Date: Sun, 13 Jun 2004 12:01:22 -0400 From: Don Bowman <don@sandvine.com> To: Don Bowman <don@sandvine.com>, 'Bruce Evans' <bde@zeta.org.au> Cc: "'current@freebsd.org'" <current@FreeBSD.org> Subject: RE: kernel trap 19 with interrupts disabled: system hang Message-ID: <FE045D4D9F7AED4CBFF1B3B813C85337051D8FAD@mail.sandvine.com>
next in thread | raw e-mail | index | archive | help
From: Don Bowman=20
> It trapped again, and i've got it in db this time.
> 3 are in sched_switch, and one is in=20
> smp_tlb_shootdown
>=20
... and here it is with line numbers. This is from=20
cvs as of june 10.
(kgdb) bt
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:236
#1 0xc04509f6 in db_fncall (dummy1=3D0, dummy2=3D0, =
dummy3=3D-1066661999,=20
dummy4=3D0xeec7da80 "=B4=DA=C7=EE\001") at =
/usr/src/sys/ddb/db_command.c:551
#2 0xc0450804 in db_command (last_cmdp=3D0xc0733940, cmd_table=3D0x0,=20
aux_cmd_tablep=3D0xc06f7924, aux_cmd_tablep_end=3D0xc06f793c)
at /usr/src/sys/ddb/db_command.c:348
#3 0xc04508dc in db_command_loop () at =
/usr/src/sys/ddb/db_command.c:475
#4 0xc0453075 in db_trap (type=3D19, code=3D0) at =
/usr/src/sys/ddb/db_trap.c:73
#5 0xc0682557 in kdb_trap (type=3D19, code=3D0, regs=3D0xeec7dbb0)
at /usr/src/sys/i386/i386/db_interface.c:226
#6 0xc0694ed5 in trap (frame=3D
{tf_fs =3D 24, tf_es =3D 786448, tf_ds =3D 16, tf_edi =3D =
-413478912, tf_esi =3D
-1065886336, tf_ebp =3D -288891916, tf_isp =3D -288891940, tf_ebx =3D =
3, tf_edx =3D
0, tf_ecx =3D 786678, tf_eax =3D 2, tf_trapno =3D 19, tf_err =3D 0, =
tf_eip =3D
-1066868634, tf_cs =3D 8, tf_eflags =3D 151, tf_esp =3D -413347840, =
tf_ss =3D
-288891896})
at /usr/src/sys/i386/i386/trap.c:606
#7 0xc068e066 in smp_tlb_shootdown (vector=3D246, addr1=3D0, =
addr2=3D0)
at machine/cpufunc.h:305
#8 0xc068e1d0 in smp_invlpg_range (addr1=3D3881488384, =
addr2=3D3881619456)
at /usr/src/sys/i386/i386/mp_machdep.c:1030
#9 0xc0690643 in pmap_invalidate_range (pmap=3D0xc077dd80, =
sva=3D3881488384,=20
eva=3D3881619456) at /usr/src/sys/i386/i386/pmap.c:640
#10 0xc0690c25 in pmap_qremove (sva=3D3881488384, count=3D0)
at /usr/src/sys/i386/i386/pmap.c:976
#11 0xc058acdb in cluster_callback (bp=3D0xde54c3e8)
at /usr/src/sys/kern/vfs_cluster.c:534
#12 0xc058719f in bufdone (bp=3D0xde54c3e8) at
/usr/src/sys/kern/vfs_bio.c:3141
#13 0xc0586ffb in bufdonebio (bp=3D0x0) at =
/usr/src/sys/kern/vfs_bio.c:3071
#14 0xc0586e56 in biodone (bp=3D0xde54c3e8) at
/usr/src/sys/kern/vfs_bio.c:2995
#15 0xc051354b in g_dev_done (bp2=3D0xca646660)
at /usr/src/sys/geom/geom_dev.c:360
#16 0xc0586e56 in biodone (bp=3D0xca646660) at
/usr/src/sys/kern/vfs_bio.c:2995
