Date: Tue, 15 Aug 2000 02:15:28 +0200 (CEST) From: tegge@not.trondheim.fast.no To: FreeBSD-gnats-submit@freebsd.org Subject: kern/20609: panic: vm_fault: fault on nofault entry, addr: cc4b3000 Message-ID: <200008150015.e7F0FSR01013@not.trondheim.fast.no>
next in thread | raw e-mail | index | archive | help
>Number: 20609
>Category: kern
>Synopsis: panic: vm_fault: fault on nofault entry, addr: cc4b3000
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Aug 14 17:20:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Tor Egge
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
Fast Search & Transfer ASA
>Environment:
FreeBSD not.trondheim.fast.no 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Mon Aug 14 19:26:51 CEST 2000 root@not.trondheim.fast.no:/usr/src/sys/compile/NOT_SMP i386
>Description:
bfreekva() is supposed to be protected by splbio(), serializing calls to
vm_map_delete(). But vm_map_delete() might block, causing the spl based
serialization to fail.
#0 boot (howto=260) at ../../kern/kern_shutdown.c:303
#1 0xc0169ee5 in panic (fmt=0xc02acaf4 "from debugger")
at ../../kern/kern_shutdown.c:553
#2 0xc0138d79 in db_panic (addr=-1071163028, have_addr=0, count=-1,
modif=0xdce1e9c0 "") at ../../ddb/db_command.c:433
#3 0xc0138d19 in db_command (last_cmdp=0xc02e6dd4, cmd_table=0xc02e6c34,
aux_cmd_tablep=0xc0307110) at ../../ddb/db_command.c:333
#4 0xc0138dde in db_command_loop () at ../../ddb/db_command.c:455
#5 0xc013afaf in db_trap (type=3, code=0) at ../../ddb/db_trap.c:71
#6 0xc02756b1 in kdb_trap (type=3, code=0, regs=0xdce1ead4)
at ../../i386/i386/db_interface.c:158
#7 0xc028a31c in trap (frame={tf_fs = -1070530536, tf_es = -867500016,
tf_ds = 16, tf_edi = -867487744, tf_esi = 256, tf_ebp = -589173988,
tf_isp = -589174016, tf_ebx = -1070796192, tf_edx = -1,
tf_ecx = 16777217, tf_eax = 18, tf_trapno = 3, tf_err = 0,
tf_eip = -1071163028, tf_cs = 8, tf_eflags = 582, tf_esp = -1070769885,
tf_ss = -1070911022}) at ../../i386/i386/trap.c:583
#8 0xc027596c in Debugger (msg=0xc02b31d2 "panic") at machine/cpufunc.h:64
#9 0xc0169edc in panic (
fmt=0xc02cf260 "vm_fault: fault on nofault entry, addr: %lx")
at ../../kern/kern_shutdown.c:551
#10 0xc02577e0 in vm_fault (map=0xc031844c, vaddr=3427479552,
fault_type=1 '\001', fault_flags=0) at ../../vm/vm_fault.c:240
#11 0xc028a686 in trap_pfault (frame=0xdce1ec60, usermode=0, eva=3427479780)
at ../../i386/i386/trap.c:857
#12 0xc028a1ef in trap (frame={tf_fs = 24, tf_es = -882180080,
tf_ds = -1072103408, tf_edi = -883516928, tf_esi = 62533,
tf_ebp = -589173500, tf_isp = -589173620, tf_ebx = -57356,
tf_edx = -867508224, tf_ecx = 0, tf_eax = 5177, tf_trapno = 12,
tf_err = 0, tf_eip = -1071322559, tf_cs = 8, tf_eflags = 66050,
tf_esp = -882193568, tf_ss = 2049081344}) at ../../i386/i386/trap.c:457
#13 0xc024ea41 in ufs_bmaparray (vp=0xdcb018c0, bn=62533, bnp=0xcb6acb68,
ap=0x0, nump=0x0, runp=0x0, runb=0x0) at ../../ufs/ufs/ufs_bmap.c:224
#14 0xc024e778 in ufs_bmap (ap=0xdce1ed4c) at ../../ufs/ufs/ufs_bmap.c:83
#15 0xc025552d in ufs_vnoperate (ap=0xdce1ed4c)
at ../../ufs/ufs/ufs_vnops.c:2301
#16 0xc0254f39 in ufs_strategy (ap=0xdce1edb0) at vnode_if.h:902
#17 0xc025552d in ufs_vnoperate (ap=0xdce1edb0)
at ../../ufs/ufs/ufs_vnops.c:2301
