Date: Wed, 10 Sep 1997 12:22:02 +0200 From: j@ida.interface-business.de (J Wunsch) To: bugs@freebsd.org Cc: dfr@freebsd.org, dyson@freebsd.org Subject: Yet another 2.2-stable NFS (client) panic Message-ID: <19970910122202.WS38344@ida.interface-business.de>
next in thread | raw e-mail | index | archive | help
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x87654371
fault code = supervisor read, page not present
instruction pointer = 0x8:0xf013476f
stack pointer = 0x10:0xefbffdb0
frame pointer = 0x10:0xefbffdc0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 3
current process = 7004 (hpscan)
interrupt mask = bio
0xf013476f <reassignbuf+147>: movl 0x50(%edx),%eax
Register %edx had the fairly suspicious value 0x87654321. Alas, the
register values seem to have been clobbered when taking the coredump
from within DDB. Here's the stack trace (modulo the frames that were
caused by the DDB `panic' command, and a subsequent page fault inside
DDB):
#23 0xf01c78f7 in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -1073706944,
tf_esi = -257406464, tf_ebp = -272630336, tf_isp = -272630372,
tf_ebx = -225681520, tf_edx = -2023406815, tf_ecx = -225811320,
tf_eax = 128, tf_trapno = 12, tf_err = 0, tf_eip = -267171985,
tf_cs = 8, tf_eflags = 78470, tf_esp = -225681520, tf_ss = -225681520})
at ../../i386/i386/trap.c:311
#24 0xf013476f in reassignbuf (bp=0xf28c5f90, newvp=0xf0a84a00)
at ../../kern/vfs_subr.c:670
#25 0xf012f2f5 in bdwrite (bp=0xf28c5f90) at ../../kern/vfs_bio.c:410
#26 0xf015a5d6 in nfs_write (ap=0xefbffee8) at ../../nfs/nfs_bio.c:710
#27 0xf0139247 in vn_write ()
#28 0xf011efc3 in write ()
#29 0xf01c8417 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 512,
tf_esi = 136170860, tf_ebp = -272639304, tf_isp = -272629788,
tf_ebx = 136110176, tf_edx = 4505583, tf_ecx = 4505583, tf_eax = 4,
tf_trapno = 7, tf_err = 7, tf_eip = 136061205, tf_cs = 31,
The current process above was doing heavy NFS writing by the time of
this panic. (The NFS server is also a FreeBSD-2.2-something machine.)
Not sure whether it was a concidence, but right at the moment the
panic happened, i had just issued an `ntpdate' command on the NFS
server machine, causing it to change its system clock by ~ 45 seconds.
(kgdb) up 24
#24 0xf013476f in reassignbuf (bp=0xf28c5f90, newvp=0xf0a84a00)
at ../../kern/vfs_subr.c:670
670 (tbp->b_vnbufs.le_next->b_lblkno < bp->b_lblkno)) {
(kgdb) l 670
665 tbp = newvp->v_dirtyblkhd.lh_first;
666 if (!tbp || (tbp->b_lblkno > bp->b_lblkno)) {
667 bufinsvn(bp, &newvp->v_dirtyblkhd);
668 } else {
669 while (tbp->b_vnbufs.le_next &&
670 (tbp->b_vnbufs.le_next->b_lblkno < bp->b_lblkno)) {
671 tbp = tbp->b_vnbufs.le_next;
672 }
673 LIST_INSERT_AFTER(tbp, bp, b_vnbufs);
674 }
(kgdb) up
#25 0xf012f2f5 in bdwrite (bp=0xf28c5f90) at ../../kern/vfs_bio.c:410
410 reassignbuf(bp, bp->b_vp);
(kgdb) l 410
405 return;
406 }
407 bp->b_flags &= ~(B_READ|B_RELBUF);
408 if ((bp->b_flags & B_DELWRI) == 0) {
409 bp->b_flags |= B_DONE | B_DELWRI;
410 reassignbuf(bp, bp->b_vp);
411 }
412
413 /*
414 * This bmap keeps the system from needing to do the bmap later,
(kgdb) up
#26 0xf015a5d6 in nfs_write (ap=0xefbffee8) at ../../nfs/nfs_bio.c:710
710 bdwrite(bp);
(kgdb) l 710
705 (nmp->nm_flag & NFSMNT_NQNFS) == 0) {
706 bp->b_proc = (struct proc *)0;
707 bp->b_flags |= B_ASYNC;
708 (void)nfs_writebp(bp, 0);
709 } else
710 bdwrite(bp);
711 } while (uio->uio_resid > 0 && n > 0);
712 return (0);
713 }
714
The coredump is still available if somebody has further questions.
--
J"org Wunsch Unix support engineer
joerg_wunsch@interface-business.de http://www.interface-business.de/~j
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970910122202.WS38344>