#17 0xc0515472 in g_io_schedule_up (tp=3D0xc54ab930)
at /usr/src/sys/geom/geom_io.c:405
#18 0xc05156b6 in g_up_procbody () at /usr/src/sys/geom/geom_kern.c:92
#19 0xc0531a7d in fork_exit (callout=3D0xc051569c <g_up_procbody>, =
arg=3D0x0,=20
frame=3D0xeec7dd48) at /usr/src/sys/kern/kern_fork.c:816
(kgdb) up 8
#8 0xc068e1d0 in smp_invlpg_range (addr1=3D3881488384, =
addr2=3D3881619456)
at /usr/src/sys/i386/i386/mp_machdep.c:1030
1030 smp_tlb_shootdown(IPI_INVLRNG, addr1, addr2);
(kgdb) p/x addr1
$1 =3D 0xe75ad000
(kgdb) p/x addr2
$2 =3D 0xe75cd000
(kgdb) l
1025=09
1026 void
1027 smp_invlpg_range(vm_offset_t addr1, vm_offset_t addr2)
1028 {
1029 if (smp_started) {
1030 smp_tlb_shootdown(IPI_INVLRNG, addr1, addr2);
1031 #ifdef COUNT_XINVLTLB_HITS
1032 ipi_range++;
1033 ipi_range_size +=3D (addr2 - addr1) / PAGE_SIZE;
1034 #endif
(kgdb) p smp_started
$3 =3D 1
(kgdb) up
#9 0xc0690643 in pmap_invalidate_range (pmap=3D0xc077dd80, =
sva=3D3881488384,=20
eva=3D3881619456) at /usr/src/sys/i386/i386/pmap.c:640
640 smp_invlpg_range(sva, eva);
(kgdb) p/x sva
$4 =3D 0xe75ad000
(kgdb) p/x eva
$5 =3D 0xe75cd000
(kgdb) l
635 * XXX critical sections disable interrupts again
636 */
637 if (pmap =3D=3D kernel_pmap || pmap->pm_active =3D=3D all_cpus) {
638 for (addr =3D sva; addr < eva; addr +=3D PAGE_SIZE)
639 invlpg(addr);
640 smp_invlpg_range(sva, eva);
641 } else {
642 cpumask =3D PCPU_GET(cpumask);
643 other_cpus =3D PCPU_GET(other_cpus);
644 if (pmap->pm_active & cpumask)
(kgdb) p pmap
$6 =3D 0xc077dd80
(kgdb) p kernel_pmap
No symbol "kernel_pmap" in current context.
(kgdb) p/x =08 =08=08 =08=08 =08 pmap->pm_active
$7 =3D 4294967295
(kgdb) p/x pmap->pm_active
$8 =3D 0xffffffff
(kgdb) p all_cpus
$9 =3D 15
(kgdb) p kernel_pmap
No symbol "kernel_pmap" in current context.
(kgdb) p &kernel_pmap_sture
No symbol "kernel_pmap_sture" in current context.
(kgdb) p &kernel_pmap_store
$10 =3D (struct pmap *) 0xc077dd80
(kgdb) p *m=08 =08=08 =08=08 =08/x *pmap
$11 =3D {pm_pdir =3D 0xc0c1e000, pm_pvlist =3D {tqh_first =3D =
0xe92c7498,=20
tqh_last =3D 0xe93539b0}, pm_active =3D 0xffffffff, pm_stats =3D {
resident_count =3D 0x574c, wired_count =3D 0x5748}, pm_list =3D =
{le_next =3D
0x0,=20
le_prev =3D 0xc074c278}}
(kgdb) up
#10 0xc0690c25 in pmap_qremove (sva=3D3881488384, count=3D0)
at /usr/src/sys/i386/i386/pmap.c:976
976 pmap_invalidate_range(kernel_pmap, sva, va);
(kgdb) l
971 va =3D sva;
972 while (count-- > 0) {
973 pmap_kremove(va);
974 va +=3D PAGE_SIZE;
975 }
976 pmap_invalidate_range(kernel_pmap, sva, va);
977 }
978=09
979 /***************************************************
980 * Page table page management routines.....
(kgdb) p/x va
$12 =3D 0x0
(kgdb) p/x sva
$13 =3D 0xe75ad000
(kgdb) p/x count
$14 =3D 0x0
(kgdb) up
#11 0xc058acdb in cluster_callback (bp=3D0xde54c3e8)
at /usr/src/sys/kern/vfs_cluster.c:534
534 pmap_qremove(trunc_page((vm_offset_t) bp->b_data),
bp->b_npages);
(kgdb) l
529 * Must propogate errors to all the components.
530 */
531 if (bp->b_ioflags & BIO_ERROR)
532 error =3D bp->b_error;
533=09
534 pmap_qremove(trunc_page((vm_offset_t) bp->b_data),
bp->b_npages);
535 /*
536 * Move memory from the large cluster buffer into the
component
537 * buffers and mark IO as done on these.
538 */
(kgdb) p bp->b_npages
$15 =3D 32
(kgdb) p =08 =08/x bp->b_data
There is no member named b_data.
(kgdb) p/x *bp
$16 =3D {b_io =3D {bio_cmd =3D 0x2, bio_dev =3D 0xc5982d00, bio_disk =
=3D 0x0,=20
bio_offset =3D 0x5ffa74000, bio_bcount =3D 0x20000, bio_data =3D =
0xe75ad000,=20
bio_flags =3D 0x4, bio_error =3D 0x0, bio_resid =3D 0x0, bio_done =
=3D
0xc0586fbc,=20
bio_driver1 =3D 0x0, bio_driver2 =3D 0x0, bio_caller1 =3D 0x0,=20
bio_caller2 =3D 0xde54c3e8, bio_queue =3D {tqe_next =3D 0x0, =
tqe_prev =3D 0x0},=20
bio_attribute =3D 0x0, bio_from =3D 0x0, bio_to =3D 0x0, bio_length =
=3D 0x0,=20
bio_completed =3D 0x0, bio_children =3D 0x2ce7, bio_inbed =3D 0x0,=20
bio_parent =3D 0x0, bio_t0 =3D {sec =3D 0x0, frac =3D 0x0}, =
bio_task =3D 0x0,=20
bio_task_arg =3D 0x0, bio_pblkno =3D 0x0}, b_op =3D 0xc071a588,=20
b_magic =3D 0x10b10b10, b_iodone =3D 0x0, b_blkno =3D 0x2ffd3a0,=20
b_offset =3D 0xbc0000, b_vnbufs =3D {tqe_next =3D 0x0, tqe_prev =3D =
0x0},=20
b_left =3D 0x0, b_right =3D 0x0, b_vflags =3D 0x0, b_freelist =3D {
tqe_next =3D 0xde54bec0, tqe_prev =3D 0xc0764bec}, b_qindex =3D =
0x0,=20
b_flags =3D 0x64000224, b_xflags =3D 0x0, b_lock =3D {lk_interlock =
=3D 0xc075032c,
lk_flags =3D 0x400, lk_sharecount =3D 0x0, lk_waitcount =3D 0x0,=20
lk_exclusivecount =3D 0x1, lk_prio =3D 0x50, lk_wmesg =3D =
0xc06e0fd3,=20
lk_timo =3D 0x0, lk_lockholder =3D 0xfffffffe, lk_newlock =3D 0x0}, =
b_bufsize =3D 0x20000, b_runningbufspace =3D 0x0, b_kvabase =3D =
0xe75ad000,=20
b_kvasize =3D 0x20000, b_lblkno =3D 0x2f0, b_vp =3D 0xc80e2924,=20
b_object =3D 0xc89ea294, b_dirtyoff =3D 0x0, b_dirtyend =3D 0x20000,=20
b_rcred =3D 0x0, b_wcred =3D 0x0, b_saveaddr =3D 0xe75ad000, b_pager =
=3D {
pg_reqpage =3D 0x0}, b_cluster =3D {cluster_head =3D {tqh_first =3D =
0xde84a298,=20
tqh_last =3D 0xde7b91b8}, cluster_entry =3D {tqe_next =3D =
0xde84a298,=20
tqe_prev =3D 0xde7b91b8}}, b_pages =3D {0xc46ecb58, 0xc10db4a0,
0xc3278fe8,=20
0xc504a230, 0xc2f30a78, 0xc3fba9c0, 0xc1fd3208, 0xc14cfe50, =
0xc2ec9c98,=20
0xc195f1e0, 0xc3c94128, 0xc1769f70, 0xc4352fb8, 0xc4ec0900, =
0xc4252848,=20
0xc31ad090, 0xc18549d8, 0xc2363b20, 0xc24f1668, 0xc347f5b0, =
0xc2136df8,=20
0xc2d19740, 0xc363a188, 0xc4f4d5d0, 0xc34f1a18, 0xc3756c60, =