#18 0xc0197790 in cluster_read (vp=0xdcb018c0, filesize=5242880000,
lblkno=62534, size=32768, cred=0x0, totread=28160, seqcount=0,
bpp=0xdce1ee44) at vnode_if.h:923
#19 0xc024cea6 in ffs_read (ap=0xdce1ee68) at ../../ufs/ufs/ufs_readwrite.c:266
#20 0xc01a3244 in vn_read (fp=0xc363b140, uio=0xdce1eed8, cred=0xc3699880,
flags=1, p=0xdcda2ee0) at vnode_if.h:334
#21 0xc017b574 in dofileread (p=0xdcda2ee0, fp=0xc363b140, fd=3,
buf=0x8163c00, nbyte=512, offset=2049108992, flags=1)
at ../../sys/file.h:141
#22 0xc017b4b4 in pread (p=0xdcda2ee0, uap=0xdce1ef80)
at ../../kern/sys_generic.c:136
(kgdb) proc 530
(kgdb) where
#0 mi_switch () at machine/globals.h:119
#1 0xc016cc89 in tsleep (ident=0xc033c298, priority=4,
wmesg=0xc02d022b "vmwait", timo=0) at ../../kern/kern_synch.c:470
#2 0xc025f9ef in vm_wait () at ../../vm/vm_page.c:896
#3 0xc02601a9 in vm_page_grab (object=0xc03184e0, pindex=118847,
allocflags=131) at ../../vm/vm_page.c:1479
#4 0xc0258e51 in kmem_alloc (map=0xc031844c, size=4096)
at ../../vm/vm_kern.c:200
#5 0xc0262f5e in _zget (z=0xc0314ea0) at ../../vm/vm_zone.c:344
#6 0xc0262dd1 in zalloci (z=0xc0314ea0) at ../../vm/vm_zone.h:85
#7 0xc0259723 in vm_map_entry_create (map=0xc0318308)
at ../../vm/vm_zone.h:117
#8 0xc0259e05 in _vm_map_clip_end (map=0xc0318308, entry=0xdcf30270,
end=3468730368) at ../../vm/vm_map.c:853
#9 0xc025af0f in vm_map_delete (map=0xc0318308, start=3468713984,
end=3468730368) at ../../vm/vm_map.c:1794
#10 0xc0192f9b in bfreekva (bp=0xcb690960) at ../../kern/vfs_bio.c:414
#11 0xc0194666 in getnewbuf (slpflag=0, slptimeo=0, size=32768, maxsize=32768)
at ../../kern/vfs_bio.c:1630
#12 0xc01953f1 in getblk (vp=0xdcb018c0, blkno=139706, size=32768, slpflag=0,
slptimeo=0) at ../../kern/vfs_bio.c:2220
#13 0xc0197416 in cluster_read (vp=0xdcb018c0, filesize=5242880000,
lblkno=139706, size=32768, cred=0x0, totread=17408, seqcount=0,
bpp=0xdcb8ee44) at ../../kern/vfs_cluster.c:120
#14 0xc024cea6 in ffs_read (ap=0xdcb8ee68) at ../../ufs/ufs/ufs_readwrite.c:266
#15 0xc01a3244 in vn_read (fp=0xc363b140, uio=0xdcb8eed8, cred=0xc3699880,
flags=1, p=0xdcb1a260) at vnode_if.h:334
#16 0xc017b574 in dofileread (p=0xdcb1a260, fp=0xc363b140, fd=3,
buf=0x814fe00, nbyte=512, offset=4577903104, flags=1)
at ../../sys/file.h:141
#17 0xc017b4b4 in pread (p=0xdcb1a260, uap=0xdcb8ef80)
at ../../kern/sys_generic.c:136
(kgdb) proc 529
(kgdb) where
#0 mi_switch () at machine/globals.h:119
#1 0xc016cc89 in tsleep (ident=0xcb5f0dc0, priority=16,
wmesg=0xc02b65c9 "biord", timo=0) at ../../kern/kern_synch.c:470
#2 0xc0195b9b in bufwait (bp=0xcb5f0dc0) at ../../kern/vfs_bio.c:2620
#3 0xc01978c1 in cluster_read (vp=0xdcb018c0, filesize=5242880000,
lblkno=131174, size=32768, cred=0x0, totread=13312, seqcount=0,
bpp=0xdcb8ae44) at ../../kern/vfs_cluster.c:302
#4 0xc024cea6 in ffs_read (ap=0xdcb8ae68) at ../../ufs/ufs/ufs_readwrite.c:266
#5 0xc01a3244 in vn_read (fp=0xc363b140, uio=0xdcb8aed8, cred=0xc3699880,
flags=1, p=0xdcb1a400) at vnode_if.h:334
#6 0xc017b574 in dofileread (p=0xdcb1a400, fp=0xc363b140, fd=3,
buf=0x814fc00, nbyte=512, offset=4298289664, flags=1)
at ../../sys/file.h:141
#7 0xc017b4b4 in pread (p=0xdcb1a400, uap=0xdcb8af80)
at ../../kern/sys_generic.c:136
