From owner-freebsd-bugs@FreeBSD.ORG Thu Jun 14 08:16:13 2007 Return-Path: X-Original-To: freebsd-bugs@FreeBSD.org Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E033416A469 for ; Thu, 14 Jun 2007 08:16:13 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.freebsd.org (Postfix) with ESMTP id CA10813C4B0 for ; Thu, 14 Jun 2007 08:16:13 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id A62831A3C19; Thu, 14 Jun 2007 01:15:46 -0700 (PDT) Received: from rot13.obsecurity.org (rot13.obsecurity.org [192.168.1.5]) by obsecurity.dyndns.org (Postfix) with ESMTP id 96DCE511B4; Thu, 14 Jun 2007 04:16:12 -0400 (EDT) Received: by rot13.obsecurity.org (Postfix, from userid 1001) id E7E34BE96; Thu, 14 Jun 2007 04:16:11 -0400 (EDT) Date: Thu, 14 Jun 2007 04:16:11 -0400 From: Kris Kennaway To: Remco Bressers Message-ID: <20070614081611.GA80152@rot13.obsecurity.org> References: <200704242110.l3OLA93u057070@freefall.freebsd.org> <20070424211426.GA39603@xor.obsecurity.org> <1177449699.5638.25.camel@localhost> <20070424212637.GA39829@xor.obsecurity.org> <1177450685.5638.29.camel@localhost> <20070424214220.GA40150@xor.obsecurity.org> <1177451257.5638.31.camel@localhost> <20070424215822.GA40483@xor.obsecurity.org> <4670F768.8060500@signet.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4670F768.8060500@signet.nl> User-Agent: Mutt/1.4.2.3i Cc: freebsd-bugs@FreeBSD.org, pvdsteen@signet.nl, "Michael R. Wayne" , Kris Kennaway Subject: Re: kern/111458: [panic] Panic on 6.2-RELEASE AMD in kern_mutex X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jun 2007 08:16:14 -0000 On Thu, Jun 14, 2007 at 10:08:08AM +0200, Remco Bressers wrote: > >> > > > > > > To update this bugreport and to keep it 'warm' > >> > > > > > > > >> > > > > > > I've got the very same problem overhere. > >> > > > > > > > >> > > > > > > Our box : > >> > > > > > > > >> > > > > > > # uname -r > >> > > > > > > 6.2-RELEASE-p2 > >> > > > > > > > >> > > > > > > This is an amd64 release > >> > > > > > > > >> > > > > > > Updates on GENERIC : > >> > > > > > > > >> > > > > > > options QUOTA > >> > > > > > > device pf > >> > > > > > > device pflog > >> > > > > > > options SMP > >> > > > > > > > >> > > > > > > Kernel messages : > >> > > > > > > > >> > > > > > > cpuid = 0; apic id = 00 > >> > > > > > > fault virtual address = 0x18c > >> > > > > > > fault code = supervisor read, page not present > >> > > > > > > current process = 5 (thread taskq) > >> > > > > > > trap number = 12 > >> > > > > > > panic: page fault > >> > > > > > > cpuid = 0 > >> > > > > > > >> > > > > > How do you know it is "the very same problem"? In order to > >determine > >> > > > > > this you need to compare backtraces from the panic, which you > >didn't > >> > > > > > provide. > >> > > > > > >> > > > > I contacted the submitter for this problem and compared hardware > >and > >> > > > > software. The symptoms are the same > >> > > > > >> > > > Which just means "it crashed" > >> > > > > >> > > > , the kernel panic is the same and > >> > > > > >> > > > The panic message also just means "it crashed" > >> > > > > >> > > > > the installed FreeBSD version is exactly the same. > >> > > > > >> > > > You're both running the most recent version, no real surprises > >there. > >> > > > > >> > > > > Sounds fair enough to me. Ofcourse i cannot be 100% sure, but it > >> > > > > sounds too obvious to me. > >> > > > > >> > > > Well, maybe, but I respectfully submit that you don't understand > >the > >> > > > issue well enough to conclude that :) Please follow up with a > >> > > > backtrace and then we'll see where things stand. > >> > > > >> > > You didn't write anything about the fact that software combinations + > >> > > hardware is almost identical! That's no coincidence in my humble > >> > > opinion :). Anyway.. > >> > > >> > I'd prefer not to prematurely jump to conclusions before you have any > >> > supporting evidence. It is of course an obviously true statement that > >> > two identical systems