FreeBSD Mail Archives

Date:      Sun, 9 Mar 2014 21:39:36 -0400
From:      Glen Barber <gjb@FreeBSD.org>
To:        freebsd-current@FreeBSD.org
Subject:   panic after resume, triggered by vt_switch_timer() ?
Message-ID:  <20140310013936.GC1746@glenbarber.us>

next in thread | raw e-mail | index | archive | help


--JgQwtEuHJzHdouWu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I think I have hit a panic in the code path for vt_switch_timer() when
resuming from suspend.

In both cases it happened, the laptop was suspended for >2 hours.

In both cases, c_func is vt_switch_timer(), and c_arg is a negative
value (both times it is -2133611368).  I am not sure if these are valid
values for vt_switch_timer(), but it caught my eye.

The amount of time the laptop has been suspended may be unrelated, but
so far has been the only constant in numerous attempts to reproduce the
crash.

The machine is running 11.0-CURRENT #202 r262562, and the only recent
change to the kernel configuration is switching from sc(4) to vt(4)
a few weeks ago.  Prior to this, I could leave the machine suspended for
several hours (sometimes up to 4 when traveling), without issue.


Script started on Sun Mar  9 20:22:44 2014
command: /bin/sh
# kgdb ./kernel.debug /var/crash/vmcore.last
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain condition=
s.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid =3D 0; apic id =3D 00
fault virtual address   =3D 0x30
fault code              =3D supervisor read data, page not present
instruction pointer     =3D 0x20:0xffffffff8064378f
stack pointer           =3D 0x28:0xfffffe01e47b98f0
frame pointer           =3D 0x28:0xfffffe01e47b99b0
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
current process         =3D 12 (swi4: clock (0))
trap number             =3D 12
panic: page fault
cpuid =3D 0
KDB: stack backtrace:
#0 0xffffffff8066c280 at kdb_backtrace+0x60
#1 0xffffffff8062bc65 at panic+0x155
#2 0xffffffff8095a78f at trap_fatal+0x38f
#3 0xffffffff8095aac1 at trap_pfault+0x321
#4 0xffffffff8095a160 at trap+0x4a0
#5 0xffffffff8093f682 at calltrap+0x8
#6 0xffffffff80643b94 at softclock+0x94
#7 0xffffffff805f6aa8 at intr_event_execute_handlers+0x1b8
#8 0xffffffff805f6ea6 at ithread_loop+0x96
#9 0xffffffff805f3c9a at fork_exit+0x9a
#10 0xffffffff8093fbbe at fork_trampoline+0xe
Uptime: 6h12m9s
Dumping 3121 out of 7951 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..9=
1%

