Date: Fri, 22 Aug 2003 10:14:11 +0200 (CEST) From: Lukas Ertl <l.ertl@univie.ac.at> To: freebsd-current@freebsd.org Cc: bmilekic@freebsd.org Subject: Another pmap related panic Message-ID: <20030822100500.S637@korben.in.tern>
next in thread | raw e-mail | index | archive | help
Hi, I got another pmap related panic on my HTT SMP machine. If I don't get that completely wrong, it dies again after accessing the return value of pmap_pte_quick(). Kernel is: 5.1-CURRENT FreeBSD 5.1-CURRENT #23: Thu Aug 21 21:19:53 CEST 2003 NB: the other panic that I saw frequently can be found at <http://lists.freebsd.org/pipermail/freebsd-current/2003-August/008573.html= >. Ok, but now for the new one: Stopped at pmap_clear_modify+0x93: movl 0(%eax),%esi db> where pmap_clear_modify(c1863d60,200,0,dfb50bb8,c0254ce2) at pmap_clear_modify+0x= 93 swp_pager_async_iodone(d28d2cc0,c020b771,c63f9040,3618c5b3,4c) at swp_pager= _async_iodone+0x208 bufdone(d28d2cc0,0,0,0,c03f4100) at bufdone+0x141 bufdonebio(d28d2cc0,dfb50c44,c01c8842,c21c2120,c6d78630) at bufdonebio+0x5e biodone(d28d2cc0,c039bdc9,c6d78630,d28d2cc0,0) at biodone+0xcc g_dev_done(c6d78630,c21c9e40,0,0,4) at g_dev_done+0x8a biodone(c6d78630,0,24c,c039b711,a) at biodone+0xcc g_io_schedule_up(c21c9e40,c60931e4,dfb50d34,c01ecb31,0) at g_io_schedule_up= +0xb8 g_up_procbody(0,dfb50d48,0,0,0) at g_up_procbody+0x28 fork_exit(c01c9180,0,dfb50d48) at fork_exit+0xb1 fork_trampoline() at fork_trampoline+0x8 --- trap 0x1, eip =3D 0, esp =3D 0xdfb50d7c, ebp =3D 0 --- Script started on Fri Aug 22 09:59:55 2003 [root@newscore crash]# gdb -k kernel.7 vmcore.7 GNU gdb 5.2.1 (FreeBSD) Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you ar= e welcome to change it and/or distribute copies of it under certain condition= s. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-undermydesk-freebsd"... panic messages: --- Fatal trap 12: page fault while in kernel mode cpuid =3D 3; lapic.id =3D 07000000 fault virtual address=09=3D 0xbfca1974 fault code=09=09=3D supervisor read, page not present instruction pointer=09=3D 0x8:0xc035f443 stack pointer=09 =3D 0x10:0xdfb50b6c frame pointer=09 =3D 0x10:0xdfb50b84 code segment=09=09=3D base 0x0, limit 0xfffff, type 0x1b =09=09=09=3D DPL 0, pres 1, def32 1, gran 1 processor eflags=09=3D interrupt enabled, resume, IOPL =3D 0 current process=09=09=3D 3 (g_up) Dumping 1023 MB 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 = 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 608 624= 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 92= 8 944 960 976 992 1008 --- Reading symbols from /usr/obj/usr/src/sys/NEWSCORE/modules/usr/src/sys/modu= les/acpi/acpi.ko.debug...done. Loaded