0xc1c2dba8,=20
0xc2bc02f0, 0xc4518a38, 0xc51abd80, 0xc1a0b9c8, 0xc18cc210},=20
b_npages =3D 0x20, b_dep =3D {lh_first =3D 0x0}}
(kgdb) up
#12 0xc058719f in bufdone (bp=3D0xde54c3e8) at
/usr/src/sys/kern/vfs_bio.c:3141
3141 (*biodone) (bp);
(kgdb) l
3136=09
3137 /* call optional completion function if requested */
3138 if (bp->b_iodone !=3D NULL) {
3139 biodone =3D bp->b_iodone;
3140 bp->b_iodone =3D NULL;
3141 (*biodone) (bp);
3142 splx(s);
3143 return;
3144 }
3145 if (LIST_FIRST(&bp->b_dep) !=3D NULL)
(kgdb) p/x *bp
$17 =3D {b_io =3D {bio_cmd =3D 0x2, bio_dev =3D 0xc5982d00, bio_disk =
=3D 0x0,=20
bio_offset =3D 0x5ffa74000, bio_bcount =3D 0x20000, bio_data =3D =
0xe75ad000,=20
bio_flags =3D 0x4, bio_error =3D 0x0, bio_resid =3D 0x0, bio_done =
=3D
0xc0586fbc,=20
bio_driver1 =3D 0x0, bio_driver2 =3D 0x0, bio_caller1 =3D 0x0,=20
bio_caller2 =3D 0xde54c3e8, bio_queue =3D {tqe_next =3D 0x0, =
tqe_prev =3D 0x0},=20
bio_attribute =3D 0x0, bio_from =3D 0x0, bio_to =3D 0x0, bio_length =
=3D 0x0,=20
bio_completed =3D 0x0, bio_children =3D 0x2ce7, bio_inbed =3D 0x0,=20
bio_parent =3D 0x0, bio_t0 =3D {sec =3D 0x0, frac =3D 0x0}, =
bio_task =3D 0x0,=20
bio_task_arg =3D 0x0, bio_pblkno =3D 0x0}, b_op =3D 0xc071a588,=20
b_magic =3D 0x10b10b10, b_iodone =3D 0x0, b_blkno =3D 0x2ffd3a0,=20
b_offset =3D 0xbc0000, b_vnbufs =3D {tqe_next =3D 0x0, tqe_prev =3D =
0x0},=20
b_left =3D 0x0, b_right =3D 0x0, b_vflags =3D 0x0, b_freelist =3D {
tqe_next =3D 0xde54bec0, tqe_prev =3D 0xc0764bec}, b_qindex =3D =
0x0,=20
b_flags =3D 0x64000224, b_xflags =3D 0x0, b_lock =3D {lk_interlock =
=3D 0xc075032c,
lk_flags =3D 0x400, lk_sharecount =3D 0x0, lk_waitcount =3D 0x0,=20
lk_exclusivecount =3D 0x1, lk_prio =3D 0x50, lk_wmesg =3D =
0xc06e0fd3,=20
lk_timo =3D 0x0, lk_lockholder =3D 0xfffffffe, lk_newlock =3D 0x0}, =
b_bufsize =3D 0x20000, b_runningbufspace =3D 0x0, b_kvabase =3D =
0xe75ad000,=20
b_kvasize =3D 0x20000, b_lblkno =3D 0x2f0, b_vp =3D 0xc80e2924,=20
b_object =3D 0xc89ea294, b_dirtyoff =3D 0x0, b_dirtyend =3D 0x20000,=20
b_rcred =3D 0x0, b_wcred =3D 0x0, b_saveaddr =3D 0xe75ad000, b_pager =
=3D {
pg_reqpage =3D 0x0}, b_cluster =3D {cluster_head =3D {tqh_first =3D =
0xde84a298,=20
tqh_last =3D 0xde7b91b8}, cluster_entry =3D {tqe_next =3D =
0xde84a298,=20
tqe_prev =3D 0xde7b91b8}}, b_pages =3D {0xc46ecb58, 0xc10db4a0,
0xc3278fe8,=20
0xc504a230, 0xc2f30a78, 0xc3fba9c0, 0xc1fd3208, 0xc14cfe50, =
0xc2ec9c98,=20
0xc195f1e0, 0xc3c94128, 0xc1769f70, 0xc4352fb8, 0xc4ec0900, =
0xc4252848,=20
0xc31ad090, 0xc18549d8, 0xc2363b20, 0xc24f1668, 0xc347f5b0, =
0xc2136df8,=20
0xc2d19740, 0xc363a188, 0xc4f4d5d0, 0xc34f1a18, 0xc3756c60, =
0xc1c2dba8,=20
0xc2bc02f0, 0xc4518a38, 0xc51abd80, 0xc1a0b9c8, 0xc18cc210},=20
b_npages =3D 0x20, b_dep =3D {lh_first =3D 0x0}}
(kgdb) p s
No symbol "s" in current context.
