From owner-freebsd-bugs@FreeBSD.ORG Tue Oct 7 16:18:36 2014 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 00A7A451 for ; Tue, 7 Oct 2014 16:18:35 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D550E8B9 for ; Tue, 7 Oct 2014 16:18:35 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id s97GIYoO061841 for ; Tue, 7 Oct 2014 16:18:34 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 194225] New: double fault after page fault on 8.4 Stable Date: Tue, 07 Oct 2014 16:18:34 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 8.4-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: longwitz@incore.de X-Bugzilla-Status: Needs Triage X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Oct 2014 16:18:36 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194225 Bug ID: 194225 Summary: double fault after page fault on 8.4 Stable Product: Base System Version: 8.4-RELEASE Hardware: i386 OS: Any Status: Needs Triage Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: longwitz@incore.de On a server running 8.4-STABLE #0 r268802 i386 I got the following double fault and need help to debug this, because I like to know the reason (hardware or software ?). The server runs FreeBSD for many years without any problems: Fatal double fault: eip = 0xc0910b45 esp = 0xc75cbc30 ebp = 0xc75cbc30 cpuid = 1; apic id = 01 kernel trap 12 with interrupts disabled Fatal trap 12: page fault while in kernel mode cpuid = 2; apic id = 06 fault virtual address = 0x0 fault code = supervisor write, page not present instruction pointer = 0x20:0xc092fd4e stack pointer = 0x28:0xea85c7d8 frame pointer = 0x28:0xea85c7e0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = resume, IOPL = 0 current process = 20528 (sh) timeout stopping cpus [thread pid 20528 tid 100522 ] Stopped at bcopy+0x1a: repe movsl (%esi),%es:(%edi) db:0:kdb.enter.default> watchdog No argument provided, disabling watchdog db:0:kdb.enter.default> run ddbinfo db:1:ddbinfo> capture on db:1:on> run lockinfo db:2:lockinfo> show lock Giant class: sleep mutex name: Giant flags: {DEF, RECURSE} state: {UNOWNED} db:2:Giant> show lockedvnods Locked vnodes db:2:lockedvnods> show lockchain thread 100522 (pid 20528, sh) running on CPU 2 db:2:lockchain> show sleepchain thread 100522 (pid 20528, sh) running on CPU 2 db:1:sleepchain> show pcpu cpuid = 2 dynamic pcpu = 0x6b71200 curthread = 0xcafb3b80: pid 20528 "sh" curpcb = 0xea85cd80 fpcurthread = none idlethread = 0xc79355c0: tid 100004 "idle: cpu2" APIC ID = 6 currentldt = 0x50 db:1:pcpu> show allpcpu Current CPU: 2 cpuid = 0 dynamic pcpu = 0x1df200 curthread = 0xcb825000: pid 20527 "tifftopnm" curpcb = 0xeac84d80 fpcurthread = none idlethread = 0xc7935000: tid 100006 "idle: cpu0" APIC ID = 0 