From owner-freebsd-bugs@FreeBSD.ORG Tue Apr 27 04:40:14 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F6F316A4CE for ; Tue, 27 Apr 2004 04:40:14 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6613943D5A for ; Tue, 27 Apr 2004 04:40:14 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i3RBeENj094039 for ; Tue, 27 Apr 2004 04:40:14 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i3RBeERR094038; Tue, 27 Apr 2004 04:40:14 -0700 (PDT) (envelope-from gnats) Resent-Date: Tue, 27 Apr 2004 04:40:14 -0700 (PDT) Resent-Message-Id: <200404271140.i3RBeERR094038@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Kostik Belousov Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E456C16A4CE for ; Tue, 27 Apr 2004 04:35:19 -0700 (PDT) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9D3243D54 for ; Tue, 27 Apr 2004 04:35:19 -0700 (PDT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.12.11/8.12.11) with ESMTP id i3RBZJ5e062657 for ; Tue, 27 Apr 2004 04:35:19 -0700 (PDT) (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.11/8.12.11/Submit) id i3RBZJ4S062656; Tue, 27 Apr 2004 04:35:19 -0700 (PDT) (envelope-from nobody) Message-Id: <200404271135.i3RBZJ4S062656@www.freebsd.org> Date: Tue, 27 Apr 2004 04:35:19 -0700 (PDT) From: Kostik Belousov To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Subject: kern/66025: kernel panic in pagedaemon (triggered by vmware ?) X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Apr 2004 11:40:14 -0000 >Number: 66025 >Category: kern >Synopsis: kernel panic in pagedaemon (triggered by vmware ?) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Apr 27 04:40:14 PDT 2004 >Closed-Date: >Last-Modified: >Originator: Kostik Belousov >Release: FREEBSD 4.10-RC >Organization: tessart >Environment: FreeBSD deviant.tessart.kiev.ua 4.10-RC FreeBSD 4.10-RC #2: Mon Apr 26 10:35:45 EEST 2004 root@deviant.tessart.kiev.ua:/usr/obj/usr/src/sys/DEVIANT i386 >Description: I have installed fresh vmware port (vmware3-3.2.1.2242_6,1) on FreeBSD 4.10-RC. By short time (approx 5, max 10 minutes) after vmware started and guest OS finis hed loading, I consistently get the kernel panic. IdlePTD at physical address 0x0039c000 initial pcb at physical address 0x002d5d80 panicstr: page fault panic messages: --- Fatal trap 12: page fault while in kernel mode fault virtual address = 0x24 fault code = supervisor read, page not present instruction pointer = 0x8:0xc022b573 stack pointer = 0x10:0xd2d2af14 frame pointer = 0x10:0xd2d2af84 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 3 (pagedaemon) interrupt mask = none trap number = 12 panic: page fault syncing disks... 8 done Backtrace: #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487 #1 0xc01645bb in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:316 #2 0xc01649f9 in panic (fmt=0xc02a838c "%s") at /usr/src/sys/kern/kern_shutdown.c:595 #3 0xc025848f in trap_fatal (frame=0xd2d2aed4, eva=36) at /usr/src/sys/i386/i386/trap.c:974 #4 0xc025813d in trap_pfault (frame=0xd2d2aed4, usermode=0, eva=36) at /usr/src/sys/i386/i386/trap.c:867 #5 0xc0257ce3 in trap (frame={tf_fs = -1058996208, tf_es = -1059389424, tf_ds = -1063518192, tf_edi = 0, tf_esi = 0, tf_ebp = -757944444, tf_isp = -757944576, tf_ebx = -1063086944, tf_edx = -1063088804, tf_ecx = -1074786292, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1071467149, tf_cs = 8, tf_eflags = 66118, tf_esp = 0, tf_ecx = -1074786292, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1071467149, tf_cs = 8, tf_eflags = 66118, tf_esp = 0, tf_ss = 0}) at /usr/src/sys/i386/i386/trap.c:466 #6 0xc022b573 in vm_pageout_scan (pass=0) at /usr/src/sys/vm/vm_pageout.c:1001 #7 0xc022bd63 in vm_pageout () at /usr/src/sys/vm/vm_pageout.c:1405 Code at the frame #6: (kgdb) frame 6 #6 0xc022b573 in vm_pageout_scan (pass=0) at /usr/src/sys/vm/vm_pageout.c:1001 1001 if (m->object->ref_count != 0) { (kgdb) list 996 997 /* 998 * Check to see "how much" the page has been used. 999 */ 1000 actcount = 0; 1001 if (m->object->ref_count != 0) { 1002 if (m->flags & PG_REFERENCED) { 1003 actcount += 1; 1004 } 1005 actcount += pmap_ts_referenced(m); The problem is: at the frame #6, some page m has m -> object == 0 in the scanned page queue (dissasemble shows that variable m lives in %ebx): (kgdb) p/x *(struct vm_page *)-1063086944 $5 = {pageq = {tqe_next = 0xc0a28d5c, tqe_prev = 0xc03012c0}, hnext = 0x0, listq = {tqe_next = 0xc0a28d5c, tqe_prev = 0xd3c64184}, object = 0x0, <---- pindex = 0x2c8, phys_addr = 0x15859000, md = {pv_list_count = 0x0, pv_list = {tqh_first = 0x0, tqh_last = 0xc0a294c4}}, queue = 0x22, flags = 0x0, pc = 0x19, wire_count = 0x0, hold_count = 0x0, act_count = 0xd, busy = 0x0, valid = 0xff, dirty = 0xff} >How-To-Repeat: Run vmware with relatively large memory allocated for guest OS (I have 512Mb RAM and allocated 256 Mb for guest). I have set sysctl kern.ipc.shm_allow_removed=1. Modules loaded: linux.ko linprocfs.ko vmmon_up.ko vmnet.ko Kernel was compiled with option VFS_AIO. I have the crash dump and debug build of the crashed kernel, if needed. >Fix: >Release-Note: >Audit-Trail: >Unformatted: