Date: Mon, 3 Jun 1996 19:13:44 GMT From: James Raynard <fcurrent@jraynard.demon.co.uk> To: toor@dyson.iquest.net Cc: dyson@freebsd.org, freebsd-current@freebsd.org Subject: Re: Vm fixes NG Message-ID: <199606031913.TAA00246@jraynard.demon.co.uk> In-Reply-To: <199606030406.XAA00610@dyson.iquest.net> (toor@dyson.iquest.net)
next in thread | previous in thread | raw e-mail | index | archive | help
I wrote:-
> > I only wish I could get this machine to panic 8-)
Got one at last!
panic: freeing held page, count=1, pindex=0(0x0)
#0 boot (howto=260) at ../../i386/i386/machdep.c:940
940 dumppcb.pcb_ptd = rcr3();
(kgdb) where
#0 boot (howto=260) at ../../i386/i386/machdep.c:940
#1 0xf0113e87 in panic (fmt=0xf0101328 "from debugger")
at ../../kern/subr_prf.c:127
#2 0xf0101345 in db_panic (dummy1=-267375504, dummy2=0, dummy3=-1,
dummy4=0xefbffb60 "") at ../../ddb/db_command.c:395
#3 0xf010122e in db_command (last_cmdp=0xf01e6b34, cmd_table=0xf01e6994)
at ../../ddb/db_command.c:288
#4 0xf01013ad in db_command_loop () at ../../ddb/db_command.c:417
#5 0xf0103718 in db_trap (type=12, code=0) at ../../ddb/db_trap.c:73
#6 0xf01aad0a in kdb_trap (type=12, code=0, regs=0xefbffcb0)
at ../../i386/i386/db_interface.c:136
#7 0xf01b3c1f in trap_fatal (frame=0xefbffcb0) at ../../i386/i386/trap.c:736
#8 0xf01b371c in trap_pfault (frame=0xefbffcb0, usermode=0)
at ../../i386/i386/trap.c:651
#9 0xf01b33af in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = 0,
tf_esi = 20, tf_ebp = -272630536, tf_isp = -272630568, tf_ebx = 0,
tf_edx = -267375636, tf_ecx = 980, tf_eax = 9, tf_trapno = 12,
tf_err = 0, tf_eip = -267375504, tf_cs = 8, tf_eflags = 66199,
tf_esp = 0, tf_ss = 0}) at ../../i386/i386/trap.c:319
#10 0xf01ab581 in calltrap ()
#11 0xf010122e in db_command (last_cmdp=0xf01e6b34, cmd_table=0xf01e6994)
at ../../ddb/db_command.c:288
#12 0xf01013ad in db_command_loop () at ../../ddb/db_command.c:417
#13 0xf0103718 in db_trap (type=3, code=0) at ../../ddb/db_trap.c:73
#14 0xf01aad0a in kdb_trap (type=3, code=0, regs=0xefbffe24)
at ../../i386/i386/db_interface.c:136
#15 0xf01b345c in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -1073527590,
tf_esi = -266719685, tf_ebp = -272630168, tf_isp = -272630196,
tf_ebx = 256, tf_edx = -266686715, tf_ecx = 2720, tf_eax = 18,
tf_trapno = 3, tf_err = 0, tf_eip = -266686669, tf_cs = 8,
tf_eflags = 582, tf_esp = -266686731, tf_ss = -267305442})
at ../../i386/i386/trap.c:399
#16 0xf01ab581 in calltrap ()
#17 0xf0113e7e in panic (
fmt=0xf01a2e3b "freeing held page, count=%d, pindex=%d(0x%x)")
at ../../kern/subr_prf.c:125
#18 0xf01a2f47 in vm_page_free (m=0xf027b6a0) at ../../vm/vm_page.c:755
#19 0xf01af914 in pmap_release (pmap=0xf0bb9564) at ../../i386/i386/pmap.c:711
#20 0xf019cea4 in vmspace_free (vm=0xf0bb9500) at ../../vm/vm_map.c:264
#21 0xf01b76aa in cpu_wait (p=0xf0ba0900) at ../../i386/i386/vm_machdep.c:628
#22 0xf0109305 in wait1 (q=0xf0bee500, uap=0xefbfff94, retval=0xefbfff84,
compat=0) at ../../kern/kern_exit.c:426
#23 0xf0109133 in wait4 (p=0xf0bee500, uap=0xefbfff94, retval=0xefbfff84)
at ../../kern/kern_exit.c:323
#24 0xf01b3ee9 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 0,
tf_esi = 4, tf_ebp = -272639096, tf_isp = -272629788,
tf_ebx = 134840416, tf_edx = -644661702, tf_ecx = 0, tf_eax = 7,
tf_trapno = 12, tf_err = 7, tf_eip = 134645077, tf_cs = 31,
tf_eflags = 534, tf_esp = -272639120, tf_ss = 39})
at ../../i386/i386/trap.c:890
#25 0xf01ab5d5 in Xsyscall ()
#26 0x12f31 in ?? ()
#27 0xefbfdfdc in ?? ()
#28 0x120b0 in ?? ()
#29 0xde19 in ?? ()
#30 0xccd2 in ?? ()
#31 0x16cce in ?? ()
#32 0x1683f in ?? ()
#33 0x10d3 in ?? ()
(kgdb) up 15
#15 0xf01b345c in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -1073527590,
tf_esi = -266719685, tf_ebp = -272630168, tf_isp = -272630196,
tf_ebx = 256, tf_edx = -266686715, tf_ecx = 2720, tf_eax = 18,
tf_trapno = 3, tf_err = 0, tf_eip = -266686669, tf_cs = 8,
tf_eflags = 582, tf_esp = -266686731, tf_ss = -267305442})
at ../../i386/i386/trap.c:399
399 if (kdb_trap (type, 0, &frame))
(kgdb) list
394 /*
395 * If DDB is enabled, let it handle the debugger trap.