currentldt = 0x50 cpuid = 1 dynamic pcpu = 0x6b6e200 curthread = 0xc79352e0: pid 11 "idle: cpu1" curpcb = 0xc75cbd80 fpcurthread = none idlethread = 0xc79352e0: tid 100005 "idle: cpu1" APIC ID = 1 currentldt = 0x50 cpuid = 2 dynamic pcpu = 0x6b71200 curthread = 0xcafb3b80: pid 20528 "sh" curpcb = 0xea85cd80 fpcurthread = none idlethread = 0xc79355c0: tid 100004 "idle: cpu2" APIC ID = 6 currentldt = 0x50 cpuid = 3 dynamic pcpu = 0x6b74200 curthread = 0xc79358a0: pid 11 "idle: cpu3" curpcb = 0xc75c5d80 fpcurthread = none idlethread = 0xc79358a0: tid 100003 "idle: cpu3" APIC ID = 7 currentldt = 0x50 db:1:allpcpu> bt Tracing pid 20528 tid 100522 td 0xcafb3b80 bcopy(ea85cdc0,0,200) at bcopy+0x1a savectx(4,ea85c8a8,c09328b6,cafb3b80,50,...) at savectx+0x63 ipi_nmi_handler(cafb3b80,50,33,0,cf52b000,...) at ipi_nmi_handler+0x2f trap(ea85c8b4) at trap+0x36 calltrap() at calltrap+0x6 --- trap 0x13, eip = 0xc0927bb2, esp = 0xea85c8f4, ebp = 0xea85c91c --- smp_tlb_shootdown(ea85c944,c09299bf,c5e6f000,c5e70000,0,...) at smp_tlb_shootdown+0xd2 smp_invlpg_range(c5e6f000,c5e70000,0,ea85c964,1,...) at smp_invlpg_range+0x1c pmap_invalidate_range(c0adb8a0,c5e6f000,c5e70000) at pmap_invalidate_range+0x4f pmap_qremove(c5e6f000,1,c06ed30a,c8261d9c,cafb3b80,...) at pmap_qremove+0x58 pmap_remove_pages(cce9b0b0,cf52b000,ea85cbb4,0,c0a1fbc0,...) at pmap_remove_pages+0x410 exec_new_vmspace(ea85cbb4,c0a31c20,8,c826bd48,80,...) at exec_new_vmspace+0x1b0 exec_elf32_imgact(ea85cbb4,ea85cbfc,c09b88e7,cafb3b80,50,...) at exec_elf32_imgact+0x48e kern_execve(cafb3b80,ea85cc48,0,883024b4,8830250c,e4c17000,e4c17000,e4c170b3,e4c17264,e4c57400,3fd9c,8,e,0) at kern_execve+0x541 execve(cafb3b80,ea85ccec,c,c,c,...) at execve+0x4c syscall(ea85cd28) at syscall+0x342 Xint0x80_syscall() at Xint0x80_syscall+0x21 --- syscall (59, FreeBSD ELF32, execve), eip = 0x88169c2b, esp = 0xbfbfe9bc, ebp = 0xbfbfe9d8 --- db:1:bt> ps pid ppid pgrp uid state wmesg wchan cmd 20528 29408 62482 993 R CPU 2 sh 20527 20526 3552 993 RL CPU 0 tifftopnm 20526 3749 3552 993 S wait 0xca80b560 initial thread 19983 3099 26 0 S nanslp 0xc0a77c04 sleep 20578 2917 2917 125 S kqread 0xca258180 initial thread 3749 3552 3552 993 S wait 0xcd17e560 sh 3552 3550 3552 993 Ss wait 0xc8607810 sh ................. db:1:ps> show thread Thread 100522 at 0xcafb3b80: proc (pid 20528): 0xcf52b000 name: sh stack: 0xea85b000-0xea85cfff flags: 0x4 pflags: 0 state: RUNNING (CPU 2) priority: 180 container lock: sched lock 2 (0xc0a7c900) db:1:thread> alltrace Tracing command sh pid 20528 tid 100522 td 0xcafb3b80 bcopy(ea85cdc0,0,200) at bcopy+0x1a savectx(4,ea85c8a8,c09328b6,cafb3b80,50,...) at savectx+0x63 ipi_nmi_handler(cafb3b80,50,33,0,cf52b000,...) at ipi_nmi_handler+0x2f