symbols for /usr/obj/usr/src/sys/NEWSCORE/modules/usr/src/sys/module= s/acpi/acpi.ko.debug #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 240=09=09dumping++; (kgdb) where #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 #1 0xc01494e5 in db_fncall (dummy1=3D0, dummy2=3D0, dummy3=3D1999, dummy4=3D0xdfb50950 "=E0R>=C0h\201B=C0l\t=B5=DF\r") at /usr/src/sys/ddb/db_command.c:548 #2 0xc0149232 in db_command (last_cmdp=3D0xc03e4980, cmd_table=3D0x0, aux_cmd_tablep=3D0xc03b5ee4, aux_cmd_tablep_end=3D0xc03b5ee8) at /usr/src/sys/ddb/db_command.c:346 #3 0xc0149375 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472 #4 0xc014c395 in db_trap (type=3D12, code=3D0) at /usr/src/sys/ddb/db_trap= =2Ec:73 #5 0xc03479dc in kdb_trap (type=3D12, code=3D0, regs=3D0xdfb50b2c) at /usr/src/sys/i386/i386/db_interface.c:172 #6 0xc0361de6 in trap_fatal (frame=3D0xdfb50b2c, eva=3D0) at /usr/src/sys/i386/i386/trap.c:813 #7 0xc0361a92 in trap_pfault (frame=3D0xdfb50b2c, usermode=3D0, eva=3D3217= 693044) at /usr/src/sys/i386/i386/trap.c:732 #8 0xc03615ed in trap (frame=3D {tf_fs =3D -959840232, tf_es =3D 330235920, tf_ds =3D -464322544, tf_= edi =3D -1077274252, tf_esi =3D 963957765, tf_ebp =3D -541783164, tf_isp = =3D -541783208, tf_ebx =3D -580143472, tf_edx =3D 330260480, tf_ecx =3D -46= 4297340, tf_eax =3D -1077274252, tf_trapno =3D 12, tf_err =3D 0, tf_eip =3D= -1070205885, tf_cs =3D 8, tf_eflags =3D 66050, tf_esp =3D -959834192, tf_s= s =3D 677761024}) at /usr/src/sys/i386/i386/trap.c:417 #9 0xc0349418 in calltrap () at {standard input}:103 #10 0xc03090b8 in swp_pager_async_iodone (bp=3D0x3974d405) at /usr/src/sys/vm/swap_pager.c:1549 #11 0xc0253311 in bufdone (bp=3D0xd28d2cc0) at /usr/src/sys/kern/vfs_bio.c:= 3088 #12 0xc025317e in bufdonebio (bp=3D0x0) at /usr/src/sys/kern/vfs_bio.c:3035 #13 0xc0252f3c in biodone (bp=3D0xd28d2cc0) at /usr/src/sys/kern/vfs_bio.c:= 2959 #14 0xc01c640a in g_dev_done (bp2=3D0xc6d78630) at /usr/src/sys/geom/geom_dev.c:380 #15 0xc0252f3c in biodone (bp=3D0xd28d2cc0) at /usr/src/sys/kern/vfs_bio.c:= 2959 #16 0xc01c8f88 in g_io_schedule_up (tp=3D0xc21c9e40) at /usr/src/sys/geom/geom_io.c:371 #17 0xc01c91a8 in g_up_procbody () at /usr/src/sys/geom/geom_kern.c:92 #18 0xc01ecb31 in fork_exit (callout=3D0xc01c9180 <g_up_procbody>, arg=3D0x= 0, frame=3D0x0) at /usr/src/sys/kern/kern_fork.c:796 (kgdb) fr 10 #10 0xc03090b8 in swp_pager_async_iodone (bp=3D0x3974d405) at /usr/src/sys/vm/swap_pager.c:1549 1549=09=09=09=09pmap_clear_modify(m); (kgdb) list 1544=09=09=09=09/* 1545=09=09=09=09 * For write success, clear the modify and dirty 1546=09=09=09=09 * status, then finish the I/O ( which decrements the 1547=09=09=09=09 * busy count and possibly wakes waiter's up ). 