From owner-freebsd-current Mon Jun 3 11:54:23 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA09405 for current-outgoing; Mon, 3 Jun 1996 11:54:23 -0700 (PDT) Received: from relay-2.mail.demon.net (disperse.demon.co.uk [158.152.1.77]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id LAA09376; Mon, 3 Jun 1996 11:53:18 -0700 (PDT) Received: from post.demon.co.uk ([158.152.1.72]) by relay-2.mail.demon.net id ae03615; 3 Jun 96 19:20 +0100 Received: from jraynard.demon.co.uk ([158.152.42.77]) by relay-3.mail.demon.net id aa21271; 3 Jun 96 19:19 +0100 Received: (from fcurrent@localhost) by jraynard.demon.co.uk (8.7.5/8.6.12) id TAA00246; Mon, 3 Jun 1996 19:13:44 GMT Date: Mon, 3 Jun 1996 19:13:44 GMT Message-Id: <199606031913.TAA00246@jraynard.demon.co.uk> From: James Raynard To: toor@dyson.iquest.net CC: dyson@freebsd.org, freebsd-current@freebsd.org In-reply-to: <199606030406.XAA00610@dyson.iquest.net> (toor@dyson.iquest.net) Subject: Re: Vm fixes NG Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I wrote:- > > I only wish I could get this machine to panic 8-) Got one at last! panic: freeing held page, count=1, pindex=0(0x0) #0 boot (howto=260) at ../../i386/i386/machdep.c:940 940 dumppcb.pcb_ptd = rcr3(); (kgdb) where #0 boot (howto=260) at ../../i386/i386/machdep.c:940 #1 0xf0113e87 in panic (fmt=0xf0101328 "from debugger") at ../../kern/subr_prf.c:127 #2 0xf0101345 in db_panic (dummy1=-267375504, dummy2=0, dummy3=-1, dummy4=0xefbffb60 "") at ../../ddb/db_command.c:395 #3 0xf010122e in db_command (last_cmdp=0xf01e6b34, cmd_table=0xf01e6994) at ../../ddb/db_command.c:288 #4 0xf01013ad in db_command_loop () at ../../ddb/db_command.c:417 #5 0xf0103718 in db_trap (type=12, code=0) at ../../ddb/db_trap.c:73 #6 0xf01aad0a in kdb_trap (type=12, code=0, regs=0xefbffcb0) at ../../i386/i386/db_interface.c:136 #7 0xf01b3c1f in trap_fatal (frame=0xefbffcb0) at ../../i386/i386/trap.c:736 #8 0xf01b371c in trap_pfault (frame=0xefbffcb0, usermode=0) at ../../i386/i386/trap.c:651 #9 0xf01b33af in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = 0, tf_esi = 20, tf_ebp = -272630536, tf_isp = -272630568, tf_ebx = 0, tf_edx = -267375636, tf_ecx = 980, tf_eax = 9, tf_trapno = 12, tf_err = 0, tf_eip = -267375504, tf_cs = 8, tf_eflags = 66199, tf_esp = 0, tf_ss = 0}) at ../../i386/i386/trap.c:319 #10 0xf01ab581 in calltrap () #11 0xf010122e in db_command (last_cmdp=0xf01e6b34, cmd_table=0xf01e6994) at ../../ddb/db_command.c:288 #12 0xf01013ad in db_command_loop () at ../../ddb/db_command.c:417 #13 0xf0103718 in db_trap (type=3, code=0) at ../../ddb/db_trap.c:73 #14 0xf01aad0a in kdb_trap (type=3, code=0, regs=0xefbffe24) at ../../i386/i386/db_interface.c:136 #15 0xf01b345c in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -1073527590, tf_esi = -266719685, tf_ebp = -272630168, tf_isp = -272630196, tf_ebx = 256, tf_edx = -266686715, tf_ecx = 2720, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -266686669, tf_cs = 8, tf_eflags = 582, tf_esp = -266686731, tf_ss = -267305442}) at ../../i386/i386/trap.c:399 #16 0xf01ab581 in calltrap () #17 0xf0113e7e in panic ( fmt=0xf01a2e3b "freeing held page, count=%d, pindex=%d(0x%x)") at ../../kern/subr_prf.c:125 #18 0xf01a2f47 in vm_page_free (m=0xf027b6a0) at ../../vm/vm_page.c:755 #19 0xf01af914 in pmap_release (pmap=0xf0bb9564) at ../../i386/i386/pmap.c:711 #20 0xf019cea4 in vmspace_free (vm=0xf0bb9500) at ../../vm/vm_map.c:264 #21 0xf01b76aa in cpu_wait (p=0xf0ba0900) at ../../i386/i386/vm_machdep.c:628 #22 0xf0109305 in wait1 (q=0xf0bee500, uap=0xefbfff94, retval=0xefbfff84, compat=0) at ../../kern/kern_exit.c:426 #23 0xf0109133 in wait4 (p=0xf0bee500, uap=0xefbfff94, retval=0xefbfff84) at ../../kern/kern_exit.c:323 #24 0xf01b3ee9 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 0, tf_esi = 4, tf_ebp = -272639096, tf_isp = -272629788, tf_ebx = 134840416, tf_edx = -644661702, tf_ecx = 0, tf_eax = 7, tf_trapno = 12, tf_err = 7, tf_eip = 134645077, tf_cs = 31, tf_eflags = 534, tf_esp = -272639120, tf_ss = 39}) at ../../i386/i386/trap.c:890 #25 0xf01ab5d5 in Xsyscall () #26 0x12f31 in ?? () #27 0xefbfdfdc in ?? () #28 0x120b0 in ?? () #29 0xde19 in ?? () #30 0xccd2 in ?? () #31 0x16cce in ?? () #32 0x1683f in ?? () #33 0x10d3 in ?? () (kgdb) up 15 #15 0xf01b345c in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -1073527590, tf_esi = -266719685, tf_ebp = -272630168, tf_isp = -272630196, tf_ebx = 256, tf_edx = -266686715, tf_ecx = 2720, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -266686669, tf_cs = 8, tf_eflags = 582, tf_esp = -266686731, tf_ss = -267305442}) at ../../i386/i386/trap.c:399 399 if (kdb_trap (type, 0, &frame)) (kgdb) list 394 /* 395 * If DDB is enabled, let it handle the debugger trap. 396 * Otherwise, debugger traps "can't happen". 397 */ 398 #ifdef DDB 399 if (kdb_trap (type, 0, &frame)) 400 return; 401 #endif 402 break; 403 (kgdb) up #16 0xf01ab581 in calltrap () (kgdb) #17 0xf0113e7e in panic ( fmt=0xf01a2e3b "freeing held page, count=%d, pindex=%d(0x%x)") at ../../kern/subr_prf.c:125 125 Debugger ("panic"); (kgdb) #18 0xf01a2f47 in vm_page_free (m=0xf027b6a0) at ../../vm/vm_page.c:755 755 panic("freeing held page, count=%d, pindex=%d(0x%x)", (kgdb) #19 0xf01af914 in pmap_release (pmap=0xf0bb9564) at ../../i386/i386/pmap.c:711 711 vm_page_free(p); (kgdb) do #18 0xf01a2f47 in vm_page_free (m=0xf027b6a0) at ../../vm/vm_page.c:755 755 panic("freeing held page, count=%d, pindex=%d(0x%x)", (kgdb) list 750 else 751 panic("vm_page_free: freeing busy page"); 752 } 753 754 if (m->hold_count) { 755 panic("freeing held page, count=%d, pindex=%d(0x%x)", 756 m->hold_count, m->pindex, m->pindex); 757 } 758 759 vm_page_remove(m); (kgdb) p m $1 = (struct vm_page *) 0xf027b6a0 (kgdb) p *m $2 = {pageq = {tqe_next = 0xf02802f0, tqe_prev = 0xf026a120}, hashq = { tqe_next = 0xf02986e0, tqe_prev = 0xf029a3f8}, listq = { tqe_next = 0xf02802f0, tqe_prev = 0xf028dd70}, object = 0xf0cd0f00, pindex = 0, phys_addr = 13430784, queue = 0, flags = 36, wire_count = 1, hold_count = 1, act_count = 0 '\000', busy = 0 '\000', valid = 255 '', dirty = 0 '\000'} (kgdb) up #19 0xf01af914 in pmap_release (pmap=0xf0bb9564) at ../../i386/i386/pmap.c:711 711 vm_page_free(p); (kgdb) p p $3 = (struct vm_page *) 0xf027b6a0 (kgdb) p *p $4 = {pageq = {tqe_next = 0xf02802f0, tqe_prev = 0xf026a120}, hashq = { tqe_next = 0xf02986e0, tqe_prev = 0xf029a3f8}, listq = { tqe_next = 0xf02802f0, tqe_prev = 0xf028dd70}, object = 0xf0cd0f00, pindex = 0, phys_addr = 13430784, queue = 0, flags = 36, wire_count = 1, hold_count = 1, act_count = 0 '\000', busy = 0 '\000', valid = 255 '', dirty = 0 '\000'} (kgdb) list 706 pde[APTDPTDI] = 0; 707 pde[PTDPTDI] = 0; 708 pmap_kremove((vm_offset_t) pmap->pm_pdir); 709 } 710 711 vm_page_free(p); 712 TAILQ_REMOVE(&vm_page_queue_free, p, pageq); 713 TAILQ_INSERT_HEAD(&vm_page_queue_zero, p, pageq); 714 p->queue = PQ_ZERO; 715 splx(s); (kgdb) p p->object $5 = (struct vm_object *) 0xf0cd0f00 (kgdb) p *(p->object) $6 = {object_list = {tqe_next = 0xf0c92f80, tqe_prev = 0xf0caa680}, cached_list = {tqe_next = 0x0, tqe_prev = 0x4000}, shadow_head = { tqh_first = 0x0, tqh_last = 0xf0cd0f10}, shadow_list = {tqe_next = 0x0, tqe_prev = 0x0}, memq = {tqh_first = 0xf028dd60, tqh_last = 0xf0293aa0}, type = OBJT_DEFAULT, size = 960, ref_count = 1, shadow_count = 0, flags = 128, paging_in_progress = 0, behavior = 0, resident_page_count = 4, paging_offset = 0x0000000000000000, backing_object = 0x0, backing_object_offset = 0x0000000000000000, last_read = 0, pager_object_list = {tqe_next = 0xf0c86900, tqe_prev = 0xf0c8dbdc}, handle = 0x0, un_pager = {vnp = {vnp_size = 0x0000000000000001}, devp = { devp_pglist = {tqh_first = 0x1, tqh_last = 0x0}}, swp = { swp_nblocks = 1, swp_allocsize = 0, swp_blocks = 0x0, swp_poip = 0}}} (kgdb) q Hope this helps. I'm not in any hurry to delete the core, so let me know if there's any other useful info I can get from it. -- James Raynard, Edinburgh, Scotland | http://freefall.freebsd.org/~jraynard/ james@jraynard.demon.co.uk | jraynard@freebsd.org