#8 0xc028ad95 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47,
tf_edi = 512, tf_esi = 1, tf_ebp = -1115685468, tf_isp = -591876140,
tf_ebx = 1498383852, tf_edx = 1, tf_ecx = 134520321, tf_eax = 198,
tf_trapno = 7, tf_err = 2, tf_eip = 1498088260, tf_cs = 31,
tf_eflags = 514, tf_esp = -1115685528, tf_ss = 47})
at ../../i386/i386/trap.c:1174
#9 0xc027608b in Xint0x80_syscall ()
(kgdb) proc 528
(kgdb) where
#0 mi_switch () at machine/globals.h:119
#1 0xc016cc89 in tsleep (ident=0xc033c298, priority=4,
wmesg=0xc02d022b "vmwait", timo=0) at ../../kern/kern_synch.c:470
#2 0xc025f9ef in vm_wait () at ../../vm/vm_page.c:896
#3 0xc02601a9 in vm_page_grab (object=0xc03184e0, pindex=118885,
allocflags=131) at ../../vm/vm_page.c:1479
#4 0xc0258e51 in kmem_alloc (map=0xc031844c, size=4096)
at ../../vm/vm_kern.c:200
#5 0xc0262f5e in _zget (z=0xc0314ea0) at ../../vm/vm_zone.c:344
#6 0xc0262dd1 in zalloci (z=0xc0314ea0) at ../../vm/vm_zone.h:85
#7 0xc0259723 in vm_map_entry_create (map=0xc0318308)
at ../../vm/vm_zone.h:117
#8 0xc0259d69 in _vm_map_clip_start (map=0xc0318308, entry=0xdcb41c60,
start=3425099776) at ../../vm/vm_map.c:793
#9 0xc025aec7 in vm_map_delete (map=0xc0318308, start=3425099776,
end=3425116160) at ../../vm/vm_map.c:1767
#10 0xc0192f9b in bfreekva (bp=0xcb558a20) at ../../kern/vfs_bio.c:414
#11 0xc0194666 in getnewbuf (slpflag=0, slptimeo=0, size=32768, maxsize=32768)
at ../../kern/vfs_bio.c:1630
#12 0xc01953f1 in getblk (vp=0xdcb018c0, blkno=50567, size=32768, slpflag=0,
slptimeo=0) at ../../kern/vfs_bio.c:2220
#13 0xc0197416 in cluster_read (vp=0xdcb018c0, filesize=5242880000,
lblkno=50567, size=32768, cred=0x0, totread=6144, seqcount=0,
bpp=0xdcb86e44) at ../../kern/vfs_cluster.c:120
#14 0xc024cea6 in ffs_read (ap=0xdcb86e68) at ../../ufs/ufs/ufs_readwrite.c:266
#15 0xc01a3244 in vn_read (fp=0xc363b140, uio=0xdcb86ed8, cred=0xc3699880,
flags=1, p=0xdcb1a5a0) at vnode_if.h:334
#16 0xc017b574 in dofileread (p=0xdcb1a5a0, fp=0xc363b140, fd=3,
buf=0x814fa00, nbyte=512, offset=1656985088, flags=1)
at ../../sys/file.h:141
#17 0xc017b4b4 in pread (p=0xdcb1a5a0, uap=0xdcb86f80)
at ../../kern/sys_generic.c:136
#18 0xc028ad95 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47,
tf_edi = 512, tf_esi = 0, tf_ebp = -1113588316, tf_isp = -591892524,
tf_ebx = 1498383852, tf_edx = 0, tf_ecx = 134520321, tf_eax = 198,
tf_trapno = 7, tf_err = 2, tf_eip = 1498088260, tf_cs = 31,
tf_eflags = 514, tf_esp = -1113588376, tf_ss = 47})
at ../../i386/i386/trap.c:1174
#19 0xc027608b in Xint0x80_syscall ()
>How-To-Repeat:
Start many parallell read operations for the first time on a system while
having little free memory. Use a different file system block size on the
partition used for the testing.
>Fix:
Alternative 1:
Obtain an exclusive lock for buffer_map in bfreekva before calling
vm_map_delete(). Release it afterwards.
Obtain an exclusive lock on buffer_map before calling vm_map_findspace()
from getnewbuf(). Release it after call to vm_map_insert().
never call bfreekva() from interrupts.
Alternative 2:
define buffer_map as a system map. This causes the nonblocking
kmapent zone to be used for allocation of vm map entries for
buffer_map.
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008150015.e7F0FSR01013>