1548=09=09=09=09 */ 1549=09=09=09=09pmap_clear_modify(m); 1550=09=09=09=09vm_page_undirty(m); 1551=09=09=09=09vm_page_io_finish(m); 1552=09=09=09=09if (!vm_page_count_severe() || !vm_page_try_to_cache(m)) 1553=09=09=09=09=09pmap_page_protect(m, VM_PROT_READ); (kgdb) bt full #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 No locals. #1 0xc01494e5 in db_fncall (dummy1=3D0, dummy2=3D0, dummy3=3D1999, dummy4=3D0xdfb50950 "=E0R>=C0h\201B=C0l\t=B5=DF\r") at /usr/src/sys/ddb/db_command.c:548 =09fn_addr =3D -1071629680 =09args =3D {0 <repeats 11 times>} =09nargs =3D 11 =09retval =3D 0 =09func =3D (fcn_10args_t *) 0xc0203a90 <doadump> =09t =3D 0 #2 0xc0149232 in db_command (last_cmdp=3D0xc03e4980, cmd_table=3D0x0, aux_cmd_tablep=3D0xc03b5ee4, aux_cmd_tablep_end=3D0xc03b5ee8) at /usr/src/sys/ddb/db_command.c:346 =09cmd =3D (struct command *) 0xc03bb9c0 =09t =3D 0 =09modif =3D "=E0R>=C0h\201B=C0l\t=B5=DF\r\0\0\0=E0lA=C0\r\0\0\0\001\0\0\0\= 214\t=B5=DF&=D83=C0=E0R@=C0\aK\0 `mA=C0`=CB?=C0=E0R>=C0x\0\0\0=E0R>=C0h\201= B=C0=B0\t=B5=DFq=B1\024=C0\214=B18=C0 =AF\024=C0\0\0\0\0\020\0\0\0h\201B=C0= =E0R>=C0\206=A8\024=C0=E0R>=C0\230J>=C0x\0\0\0\020\0\0" =09addr =3D 0 =09count =3D 1999 =09have_addr =3D 0 =09result =3D 0 #3 0xc0149375 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472 No locals. #4 0xc014c395 in db_trap (type=3D12, code=3D0) at /usr/src/sys/ddb/db_trap= =2Ec:73 =09bkpt =3D 0 #5 0xc03479dc in kdb_trap (type=3D12, code=3D0, regs=3D0xdfb50b2c) at /usr/src/sys/i386/i386/db_interface.c:172 =09ef =3D 582 =09ddb_mode =3D 1 #6 0xc0361de6 in trap_fatal (frame=3D0xdfb50b2c, eva=3D0) at /usr/src/sys/i386/i386/trap.c:813 =09code =3D 16 =09type =3D 12 ---Type <return> to continue, or q <return> to quit--- =09ss =3D 16 =09esp =3D 0 =09softseg =3D {ssd_base =3D 0, ssd_limit =3D 1048575, ssd_type =3D 27, ssd_dpl =3D 0, ssd_p =3D 1, ssd_xx =3D 11, ssd_xx1 =3D 0, ssd_def32 =3D 1= , ssd_gran =3D 1} #7 0xc0361a92 in trap_pfault (frame=3D0xdfb50b2c, usermode=3D0, eva=3D3217= 693044) at /usr/src/sys/i386/i386/trap.c:732 =09va =3D 3217690624 =09vm =3D (struct vmspace *) 0x0 =09map =3D 0x1 =09rv =3D 1 =09ftype =3D 1 '\001' =09td =3D (struct thread *) 0xc21c9e40 =09p =3D (struct proc *) 0xc60931e4 #8 0xc03615ed in trap (frame=3D {tf_fs =3D -959840232, tf_es =3D 330235920, tf_ds =3D -464322544, tf_= edi =3D -1077274252, tf_esi =3D 963957765, tf_ebp =3D -541783164, tf_isp = =3D -541783208, tf_ebx =3D -580143472, tf_edx =3D 330260480, tf_ecx =3D -46= 4297340, tf_eax =3D -1077274252, tf_trapno =3D 12, tf_err =3D 0, tf_eip =3D= -1070205885, tf_cs =3D 8, tf_eflags =3D 