From owner-freebsd-stable  Mon May  6 13:34:03 1996
Return-Path: owner-stable
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id NAA06818
          for stable-outgoing; Mon, 6 May 1996 13:34:03 -0700 (PDT)
Received: from sierra.zyzzyva.com (ppp0.zyzzyva.com [198.183.2.50])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id NAA06806
          Mon, 6 May 1996 13:33:52 -0700 (PDT)
Received: (from mail@localhost) by sierra.zyzzyva.com (8.7.5/8.6.11) id PAA05444; Mon, 6 May 1996 15:33:50 -0500 (CDT)
Message-Id: <199605062033.PAA05444@sierra.zyzzyva.com>
X-Authentication-Warning: sierra.zyzzyva.com: mail set sender to <randy@zyzzyva.com> using -f
Received: from localhost(127.0.0.1) by sierra via smap (V1.3)
	id sma005440; Mon May  6 15:33:38 1996
To: current@freebsd.org, stable@freebsd.org
Subject: MBUF problem?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 06 May 1996 15:33:37 -0500
From: Randy Terbush <randy@zyzzyva.com>
Sender: owner-stable@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


To continue this thread, I had a system panic on this same machine
that seems to be chewing up MBUFs. I'm including the trace below
in hopes that some kernel hacker might have a suggestion.

The problem in pmap is interesting in view of someone elses comments
about pmap.c changes. Here is the current netstat -m on this machine
that has been up for 5 hours now. I'm not convinced these problems
are related, or that the MBUF usage is even a problem after reading
other comments. It's definitely the only thing on this machine that
is indicating any activity.


1509 mbufs in use:
        1505 mbufs allocated to data
        2 mbufs allocated to packet headers
        1 mbufs allocated to protocol control blocks
        1 mbufs allocated to socket names and addresses
643/648 mbuf clusters in use
1484 Kbytes allocated to network (99% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines

------- Forwarded Message

Script started on Mon May  6 14:30:42 1996
#> gdb -k
GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.13 (i386-unknown-freebsd), Copyright 1994 Free Software Foundation, Inc.
(kgdb) symbol-file kernel
Reading symbols from kernel...done.
(kgdb) exec-file /var/crash/kernel.2
(kgdb) core-file /var/crash/vmcore.2
IdlePTD 1cd000
current pcb at 1b1148
panic: invalid kernel page directory
#0  boot (howto=256) at ../../i386/i386/machdep.c:911
911					dumppcb.pcb_ptd = rcr3();
(kgdb) where
#0  boot (howto=256) at ../../i386/i386/machdep.c:911
#1  0xf0112b53 in panic (fmt=0xf01680f8 "invalid kernel page directory")
    at ../../kern/subr_prf.c:116
#2  0xf0168205 in pmap_enter (pmap=0xf0e7906c, va=49152, pa=11583488, 
    prot=7 '\a', wired=1) at ../../i386/i386/pmap.c:1181
#3  0xf015816b in vm_fault (map=0xf0e79000, vaddr=49152, fault_type=7 '\a', 
    change_wiring=1) at ../../vm/vm_fault.c:842
#4  0xf0158374 in vm_fault_wire (map=0xf0e79000, start=49152, end=53248)
    at ../../vm/vm_fault.c:919
#5  0xf015a97e in vm_map_pageable (map=0xf0e79000, start=49152, end=53248, 
    new_pageable=0) at ../../vm/vm_map.c:1401
#6  0xf0158a15 in vslock (addr=0xc000 "а\215eА[^_ЩУ", len=950)
    at ../../vm/vm_glue.c:150
#7  0xf010fac2 in __sysctl (p=0xf0e7da00, uap=0xefbfff94, retval=0xefbfff8c)
    at ../../kern/kern_sysctl.c:146
#8  0xf016b087 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = -272639220, 
      tf_esi = 6, tf_ebp = -272639296, tf_isp = -272629788, 
      tf_ebx = 134725728, tf_edx = 49152, tf_ecx = -272639224, tf_eax = 202, 
      tf_trapno = 663, tf_err = 663, tf_eip = 134677525, tf_cs = 31, 
      tf_eflags = 663, tf_esp = -272639336, tf_ss = 39})
    at ../../i386/i386/trap.c:906
#9  0xf016363b in Xsyscall ()
#10 0x3486 in ?? ()
#11 0x4a55 in ?? ()
#12 0xefbfe13c in ?? ()
#13 0x2bd4 in ?? ()
#14 0x10e8 in ?? ()
(kgdb) up 8
#8  0xf016b087 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = -272639220, 
      tf_esi = 6, tf_ebp = -272639296, tf_isp = -272629788, 
      tf_ebx = 134725728, tf_edx = 49152, tf_ecx = -272639224, tf_eax = 202, 
      tf_trapno = 663, tf_err = 663, tf_eip = 134677525, tf_cs = 31, 
      tf_eflags = 663, tf_esp = -272639336, tf_ss = 39})
    at ../../i386/i386/trap.c:906
906		error = (*callp->sy_call)(p, args, rval);
(kgdb) up 6
#14 0x10e8 in ?? ()
(kgdb) list
901			ktrsyscall(p->p_tracep, code, callp->sy_narg, args);
902	#endif
903		rval[0] = 0;
904		rval[1] = frame.tf_edx;
905	
906		error = (*callp->sy_call)(p, args, rval);
907	
908		switch (error) {
909	
910		case 0:
(kgdb) down 2
#12 0xefbfe13c in ?? ()
(kgdb) down 4
#8  0xf016b087 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = -272639220, 
      tf_esi = 6, tf_ebp = -272639296, tf_isp = -272629788, 
      tf_ebx = 134725728, tf_edx = 49152, tf_ecx = -272639224, tf_eax = 202, 
      tf_trapno = 663, tf_err = 663, tf_eip = 134677525, tf_cs = 31, 
      tf_eflags = 663, tf_esp = -272639336, tf_ss = 39})
    at ../../i386/i386/trap.c:906
906		error = (*callp->sy_call)(p, args, rval);
(kgdb) down 2
#6  0xf0158a15 in vslock (addr=0xc000 "а\215eА[^_ЩУ", len=950)
    at ../../vm/vm_glue.c:150
150		vm_map_pageable(&curproc->p_vmspace->vm_map, trunc_page(addr),
(kgdb) list
145	void
146	vslock(addr, len)
147		caddr_t addr;
148		u_int len;
149	{
150		vm_map_pageable(&curproc->p_vmspace->vm_map, trunc_page(addr),
151		    round_page(addr + len), FALSE);
152	}
153	
154	void
(kgdb) up 2
#8  0xf016b087 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = -272639220, 
      tf_esi = 6, tf_ebp = -272639296, tf_isp = -272629788, 
      tf_ebx = 134725728, tf_edx = 49152, tf_ecx = -272639224, tf_eax = 202, 
      tf_trapno = 663, tf_err = 663, tf_eip = 134677525, tf_cs = 31, 
      tf_eflags = 663, tf_esp = -272639336, tf_ss = 39})
    at ../../i386/i386/trap.c:906
906		error = (*callp->sy_call)(p, args, rval);
(kgdb) up  down 4
#4  0xf0158374 in vm_fault_wire (map=0xf0e79000, start=49152, end=53248)
    at ../../vm/vm_fault.c:919
919			rv = vm_fault(map, va, VM_PROT_READ|VM_PROT_WRITE, TRUE);
(kgdb) list
914	
915			while( curproc != pageproc &&
916				(cnt.v_free_count <= cnt.v_pageout_free_min))
917				VM_WAIT;
918	
919			rv = vm_fault(map, va, VM_PROT_READ|VM_PROT_WRITE, TRUE);
920			if (rv) {
921				if (va != start)
922					vm_fault_unwire(map, start, va);
923				return (rv);
(kgdb) down 1
