Date: Wed, 13 Aug 2003 14:25:21 +0200 (CEST) From: Lukas Ertl <l.ertl@univie.ac.at> To: freebsd-current@freebsd.org Cc: bmilekic@freebsd.org Subject: Re: New panics Message-ID: <20030813142012.I575@korben.in.tern> In-Reply-To: <20030811164918.P224@pcle2.cc.univie.ac.at> References: <20030810221335.G582@korben.in.tern> <20030811164918.P224@pcle2.cc.univie.ac.at>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 11 Aug 2003, Lukas Ertl wrote:
> Closest comes pmap_is_modified, I guess.
Gang,
I gladly managed to get a crashdump on the latest panic. It's now clear
it happends in pmap_is_modified().
This is a "FreeBSD 5.1-CURRENT #18: Tue Aug 12 18:42:23 CEST 2003" kernel,
but with the DISABLE_PSE patch from Bosko (I don't think it has to do with
the patch - the same panic happened before, too).
Following is the DDB backtrace and the bt and bt full from gdb.
Stopped at pmap_is_modified+0x75: testb $0x40,0(%eax)
db> trace
pmap_is_modified(c1d2bb30,0,e19a4b90,c0551956,c1d2bb30) at pmap_is_modified=
+0x75
vm_page_test_dirty(c1d2bb30,40,d2d25f10,c68e7248,d2f93978) at vm_page_test_=
dirty+0x1a
vfs_setdirty(d2f93978,2137000,0,d2f93978,d2f93978) at vfs_setdirty+0x136
vfs_busy_pages(d2f93978,1,d2d71078,0,c40) at vfs_busy_pages+0x3c
bwrite(d2f93978,4000,c3f,0,67380) at bwrite+0x380
vfs_bio_awrite(d2f93978,12,c653a260,c653a260,c653a260) at vfs_bio_awrite+0x=
289
flushbufqueues(0,c06fce40,44,c06a2842,64) at flushbufqueues+0x227
buf_daemon(0,e19a4d48,0,0,0) at buf_daemon+0x13c
fork_exit(c0550e40,0,e19a4d48) at fork_exit+0xb1
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip =3D 0, esp =3D 0xe19a4d7c, ebp =3D 0 ---
Script started on Wed Aug 13 14:17:29 2003
[root@newscore crash]# gdb -k kernel.5 vmcore.5
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you ar=
e
welcome to change it and/or distribute copies of it under certain condition=
s.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic messages:
---
Fatal trap 12: page fault while in kernel mode
cpuid =3D 2; lapic.id =3D 06000000
fault virtual address=09=3D 0xbfcadf10
fault code=09=09=3D supervisor read, page not present
instruction pointer=09=3D 0x8:0xc065eee5
stack pointer=09 =3D 0x10:0xe19a4b44
frame pointer=09 =3D 0x10:0xe19a4b50
code segment=09=09=3D base 0x0, limit 0xfffff, type 0x1b
=09=09=09=3D DPL 0, pres 1, def32 1, gran 1
processor eflags=09=3D interrupt enabled, resume, IOPL =3D 0
current process=09=09=3D 40 (bufdaemon)
Dumping 1023 MB
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 =
336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 608 624=
640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 92=
8 944 960 976 992 1008
---
Reading symbols from /usr/obj/usr/src/sys/NEWSCORE/modules/usr/src/sys/modu=
les/acpi/acpi.ko.debug...done.