Reading symbols from /boot/kernel/zfs.ko.symbols...done.
Loaded symbols for /boot/kernel/zfs.ko.symbols
Reading symbols from /boot/kernel/opensolaris.ko.symbols...done.
Loaded symbols for /boot/kernel/opensolaris.ko.symbols
Reading symbols from /boot/kernel/i915kms.ko.symbols...done.
Loaded symbols for /boot/kernel/i915kms.ko.symbols
Reading symbols from /boot/kernel/drm2.ko.symbols...done.
Loaded symbols for /boot/kernel/drm2.ko.symbols
#0  doadump (textdump=3D<value optimized out>) at pcpu.h:219
219             __asm("movq %%gs:%1,%0" : "=3Dr" (td)
(kgdb) bt
#0  doadump (textdump=3D<value optimized out>) at pcpu.h:219
#1  0xffffffff8062b808 in kern_reboot (howto=3D260) at /usr/src/sys/kern/ke=
rn_shutdown.c:452
#2  0xffffffff8062bca4 in panic (fmt=3D<value optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:759
#3  0xffffffff8095a78f in trap_fatal (frame=3D<value optimized out>, eva=3D=
<value optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:874
#4  0xffffffff8095aac1 in trap_pfault (frame=3D0xfffffe01e47b9840,=20
    usermode=3D<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:691
#5  0xffffffff8095a160 in trap (frame=3D0xfffffe01e47b9840)
    at /usr/src/sys/amd64/amd64/trap.c:455
#6  0xffffffff8093f682 in calltrap () at /usr/src/sys/amd64/amd64/exception=
=2ES:231
#7  0xffffffff8064378f in softclock_call_cc (c=3D0xffffffff80d3ae78, cc=3D0=
xffffffff80eace80,=20
    direct=3D0) at /usr/src/sys/kern/kern_timeout.c:703
#8  0xffffffff80643b94 in softclock (arg=3D0xffffffff80eace80)
    at /usr/src/sys/kern/kern_timeout.c:812
#9  0xffffffff805f6aa8 in intr_event_execute_handlers (p=3D<value optimized=
 out>,=20
    ie=3D0xfffff800031f3a00) at /usr/src/sys/kern/kern_intr.c:1263
#10 0xffffffff805f6ea6 in ithread_loop (arg=3D0xfffff8000323cf80)
    at /usr/src/sys/kern/kern_intr.c:1276
#11 0xffffffff805f3c9a in fork_exit (callout=3D0xffffffff805f6e10 <ithread_=
loop>,=20
    arg=3D0xfffff8000323cf80, frame=3D0xfffffe01e47b9ac0) at /usr/src/sys/k=
ern/kern_fork.c:977
#12 0xffffffff8093fbbe in fork_trampoline () at /usr/src/sys/amd64/amd64/ex=
ception.S:605
#13 0x0000000000000000 in ?? ()
Current language:  auto; currently minimal
(kgdb) frame 7
#7  0xffffffff8064378f in softclock_call_cc (c=3D0xffffffff80d3ae78, cc=3D0=
xffffffff80eace80,=20
    direct=3D0) at /usr/src/sys/kern/kern_timeout.c:703
703                     class->lc_unlock(c_lock);
(kgdb) l
698                     lastfunc =3D c_func;
699             }
700     #endif
701             CTR1(KTR_CALLOUT, "callout %p finished", c);
702             if ((c_flags & CALLOUT_RETURNUNLOCKED) =3D=3D 0)
703                     class->lc_unlock(c_lock);
704     skip:
705             CC_LOCK(cc);
706             KASSERT(cc->cc_exec_entity[direct].cc_curr =3D=3D c, ("mish=
andled cc_curr"));
707             cc->cc_exec_entity[direct].cc_curr =3D NULL;
(kgdb) p *c
$1 =3D {c_links =3D {le =3D {le_next =3D 0x0, le_prev =3D 0xffffffff80eacf9=
0}, sle =3D {sle_next =3D 0x0},=20
    tqe =3D {tqe_next =3D 0x0, tqe_prev =3D 0xffffffff80eacf90}}, c_time =
=3D 95902818571375,=20
  c_precision =3D 4026531562, c_arg =3D 0xffffffff80d3adc0,=20
  c_func =3D 0xffffffff80510850 <vt_switch_timer>, c_lock =3D 0x0, c_flags =
=3D 128, c_cpu =3D 0}
(kgdb) l *0xffffffff80510850
0xffffffff80510850 is in vt_switch_timer (/usr/src/sys/dev/vt/vt_core.c:150=
).
145     static int vt_proc_alive(struct vt_window *);
146     static void vt_resize(struct vt_device *);
147    =20
148     static void
149     vt_switch_timer(void *arg)
150     {
151    =20
152             vt_late_window_switch((struct vt_window *)arg);
153     }
154    =20
(kgdb) p *0xffffffff80d3adc0
$2 =3D -2133611368
(kgdb) quit
# ^D
Script done on Sun Mar  9 20:27:43 2014

Thoughts?

Glen


--JgQwtEuHJzHdouWu
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)

iQIcBAEBCAAGBQJTHRfYAAoJELls3eqvi17QuIoP/1jSMuixRX/t2EeYwhxubHcJ
K5r/OCQTMyWTcE7CyVrmwxnBsJw8hlqa5XSpvJadGUvp8sxOtTN//BonQPEk9mFN
OKp9keemI8gB0aKabIMXgF5kNLMXS2eanM6/eKar4bCiWWuuxcxvpX7ts3Ce3HSk
86t04YpjzKkubyEC5PsjBGIbJA+OOC4NS6vHwDtc0pu0IbZbVkVwY0ZY7b3GukpV
m+/O0mycCaLDSuFtKuEFdHad8zi8tSnL9/S+oUiaV6IwmrHMg4C2cR+Mnah1s68c
tTI0Y5c4X7SWzUqjCJFnWaxzxB+RhPjvVsZswzf+EWtE8sK068HlA5KzMhCbZbf+
S17PrsYxp3X3Xc90VJFe8eUo5LojExNyle7AMQUtuUAsth1kV5dxa9PFOJEz1oC/
OncOtkr7r3/YPI7pJdxXGJVCQdMUuvpJ5GulkKb9qE0NODa6asHfhorvGyLCWlSR
CPhs2PVP9S9dMWnbbMkXSZVjFlcIuKZr8qtiZDht/lk1Uh/k5Imra3X1TEEGJTcr
a2OOxArzxsUVPEL/QkMbVsP/x+sUq/B5rfLMT5sC9O7uTijvtacUH2Hl6QKr/b5l
YzjOSN9fvS+VqPnbCU3B9pSlH9Vk4On2ukQK60lEwkbxSAAjiMjIx7zg0ib5FjE5
ndPl0j/wEN2WlmvQvVk6
=IwBc
-----END PGP SIGNATURE-----

--JgQwtEuHJzHdouWu--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140310013936.GC1746>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation