From owner-freebsd-hackers  Tue Jun  1 18:19:30 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from Legato.COM (test8.legato.com [137.69.200.1])
	by hub.freebsd.org (Postfix) with ESMTP id E837314DBD
	for <freebsd-hackers@freebsd.org>; Tue,  1 Jun 1999 18:19:26 -0700 (PDT)
	(envelope-from bservies@Legato.COM)
Received: from mail.Legato.COM (mail-net2.legato.com [137.69.2.140])
	by Legato.COM (8.9.1/8.9.1) with ESMTP id SAA18575
	for <freebsd-hackers@freebsd.org>; Tue, 1 Jun 1999 18:16:34 -0700 (PDT)
Received: from 137.69.5.120 (aviary [137.69.5.120])
	by mail.Legato.COM (8.8.8+Sun/8.8.8) with ESMTP id SAA23614
	for <freebsd-hackers@freebsd.org>; Tue, 1 Jun 1999 18:17:05 -0700 (PDT)
Message-Id: <199906020117.SAA23614@mail.Legato.COM>
Date: Tue,  1 Jun 1999 18:19:50 -0700
From: "Byron C. Servies" <bservies@Legato.COM>
Subject: Help with panic 12 using 3.1 on compaq prosignia 300
To: freebsd-hackers@freebsd.org
X-Priority: 3
MIME-Version: 1.0
Content-Type: text/plain; Charset=US-ASCII
X-Mailer: Mailsmith 1.1.3 (Bluto)
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi there!

Apologies if I have selected the wrong list to post this question. 
Advice is appreciate, and I've tried to do my homework first.

I am consistenly receiving a panic 12 (page not present) after
installing FreeBSD 3.1 from the Walnut Creek CD's on an old Compaq
Prosignia 300 I had laying around.  Quick configuration (complete dmesg
output below);
    onboard NCR SCSI controller
    onboard AMD ethernet (using lnc driver)
    ATI Mach64 video card
    SCSI CD-ROM, 3 SCSI disks (1 int., 2 ext.)
    158MB RAM, 300MB Swap

The system installed OK, and runs fine until I perform an operation that
involves a lot of disk access, at which time I receive a panic 12 (exact
text below).  For example, untar-ing an archive or performing a cvs
checkout aways cause this problem (not immediately, but consistently).

I can rebuild the kernel, though, so I added debugging symbols, turned
on dumps and then took a look at the result using kgdb.  It is lengthy,
but I have added a script of the kgdb output to this message, as well as
the dmesg output from boot time.  This particular dump was from a cvs
-z6 co command.

The symptom is that the crfree() function is receiving a bad pointer,
but the actual problem is likely up the call chain.  Unfortunatley, I'm
not very familiar with dealing in kernel code and was hoping someone out
there might be able to lend a hand.

One guess: why is getblk() being called with blkno=0?  Just looks
suspicious to me.

Byron

p.s. I have read in the 3.2 FAQ that it does not support the NCR and AMD
drivers yet, so trying that version is out of the question for now.


-- kgdb session script ---

Script started on Tue Jun  1 17:23:46 1999
mink# gdb -k
GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for
details.
GDB 4.16 (i386-unknown-freebsd), Copyright 1996 Free Software
Foundation, Inc.
(kgdb) symbol-file kernel
Reading symbols from kernel...done.
(kgdb) exec-file /var/crash/kernel.0
(kgdb) core-file /var/crash/vmcore.0
IdlePTD 2990080
initial pcb at 26ee84
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x69a2c6dc
fault code      = supervisor write, page not present
instruction pointer = 0x8:0xf014c196
stack pointer           = 0x10:0xf2eecce0
frame pointer           = 0x10:0xf2eecce0
code segment        = base 0x0, limit 0xfffff, type 0x1b
            = DPL 0, pres 1, def32 1, gran 1
processor eflags    = interrupt enabled, resume, IOPL = 0
current process     = 253 (cvs)
interrupt mask      = bio 
trap number     = 12
panic: page fault

syncing disks... 47 47 47 47 47 47 47 47 47 47 47 47 47 47 47 47 47 47
47 47 giving up