Loaded symbols for /usr/obj/usr/src/sys/NEWSCORE/modules/usr/src/sys/module=
s/acpi/acpi.ko.debug
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
240=09=09dumping++;
(kgdb) where
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
#1 0xc04495d5 in db_fncall (dummy1=3D0, dummy2=3D0, dummy3=3D1999,
dummy4=3D0xe19a4928 "=E0Rn=C0=C8\203r=C0DI\232=E1\r")
at /usr/src/sys/ddb/db_command.c:548
#2 0xc0449322 in db_command (last_cmdp=3D0xc06e4980, cmd_table=3D0x0,
aux_cmd_tablep=3D0xc06b5fb8, aux_cmd_tablep_end=3D0xc06b5fbc)
at /usr/src/sys/ddb/db_command.c:346
#3 0xc0449465 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472
#4 0xc044c485 in db_trap (type=3D12, code=3D0) at /usr/src/sys/ddb/db_trap=
=2Ec:73
#5 0xc064780c in kdb_trap (type=3D12, code=3D0, regs=3D0xe19a4b04)
at /usr/src/sys/i386/i386/db_interface.c:172
#6 0xc0661b86 in trap_fatal (frame=3D0xe19a4b04, eva=3D0)
at /usr/src/sys/i386/i386/trap.c:816
#7 0xc0661832 in trap_pfault (frame=3D0xe19a4b04, usermode=3D0, eva=3D3217=
743632)
at /usr/src/sys/i386/i386/trap.c:735
#8 0xc066138d in trap (frame=3D
{tf_fs =3D -958660584, tf_es =3D 409141264, tf_ds =3D -463536112, tf_=
edi =3D -964805744, tf_esi =3D -755418760, tf_ebp =3D -509981872, tf_isp =
=3D -509981904, tf_ebx =3D -579812704, tf_edx =3D 409186304, tf_ecx =3D -46=
3514956, tf_eax =3D -1077223664, tf_trapno =3D 12, tf_err =3D 0, tf_eip =3D=
-1067061531, tf_cs =3D 8, tf_eflags =3D 66050, tf_esp =3D -958598736, tf_s=
s =3D 729563136}) at /usr/src/sys/i386/i386/trap.c:420
#9 0xc0649248 in calltrap () at {standard input}:103
#10 0xc061c1fa in vm_page_test_dirty (m=3D0xdd70c2a0)
at /usr/src/sys/vm/vm_page.c:1700
#11 0xc0551956 in vfs_setdirty (bp=3D0xd2f93978)
at /usr/src/sys/kern/vfs_bio.c:2297
#12 0xc055399c in vfs_busy_pages (bp=3D0xc67e3b90, clear_modify=3D1)
at /usr/src/sys/kern/vfs_bio.c:3335
#13 0xc054dff0 in bwrite (bp=3D0xd2f93978) at /usr/src/sys/kern/vfs_bio.c:8=
59
#14 0xc05505d9 in vfs_bio_awrite (bp=3D0xd2f93978)
at /usr/src/sys/kern/vfs_bio.c:1707
#15 0xc0551417 in flushbufqueues (flushdeps=3D0)
at /usr/src/sys/kern/vfs_bio.c:2169
#16 0xc0550f7c in buf_daemon () at /usr/src/sys/kern/vfs_bio.c:2070
#17 0xc04ec991 in fork_exit (callout=3D0xc0550e40 <buf_daemon>, arg=3D0x0,
---Type <return> to continue, or q <return> to quit---
frame=3D0x0) at /usr/src/sys/kern/kern_fork.c:790
(kgdb) bt full
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
No locals.
#1 0xc04495d5 in db_fncall (dummy1=3D0, dummy2=3D0, dummy3=3D1999,
dummy4=3D0xe19a4928 "=E0Rn=C0=C8\203r=C0DI\232=E1\r")
at /usr/src/sys/ddb/db_command.c:548
=09fn_addr =3D -1068484368
=09args =3D {0 <repeats 11 times>}
=09nargs =3D 11
=09retval =3D 0
=09func =3D (fcn_10args_t *) 0xc05038f0 <doadump>
=09t =3D 0
#2 0xc0449322 in db_command (last_cmdp=3D0xc06e4980, cmd_table=3D0x0,
aux_cmd_tablep=3D0xc06b5fb8, aux_cmd_tablep_end=3D0xc06b5fbc)
at /usr/src/sys/ddb/db_command.c:346
=09cmd =3D (struct command *) 0xc06bba80
=09t =3D 0
=09modif =3D "=E0Rn=C0=C8\203r=C0DI\232=E1\r\0\0\0@oq=C0\r\0\0\0\001\0\0\0d=
I\232=E1V=D6c=C0@Up=C0\aK\0 =C0oq=C0`=CBo=C0=E0Rn=C0x\0\0\0=E0Rn=C0=C8\203r=
=C0\210I\232=E1a=B2D=C0=AC=B2h=C0\020=B0D=C0\0\0\0\0\020\0\0\0=C8\203r=C0=
=E0Rn=C0v=A9D=C0=E0Rn=C0\230Jn=C0x\0\0\0\020\0\0"
=09addr =3D 0
=09count =3D 1999
=09have_addr =3D 0
=09result =3D 0
#3 0xc0449465 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472
No locals.
