From owner-freebsd-current@FreeBSD.ORG  Sat May 20 13:22:19 2006
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: current@freebsd.org
Delivered-To: freebsd-current@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 57F4116A436
	for <current@freebsd.org>; Sat, 20 May 2006 13:22:19 +0000 (UTC)
	(envelope-from pawel.worach@gmail.com)
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.172])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A71AE43D46
	for <current@freebsd.org>; Sat, 20 May 2006 13:22:18 +0000 (GMT)
	(envelope-from pawel.worach@gmail.com)
Received: by ug-out-1314.google.com with SMTP id m3so940599uge
	for <current@freebsd.org>; Sat, 20 May 2006 06:22:17 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding;
	b=C7lLThmiKRQePyEZ5vjIOGo4etB2x/NjQU+sAAQLZI55zHqp1Ekj8Eh4j6eYnQY5JzrYnd9hob/Pa3cMMklYajUmxU45gB3y/2Pfv/I7Iob395i94TuF2QdPXJgeC864ajqbo1lP2FnUQb7vyLqMAKKh21hTo6TaXcLNi18OuaA=
Received: by 10.67.97.7 with SMTP id z7mr2271103ugl;
	Sat, 20 May 2006 06:22:17 -0700 (PDT)
Received: from ?192.168.1.200? ( [80.217.194.157])
	by mx.gmail.com with ESMTP id e1sm3299294ugf.2006.05.20.06.22.16;
	Sat, 20 May 2006 06:22:17 -0700 (PDT)
Message-ID: <446F1806.4050301@gmail.com>
Date: Sat, 20 May 2006 15:22:14 +0200
From: Pawel Worach <pawel.worach@gmail.com>
User-Agent: Thunderbird 1.5.0.2 (X11/20060520)
MIME-Version: 1.0
To: current@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: 
Subject: callout_reset page fault panic
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 20 May 2006 13:22:23 -0000

One day old CURRENT, i368 UP. Died while installing some ports and 
running mplayer. vmcore and kernel available (minidumps kick ass!).

Unread portion of the kernel message buffer:
kernel trap 12 with interrupts disabled


Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0xc5b29ebc
fault code              = supervisor write, page not present
instruction pointer     = 0x20:0xc054ca12
stack pointer           = 0x28:0xe6150bb8
frame pointer           = 0x28:0xe6150bc8
code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
processor eflags        = resume, IOPL = 0
current process         = 59233 (mplayer)
trap number             = 12
panic: page fault
KDB: stack backtrace:
kdb_backtrace(c073637c,c078e2a0,c072ad84,e6150ab0,100) at kdb_backtrace+0x2e
panic(c072ad84,c0737a49,c3a53ed8,1,1) at panic+0xb7
trap_fatal(e6150b78,c5b29ebc,0,c5ed4740,c5b29ebc) at trap_fatal+0x33e
trap(e6150008,c08c0028,c3440028,b,c5ed4884) at trap+0x11e
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0xc054ca12, esp = 0xe6150bb8, ebp = 0xe6150bc8 ---
callout_reset(c5ed4884,b,c0563d20,c5ed4740,e6150c10) at callout_reset+0x142
sleepq_set_timeout(c078e944,b,c0736ccc,100,c104d6c8) at 
sleepq_set_timeout+0x2e
msleep(c078e944,0,15c,c0736ccc,b) at msleep+0x205
kern_nanosleep(c5ed4740,e6150c74,e6150c6c,c4f30480,0) at kern_nanosleep+0xc0
nanosleep(c5ed4740,e6150d04,8,16,e6150d30) at nanosleep+0x6d
syscall(3b,3b,bfbf003b,bfbfd6d0,0) at syscall+0x3f3
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (240, FreeBSD ELF32, nanosleep), eip = 0x28bf3423, esp = 
0xbfbfd63c, ebp = 0xbfbfd698 ---
Uptime: 16h13m31s
Physical memory: 1014 MB
Dumping 180 MB: 165 149 133 117 101 85 69 53 37 21 5