66050, tf_esp =3D -959834192, tf_s= s =3D 677761024}) at /usr/src/sys/i386/i386/trap.c:417 =09td =3D (struct thread *) 0xc21c9e40 =09p =3D (struct proc *) 0xc60931e4 =09sticks =3D 3256655424 =09i =3D 0 =09ucode =3D 0 =09type =3D 12 =09code =3D 0 =09eva =3D 3217693044 #9 0xc0349418 in calltrap () at {standard input}:103 No locals. #10 0xc03090b8 in swp_pager_async_iodone (bp=3D0x3974d405) at /usr/src/sys/vm/swap_pager.c:1549 =09m =3D 0xdd6bb690 =09i =3D -1077274252 =09object =3D 0xc6b0f784 ---Type <return> to continue, or q <return> to quit--- #11 0xc0253311 in bufdone (bp=3D0xd28d2cc0) at /usr/src/sys/kern/vfs_bio.c:= 3088 =09biodone =3D (void (*)(struct buf *)) 0 #12 0xc025317e in bufdonebio (bp=3D0x0) at /usr/src/sys/kern/vfs_bio.c:3035 No locals. #13 0xc0252f3c in biodone (bp=3D0xd28d2cc0) at /usr/src/sys/kern/vfs_bio.c:= 2959 No locals. #14 0xc01c640a in g_dev_done (bp2=3D0xc6d78630) at /usr/src/sys/geom/geom_dev.c:380 =09bp =3D (struct bio *) 0xd28d2cc0 #15 0xc0252f3c in biodone (bp=3D0xd28d2cc0) at /usr/src/sys/kern/vfs_bio.c:= 2959 No locals. #16 0xc01c8f88 in g_io_schedule_up (tp=3D0xc21c9e40) at /usr/src/sys/geom/geom_io.c:371 =09bp =3D (struct bio *) 0xd28d2cc0 =09mymutex =3D {mtx_object =3D {lo_class =3D 0xc03c9eec, lo_name =3D 0xc039c365 "g_xup", lo_type =3D 0xc039c365 "g_xup", lo_flags =3D 196608, lo_list =3D {tqe_next =3D 0x0, tqe_prev =3D 0x0}, lo_witness =3D 0x0}, mtx_lock =3D 3256655424, mtx_recurse =3D 0, mtx_bl= ocked =3D { tqh_first =3D 0x0, tqh_last =3D 0xdfb50cd4}, mtx_contested =3D {le_next= =3D 0x0, le_prev =3D 0x0}} #17 0xc01c91a8 in g_up_procbody () at /usr/src/sys/geom/geom_kern.c:92 =09p =3D (struct proc *) 0x0 =09tp =3D (struct thread *) 0xc21c9e40 #18 0xc01ecb31 in fork_exit (callout=3D0xc01c9180 <g_up_procbody>, arg=3D0x= 0, frame=3D0x0) at /usr/src/sys/kern/kern_fork.c:796 =09p =3D (struct proc *) 0xc60931e4 =09td =3D (struct thread *) 0x0 (kgdb) l *pmap_clear_modify+0x93 0xc035f443 is in pmap_clear_modify (/usr/src/sys/i386/i386/pmap.c:2836). 2831=09=09=09=09continue; 2832=09=09=09} 2833=09#endif 2834 2835=09=09=09pte =3D pmap_pte_quick(pv->pv_pmap, pv->pv_va); 2836=09=09=09pbits =3D *pte; 2837=09=09=09if (pbits & bit) { 2838=09=09=09=09if (bit =3D=3D PG_RW) { 2839=09=09=09=09=09if (pbits & PG_M) { 2840=09=09=09=09=09=09vm_page_dirty(m); (kgdb) quit [root@newscore crash]# exit Script done on Fri Aug 22 10:01:07 2003 --=20 Lukas Ertl eMail: l.ertl@univie.ac.at UNIX Systemadministrator Tel.: (+43 1) 4277-14073 Vienna University Computer Center Fax.: (+43 1) 4277-9140 University of Vienna http://mailbox.univie.ac.at/~le/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030822100500.S637>