(kgdb) l
3146 buf_complete(bp);
3147=09
3148 if (bp->b_flags & B_VMIO) {
3149 int i;
3150 vm_ooffset_t foff;
3151 vm_page_t m;
3152 vm_object_t obj;
3153 int iosize;
3154 struct vnode *vp =3D bp->b_vp;
3155=09
(kgdb) disass splbio
No symbol "splbio" in current context.
(kgdb) p biodone
$18 =3D (void (*)(struct buf *)) 0
(kgdb) up
#13 0xc0586ffb in bufdonebio (bp=3D0x0) at =
/usr/src/sys/kern/vfs_bio.c:3071
3071 bufdone(bp->bio_caller2);
(kgdb) l
3066 bufdonebio(struct bio *bp)
3067 {
3068=09
3069 /* Device drivers may or may not hold giant, hold it here.
*/
3070 mtx_lock(&Giant);
3071 bufdone(bp->bio_caller2);
3072 mtx_unlock(&Giant);
3073 }
3074=09
3075 void
(kgdb) p bp->biocol=08 =08=08 =08aller2
There is no member named biocaller2.
(kgdb) p bp->biio=08 =08=08 =08o_caller2
---Can't read userspace from dump, or kernel process---
(kgdb) up
#14 0xc0586e56 in biodone (bp=3D0xde54c3e8) at
/usr/src/sys/kern/vfs_bio.c:2995
2995 bp->bio_done(bp);
(kgdb) l
2990 bp->bio_flags |=3D BIO_DONE;
2991 if (bp->bio_done =3D=3D NULL)
2992 wakeup(bp);
2993 mtx_unlock(&bdonelock);
2994 if (bp->bio_done !=3D NULL)
2995 bp->bio_done(bp);
2996 }
2997=09
2998 /*
2999 * Wait for a BIO to finish.