#0  doadump () at pcpu.h:166
166     pcpu.h: No such file or directory.
         in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:166
#1  0xc053a0b4 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2  0xc053a42d in panic (fmt=0xc072ad84 "%s")
     at /usr/src/sys/kern/kern_shutdown.c:565
#3  0xc06fc4de in trap_fatal (frame=0xe6150b78, eva=0)
     at /usr/src/sys/i386/i386/trap.c:870
#4  0xc06fb9fe in trap (frame=
       {tf_fs = -434831352, tf_es = -1064566744, tf_ds = -1018953688, 
tf_edi = 11, tf_esi = -974305148, tf_ebp = -434828344, tf_isp = 
-434828380, tf_ebx = -974305472, tf_edx = 24700, tf_ecx = 24700, tf_eax 
= -978149700, tf_trapno = 12, tf_err = 2, tf_eip = -1068185070, tf_cs = 
32, tf_eflags = 2162690, tf_esp = 0, tf_ss = -434828172}) at 
/usr/src/sys/i386/i386/trap.c:279
#5  0xc06ea66a in calltrap () at /usr/src/sys/i386/i386/exception.s:138
#6  0xc054ca12 in callout_reset (c=0xc5ed4884, to_ticks=11, ftn=0xc5b29ebc,
     arg=0xc5b29ebc) at /usr/src/sys/kern/kern_timeout.c:463
#7  0xc05633ae in sleepq_set_timeout (wchan=0xc078e944, timo=-978149700)
     at /usr/src/sys/kern/subr_sleepqueue.c:344
#8  0xc0542a95 in msleep (ident=0xc078e944, mtx=0x0, priority=348,
     wmesg=0xc5b29ebc <Address 0xc5b29ebc out of bounds>, timo=11)
     at /usr/src/sys/kern/kern_synch.c:193
#9  0xc05497e0 in kern_nanosleep (td=0xc5ed4740, rqt=0xe6150c74,
     rmt=0xe6150c6c) at /usr/src/sys/kern/kern_time.c:376
#10 0xc054994d in nanosleep (td=0xc5b29ebc, uap=0xe6150d04)
---Type <return> to continue, or q <return> to quit---
     at /usr/src/sys/kern/kern_time.c:422
#11 0xc06fc943 in syscall (frame=
       {tf_fs = 59, tf_es = 59, tf_ds = -1078001605, tf_edi = 
-1077946672, tf_esi = 0, tf_ebp = -1077946728, tf_isp = -434827932, 
tf_ebx = 681145780, tf_edx = 0, tf_ecx = 10000000, tf_eax = 240, 
tf_trapno = 22, tf_err = 2, tf_eip = 683619363, tf_cs = 51, tf_eflags = 
2097666, tf_esp = -1077946820, tf_ss = 59})
     at /usr/src/sys/i386/i386/trap.c:1016
#12 0xc06ea6bf in Xint0x80_syscall () at 
/usr/src/sys/i386/i386/exception.s:191
#13 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) l *0xc054ca12
0xc054ca12 is in callout_reset (/usr/src/sys/kern/kern_timeout.c:463).
458
459             c->c_arg = arg;
460             c->c_flags |= (CALLOUT_ACTIVE | CALLOUT_PENDING);
461             c->c_func = ftn;
462             c->c_time = ticks + to_ticks;
463             TAILQ_INSERT_TAIL(&callwheel[c->c_time & callwheelmask],
464                               c, c_links.tqe);
465             mtx_unlock_spin(&callout_lock);
466
467             return (cancelled);
(kgdb) frame 6
#6  0xc054ca12 in callout_reset (c=0xc5ed4884, to_ticks=11, ftn=0xc5b29ebc,
     arg=0xc5b29ebc) at /usr/src/sys/kern/kern_timeout.c:463
463             TAILQ_INSERT_TAIL(&callwheel[c->c_time & callwheelmask],
(kgdb) p c
$1 = (struct callout *) 0xc5ed4884
(kgdb) p *c
$2 = {c_links = {sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0,
       tqe_prev = 0xc5b29ebc}}, c_time = 58417276, c_arg = 0xc5ed4740,
   c_func = 0xc0563d20 <sleepq_timeout>, c_mtx = 0x0, c_flags = 22}

-- 
Pawel