From owner-freebsd-stable@FreeBSD.ORG  Fri Nov 30 16:21:52 2012
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 34CC9DEF;
 Fri, 30 Nov 2012 16:21:52 +0000 (UTC)
 (envelope-from longwitz@incore.de)
Received: from dss.incore.de (dss.incore.de [195.145.1.138])
 by mx1.freebsd.org (Postfix) with ESMTP id A1A028FC12;
 Fri, 30 Nov 2012 16:21:51 +0000 (UTC)
Received: from inetmail.dmz (inetmail.dmz [10.3.0.3])
 by dss.incore.de (Postfix) with ESMTP id 938255CF8C;
 Fri, 30 Nov 2012 17:21:50 +0100 (CET)
X-Virus-Scanned: amavisd-new at incore.de
Received: from dss.incore.de ([10.3.0.3])
 by inetmail.dmz (inetmail.dmz [10.3.0.3]) (amavisd-new, port 10024)
 with LMTP id 3ilPMQBxNNXg; Fri, 30 Nov 2012 17:21:49 +0100 (CET)
Received: from mail.incore (fwintern.dmz [10.0.0.253])
 by dss.incore.de (Postfix) with ESMTP id 25BE25CDC9;
 Fri, 30 Nov 2012 17:21:49 +0100 (CET)
Received: from bsdlo.incore (bsdlo.incore [192.168.0.84])
 by mail.incore (Postfix) with ESMTP id 198CF5083F;
 Fri, 30 Nov 2012 17:21:49 +0100 (CET)
Message-ID: <50B8DD1C.4010308@incore.de>
Date: Fri, 30 Nov 2012 17:21:48 +0100
From: Andreas Longwitz <longwitz@incore.de>
User-Agent: Thunderbird 2.0.0.19 (X11/20090113)
MIME-Version: 1.0
To: Andriy Gapon <avg@FreeBSD.org>
Subject: Re: page fault on verbose boot
References: <50ABE8BC.1010904@incore.de> <50B8CD59.1050308@FreeBSD.org>
In-Reply-To: <50B8CD59.1050308@FreeBSD.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: freebsd-stable@FreeBSD.org
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2012 16:21:52 -0000

Thanks for looking in this problem.

> Could you please execute the following commands?
> 
> In kgdb (if you have exactly the same kernel, or otherwise with a new offset from
> a new panic):
> disassemble intr_execute_handlers+0x15
> 
> In ddb:
> bt
> show apic
> show idt
> show intrcnt
> show lapic
> x/ax interrupt_sources,32

>From live system with same kernel:

(kgdb) disassemble intr_execute_handlers+0x15
Dump of assembler code for function intr_execute_handlers:
0xc08e8e00 <intr_execute_handlers+0>:   push   %ebp
0xc08e8e01 <intr_execute_handlers+1>:   mov    %esp,%ebp
0xc08e8e03 <intr_execute_handlers+3>:   sub    $0x18,%esp
0xc08e8e06 <intr_execute_handlers+6>:   mov    %ebx,0xfffffff4(%ebp)
0xc08e8e09 <intr_execute_handlers+9>:   mov    %esi,0xfffffff8(%ebp)
0xc08e8e0c <intr_execute_handlers+12>:  mov    %edi,0xfffffffc(%ebp)
0xc08e8e0f <intr_execute_handlers+15>:  mov    0x8(%ebp),%ebx
0xc08e8e12 <intr_execute_handlers+18>:  mov    0x8(%ebx),%eax
0xc08e8e15 <intr_execute_handlers+21>:  addl   $0x1,(%eax)
0xc08e8e18 <intr_execute_handlers+24>:  incl   %fs:0x40
0xc08e8e1f <intr_execute_handlers+31>:  mov    0x4(%ebx),%esi
0xc08e8e22 <intr_execute_handlers+34>:  mov    (%ebx),%eax
0xc08e8e24 <intr_execute_handlers+36>:  mov    %ebx,(%esp)
0xc08e8e27 <intr_execute_handlers+39>:  call   *0x14(%eax)
0xc08e8e2a <intr_execute_handlers+42>:  mov    %eax,%edi
0xc08e8e2c <intr_execute_handlers+44>:  test   %eax,%eax
0xc08e8e2e <intr_execute_handlers+46>:  jne    0xc08e8e3a
                                        <intr_execute_handlers+58>
0xc08e8e30 <intr_execute_handlers+48>:  movl   $0x1,0xc0a9d148
0xc08e8e3a <intr_execute_handlers+58>:  mov    0xc(%ebp),%eax
0xc08e8e3d <intr_execute_handlers+61>:  mov    %eax,0x4(%esp)
0xc08e8e41 <intr_execute_handlers+65>:  mov    %esi,(%esp)
0xc08e8e44 <intr_execute_handlers+68>:  call   0xc06afbf0
                                        <intr_event_handle>
0xc08e8e49 <intr_execute_handlers+73>:  test   %eax,%eax
0xc08e8e4b <intr_execute_handlers+75>:  je     0xc08e8ea4
                                        <intr_execute_handlers+164>
0xc08e8e4d <intr_execute_handlers+77>:  mov    (%ebx),%eax
0xc08e8e4f <intr_execute_handlers+79>:  movl   $0x0,0x4(%esp)
0xc08e8e57 <intr_execute_handlers+87>:  mov    %ebx,(%esp)
0xc08e8e5a <intr_execute_handlers+90>:  call   *0x4(%eax)
0xc08e8e5d <intr_execute_handlers+93>:  mov    0xc(%ebx),%eax
0xc08e8e60 <intr_execute_handlers+96>:  addl   $0x1,(%eax)
0xc08e8e63 <intr_execute_handlers+99>:  mov    0xc(%ebx),%eax
0xc08e8e66 <intr_execute_handlers+102>: mov    (%eax),%eax
0xc08e8e68 <intr_execute_handlers+104>: cmp    $0x4,%eax
0xc08e8e6b <intr_execute_handlers+107>: ja     0xc08e8e87
                                        <intr_execute_handlers+135>
0xc08e8e6d <intr_execute_handlers+109>: mov    %edi,0x8(%esp)
0xc08e8e71 <intr_execute_handlers+113>: movl   $0xc09a1c4e,0x4(%esp)
0xc08e8e79 <intr_execute_handlers+121>: movl   $0x3,(%esp)
0xc08e8e80 <intr_execute_handlers+128>: call   0xc070d310 <log>
0xc08e8e85 <intr_execute_handlers+133>: jmp    0xc08e8ea4
                                        <intr_execute_handlers+164>
0xc08e8e87 <intr_execute_handlers+135>: cmp    $0x5,%eax
0xc08e8e8a <intr_execute_handlers+138>: jne    0xc08e8ea4
                                        <intr_execute_handlers+164>
0xc08e8e8c <intr_execute_handlers+140>: mov    %edi,0x8(%esp)
0xc08e8e90 <intr_execute_handlers+144>: movl   $0xc09a1c5b,0x4(%esp)
0xc08e8e98 <intr_execute_handlers+152>: movl   $0x2,(%esp)
0xc08e8e9f <intr_execute_handlers+159>: call   0xc070d310 <log>
0xc08e8ea4 <intr_execute_handlers+164>: mov    0xfffffff4(%ebp),%ebx
0xc08e8ea7 <intr_execute_handlers+167>: mov    0xfffffff8(%ebp),%esi
0xc08e8eaa <intr_execute_handlers+170>: mov    0xfffffffc(%ebp),%edi
0xc08e8ead <intr_execute_handlers+173>: mov    %ebp,%esp
0xc08e8eaf <intr_execute_handlers+175>: pop    %ebp
0xc08e8eb0 <intr_execute_handlers+176>: ret
End of assembler dump.