may panic in two completely different and > >> > unrelated ways. > >> > > >> > > The problem in this case is, that the backtrace isn't written to > >disk. I > >> > > must wait for the next opportunity to get that backtrace. > >> > > >> > OK, let us know. > > Hi Kris, > > The crash just happened again and there's a dump in /var/crash now and > it's 2GB big : > > joule# ls -l > total 2059510 > -rw-r--r-- 1 root wheel 2 May 7 11:06 bounds > -rw------- 1 root wheel 445 May 7 11:06 info.0 > -rw-r--r-- 1 root wheel 5 Jan 12 08:13 minfree > -rw------- 1 root wheel 2146025472 May 7 11:07 vmcore.0 > > > > I got the following output from kgdb : > > joule# kgdb kernel.debug /var/crash/vmcore.0 > [GDB will not be able to debug user-mode > threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] > GNU gdb 6.1.1 [FreeBSD] > Copyright 2004 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you > are > welcome to change it and/or distribute copies of it under certain > conditions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for > details. > This GDB was configured as "amd64-marcel-freebsd". > > Unread portion of the kernel message buffer: > panic: page fault > cpuid = 0 > Uptime: 12d10h56m24s > Dumping 2046 MB (2 chunks) > chunk 0: 1MB (155 pages) ... ok > chunk 1: 2046MB (523776 pages) 2031 2015 1999 1983 1967 1951 1935 1919 > 1903 1887 1871 1855 1839 1823 1807 1791 1775 1759 1743 1727 1711 1695 > 1679 1663 1647 1631 1615 1599 1583 1567 1551 1535 1519 1503 1487 1471 > 1455 1439 1423 1407 1391 1375 1359 1343 1327 1311 1295 1279 1263 1247 > 1231 1215 1199 1183 1167 1151 1135 1119 1103 1087 1071 1055 1039 1023 > 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 > 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 > 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 > 143 127 111 95 79 63 47 31 15 > > #0 doadump () at pcpu.h:172 > 172 __asm __volatile("movq %%gs:0,%0" : "=r" (td)); > > (kgdb) backtrace > > #0 doadump () at pcpu.h:172 > #1 0x0000000000000004 in ?? () > #2 0xffffffff8021f787 in boot (howto=260) > at /usr/src/sys/kern/kern_shutdown.c:409 > #3 0xffffffff8021fe21 in panic (fmt=0xffffff007b950720 "") > at /usr/src/sys/kern/kern_shutdown.c:565 > #4 0xffffffff8035edcf in trap_fatal (frame=0xffffff007b950720, > eva=18446742976271278080) at /usr/src/sys/amd64/amd64/trap.c:660 > #5 0xffffffff8035f2f6 in trap (frame= > {tf_rdi = 24, tf_rsi = -1097438263520, tf_rdx = 6, tf_rcx = > 3221225730, tf_r8 = -1315361520, tf_r9 = -1097438492872, tf_rax = 1, > tf_rbx = -1097589680120, tf_rbp = 4, tf_r10 = -2142164360, tf_r11 = 0, > tf_r12 = -1097438263520, tf_r13 = 4, tf_r14 = 1, tf_r15 = 20, tf_trapno > = 12, tf_addr = 396, tf_flags = -1097589680120, tf_err = 0, tf_rip = > -2145299289, tf_cs = 8, tf_rflags = 65538, tf_rsp = -1315361936, tf_ss = > 16}) at /usr/src/sys/amd64/amd64/trap.c:238 > #6 0xffffffff8034ac1b in calltrap () > at /usr/src/sys/amd64/amd64/exception.S:168 > #7 0xffffffff802154a7 in _mtx_lock_sleep (m=0xffffff00728e9808, > tid=18446742976271288096, opts=6, file=0xc0000102
out of bounds>, > line=-1315361520) at /usr/src/sys/kern/kern_mutex.c:546 > #8 0xffffffff8027256d in unp_gc (arg=0x18, pending=2073364256) > at /usr/src/sys/kern/uipc_usrreq.c:1714 > #9 0xffffffff80245d65 in taskqueue_run (queue=0xffffff0000792c00) > at /usr/src/sys/kern/subr_taskqueue.c:257 > #10 0xffffffff80246ab5 in taskqueue_thread_loop (arg=0x18) > at /usr/src/sys/kern/subr_taskqueue.c:376 > #11 0xffffffff80206c47 in fork_exit (callout=0xffffffff80246a30 > , arg=0xffffffff8051a0b0, > frame=0xffffffffb1992c50) > at /usr/src/sys/kern/kern_fork.c:821 > #12 0xffffffff8034af7e in fork_trampoline () > at /usr/src/sys/amd64/amd64/exception.S:394 > #13 0x0000000000000000 in ?? () > #14 0x0000000000000000 in ?? () > #15 0x0000000000000001 in ?? () > #16 0x0000000000000000 in ?? () > #17 0x0000000000000000 in ?? () > #18 0x0000000000000000 in ?? () > #19 0x0000000000000000 in ?? () > #20 0x0000000000000000 in ?? () > #21 0x0000000000000000 in ?? () > #22 0x0000000000000000 in ?? () > #23 0x0000000000000000 in ?? () > #24 0x0000000000000000 in ?? () > #25 0x0000000000000000 in ?? () > #26 0x0000000000000000 in ?? () > #27 0x0000000000000000 in ?? () > #28 0x0000000000000000 in ?? () > #29 0x0000000000000000 in ?? () > #30 0x0000000000000000 in ?? () > #31 0x0000000000000000 in ?? () > #32 0x0000000000000000 in ?? () > #33 0x0000000000000000 in ?? () > #34 0x0000000000000000 in ?? () > #35 0x0000000000000000 in ?? () > #36 0x0000000000000000 in ?? () > #37 0x0000000000000000 in ?? () > #38 0x0000000000000000 in ?? () > #39 0x0000000000000000 in ?? () > #40 0x0000000000000000 in ?? () > #41 0x0000000000000000 in ?? () > #42 0x0000000000000000 in ?? () > #43 0x0000000000000000 in ?? () > #44 0x0000000000000000 in ?? () > #45 0x00000000006d6000 in ?? () > #46 0xffffff00728e9808 in ?? () > #47 0xffffffff8051a920 in turnstile_chains () > #48 0x0000000000000001 in ?? () > #49 0xffffff007b94e000 in ?? () > #50 0xffffff007b950be0 in ?? () > #51 0xffffffffb1992aa8 in ?? () > #52 0xffffff007b950720 in ?? () > #53 0xffffffff80234cc6 in sched_switch (td=0xffffffff8051a0b0, > newtd=0x0, flags=0) at /usr/src/sys/kern/sched_4bsd.c:973 > #54 0x0000000000000000 in ?? () > #55 0x0000000000000000 in ?? () > #56 0x0000000000000000 in ?? () > #57 0x0000000000000000 in ?? () > #58 0x0000000000000000 in ?? () > #59 0x0000000000000000 in ?? () > #60 0x0000000000000000 in ?? () > #61 0x0000000000000000 in ?? () > #62 0x0000000000000000 in ?? () > #63 0x0000000000000000 in ?? () > #64 0x0000000000000000 in ?? () > #65 0x0000000000000000 in ?? () > #66 0x0000000000000000 in ?? () > #67 0x0000000000000000 in ?? () > #68 0x0000000000000000 in ?? () > #69 0x0000000000000000 in ?? () > #70 0x0000000000000000 in ?? () > #71 0x0000000000000000 in ?? () > #72 0x0000000000000000 in ?? () > #73 0x0000000000000000 in ?? () > #74 0x0000000000000000 in ?? () > #75 0x0000000000000000 in ?? () > #76 0x0000000000000000 in ?? () > #77 0x0000000000000000 in ?? () > #78 0x0000000000000000 in ?? () > #79 0x0000000000000000 in ?? () > #80 0x0000000000000000 in ?? () > #81 0x0000000000000000 in ?? () > #82 0x0000000000000000 in ?? () > #83 0x0000000000000000 in ?? () > #84 0x0000000000000000 in ?? () > #85 0x0000000000000000 in ?? () > #86 0x0000000000000000 in ?? () > #87 0x0000000000000000 in ?? () > #88 0x0000000000000000 in ?? () > #89 0x0000000000000000 in ?? () > #90 0x0000000000000000 in ?? () > #91 0x0000000000000000 in ?? () > #92 0x0000000000000000 in ?? () > #93 0x0000000000000000 in ?? () > #94 0x0000000000000000 in ?? () > #95 0x0000000000000000 in ?? () > #96 0x0000000000000000 in ?? () > #97 0x0000000000000000 in ?? () > #98 0x0000000000000000 in ?? () > #99 0x0000000000000000 in ?? () > #100 0x0000000000000000 in ?? () > #101 0x0000000000000000 in ?? () > #102 0x0000000000000000 in ?? () > #103 0x0000000000000000 in ?? () > #104 0x0000000000000000 in ?? () > #105 0x0000000000000000 in ?? () > #106 0x0000000000000000 in ?? () > #107 0x0000000000000000 in ?? () > #108 0x0000000000000000 in ?? () > #109 0x0000000000000000 in ?? () > #110 0x0000000000000000 in ?? () > #111 0x0000000000000000 in ?? () > #112 0x0000000000000000 in ?? () > #113 0x0000000000000000 in ?? () > #114 0x0000000000000000 in ?? () > #115 0x0000000000000000 in ?? () > #116 0x0000000000000000 in ?? () > #117 0x0000000000000000 in ?? () > #118 0x0000000000000000 in ?? () > #119 0x0000000000000000 in ?? () > #120 0x0000000000000000 in ?? () > #121 0x0000000000000000 in ?? () > #122 0x0000000000000000 in ?? () > #123 0x0000000000000000 in ?? () > #124 0x0000000000000000 in ?? () > #125 0x0000000000000000 in ?? () > Cannot access memory at address 0xffffffffb1993000 > > > I hope this will be useful information. > > > Regards, > > Remco Bressers > Signet B.V. > > > ----------------- > > Hi, > > Is there anything new on this case yet? Adding rwatson to the CC since he may be interested in it. Kris