trap(ea85c8b4) at trap+0x36 calltrap() at calltrap+0x6 --- trap 0x13, eip = 0xc0927bb2, esp = 0xea85c8f4, ebp = 0xea85c91c --- smp_tlb_shootdown(ea85c944,c09299bf,c5e6f000,c5e70000,0,...) at smp_tlb_shootdown+0xd2 smp_invlpg_range(c5e6f000,c5e70000,0,ea85c964,1,...) at smp_invlpg_range+0x1c pmap_invalidate_range(c0adb8a0,c5e6f000,c5e70000) at pmap_invalidate_range+0x4f pmap_qremove(c5e6f000,1,c06ed30a,c8261d9c,cafb3b80,...) at pmap_qremove+0x58 pmap_remove_pages(cce9b0b0,cf52b000,ea85cbb4,0,c0a1fbc0,...) at pmap_remove_pages+0x410 exec_new_vmspace(ea85cbb4,c0a31c20,8,c826bd48,80,...) at exec_new_vmspace+0x1b0 exec_elf32_imgact(ea85cbb4,ea85cbfc,c09b88e7,cafb3b80,50,...) at exec_elf32_imgact+0x48e kern_execve(cafb3b80,ea85cc48,0,883024b4,8830250c,e4c17000,e4c17000,e4c170b3,e4c17264,e4c57400,3fd9c,8,e,0) at kern_execve+0x541 execve(cafb3b80,ea85ccec,c,c,c,...) at execve+0x4c syscall(ea85cd28) at syscall+0x342 Xint0x80_syscall() at Xint0x80_syscall+0x21 --- syscall (59, FreeBSD ELF32, execve), eip = 0x88169c2b, esp = 0xbfbfe9bc, ebp = 0xbfbfe9d8 --- Tracing command tifftopnm pid 20527 tid 100845 td 0xcb825000 cpustop_handler(1,eac849fc,c09328b6,1,eac849a8,...) at cpustop_handler+0x34 ipi_nmi_handler(1,eac849a8,c062a16b,c7bca000,cb1d6560,...) at ipi_nmi_handler+0x2f trap(eac84a08) at trap+0x36 calltrap() at calltrap+0x6 --- trap 0x13, eip = 0xc06ecd99, esp = 0xeac84a48, ebp = 0xeac84a60 --- _mtx_lock_sleep(c0a94ce4,cb825000,0,0,0,...) at _mtx_lock_sleep+0x79 pmap_enter(ca507198,88326000,2,c28a2120,3,...) at pmap_enter+0x66 vm_fault(ca5070e8,88326000,2,8,eac84c70,...) at vm_fault+0x1c14 trap_pfault(0,eac84cc8,c062a16b,c7bca000,cb1d6560,...) at trap_pfault+0x1ce trap(eac84d28) at trap+0x263 calltrap() at calltrap+0x6 --- trap 0xc, eip = 0x880d5cdd, esp = 0xbfbfb640, ebp = 0xbfbfb698 --- Tracing command perl5.14.2 pid 20526 tid 100278 td 0xcbc84b80 sched_switch(cbc84b80,0,104,3b38c51a,2123d7,...) at sched_switch+0x297 mi_switch(104,0,15c,ca80b560,ea3a5b70,...) at mi_switch+0x12f sleepq_switch(cbc84b80,0,c09c15c1,1a3,cbc84b80,...) at sleepq_switch+0xcc sleepq_catch_signals(15c,0,ea3a5bc4,c07073bc,ca80b560,...) at sleepq_catch_signals+0x52 sleepq_wait_sig(ca80b560,5c,c09c1fa4,100,0,...) at sleepq_wait_sig+0x18 _sleep(ca80b560,ca80b5e8,15c,c09c1fa4,0,...) at _sleep+0x2bc kern_wait(cbc84b80,502f,ea3a5c64,0,0,...) at kern_wait+0xfa1 wait4(cbc84b80,ea3a5cec,c,c,c,...) at wait4+0x3b syscall(ea3a5d28) at syscall+0x342 Xint0x80_syscall() at Xint0x80_syscall+0x21 --- syscall (7, FreeBSD ELF32, wait4), eip = 0x882a1c6b, esp = 0xbfbfeb2c, ebp = 0xbfbfeb48 --- I can give more information from ddb output and or the written kerneldump. -- You are receiving this mail because: You are the assignee for the bug.