dumping to dev 20401, offset 581632
dump 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 
---
#0  boot (howto=256) at ../../kern/kern_shutdown.c:285
285         dumppcb.pcb_cr3 = rcr3();
(kgdb) bt
#0  boot (howto=256) at ../../kern/kern_shutdown.c:285
#1  0xf014d3b4 in at_shutdown (
    function=0xf024aecb <__set_sysinit_set_sym_memdev_sys_init+1115>, 
    arg=0xf2eb1f40, queue=-219457216) at ../../kern/kern_shutdown.c:446
#2  0xf020e005 in trap_fatal (frame=0xf2eecca4, eva=1772275420)
    at ../../i386/i386/trap.c:942
#3  0xf020dce3 in trap_pfault (frame=0xf2eecca4, usermode=0,
eva=1772275420)
    at ../../i386/i386/trap.c:835
#4  0xf020d95a in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = 1, 
      tf_esi = -248389704, tf_ebp = -219231008, tf_isp = -219231028, 
      tf_ebx = 8192, tf_edx = 0, tf_ecx = -1073217472, tf_eax =
1772275420, 
      tf_trapno = 12, tf_err = 2, tf_eip = -267075178, tf_cs = 8, 
      tf_eflags = 66050, tf_esp = -219230960, tf_ss = -266951185})
    at ../../i386/i386/trap.c:437
#5  0xf014c196 in crfree (cr=0x69a2c6dc) at ../../kern/kern_prot.c:802
#6  0xf016a5ef in getnewbuf (vp=0xf2f422c0, blkno=0, slpflag=0,
slptimeo=0, 
    size=1024, maxsize=8192) at ../../kern/vfs_bio.c:1116
#7  0xf016adfe in getblk (vp=0xf2f422c0, blkno=0, size=1024, slpflag=0, 
    slptimeo=0) at ../../kern/vfs_bio.c:1510
#8  0xf01d971a in ffs_balloc (ap=0xf2eecea8) at
../../ufs/ffs/ffs_balloc.c:170
#9  0xf01dd824 in ffs_write (ap=0xf2eecefc) at vnode_if.h:1015
#10 0xf01766e7 in vn_write (fp=0xf0768340, uio=0xf2eecf40,
cred=0xf075f880)
    at vnode_if.h:331
#11 0xf0157f1e in write (p=0xf2eb1f40, uap=0xf2eecf94)
    at ../../kern/sys_generic.c:270
#12 0xf020e247 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi =
134884646, 
      tf_esi = 135032281, tf_ebp = -272639168, tf_isp = -219230236, 
      tf_ebx = 5, tf_edx = 0, tf_ecx = 0, tf_eax = 4, tf_trapno = 7, 
      tf_err = 2, tf_eip = 672165828, tf_cs = 31, tf_eflags = 582, 
      tf_esp = -272655984, tf_ss = 39}) at ../../i386/i386/trap.c:1100
#13 0xf0201e4c in Xint0x80_syscall ()
#14 0x805051b in ?? ()
#15 0x80515b8 in ?? ()
#16 0x8052cbc in ?? ()
#17 0x8052d6c in ?? ()
#18 0x804e109 in ?? ()
#19 0x80684b6 in ?? ()
#20 0x804a105 in ?? ()
(kgdb) frame 5
#5  0xf014c196 in crfree (cr=0x69a2c6dc) at ../../kern/kern_prot.c:802
802 {
(kgdb) p cr
$1 = (struct ucred *) 0x0
(kgdb) frame 6
#6  0xf016a5ef in getnewbuf (vp=0xf2f422c0, blkno=0, slpflag=0,
slptimeo=0, 
    size=1024, maxsize=8192) at ../../kern/vfs_bio.c:1116
1116            crfree(bp->b_rcred);
(kgdb) p bp->b_rcred
$2 = (struct ucred *) 0x2e14e321
(kgdb) p *bp->b_rcred
Cannot access memory at address 0x2e14e321.
(kgdb) quit
mink# exit