After boot verbose:

.....
SMP: AP CPU #1 Launched!
cpu1 AP:
     ID: 0x00000000   VER: 0x00040011 LDR: 0x00000000 DFR: 0xffffffff
  lint0: 0x00010700 lint1: 0x00000400 TPR: 0x00000000 SVR: 0x000001ff
  timer: 0x000200ef therm: 0x00000000 err: 0x000000f0 pmc: 0x00010400
ioapic0: routing intpin 3 (CPU1: local APIC error 0x80
ISA IRQ 3) to lapic 0 vector 48
ioafpliocw0t:a brloeu tcilnega nienrt psitna r6t e(dISA
 IRQ 6) to lapic 0 vector 49
ioapic0: routing intpin 14 (ISA IRQ 14) to lapic 0 vector 50
ioapic1: routing intpin 4 (PCI IRQ 20) to lapic 0 vector 51
ioapic1: routing intpin 7 (PCI IRQ 23) to lapic 0 vector 52
ioapic1: routing intpin 9 (PCI IRQ 25) to lapic 0 vector 53
ioapic1: routing intpin 15 (PCI IRQ 31) to lapic 0 vector 54
kernel trap 12 with interrupts disabled


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 03
fault virtual address   = 0xf000e2c3
fault code              = supervisor write, page not present
instruction pointer     = 0x20:0xc08e8e15
stack pointer           = 0x28:0xc1020c78
frame pointer           = 0x28:0xc1020c90
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = resume, IOPL = 0
current process         = 0 (swapper)
[thread pid 0 tid 100000 ]
Stopped at      intr_execute_handlers+0x15:     addl    $0x1,0(%eax)

db> bt
Tracing pid 0 tid 100000 td 0xc0a35350
intr_execute_handlers(0,c1020cb4,3,c1020cf8,c08e4625,...) at
intr_execute_handlers+0x15
lapic_handle_intr(36,c1020cb4) at lapic_handle_intr+0x4c
Xapic_isr1() at Xapic_isr1+0x35
--- interrupt, eip = 0xc08ee8fb, esp = 0xc1020cf4, ebp = 0xc1020cf8 ---
spinlock_exit(c09a1e2e,0,36,3,c1020d38,...) at spinlock_exit+0x2b
ioapic_assign_cpu(c4d1565c,0,0,0,c08f3d29,...) at ioapic_assign_cpu+0x2b0
intr_shuffle_irqs(0,101ec00,101ec00,101e000,1025000,...) at
intr_shuffle_irqs+0xba
mi_startup() at mi_startup+0xac
begin() at begin+0x2c

db> show apic
Interrupts bound to lapic 0
vec 0x30 -> IRQ 3
vec 0x31 -> IRQ 6
vec 0x32 -> IRQ 14
vec 0x33 -> IRQ 20
vec 0x34 -> IRQ 23
vec 0x35 -> IRQ 25
vec 0x36 -> IRQ 31
vec 0xef -> lapic timer
Interrupts bound to lapic 3
vec 0x30 -> IRQ 31
vec 0x31 -> IRQ 18
vec 0x32 -> IRQ 26
vec 0x34 -> IRQ 24
vec 0x38 -> IRQ 21
vec 0x39 -> IRQ 4
vec 0x3c -> IRQ 1
vec 0x3d -> IRQ 12
vec 0xef -> lapic timer