(kgdb) up
#15 0xc051354b in g_dev_done (bp2=3D0xca646660)
at /usr/src/sys/geom/geom_dev.c:360
360 biodone(bp);
(kgdb) l
355 g_trace(G_T_BIO, "g_dev_done(%p/%p) resid %ld
completed %jd",
356 bp2, bp, bp->bio_resid,
(intmax_t)bp2->bio_completed);
357 }
358 bp->bio_resid =3D bp->bio_bcount - bp2->bio_completed;
359 g_destroy_bio(bp2);
360 biodone(bp);
361 }
362=09
363 static void
364 g_dev_strategy(struct bio *bp)
(kgdb) p bp2
$19 =3D (struct bio *) 0xca646660
(kgdb) p/x *bp2
$20 =3D {bio_cmd =3D 0x2, bio_dev =3D 0x0, bio_disk =3D 0x0, bio_offset =
=3D
0x5ffa74000,=20
bio_bcount =3D 0x20000, bio_data =3D 0xe75ad000, bio_flags =3D 0x4,=20
bio_error =3D 0x0, bio_resid =3D 0x0, bio_done =3D 0xc05134f0, =
bio_driver1 =3D
0x0,=20
bio_driver2 =3D 0x0, bio_caller1 =3D 0x0, bio_caller2 =3D 0x0, =
bio_queue =3D {
tqe_next =3D 0x0, tqe_prev =3D 0xc074bc00}, bio_attribute =3D 0x0,=20
bio_from =3D 0xc55edf00, bio_to =3D 0xc59c9400, bio_length =3D =
0x20000,=20
bio_completed =3D 0x20000, bio_children =3D 0x1, bio_inbed =3D 0x1,=20
bio_parent =3D 0xde54c3e8, bio_t0 =3D {sec =3D 0x7e6f, frac =3D
0xb57a45f62e0379c0},=20
bio_task =3D 0x0, bio_task_arg =3D 0x0, bio_pblkno =3D 0x0}
(kgdb) p/x *bp
$21 =3D {bio_cmd =3D 0x2, bio_dev =3D 0xc5982d00, bio_disk =3D 0x0,=20
bio_offset =3D 0x5ffa74000, bio_bcount =3D 0x20000, bio_data =3D =
0xe75ad000,=20
bio_flags =3D 0x4, bio_error =3D 0x0, bio_resid =3D 0x0, bio_done =3D =
0xc0586fbc,=20
bio_driver1 =3D 0x0, bio_driver2 =3D 0x0, bio_caller1 =3D 0x0,=20
bio_caller2 =3D 0xde54c3e8, bio_queue =3D {tqe_next =3D 0x0, tqe_prev =
=3D 0x0},=20
bio_attribute =3D 0x0, bio_from =3D 0x0, bio_to =3D 0x0, bio_length =
=3D 0x0,=20
bio_completed =3D 0x0, bio_children =3D 0x2ce7, bio_inbed =3D 0x0,=20
bio_parent =3D 0x0, bio_t0 =3D {sec =3D 0x0, frac =3D 0x0}, bio_task =
=3D 0x0,=20
bio_task_arg =3D 0x0, bio_pblkno =3D 0x0}
(kgdb) p/x bp2->bio_completed
$22 =3D 0x20000
(kgdb) up
#16 0xc0586e56 in biodone (bp=3D0xca646660) at
/usr/src/sys/kern/vfs_bio.c:2995
2995 bp->bio_done(bp);
(kgdb) l
2990 bp->bio_flags |=3D BIO_DONE;
2991 if (bp->bio_done =3D=3D NULL)
2992 wakeup(bp);
2993 mtx_unlock(&bdonelock);
2994 if (bp->bio_done !=3D NULL)
2995 bp->bio_done(bp);
2996 }
2997=09
2998 /*
2999 * Wait for a BIO to finish.
(kgdb) up
#17 0xc0515472 in g_io_schedule_up (tp=3D0xc54ab930)
at /usr/src/sys/geom/geom_io.c:405
405 biodone(bp);
(kgdb) l
400 }
401 bp =3D g_bioq_first(&g_bio_run_up);
402 if (bp !=3D NULL) {
403 g_bioq_unlock(&g_bio_run_up);
404 mtx_lock(&mymutex);
405 biodone(bp);
406 mtx_unlock(&mymutex);
407 continue;
408 }
409 msleep(&g_wait_up, &g_bio_run_up.bio_queue_lock,
(kgdb) up
#18 0xc05156b6 in g_up_procbody () at /usr/src/sys/geom/geom_kern.c:92
92 g_io_schedule_up(tp);
(kgdb) l
87 struct thread *tp =3D FIRST_THREAD_IN_PROC(p);
88=09
89 mtx_assert(&Giant, MA_NOTOWNED);
90 tp->td_base_pri =3D PRIBIO;
