic I got a few days ago.  This time, however, I
was able to get a core dump.  Here is the panic message:

Fatal trap 12: page fault while in kernel mode
cpuid =3D 0; apic id =3D 00
fault virtual address   =3D 0x1c
fault code              =3D supervisor write, page not present
instruction pointer     =3D 0x8:0xc0533d07
stack pointer           =3D 0x10:0xf5f30a4c
frame pointer           =3D 0x10:0xf5f30a58
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, def32 1, gran 1
processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
current process         =3D 27441 (cpp0)
Stopped at  vfs_vmio_release+0x1b: lock cmpxchgl %ecx,0x1c(%edx)

Here is the full backtrace:

#0  doadump () at pcpu.h:159
No locals.
#1  0xc044790a in db_fncall (dummy1=3D0, dummy2=3D0, dummy3=3D-1067408529, =
dummy4=3D0xf3832640 "l&\203=F3=D4\205`=C0X&\203=F3\\&\203=F3\220\a") at /us=
r/src/sys/ddb/db_command.c:531
        fn_addr =3D -1068568116
        args =3D {0 <repeats 11 times>}
        nargs =3D 11
        retval =3D 0
        func =3D (fcn_10args_t *) 0xc04ef1cc <doadump>
        t =3D 0
#2  0xc0447718 in db_command (last_cmdp=3D0xc06aa344, cmd_table=3D0x0, aux_=
cmd_tablep=3D0xc0678980, aux_cmd_tablep_end=3D0xc0678984) at /usr/src/sys/d=
db/db_command.c:349
        cmd =3D (struct command *) 0xc067e7c0
        t =3D 0
        modif =3D "l&\203=F3=D4\205`=C0X&\203=F3\\&\203=F3\220\a\000\000\22=
0\a\000\000=CF\a\000\000\000\000\000\000\000|m=C0\r\000\000\000\000|m=C0\00=
0|m=C0\r\000\000\000\001\000\000\000\230&\203=F3\a\177`=C0\230&\203=F3 \177=
`=C0 Ol=C0=E0=B4k=C0x\000\000\000@=ACj=C0\f\000\000\000=B8&\203=F3|\226D=C0=
_\035f=C0=EC\223D=C0\f\000\000\000@=ACj=C0\236\213D=C0"
        addr =3D 0
        count =3D -1067408529
        have_addr =3D 0
        result =3D 0
#3  0xc04477e0 in db_command_loop () at /usr/src/sys/ddb/db_command.c:455
No locals.
#4  0xc0449359 in db_trap (type=3D12, code=3D0) at /usr/src/sys/ddb/db_main=
.c:221
        jb =3D {{_jb =3D {-209508616, -209508636, -209508564, -209508396, 1=
2, -1069247758, 12, -209508540, -1068464337, -1066976222, -1068464204, -209=
508560}}}
        prev_jb =3D (void *) 0x0
        bkpt =3D 0
#5  0xc0506cb7 in kdb_trap (type=3D12, code=3D0, tf=3D0x1) at /usr/src/sys/=
kern/subr_kdb.c:418
        did_stop_cpus =3D 1
        handled =3D -209508396
#6  0xc06239c1 in trap_fatal (frame=3D0xf38327d4, eva=3D28) at /usr/src/sys=
/i386/i386/trap.c:804
        code =3D 16
        type =3D 12
        ss =3D 16
        esp =3D 0
        softseg =3D {ssd_base =3D 0, ssd_limit =3D 1048575, ssd_type =3D 27=
, ssd_dpl =3D 0, ssd_p =3D 1, ssd_xx =3D 3, ssd_xx1 =3D 3, ssd_def32 =3D 1,=
 ssd_gran =3D 1}
#7  0xc062371f in trap_pfault (frame=3D0xf38327d4, usermode=3D0, eva=3D28) =
at /usr/src/sys/i386/i386/trap.c:727
        va =3D 0
        vm =3D (struct vmspace *) 0x0
        map =3D 0xc308a4b0
        rv =3D 1
        ftype =3D 1 '\001'
        td =3D (struct thread *) 0xc3184420
        p =3D (struct proc *) 0xc35bb380
#8  0xc0623335 in trap (frame=3D{tf_fs =3D -1068629992, tf_es =3D -60162046=
4, tf_ds =3D 1048592, tf_edi =3D -601584980, tf_esi =3D -601584980, tf_ebp =
=3D -209508320, tf_isp =3D -209508352, tf_ebx =3D -601584980, tf_edx =3D 0,=
 tf_ecx =3D -1021819872, tf_eax =3D 4, tf_trapno =3D 12, tf_err =3D 2, tf_e=
ip =3D -1068290701, tf_cs =3D 8, tf_eflags =3D 66050, tf_esp =3D -601584980=
, tf_ss =3D -601584980}) at /usr/src/sys/i386/i386/trap.c:417
        td =3D (struct thread *) 0xc3184420
        p =3D (struct proc *) 0xc35bb380
        sticks =3D 3227240939
        i =3D 0
        ucode =3D 0
        type =3D 12
        code =3D 2
        eva =3D 28
#9  0xc0611c2a in calltrap () at /usr/src/sys/i386/i386/exception.s:140
No locals.
#10 0xc04e0018 in ktrnamei (path=3D0xdc248aac "\002") at /usr/src/sys/kern/=
kern_ktrace.c:372
        req =3D (struct ktr_request *) 0x0
        namelen =3D -601584980
        buf =3D 0xdc248aac "\002"
#11 0xc05335d2 in getnewbuf (slpflag=3D0, slptimeo=3D0, size=3D2048, maxsiz=
e=3D16384) at /usr/src/sys/kern/vfs_bio.c:1886
        qindex =3D 1
        bp =3D (struct buf *) 0xdc248aac
        nbp =3D (struct buf *) 0xdc248aac
        defrag =3D 0
        nqindex =3D 524306
        flushingbufs =3D 0
#12 0xc0534a59 in getblk (vp=3D0xc6f20108, blkno=3D0, size=3D2048, slpflag=
=3D0, slptimeo=3D0, flags=3D0) at /usr/src/sys/kern/vfs_bio.c:2586
        bsize =3D 16384
        maxsize =3D 0
        vmio =3D 1
        offset =3D Unhandled dwarf expression opcode 0x93

And here is the output of "l *vfs_vmio_release+0x1b":

0xc0533d07 is in vfs_vmio_release (atomic.h:154).
149     static __inline int
150     atomic_cmpset_int(volatile u_int *dst, u_int exp, u_int src)
151     {
152             int res =3D exp;
153
154             __asm __volatile (
155             "       " __XSTRING(MPLOCKED) " "
156             "       cmpxchgl %1,%2 ;        "
157             "       setz    %%al ;          "
158             "       movzbl  %%al,%0 ;       "

Kernel config is at http://www.marcuscom.com/downloads/FUGU.kernel and
the dmesg output is at http://www.marcuscom.com/downloads/FUGU.dmesg

Let me know if you need anything else.  Thanks.

Joe

--=20
PGP Key : http://www.marcuscom.com/pgp.asc

--=-0FvFg+w190Eiuuw8xz09
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQBBOUszb2iPiv4Uz4cRAlR/AJ97jJx65y8iXRCFjNcS5W94V6AFFQCgpQ2X
XfrUUEAbEwoaXZORKscj2VQ=
=LHCN
-----END PGP SIGNATURE-----

--=-0FvFg+w190Eiuuw8xz09--