From owner-freebsd-current@FreeBSD.ORG Tue Dec 6 08:24:12 2005 Return-Path: X-Original-To: current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DE01716A41F; Tue, 6 Dec 2005 08:24:12 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E1D343D5D; Tue, 6 Dec 2005 08:24:12 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 6BED11A3C27; Tue, 6 Dec 2005 00:24:12 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 97CAD533C6; Tue, 6 Dec 2005 03:24:11 -0500 (EST) Date: Tue, 6 Dec 2005 03:24:09 -0500 From: Kris Kennaway To: alc@FreeBSD.org Message-ID: <20051206082409.GA63640@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="gBBFr7Ir9EOA20Yy" Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Cc: current@FreeBSD.org Subject: Null pointer deref in swp_pager_meta_ctl X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Dec 2005 08:24:13 -0000 --gBBFr7Ir9EOA20Yy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I configured a 74GB swap-backed md on sparc64..after a week or two (during which time swap was slowly filling as more of the md was dirtied) it panicked: #10 0x00000000c0179ec8 in panic (fmt=0xc03dcb80 "trap: %s") at ../../../kern/kern_shutdown.c:539 #11 0x00000000c031e818 in trap (tf=0xee0e32f0) at ../../../sparc64/sparc64/trap.c:369 #12 0x00000000c0048fc0 in tl1_trap () #13 0x00000000c02dc928 in swp_pager_meta_ctl (object=0x0, pindex=3874086912, flags=-420880384) at ../../../vm/swap_pager.c:1902 #14 0x00000000c01a6a90 in turnstile_release (lock=0x0) at ../../../kern/subr_turnstile.c:489 #15 0x00000000c02dafa4 in swap_pager_getpages (object=0xfffff8005c94b260, m=0xee0e3628, count=1, reqpage=0) at ../../../vm/swap_pager.c:992 #16 0x00000000c00e66c0 in mdstart_swap (sc=0xfffff80025ebd000, bp=0xfffff80122255b00) at vm_pager.h:130 #17 0x00000000c00e6c94 in md_kthread (arg=0xfffff80025ebd000) at ../../../dev/md/md.c:676 #18 0x00000000c015e7fc in fork_exit (callout=0xc00e6a00 , arg=0xfffff80025ebd000, frame=0xee0e3880) at ../../../kern/kern_fork.c:789 #19 0x00000000c00491b0 in fork_trampoline () #20 0x00000000c00491b0 in fork_trampoline () Previous frame identical to this frame (corrupt stack?) (kgdb) frame 15 #15 0x00000000c02dafa4 in swap_pager_getpages (object=0xfffff8005c94b260, m=0xee0e3628, count=1, reqpage=0) at ../../../vm/swap_pager.c:992 992 blk = swp_pager_meta_ctl(mreq->object, mreq->pindex, 0); (kgdb) print *mreq $2 = {pageq = {tqe_next = 0xfffff80139cbdd70, tqe_prev = 0xfffff8013b249470}, listq = {tqe_next = 0xfffff8013c93e080, tqe_prev = 0xfffff801393111f8}, left = 0xfffff801393111e8, right = 0xfffff8013d505a38, object = 0x0, pindex = 4341534, phys_addr = 1870839808, md = {tte_list = {tqh_first = 0xbee6e9c0, tqh_last = 0xbee6e9d0}, pmap = 0x0, colors = {1, 0}, color = 0, flags = 0}, queue = 23, flags = 0, pc = 22, wire_count = 0, cow = 0, hold_count = 0, act_count = 0 '\0', busy = 0 '\0', valid = 0, dirty = 0} (kgdb) print swap_pager_avail $3 = 6210309 What else can I extract from the core to help diagnose this? Kris --gBBFr7Ir9EOA20Yy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDlUqoWry0BWjoQKURAuaqAKCgO5cqtXSIO0Be03xGyal1gR+GoACfR4q4 ld+21zKBybXyt7ZqLgB+HDI= =OLgb -----END PGP SIGNATURE----- --gBBFr7Ir9EOA20Yy--