From owner-freebsd-bugs@FreeBSD.ORG Thu Aug 20 15:20:06 2009 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 85A8A106568D for ; Thu, 20 Aug 2009 15:20:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 73E9B8FC66 for ; Thu, 20 Aug 2009 15:20:06 +0000 (UTC) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n7KFK6IH071781 for ; Thu, 20 Aug 2009 15:20:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n7KFK6mE071780; Thu, 20 Aug 2009 15:20:06 GMT (envelope-from gnats) Date: Thu, 20 Aug 2009 15:20:06 GMT Message-Id: <200908201520.n7KFK6mE071780@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Jamie Landeg Jones Cc: Subject: Re: kern/137310: reproducable kernel panic: page fault FreeBSD 7.2-STABLE X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Jamie Landeg Jones List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Aug 2009 15:20:06 -0000 The following reply was made to PR kern/137310; it has been noted by GNATS. From: Jamie Landeg Jones To: FreeBSD-gnats-submit@FreeBSD.org Cc: Subject: Re: kern/137310: reproducable kernel panic: page fault FreeBSD 7.2-STABLE Date: Thu, 20 Aug 2009 16:13:11 +0100 This is a multi-part message in MIME format. --=_4a8d6807.ZUT2Fiky2wRmBS/l+DzoioihvRRAQgbvuSxZGcKRJnWC5eKu Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Also occurs in 8.0-BETA2 --=_4a8d6807.ZUT2Fiky2wRmBS/l+DzoioihvRRAQgbvuSxZGcKRJnWC5eKu Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="typescript" GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd"... Unread portion of the kernel message buffer: kernel trap 12 with interrupts disabled Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x14 fault code = supervisor read, page not present instruction pointer = 0x20:0xc064c150 stack pointer = 0x28:0xe70649fc frame pointer = 0x28:0xe7064a18 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = resume, IOPL = 0 current process = 9475 (rsync) trap number = 12 panic: page fault cpuid = 0 Uptime: 3h39m11s Physical memory: 1463 MB Dumping 206 MB: 191 175 159 143 127 111 95 79 63 47 (CTRL-C to abort) 31 (CTRL-C to abort) 15 (CTRL-C to abort) (CTRL-C to abort) Reading symbols from /boot/kernel/ntfs.ko...Reading symbols from /boot/kernel/ntfs.ko.symbols...done. done. Loaded symbols for /boot/kernel/ntfs.ko Reading symbols from /boot/kernel/linprocfs.ko...Reading symbols from /boot/kernel/linprocfs.ko.symbols...done. done. Loaded symbols for /boot/kernel/linprocfs.ko Reading symbols from /boot/kernel/linsysfs.ko...Reading symbols from /boot/kernel/linsysfs.ko.symbols...done. done. Loaded symbols for /boot/kernel/linsysfs.ko Reading symbols from /usr/local/modules/fuse.ko...done. Loaded symbols for /usr/local/modules/fuse.ko Reading symbols from /boot/kernel/fade_saver.ko...Reading symbols from /boot/kernel/fade_saver.ko.symbols...done. done. Loaded symbols for /boot/kernel/fade_saver.ko Reading symbols from /usr/local/modules/rtc.ko...done. Loaded symbols for /usr/local/modules/rtc.ko #0 doadump () at pcpu.h:246 246 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) list *0xc064c150 0xc064c150 is in turnstile_broadcast (/usr/src/sys/kern/subr_turnstile.c:831). 826 827 /* 828 * Transfer the blocked list to the pending list. 829 */ 830 mtx_lock_spin(&td_contested_lock); 831 TAILQ_CONCAT(&ts->ts_pending, &ts->ts_blocked[queue], td_lockq); 832 mtx_unlock_spin(&td_contested_lock); 833 834 /* 835 * Give a turnstile to each thread. The last thread gets 836 * this turnstile if the turnstile is empty. 837 */ 838 TAILQ_FOREACH(td, &ts->ts_pending, td_lockq) { 839 if (LIST_EMPTY(&ts->ts_free)) { 840 MPASS(TAILQ_NEXT(td, td_lockq) == NULL); 841 ts1 = ts; 842 #ifdef TURNSTILE_PROFILING 843 tc->tc_depth--; 844 #endif 845 } else 846 ts1 = LIST_FIRST(&ts->ts_free); 847 MPASS(ts1 != NULL); 848 LIST_REMOVE(ts1, ts_hash); 849 td->td_turnstile = ts1; 850 } 851 } 852 853 /* 854 * Wakeup all threads on the pending list and adjust the priority of the 855 * current thread appropriately. This must be called with the turnstile 856 * chain locked. 857 */ 858 void 859 turnstile_unpend(struct turnstile *ts, int owner_type) 860 { 861 TAILQ_HEAD( ,thread) pending_threads; 862 struct turnstile *nts; 863 struct thread *td; 864 u_char cp, pri; 865 866 MPASS(ts != NULL); 867 mtx_assert(&ts->ts_lock, MA_OWNED); 868 MPASS(ts->ts_owner == curthread || ts->ts_owner == NULL); 869 MPASS(!TAILQ_EMPTY(&ts->ts_pending)); 870 871 /* 872 * Move the list of pending threads out of the turnstile and 873 * into a local variable. 874 */ 875 TAILQ_INIT(&pending_threads); (kgdb) back #0 doadump () at pcpu.h:246 #1 0xc0615843 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:416 #2 0xc0615b26 in panic (fmt=Variable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:579 #3 0xc088d3cd in trap_fatal (frame=0xe70649bc, eva=20) at /usr/src/sys/i386/i386/trap.c:931 #4 0xc088dcf3 in trap (frame=0xe70649bc) at /usr/src/sys/i386/i386/trap.c:323 #5 0xc0872b7b in calltrap () at /usr/src/sys/i386/i386/exception.s:165 #6 0xc064c150 in turnstile_broadcast (ts=0x0, queue=0) at /usr/src/sys/kern/subr_turnstile.c:831 #7 0xc06069e7 in _mtx_unlock_sleep (m=0xc4af92a0, opts=0, file=0x0, line=0) at /usr/src/sys/kern/kern_mutex.c:677 #8 0xc05b338d in pfs_getextattr (va=0xe7064aa0) at pseudofs_internal.h:110 #9 0xc089d9e3 in VOP_GETEXTATTR_APV (vop=0xc0936f80, a=0xe7064aa0) at vnode_if.c:2978 #10 0xc068983c in extattr_get_vp (vp=0xc4a2353c, attrnamespace=1, attrname=0xe7064b71 "rsync.%stat", data=0xbfbfb2b0, nbytes=255, td=0xc54f4230) at vnode_if.h:1332 #11 0xc06899b0 in extattr_get_link (td=0xc54f4230, uap=0xe7064cf8) at /usr/src/sys/kern/vfs_extattr.c:492 #12 0xc088d942 in syscall (frame=0xe7064d38) at /usr/src/sys/i386/i386/trap.c:1071 #13 0xc0872be0 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:261 #14 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) --=_4a8d6807.ZUT2Fiky2wRmBS/l+DzoioihvRRAQgbvuSxZGcKRJnWC5eKu--