91 for(;;) {
92 g_io_schedule_up(tp);
93 }
94 }
95=09
96 struct kproc_desc g_up_kp =3D {
(kgdb) up=08 =08=08 =08=07=07p/x *tp
$23 =3D {td_proc =3D 0xc54d6a50, td_ksegrp =3D 0xc54d7000, td_plist =3D =
{
tqe_next =3D 0x0, tqe_prev =3D 0xc54d6a60}, td_kglist =3D {tqe_next =
=3D 0x0,=20
tqe_prev =3D 0xc54d701c}, td_slpq =3D {tqe_next =3D 0x0, tqe_prev =
=3D
0xeeca2c1c},=20
td_lockq =3D {tqe_next =3D 0x0, tqe_prev =3D 0xf5413b90}, td_runq =3D =
{
tqe_next =3D 0x0, tqe_prev =3D 0x0}, td_selq =3D {tqh_first =3D =
0x0,=20
tqh_last =3D 0x0}, td_sleepqueue =3D 0xc542a4e0, td_turnstile =3D =
0xc5552280,=20
td_tid =3D 0x3, td_flags =3D 0x0, td_inhibitors =3D 0x0, td_pflags =
=3D 0x0,=20
td_last_kse =3D 0xc5458820, td_kse =3D 0xc5458820, td_dupfd =3D 0x0,=20
td_wchan =3D 0x0, td_wmesg =3D 0x0, td_lastcpu =3D 0x0, td_oncpu =3D =
0x0,=20
td_locks =3D 0x0, td_blocked =3D 0x0, td_ithd =3D 0x0, td_lockname =
=3D 0x0,=20
td_contested =3D {lh_first =3D 0x0}, td_sleeplocks =3D 0x0,=20
td_intr_nesting_level =3D 0x0, td_pinned =3D 0x0, td_mailbox =3D 0x0, =
td_ucred =3D 0xc53d5180, td_standin =3D 0x0, td_prticks =3D 0x0, =
td_upcall =3D
0x0,=20
td_sticks =3D 0x4383, td_uuticks =3D 0x0, td_usticks =3D 0x0, =
td_intrval =3D 0x0,=20
td_oldsigmask =3D {__bits =3D {0x0, 0x0, 0x0, 0x0}}, td_sigmask =3D =
{__bits =3D {
0x0, 0x0, 0x0, 0x0}}, td_siglist =3D {__bits =3D {0x0, 0x0, 0x0, =
0x0}},=20
td_waitset =3D 0x0, td_umtx =3D {tqe_next =3D 0x0, tqe_prev =3D 0x0}, =
td_generation =3D 0x6a92b5, td_sigstk =3D {ss_sp =3D 0x0, ss_size =3D =
0x0,=20
ss_flags =3D 0x0}, td_kflags =3D 0x0, td_base_pri =3D 0x4c, =
td_priority =3D
0x4c,=20
td_pcb =3D 0xeec7dda0, td_state =3D 0x4, td_retval =3D {0x0, 0x0},=20
td_slpcallout =3D {c_links =3D {sle =3D {sle_next =3D 0x0}, tqe =3D =
{tqe_next =3D 0x0,
tqe_prev =3D 0xde4b3908}}, c_time =3D 0x1ee0045, c_arg =3D =
0xc54ab930,=20
c_func =3D 0x0, c_flags =3D 0x8}, td_frame =3D 0xeec7dd48,=20
td_kstack_obj =3D 0xc104318c, td_kstack =3D 0xeec7c000, =
td_kstack_pages =3D 0x2,
td_altkstack_obj =3D 0x0, td_altkstack =3D 0x0, td_altkstack_pages =
=3D 0x0,=20
td_critnest =3D 0x1, td_md =3D {md_savecrit =3D 0x246}, td_sched =3D =
0xc54aba80}
(kgdb) up
#19 0xc0531a7d in fork_exit (callout=3D0xc051569c <g_up_procbody>, =
arg=3D0x0,=20
frame=3D0xeec7dd48) at /usr/src/sys/kern/kern_fork.c:816
816 callout(arg, frame);
(kgdb) p/x *arg
Attempt to dereference a generic pointer.
(kgdb) p arg
$24 =3D (void *) 0x0
(kgdb) p frame
$25 =3D (struct trapframe *) 0xeec7dd48
(kgdb) p/x *frame
$26 =3D {tf_fs =3D 0x0, tf_es =3D 0x0, tf_ds =3D 0x0, tf_edi =3D 0x0, =
tf_esi =3D 0x0,=20
tf_ebp =3D 0x0, tf_isp =3D 0x0, tf_ebx =3D 0x0, tf_edx =3D 0x1, =
tf_ecx =3D 0x0,=20
tf_eax =3D 0x0, tf_trapno =3D 0x0, tf_err =3D 0x0, tf_eip =3D 0x0, =
tf_cs =3D 0x0,=20
tf_eflags =3D 0x0, tf_esp =3D 0x0, tf_ss =3D 0x0}
(kgdb) up
Initial frame selected; you cannot go up.