Script done on Tue Jun  1 17:25:15 1999

--- dmesg output from boot after crash ---

Copyright (c) 1992-1999 FreeBSD Inc.
Copyright (c) 1982, 1986, 1989, 1991, 1993
    The Regents of the University of California. All rights reserved.
FreeBSD 3.1-RELEASE #3: Tue Jun  1 16:40:39 PDT 1999
    root@mink.legato.com:/usr/src/sys/compile/COMPAQ
Timecounter "i8254"  frequency 1193182 Hz
Timecounter "TSC"  frequency 90187130 Hz
CPU: Pentium/P54C (90.19-MHz 586-class CPU)
  Origin = "GenuineIntel"  Id = 0x525  Stepping=5
  Features=0x1bf<FPU,VME,DE,PSE,TSC,MSR,MCE,CX8>
real memory  = 16777216 (16384K bytes)
avail memory = 13762560 (13440K bytes)
Preloaded elf kernel "kernel" at 0xf02d0000.
eisa0: <CPQ541 (System Board)>
Probing for devices on the EISA bus
Probing for devices on PCI bus 0:
lnc1: <PCNet/PCI Ethernet adapter> rev 0x02 int b irq 3 on pci0.11.0
lnc1: PCnet-32 VL-Bus address 00:80:5f:fc:22:f9
ncr0: <ncr 53c810 fast10 scsi> rev 0x02 int a irq 10 on pci0.12.0
vga0: <ATI Mach64-GX graphics accelerator> rev 0x03 on pci0.14.0
chip0: <PCI to EISA bridge (vendor=0e11 device=0001)> rev 0x03 on
pci0.15.0
Probing for devices on the ISA bus:
sc0 on isa
sc0: VGA color <16 virtual consoles, flags=0x0>
atkbdc0 at 0x60-0x6f on motherboard
atkbd0 irq 1 on isa
psm0 irq 12 on isa
psm0: model Generic PS/2 mouse, device ID 0
sio0 at 0x3f8-0x3ff irq 4 flags 0x10 on isa
sio0: type 16550A
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1 not found at 0x2f8
fdc0 at 0x3f0-0x3f7 irq 6 drq 2 on isa
fdc0: FIFO enabled, 8 bytes threshold
fd0: 1.44MB 3.5in
wdc0 not found at 0x1f0
wt0 not found at 0x300
mcd0 not found at 0x300
matcdc0 not found at 0x230
scd0 not found at 0x230
ppc0 at 0x378 irq 7 on isa
ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode
nlpt0: <generic printer> on ppbus 0
nlpt0: Interrupt-driven port
ppi0: <generic parallel i/o> on ppbus 0
plip0: <PLIP network interface> on ppbus 0
ep0 not found at 0x300
lnc0 not found at 0x280
adv0 not found at 0x330
bt0 not found at 0x134
aha0 not found at 0x134
vga0 at 0x3b0-0x3df maddr 0xa0000 msize 131072 on isa
npx0 on motherboard
npx0: INT 16 interface
Intel Pentium detected, installing workaround for F00F bug
Waiting 15 seconds for SCSI devices to settle
changing root device to da0s1a
da0 at ncr0 bus 0 target 0 lun 0
da0: <COMPAQ DPES-31080 S70E> Fixed Direct Access SCSI-2 device 
da0: 10.0MB/s transfers (10.0MHz, offset 8), Tagged Queueing Enabled
da0: 1001MB (2051000 512 byte sectors: 64H 32S/T 1001C)
da2 at ncr0 bus 0 target 2 lun 0
da2: <SEAGATE ST32151N 0284> Fixed Direct Access SCSI-2 device 
da2: 10.0MB/s transfers (10.0MHz, offset 8), Tagged Queueing Enabled
da2: 2049MB (4197405 512 byte sectors: 255H 63S/T 261C)
da1 at ncr0 bus 0 target 1 lun 0
da1: <SEAGATE ST32151N 0530> Fixed Direct Access SCSI-2 device 
da1: 10.0MB/s transfers (10.0MHz, offset 8), Tagged Queueing Enabled
da1: 2049MB (4197405 512 byte sectors: 255H 63S/T 261C)
cd0 at ncr0 bus 0 target 5 lun 0
cd0: <COMPAQ CD-ROM CR-503BCQ 1.1i> Removable CD-ROM SCSI-2 device 
cd0: 3.300MB/s transfers
cd0: Attempt to query device size failed: NOT READY, Medium not present
WARNING: / was not properly dismounted







To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message