#4 0xc044c485 in db_trap (type=3D12, code=3D0) at /usr/src/sys/ddb/db_trap=
=2Ec:73
=09bkpt =3D 0
#5 0xc064780c in kdb_trap (type=3D12, code=3D0, regs=3D0xe19a4b04)
at /usr/src/sys/i386/i386/db_interface.c:172
=09ef =3D 582
=09ddb_mode =3D 1
#6 0xc0661b86 in trap_fatal (frame=3D0xe19a4b04, eva=3D0)
at /usr/src/sys/i386/i386/trap.c:816
=09code =3D 16
=09type =3D 12
---Type <return> to continue, or q <return> to quit---
=09ss =3D 16
=09esp =3D 0
=09softseg =3D {ssd_base =3D 0, ssd_limit =3D 1048575, ssd_type =3D 27,
ssd_dpl =3D 0, ssd_p =3D 1, ssd_xx =3D 6, ssd_xx1 =3D 3, ssd_def32 =3D 1,=
ssd_gran =3D 1}
#7 0xc0661832 in trap_pfault (frame=3D0xe19a4b04, usermode=3D0, eva=3D3217=
743632)
at /usr/src/sys/i386/i386/trap.c:735
=09va =3D 3217739776
=09vm =3D (struct vmspace *) 0x0
=09map =3D 0x1
=09rv =3D 1
=09ftype =3D 1 '\001'
=09td =3D (struct thread *) 0xc653a260
=09p =3D (struct proc *) 0xc65a5000
#8 0xc066138d in trap (frame=3D
{tf_fs =3D -958660584, tf_es =3D 409141264, tf_ds =3D -463536112, tf_=
edi =3D -964805744, tf_esi =3D -755418760, tf_ebp =3D -509981872, tf_isp =
=3D -509981904, tf_ebx =3D -579812704, tf_edx =3D 409186304, tf_ecx =3D -46=
3514956, tf_eax =3D -1077223664, tf_trapno =3D 12, tf_err =3D 0, tf_eip =3D=
-1067061531, tf_cs =3D 8, tf_eflags =3D 66050, tf_esp =3D -958598736, tf_s=
s =3D 729563136}) at /usr/src/sys/i386/i386/trap.c:420
=09td =3D (struct thread *) 0xc653a260
=09p =3D (struct proc *) 0xc65a5000
=09sticks =3D 3327369824
=09i =3D 0
=09ucode =3D 0
=09type =3D 12
=09code =3D 0
=09eva =3D 3217743632
#9 0xc0649248 in calltrap () at {standard input}:103
No locals.
#10 0xc061c1fa in vm_page_test_dirty (m=3D0xdd70c2a0)
at /usr/src/sys/vm/vm_page.c:1700
No locals.
#11 0xc0551956 in vfs_setdirty (bp=3D0xd2f93978)
at /usr/src/sys/kern/vfs_bio.c:2297
=09boffset =3D 3539548536
---Type <return> to continue, or q <return> to quit---
=09eoffset =3D 3715154592
=09i =3D -579812704
=09object =3D 0xc67e3b90
#12 0xc055399c in vfs_busy_pages (bp=3D0xc67e3b90, clear_modify=3D1)
at /usr/src/sys/kern/vfs_bio.c:3335
=09obj =3D 0xc67e3b90
=09foff =3D 51380224
=09i =3D -755418760
=09bogus =3D -755418760
#13 0xc054dff0 in bwrite (bp=3D0xd2f93978) at /usr/src/sys/kern/vfs_bio.c:8=
59
=09oldflags =3D 537002660
=09newbp =3D (struct buf *) 0x0
#14 0xc05505d9 in vfs_bio_awrite (bp=3D0xd2f93978)
at /usr/src/sys/kern/vfs_bio.c:1707
=09i =3D 1
=09j =3D 0
=09lblkno =3D 3136
=09vp =3D (struct vnode *) 0xc68e7248
=09ncl =3D 16384
=09nwritten =3D 16384
=09size =3D 16384
=09maxcl =3D 8
#15 0xc0551417 in flushbufqueues (flushdeps=3D0)
at /usr/src/sys/kern/vfs_bio.c:2169
=09td =3D (struct thread *) 0xc653a260
=09vp =3D (struct vnode *) 0xc68e7248
=09bp =3D (struct buf *) 0xd2f93978
=09hasdeps =3D 0
#16 0xc0550f7c in buf_daemon () at /usr/src/sys/kern/vfs_bio.c:2070
No locals.
#17 0xc04ec991 in fork_exit (callout=3D0xc0550e40 <buf_daemon>, arg=3D0x0,
frame=3D0x0) at /usr/src/sys/kern/kern_fork.c:790
=09td =3D (struct thread *) 0x0
=09p =3D (struct proc *) 0xc65a5000
(kgdb)
(kgdb) quit
[root@newscore crash]# exit
Script done on Wed Aug 13 14:18:18 2003
--=20
Lukas Ertl eMail: l.ertl@univie.ac.at
UNIX Systemadministrator Tel.: (+43 1) 4277-14073
Vienna University Computer Center Fax.: (+43 1) 4277-9140
University of Vienna http://mailbox.univie.ac.at/~le/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030813142012.I575>