(kgdb) bt
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:236
#1 0xc04509f6 in db_fncall (dummy1=3D0, dummy2=3D0, =
dummy3=3D-1066661999,=20
dummy4=3D0xeec7da80 "=B4=DA=C7=EE\001") at =
/usr/src/sys/ddb/db_command.c:551
#2 0xc0450804 in db_command (last_cmdp=3D0xc0733940, cmd_table=3D0x0,=20
aux_cmd_tablep=3D0xc06f7924, aux_cmd_tablep_end=3D0xc06f793c)
at /usr/src/sys/ddb/db_command.c:348
#3 0xc04508dc in db_command_loop () at =
/usr/src/sys/ddb/db_command.c:475
#4 0xc0453075 in db_trap (type=3D19, code=3D0) at =
/usr/src/sys/ddb/db_trap.c:73
#5 0xc0682557 in kdb_trap (type=3D19, code=3D0, regs=3D0xeec7dbb0)
at /usr/src/sys/i386/i386/db_interface.c:226
#6 0xc0694ed5 in trap (frame=3D
{tf_fs =3D 24, tf_es =3D 786448, tf_ds =3D 16, tf_edi =3D =
-413478912, tf_esi =3D
-1065886336, tf_ebp =3D -288891916, tf_isp =3D -288891940, tf_ebx =3D =
3, tf_edx =3D
0, tf_ecx =3D 786678, tf_eax =3D 2, tf_trapno =3D 19, tf_err =3D 0, =
tf_eip =3D
-1066868634, tf_cs =3D 8, tf_eflags =3D 151, tf_esp =3D -413347840, =
tf_ss =3D
-288891896})
at /usr/src/sys/i386/i386/trap.c:606
#7 0xc068e066 in smp_tlb_shootdown (vector=3D246, addr1=3D0, =
addr2=3D0)
at machine/cpufunc.h:305
#8 0xc068e1d0 in smp_invlpg_range (addr1=3D3881488384, =
addr2=3D3881619456)
at /usr/src/sys/i386/i386/mp_machdep.c:1030
#9 0xc0690643 in pmap_invalidate_range (pmap=3D0xc077dd80, =
sva=3D3881488384,=20
eva=3D3881619456) at /usr/src/sys/i386/i386/pmap.c:640
#10 0xc0690c25 in pmap_qremove (sva=3D3881488384, count=3D0)
at /usr/src/sys/i386/i386/pmap.c:976
#11 0xc058acdb in cluster_callback (bp=3D0xde54c3e8)
at /usr/src/sys/kern/vfs_cluster.c:534
#12 0xc058719f in bufdone (bp=3D0xde54c3e8) at
/usr/src/sys/kern/vfs_bio.c:3141
#13 0xc0586ffb in bufdonebio (bp=3D0x0) at =
/usr/src/sys/kern/vfs_bio.c:3071
#14 0xc0586e56 in biodone (bp=3D0xde54c3e8) at
/usr/src/sys/kern/vfs_bio.c:2995
#15 0xc051354b in g_dev_done (bp2=3D0xca646660)
at /usr/src/sys/geom/geom_dev.c:360
#16 0xc0586e56 in biodone (bp=3D0xca646660) at
/usr/src/sys/kern/vfs_bio.c:2995
#17 0xc0515472 in g_io_schedule_up (tp=3D0xc54ab930)
at /usr/src/sys/geom/geom_io.c:405
#18 0xc05156b6 in g_up_procbody () at /usr/src/sys/geom/geom_kern.c:92
#19 0xc0531a7d in fork_exit (callout=3D0xc051569c <g_up_procbody>, =
arg=3D0x0,=20
frame=3D0xeec7dd48) at /usr/src/sys/kern/kern_fork.c:816
(kgdb) quit
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FE045D4D9F7AED4CBFF1B3B813C85337051D8FAD>