#3  0xf015816b in vm_fault (map=0xf0e79000, vaddr=49152, fault_type=7 '\a', 
    change_wiring=1) at ../../vm/vm_fault.c:842
842		pmap_enter(map->pmap, vaddr, VM_PAGE_TO_PHYS(m), prot, wired);
(kgdb) pmap    map
$1 = (struct vm_map *) 0xf0e79000
(kgdb) p *map
$2 = {pmap = 0xf0e7906c, lock = {interlock = {lock_data = 0}, want_write = 0, 
    want_upgrade = 0, waiting = 0, can_sleep = 1, read_count = 2, 
    thread = 0xf0e7dae8 "", recursion_depth = 0}, header = {prev = 0xf0e7bce0, 
    next = 0xf0e01f80, start = 0, end = 4026265600, object = {vm_object = 0x0, 
      share_map = 0x0, sub_map = 0x0}, offset = 0, is_a_map = 0, 
    is_sub_map = 0, copy_on_write = 0, needs_copy = 0, protection = 0 '\000', 
    max_protection = 0 '\000', inheritance = 0 '\000', wired_count = 0}, 
  nentries = 17, size = 24412160, is_main_map = 1, ref_count = 1, ref_lock = {
    lock_data = 0}, hint = 0xf0e7ba60, hint_lock = {lock_data = 0}, 
  first_free = 0xf0e79024, entries_pageable = 1, timestamp = 6655}
(kgdb) down 1
#2  0xf0168205 in pmap_enter (pmap=0xf0e7906c, va=49152, pa=11583488, 
    prot=7 '\a', wired=1) at ../../i386/i386/pmap.c:1181
1181			panic("invalid kernel page directory");
(kgdb) list
1176		 */
1177		pte = pmap_pte(pmap, va);
1178		if (pte == NULL) {
1179			printf("kernel page directory invalid pdir=%p, va=0x%lx\n",
1180				pmap->pm_pdir[PTDPTDI], va);
1181			panic("invalid kernel page directory");
1182		}
1183	
1184		origpte = *(vm_offset_t *)pte;
1185		opa = origpte & PG_FRAME;
(kgdb) p pdir    *pmap
$3 = {pm_pdir = 0xf4eca000, pm_pdchanged = 0, pm_dref = 0, pm_count = 1, 
  pm_lock = {lock_data = 0}, pm_stats = {resident_count = 7, wired_count = 3}, 
  pm_ptpages = 0}
(kgdb) p p PTDPTDI
No symbol "PTDPTDI" in current context.
(kgdb) p va
$4 = 49152
(kgdb) p pte
$5 = (unsigned int **) 0x0
(kgdb) p *pte
$6 = (unsigned int *) 0x7205c766
(kgdb) p **pte
Cannot access memory at address 0x7205c766.
(kgdb) bt
#0  boot (howto=256) at ../../i386/i386/machdep.c:911
#1  0xf0112b53 in panic (fmt=0xf01680f8 "invalid kernel page directory")
    at ../../kern/subr_prf.c:116
#2  0xf0168205 in pmap_enter (pmap=0xf0e7906c, va=49152, pa=11583488, 
    prot=7 '\a', wired=1) at ../../i386/i386/pmap.c:1181
#3  0xf015816b in vm_fault (map=0xf0e79000, vaddr=49152, fault_type=7 '\a', 
    change_wiring=1) at ../../vm/vm_fault.c:842
#4  0xf0158374 in vm_fault_wire (map=0xf0e79000, start=49152, end=53248)
    at ../../vm/vm_fault.c:919
#5  0xf015a97e in vm_map_pageable (map=0xf0e79000, start=49152, end=53248, 
    new_pageable=0) at ../../vm/vm_map.c:1401
#6  0xf0158a15 in vslock (addr=0xc000 "а\215eА[^_ЩУ", len=950)
    at ../../vm/vm_glue.c:150
#7  0xf010fac2 in __sysctl (p=0xf0e7da00, uap=0xefbfff94, retval=0xefbfff8c)
    at ../../kern/kern_sysctl.c:146
#8  0xf016b087 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = -272639220, 
      tf_esi = 6, tf_ebp = -272639296, tf_isp = -272629788, 
      tf_ebx = 134725728, tf_edx = 49152, tf_ecx = -272639224, tf_eax = 202, 
      tf_trapno = 663, tf_err = 663, tf_eip = 134677525, tf_cs = 31, 
      tf_eflags = 663, tf_esp = -272639336, tf_ss = 39})
    at ../../i386/i386/trap.c:906
#9  0xf016363b in Xsyscall ()
#10 0x3486 in ?? ()
#11 0x4a55 in ?? ()
#12 0xefbfe13c in ?? ()
#13 0x2bd4 in ?? ()
#14 0x10e8 in ?? ()
(kgdb) p tfi _eip
No symbol "tf_eip" in current context.
(kgdb) p   frame frame->tf_eip
No symbol "frame" in current context.
(kgdb) up 2
#4  0xf0158374 in vm_fault_wire (map=0xf0e79000, start=49152, end=53248)
    at ../../vm/vm_fault.c:919
919			rv = vm_fault(map, va, VM_PROT_READ|VM_PROT_WRITE, TRUE);
(kgdb) up 2
#6  0xf0158a15 in vslock (addr=0xc000 "а\215eА[^_ЩУ", len=950)
    at ../../vm/vm_glue.c:150
150		vm_map_pageable(&curproc->p_vmspace->vm_map, trunc_page(addr),
(kgdb) up 2
#8  0xf016b087 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = -272639220, 
      tf_esi = 6, tf_ebp = -272639296, tf_isp = -272629788, 
      tf_ebx = 134725728, tf_edx = 49152, tf_ecx = -272639224, tf_eax = 202, 
      tf_trapno = 663, tf_err = 663, tf_eip = 134677525, tf_cs = 31, 
      tf_eflags = 663, tf_esp = -272639336, tf_ss = 39})
    at ../../i386/i386/trap.c:906
906		error = (*callp->sy_call)(p, args, rval);
(kgdb) frame frame->tf_eip
No frame 134677525
(kgdb) p tf_eip
No symbol "tf_eip" in current context.
(kgdb) q
#> exit
exit

Script done on Mon May  6 14:49:51 1996

------- End of Forwarded Message