From owner-freebsd-current@FreeBSD.ORG Tue Oct 18 08:01:48 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B25216A41F for ; Tue, 18 Oct 2005 08:01:48 +0000 (GMT) (envelope-from kerneljake@hotmail.com) Received: from hotmail.com (bay110-f16.bay110.hotmail.com [65.54.229.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2EE5E43D48 for ; Tue, 18 Oct 2005 08:01:48 +0000 (GMT) (envelope-from kerneljake@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 18 Oct 2005 01:01:47 -0700 Message-ID: Received: from 65.54.229.220 by by110fd.bay110.hotmail.msn.com with HTTP; Tue, 18 Oct 2005 08:01:47 GMT X-Originating-IP: [66.141.40.149] X-Originating-Email: [kerneljake@hotmail.com] X-Sender: kerneljake@hotmail.com In-Reply-To: <43546580.4040402@errno.com> From: "Kernel Jake" To: freebsd-current@freebsd.org Date: Tue, 18 Oct 2005 03:01:47 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 18 Oct 2005 08:01:47.0652 (UTC) FILETIME=[303BA440:01C5D3BA] Subject: Re: page fault - 6.0-RC1 i386 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Oct 2005 08:01:48 -0000 Sam Leffler wrote: >Please try a kernel with at least INVARIANTS. Better would be a kernel >with >INVARIANTS+WITNESS. After enabling INVARIANTS+WITNESS (with WITNESS_SKIPSPIN), I see the following in dmesg during bootup: Oct 18 00:23:53 daemon kernel: malloc(M_WAITOK) of "32", forcing M_NOWAIT with the following non-sleepable locks held: Oct 18 00:23:53 daemon kernel: exclusive sleep mutex ath0 (network driver) r = 0 (0xc15c8d30) locked @ dev/ath/if_ath.c:4642 Oct 18 00:23:53 daemon kernel: Memory modified after free 0xc174a000(2048) val=1fa00000 @ 0xc174a000 Oct 18 00:23:53 daemon savecore: no dumps found Oct 18 00:23:56 daemon kernel: ath0: link state changed to DOWN Oct 18 00:24:06 daemon kernel: malloc(M_WAITOK) of "32", forcing M_NOWAIT with the following non-sleepable locks held: Oct 18 00:24:06 daemon kernel: exclusive sleep mutex ath0 (network driver) r = 0 (0xc15c8d30) locked @ dev/ath/if_ath.c:4642 Oct 18 00:24:06 daemon kernel: ath0: link state changed to UP Then, when the crash occurs later: # kgdb -q kernel.debug /var/crash/vmcore.2 [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] Unread portion of the kernel message buffer: lock order reversal 1st 0xc15c9188 ath0 (xmit q) @ dev/ath/if_ath.c:3537 2nd 0xc093b9c4 user map (user map) @ vm/vm_map.c:2997 Fatal trap 12: page fault while in kernel mode fault virtual address = 0x10 fault code = supervisor read, page not present instruction pointer = 0x20:0xc07af690 stack pointer = 0x28:0xcaf47958 frame pointer = 0x28:0x0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 35 (swi1: net) trap number = 12 panic: page fault Uptime: 22m20s Dumping 223 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 223MB (57084 pages) 208 192 176 160 144 128 112 96 80 64 48 32 16 #0 doadump () at pcpu.h:165 165 pcpu.h: No such file or directory. in pcpu.h (kdbd) bt full #0 doadump () at pcpu.h:165 No locals. #1 0xc0639540 in boot (howto=260) at ../../../kern/kern_shutdown.c:399 first_buf_printf = 1 #2 0xc06397be in panic (fmt=0xc085b257 "%s") at ../../../kern/kern_shutdown.c:555 td = (struct thread *) 0xc147d900 bootopt = 260 newpanic = 0 ap = 0xcaf47894 "U·\211À" buf = "page fault", '\0' #3 0xc080a374 in trap_fatal (frame=0xcaf47918, eva=16) at ../../../i386/i386/trap.c:831 code = 40 type = 12 ss = 40 esp = 0 softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_xx = 6, ssd_xx1 = 1, ssd_def32 = 1, ssd_gran = 1} #4 0xc080a0df in trap_pfault (frame=0xcaf47918, usermode=0, eva=16) at ../../../i386/i386/trap.c:742 va = 0 vm = (struct vmspace *) 0x0 map = 0xc093b980 rv = 1 ftype = 1 '\001' td = (struct thread *) 0xc147d900 p = (struct proc *) 0xc14a9624 #5 0xc0809d71 in trap (frame= {tf_fs = -889978872, tf_es = -1067122648, tf_ds = -1065091032, tf_edi = 0, tf_esi = -812636432, tf_ebp = 0, tf_isp = -889947836, tf_ebx = -812664240, tf_edx = 787639, tf_ecx = -1073479567, tf_eax = 1, tf_trapno = 12, tf_err = 0, tf_eip = -1065683312, tf_cs = 32, tf_eflags = 590338, tf_esp = 16808316, tf_ss = 0}) at ../../../i386/i386/trap.c:432 td = (struct thread *) 0xc147d900 p = (struct proc *) 0xc14a9624 sticks = 3242711296 i = 0 ucode = 0 type = 12 code = 0 eva = 16 #6 0xc07f9bda in calltrap () at ../../../i386/i386/exception.s:139 No locals. #7 0xc07af690 in zz0e373a4d () No symbol table info available.