Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Apr 2004 04:35:19 -0700 (PDT)
From:      Kostik Belousov <kostya@tessart.kiev.ua>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/66025: kernel panic in pagedaemon (triggered by vmware ?)
Message-ID:  <200404271135.i3RBZJ4S062656@www.freebsd.org>
Resent-Message-ID: <200404271140.i3RBeERR094038@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         66025
>Category:       kern
>Synopsis:       kernel panic in pagedaemon (triggered by vmware ?)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 27 04:40:14 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Kostik Belousov
>Release:        FREEBSD 4.10-RC
>Organization:
tessart
>Environment:
FreeBSD deviant.tessart.kiev.ua 4.10-RC FreeBSD 4.10-RC #2: Mon Apr 26 10:35:45 EEST 2004     root@deviant.tessart.kiev.ua:/usr/obj/usr/src/sys/DEVIANT  i386  
>Description:
      I have installed fresh vmware port (vmware3-3.2.1.2242_6,1) on FreeBSD 4.10-RC.
By short time (approx 5, max 10 minutes) after vmware started and guest OS finis
hed loading, I consistently get the kernel panic.

IdlePTD at physical address 0x0039c000
initial pcb at physical address 0x002d5d80
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x24
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc022b573
stack pointer           = 0x10:0xd2d2af14
frame pointer           = 0x10:0xd2d2af84
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 3 (pagedaemon)
interrupt mask          = none
trap number             = 12
panic: page fault

syncing disks... 8
done


Backtrace:

#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1  0xc01645bb in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:316
#2  0xc01649f9 in panic (fmt=0xc02a838c "%s")
    at /usr/src/sys/kern/kern_shutdown.c:595
#3  0xc025848f in trap_fatal (frame=0xd2d2aed4, eva=36)
    at /usr/src/sys/i386/i386/trap.c:974
#4  0xc025813d in trap_pfault (frame=0xd2d2aed4, usermode=0, eva=36)
    at /usr/src/sys/i386/i386/trap.c:867
#5  0xc0257ce3 in trap (frame={tf_fs = -1058996208, tf_es = -1059389424,
      tf_ds = -1063518192, tf_edi = 0, tf_esi = 0, tf_ebp = -757944444,
      tf_isp = -757944576, tf_ebx = -1063086944, tf_edx = -1063088804,
      tf_ecx = -1074786292, tf_eax = 0, tf_trapno = 12, tf_err = 0,
      tf_eip = -1071467149, tf_cs = 8, tf_eflags = 66118, tf_esp = 0,
      tf_ecx = -1074786292, tf_eax = 0, tf_trapno = 12, tf_err = 0,
      tf_eip = -1071467149, tf_cs = 8, tf_eflags = 66118, tf_esp = 0,
      tf_ss = 0}) at /usr/src/sys/i386/i386/trap.c:466
#6  0xc022b573 in vm_pageout_scan (pass=0) at /usr/src/sys/vm/vm_pageout.c:1001
#7  0xc022bd63 in vm_pageout () at /usr/src/sys/vm/vm_pageout.c:1405
    
Code at the frame #6:

(kgdb) frame 6
#6  0xc022b573 in vm_pageout_scan (pass=0) at /usr/src/sys/vm/vm_pageout.c:1001
1001                    if (m->object->ref_count != 0) {
(kgdb) list
996
997                     /*
998                      * Check to see "how much" the page has been used.
999                      */
1000                    actcount = 0;
1001                    if (m->object->ref_count != 0) {
1002                            if (m->flags & PG_REFERENCED) {
1003                                    actcount += 1;
1004                            }
1005                            actcount += pmap_ts_referenced(m);
      
      
The problem is: at the frame #6, some page m has m -> object == 0 in the scanned
 page queue (dissasemble shows that variable m lives in %ebx):
(kgdb) p/x *(struct vm_page *)-1063086944
$5 = {pageq = {tqe_next = 0xc0a28d5c, tqe_prev = 0xc03012c0}, hnext = 0x0,
  listq = {tqe_next = 0xc0a28d5c, tqe_prev = 0xd3c64184}, object = 0x0, <----
  pindex = 0x2c8, phys_addr = 0x15859000, md = {pv_list_count = 0x0,
    pv_list = {tqh_first = 0x0, tqh_last = 0xc0a294c4}}, queue = 0x22,
  flags = 0x0, pc = 0x19, wire_count = 0x0, hold_count = 0x0, act_count = 0xd,
  busy = 0x0, valid = 0xff, dirty = 0xff}

>How-To-Repeat:
      Run vmware with relatively large memory allocated for guest OS (I have 512Mb RAM
 and allocated 256 Mb for guest).

I have set sysctl kern.ipc.shm_allow_removed=1.

Modules loaded:
linux.ko
linprocfs.ko
vmmon_up.ko
vmnet.ko

Kernel was compiled with option VFS_AIO.

I have the crash dump and debug build of the crashed kernel, if needed.
>Fix:
      
>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404271135.i3RBZJ4S062656>