Date: Sat, 04 Sep 2004 00:57:24 -0400 From: Joe Marcus Clarke <marcus@marcuscom.com> To: current@freebsd.org Subject: Kernel panic in 6.0 revisited Message-ID: <1094273843.92485.11.camel@shumai.marcuscom.com>
next in thread | raw e-mail | index | archive | help
--=-0FvFg+w190Eiuuw8xz09
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
A few days ago, I reported a kernel panic in HEAD while building
packages on my tinderbox machine. I was unable to get a core dump fro
that crash, and after switching from ULE to 4BSD, I had thought it had
gone away.
Well, today, the machine panicked twice. It was the same panic both
times, and the same panic I got a few days ago. This time, however, I
was able to get a core dump. Here is the panic message:
Fatal trap 12: page fault while in kernel mode
cpuid =3D 0; apic id =3D 00
fault virtual address =3D 0x1c
fault code =3D supervisor write, page not present
instruction pointer =3D 0x8:0xc0533d07
stack pointer =3D 0x10:0xf5f30a4c
frame pointer =3D 0x10:0xf5f30a58
code segment =3D base 0x0, limit 0xfffff, type 0x1b
=3D DPL 0, pres 1, def32 1, gran 1
processor eflags =3D interrupt enabled, resume, IOPL =3D 0
current process =3D 27441 (cpp0)
Stopped at vfs_vmio_release+0x1b: lock cmpxchgl %ecx,0x1c(%edx)
Here is the full backtrace:
#0 doadump () at pcpu.h:159
No locals.
#1 0xc044790a in db_fncall (dummy1=3D0, dummy2=3D0, dummy3=3D-1067408529, =
dummy4=3D0xf3832640 "l&\203=F3=D4\205`=C0X&\203=F3\\&\203=F3\220\a") at /us=
r/src/sys/ddb/db_command.c:531
fn_addr =3D -1068568116
args =3D {0 <repeats 11 times>}
nargs =3D 11
retval =3D 0
func =3D (fcn_10args_t *) 0xc04ef1cc <doadump>
t =3D 0
#2 0xc0447718 in db_command (last_cmdp=3D0xc06aa344, cmd_table=3D0x0, aux_=
cmd_tablep=3D0xc0678980, aux_cmd_tablep_end=3D0xc0678984) at /usr/src/sys/d=
db/db_command.c:349
cmd =3D (struct command *) 0xc067e7c0
t =3D 0
modif =3D "l&\203=F3=D4\205`=C0X&\203=F3\\&\203=F3\220\a\000\000\22=
0\a\000\000=CF\a\000\000\000\000\000\000\000|m=C0\r\000\000\000\000|m=C0\00=
0|m=C0\r\000\000\000\001\000\000\000\230&\203=F3\a\177`=C0\230&\203=F3 \177=
`=C0 Ol=C0=E0=B4k=C0x\000\000\000@=ACj=C0\f\000\000\000=B8&\203=F3|\226D=C0=
_\035f=C0=EC\223D=C0\f\000\000\000@=ACj=C0\236\213D=C0"
addr =3D 0
count =3D -1067408529
have_addr =3D 0
result =3D 0
#3 0xc04477e0 in db_command_loop () at /usr/src/sys/ddb/db_command.c:455
No locals.