396 * Otherwise, debugger traps "can't happen".
397 */
398 #ifdef DDB
399 if (kdb_trap (type, 0, &frame))
400 return;
401 #endif
402 break;
403
(kgdb) up
#16 0xf01ab581 in calltrap ()
(kgdb)
#17 0xf0113e7e in panic (
fmt=0xf01a2e3b "freeing held page, count=%d, pindex=%d(0x%x)")
at ../../kern/subr_prf.c:125
125 Debugger ("panic");
(kgdb)
#18 0xf01a2f47 in vm_page_free (m=0xf027b6a0) at ../../vm/vm_page.c:755
755 panic("freeing held page, count=%d, pindex=%d(0x%x)",
(kgdb)
#19 0xf01af914 in pmap_release (pmap=0xf0bb9564) at ../../i386/i386/pmap.c:711
711 vm_page_free(p);
(kgdb) do
#18 0xf01a2f47 in vm_page_free (m=0xf027b6a0) at ../../vm/vm_page.c:755
755 panic("freeing held page, count=%d, pindex=%d(0x%x)",
(kgdb) list
750 else
751 panic("vm_page_free: freeing busy page");
752 }
753
754 if (m->hold_count) {
755 panic("freeing held page, count=%d, pindex=%d(0x%x)",
756 m->hold_count, m->pindex, m->pindex);
757 }
758
759 vm_page_remove(m);
(kgdb) p m
$1 = (struct vm_page *) 0xf027b6a0
(kgdb) p *m
$2 = {pageq = {tqe_next = 0xf02802f0, tqe_prev = 0xf026a120}, hashq = {
tqe_next = 0xf02986e0, tqe_prev = 0xf029a3f8}, listq = {
tqe_next = 0xf02802f0, tqe_prev = 0xf028dd70}, object = 0xf0cd0f00,
pindex = 0, phys_addr = 13430784, queue = 0, flags = 36, wire_count = 1,
hold_count = 1, act_count = 0 '\000', busy = 0 '\000', valid = 255 '',
dirty = 0 '\000'}
(kgdb) up
#19 0xf01af914 in pmap_release (pmap=0xf0bb9564) at ../../i386/i386/pmap.c:711
711 vm_page_free(p);
(kgdb) p p
$3 = (struct vm_page *) 0xf027b6a0
(kgdb) p *p
$4 = {pageq = {tqe_next = 0xf02802f0, tqe_prev = 0xf026a120}, hashq = {
tqe_next = 0xf02986e0, tqe_prev = 0xf029a3f8}, listq = {
tqe_next = 0xf02802f0, tqe_prev = 0xf028dd70}, object = 0xf0cd0f00,
pindex = 0, phys_addr = 13430784, queue = 0, flags = 36, wire_count = 1,
hold_count = 1, act_count = 0 '\000', busy = 0 '\000', valid = 255 '',
dirty = 0 '\000'}
(kgdb) list
706 pde[APTDPTDI] = 0;
707 pde[PTDPTDI] = 0;
708 pmap_kremove((vm_offset_t) pmap->pm_pdir);
709 }
710
711 vm_page_free(p);
712 TAILQ_REMOVE(&vm_page_queue_free, p, pageq);
713 TAILQ_INSERT_HEAD(&vm_page_queue_zero, p, pageq);
714 p->queue = PQ_ZERO;
715 splx(s);
(kgdb) p p->object
$5 = (struct vm_object *) 0xf0cd0f00
(kgdb) p *(p->object)
$6 = {object_list = {tqe_next = 0xf0c92f80, tqe_prev = 0xf0caa680},
cached_list = {tqe_next = 0x0, tqe_prev = 0x4000}, shadow_head = {
tqh_first = 0x0, tqh_last = 0xf0cd0f10}, shadow_list = {tqe_next = 0x0,
tqe_prev = 0x0}, memq = {tqh_first = 0xf028dd60, tqh_last = 0xf0293aa0},
type = OBJT_DEFAULT, size = 960, ref_count = 1, shadow_count = 0,
flags = 128, paging_in_progress = 0, behavior = 0, resident_page_count = 4,
paging_offset = 0x0000000000000000, backing_object = 0x0,
backing_object_offset = 0x0000000000000000, last_read = 0,
pager_object_list = {tqe_next = 0xf0c86900, tqe_prev = 0xf0c8dbdc},
handle = 0x0, un_pager = {vnp = {vnp_size = 0x0000000000000001}, devp = {
devp_pglist = {tqh_first = 0x1, tqh_last = 0x0}}, swp = {
swp_nblocks = 1, swp_allocsize = 0, swp_blocks = 0x0, swp_poip = 0}}}
(kgdb) q
Hope this helps. I'm not in any hurry to delete the core, so let me
know if there's any other useful info I can get from it.
--
James Raynard, Edinburgh, Scotland | http://freefall.freebsd.org/~jraynard/
james@jraynard.demon.co.uk | jraynard@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606031913.TAA00246>