db> show idt
  0     Xdiv
  1     Xdbg
  2     Xnmi
  3     Xbpt
  4     Xofl
  5     Xbnd
  6     Xill
  7     Xdna
  8     0
  9     Xfpusegm
 10     Xtss
 11     Xmissing
 12     Xstk
 13     Xprot
 14     Xpage
 16     Xfpu
 17     Xalign
 18     Xmchk
 19     Xxmm
 32     Xatpic_intr0
 33     Xatpic_intr1
 35     Xatpic_intr3
 36     Xatpic_intr4
 37     Xatpic_intr5
 38     Xatpic_intr6
 39     Xatpic_intr7
 40     Xatpic_intr8
 41     Xatpic_intr9
 42     Xatpic_intr10
 43     Xatpic_intr11
 44     Xatpic_intr12
 45     Xatpic_intr13
 46     Xatpic_intr14
 47     Xatpic_intr15
 48     Xapic_isr1
 49     Xapic_isr1
 50     Xapic_isr1
 51     Xapic_isr1
 52     Xapic_isr1
 53     Xapic_isr1
 54     Xapic_isr1
 55     Xapic_isr1
 56     Xapic_isr1
 57     Xapic_isr1
 58     Xapic_isr1
 59     Xapic_isr1
 60     Xapic_isr1
 61     Xapic_isr1
128     Xint0x80_syscall
239     Xtimerint
240     Xerrorint
242     Xcmcint
243     Xrendezvous
244     Xinvltlb
245     Xinvlpg
246     Xinvlrng
247     Xinvlcache
248     Xlazypmap
249     Xipi_intr_bitmap_handler
250     Xcpustop
255     Xspuriousint

db> show intrcnt
irq1: atkbd0            2
irq6: fdc0              2
irq14: ata0             13
irq18: fxp0             1
irq23: ihfc1            1
irq24: fxp1             1
irq25: fxp2             1
irq31: acpi0            47
cpu0: timer             363
cpu1: timer             593

db> show lapic
lapic ID = 3
version  = 1.1
max LVT  = 4
SVR      = ff (enabled)
TPR      = 00
In-service Interrupts:
isr1: 36
TMR Interrupts:
tmr1: 36
IRR Interrupts:
irr7: ef

db> x/ax interrupt_sources,32
interrupt_sources:      0
interrupt_sources+0x4:  c4d15864
interrupt_sources+0x8:  c4d15888
interrupt_sources+0xc:  c4d158ac
interrupt_sources+0x10: c4d158d0
interrupt_sources+0x14: c4d158f4
interrupt_sources+0x18: c4d15918
interrupt_sources+0x1c: c4d1593c
interrupt_sources+0x20: c4d15960
interrupt_sources+0x24: 0
interrupt_sources+0x28: c4d159a8
interrupt_sources+0x2c: c4d159cc
interrupt_sources+0x30: c4d159f0
interrupt_sources+0x34: c4d15a14
interrupt_sources+0x38: c4d15a38
interrupt_sources+0x3c: c4d15a5c
interrupt_sources+0x40: c4d15440
interrupt_sources+0x44: c4d15464
interrupt_sources+0x48: c4d15488
interrupt_sources+0x4c: c4d154ac
interrupt_sources+0x50: c4d154d0
interrupt_sources+0x54: c4d154f4
interrupt_sources+0x58: c4d15518
interrupt_sources+0x5c: c4d1553c
interrupt_sources+0x60: c4d15560
interrupt_sources+0x64: c4d15584
interrupt_sources+0x68: c4d155a8
interrupt_sources+0x6c: c4d155cc
interrupt_sources+0x70: c4d155f0
interrupt_sources+0x74: c4d15614
interrupt_sources+0x78: c4d15638
interrupt_sources+0x7c: c4d1565c
interrupt_sources+0x80: 0
interrupt_sources+0x84: 0
interrupt_sources+0x88: 0
interrupt_sources+0x8c: 0
interrupt_sources+0x90: 0
interrupt_sources+0x94: 0
interrupt_sources+0x98: 0
interrupt_sources+0x9c: 0
interrupt_sources+0xa0: 0
interrupt_sources+0xa4: 0
interrupt_sources+0xa8: 0
interrupt_sources+0xac: 0
interrupt_sources+0xb0: 0
interrupt_sources+0xb4: 0
interrupt_sources+0xb8: 0
interrupt_sources+0xbc: 0
interrupt_sources+0xc0: 0
interrupt_sources+0xc4: 0
db> reset

-- 
Andreas Longwitz