#4 0xc0449359 in db_trap (type=3D12, code=3D0) at /usr/src/sys/ddb/db_main=
.c:221
jb =3D {{_jb =3D {-209508616, -209508636, -209508564, -209508396, 1=
2, -1069247758, 12, -209508540, -1068464337, -1066976222, -1068464204, -209=
508560}}}
prev_jb =3D (void *) 0x0
bkpt =3D 0
#5 0xc0506cb7 in kdb_trap (type=3D12, code=3D0, tf=3D0x1) at /usr/src/sys/=
kern/subr_kdb.c:418
did_stop_cpus =3D 1
handled =3D -209508396
#6 0xc06239c1 in trap_fatal (frame=3D0xf38327d4, eva=3D28) at /usr/src/sys=
/i386/i386/trap.c:804
code =3D 16
type =3D 12
ss =3D 16
esp =3D 0
softseg =3D {ssd_base =3D 0, ssd_limit =3D 1048575, ssd_type =3D 27=
, ssd_dpl =3D 0, ssd_p =3D 1, ssd_xx =3D 3, ssd_xx1 =3D 3, ssd_def32 =3D 1,=
ssd_gran =3D 1}
#7 0xc062371f in trap_pfault (frame=3D0xf38327d4, usermode=3D0, eva=3D28) =
at /usr/src/sys/i386/i386/trap.c:727
va =3D 0
vm =3D (struct vmspace *) 0x0
map =3D 0xc308a4b0
rv =3D 1
ftype =3D 1 '\001'
td =3D (struct thread *) 0xc3184420
p =3D (struct proc *) 0xc35bb380
#8 0xc0623335 in trap (frame=3D{tf_fs =3D -1068629992, tf_es =3D -60162046=
4, tf_ds =3D 1048592, tf_edi =3D -601584980, tf_esi =3D -601584980, tf_ebp =
=3D -209508320, tf_isp =3D -209508352, tf_ebx =3D -601584980, tf_edx =3D 0,=
tf_ecx =3D -1021819872, tf_eax =3D 4, tf_trapno =3D 12, tf_err =3D 2, tf_e=
ip =3D -1068290701, tf_cs =3D 8, tf_eflags =3D 66050, tf_esp =3D -601584980=
, tf_ss =3D -601584980}) at /usr/src/sys/i386/i386/trap.c:417
td =3D (struct thread *) 0xc3184420
p =3D (struct proc *) 0xc35bb380
sticks =3D 3227240939
i =3D 0
ucode =3D 0
type =3D 12
code =3D 2
eva =3D 28
#9 0xc0611c2a in calltrap () at /usr/src/sys/i386/i386/exception.s:140
No locals.
#10 0xc04e0018 in ktrnamei (path=3D0xdc248aac "\002") at /usr/src/sys/kern/=
kern_ktrace.c:372
req =3D (struct ktr_request *) 0x0
namelen =3D -601584980
buf =3D 0xdc248aac "\002"
#11 0xc05335d2 in getnewbuf (slpflag=3D0, slptimeo=3D0, size=3D2048, maxsiz=
e=3D16384) at /usr/src/sys/kern/vfs_bio.c:1886
qindex =3D 1
bp =3D (struct buf *) 0xdc248aac
nbp =3D (struct buf *) 0xdc248aac
defrag =3D 0
nqindex =3D 524306
flushingbufs =3D 0
#12 0xc0534a59 in getblk (vp=3D0xc6f20108, blkno=3D0, size=3D2048, slpflag=
=3D0, slptimeo=3D0, flags=3D0) at /usr/src/sys/kern/vfs_bio.c:2586
bsize =3D 16384
maxsize =3D 0
vmio =3D 1
offset =3D Unhandled dwarf expression opcode 0x93
And here is the output of "l *vfs_vmio_release+0x1b":
0xc0533d07 is in vfs_vmio_release (atomic.h:154).
149 static __inline int
150 atomic_cmpset_int(volatile u_int *dst, u_int exp, u_int src)
151 {
152 int res =3D exp;
153
154 __asm __volatile (
155 " " __XSTRING(MPLOCKED) " "
156 " cmpxchgl %1,%2 ; "
157 " setz %%al ; "
158 " movzbl %%al,%0 ; "
Kernel config is at http://www.marcuscom.com/downloads/FUGU.kernel and
the dmesg output is at http://www.marcuscom.com/downloads/FUGU.dmesg
Let me know if you need anything else. Thanks.
Joe
--=20
PGP Key : http://www.marcuscom.com/pgp.asc
--=-0FvFg+w190Eiuuw8xz09
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
iD8DBQBBOUszb2iPiv4Uz4cRAlR/AJ97jJx65y8iXRCFjNcS5W94V6AFFQCgpQ2X
XfrUUEAbEwoaXZORKscj2VQ=
=LHCN
-----END PGP SIGNATURE-----
--=-0FvFg+w190Eiuuw8xz09--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1094273843.92485.11.camel>