Date: Sat, 12 Feb 2011 14:04:49 +0600 From: Eugene Grosbein <egrosbein@rdtc.ru> To: Gleb Smirnoff <glebius@freebsd.org> Cc: freebsd-net@freebsd.org, John Baldwin <jhb@freebsd.org> Subject: Re: panic: bufwrite: buffer is not busy??? Message-ID: <4D563F21.2070802@rdtc.ru> In-Reply-To: <20110201185026.GB62007@glebius.int.ru> References: <4D3011DB.9050900@frasunek.com> <4D30458D.30007@sentex.net> <4D309983.70709@rdtc.ru> <201101141437.55421.jhb@freebsd.org> <4D46575A.802@rdtc.ru> <4D4670C2.4050500@freebsd.org> <4D48513C.40503@rdtc.ru> <20110201185026.GB62007@glebius.int.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On 02.02.2011 00:50, Gleb Smirnoff wrote:
>
> This looks like ng_pppoe_disconnect() was called with NULL argument.
>
> Can you add KDB_TRACE option to kernel? Your boxes for some reason can't
> dump core, but with this option we will have at least trace.
>
Same box, new panic today with new trace.
Still no crashdump because of second panic while dumping core.
It seems the source of the problem is still somewhere in NETGRAPH.
This time it looks as garbage and not NULL...
Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 04
fault virtual address = 0x34646dc7
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff803d3e20
stack pointer = 0x28:0xffffff80000fc8d0
frame pointer = 0x28:0xffffff80000fc910
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 12 (irq256: em0:rx 0)
trap number = 12
panic: page fault
cpuid = 2
KDB: stack backtrace:
X_db_sym_numargs() at 0xffffffff801a227a = X_db_sym_numargs+0x15a
kdb_backtrace() at 0xffffffff8033d547 = kdb_backtrace+0x37
panic() at 0xffffffff8030b567 = panic+0x187
dblfault_handler() at 0xffffffff804c0ca0 = dblfault_handler+0x330
dblfault_handler() at 0xffffffff804c107f = dblfault_handler+0x70f
trap() at 0xffffffff804c155f = trap+0x3df
calltrap() at 0xffffffff804a8de4 = calltrap+0x8
--- trap 0xc, rip = 0xffffffff803d3e20, rsp = 0xffffff80000fc8d0, rbp = 0xffffff80000fc910 ---
ng_address_hook() at 0xffffffff803d3e20 = ng_address_hook+0x190
ng_rmnode_self() at 0xffffffff803daf65 = ng_rmnode_self+0x1c95
ng_rmnode_self() at 0xffffffff803db43d = ng_rmnode_self+0x216d
ip_fastforward() at 0xffffffff80406356 = ip_fastforward+0x7e6
ether_demux() at 0xffffffff803c1841 = ether_demux+0x131
ether_vlanencap() at 0xffffffff803c1c2d = ether_vlanencap+0x27d
ata_sii_chipinit() at 0xffffffff801e725a = ata_sii_chipinit+0xe50a
ata_sii_chipinit() at 0xffffffff801e75d4 = ata_sii_chipinit+0xe884
intr_event_execute_handlers() at 0xffffffff802e4c44 = intr_event_execute_handlers+0x104
swi_add() at 0xffffffff802e62f5 = swi_add+0x285
fork_exit() at 0xffffffff802e26d8 = fork_exit+0x118
fork_trampoline() at 0xffffffff804a92ae = fork_trampoline+0xe
--- trap 0, rip = 0, rsp = 0xffffff80000fccf0, rbp = 0 ---
Uptime: 4d1h33m30s
Dumping 4087 MB (3 chunks)
chunk 0: 1MB (150 pages) ... ok
chunk 1: 3575MB (915088 pages)Sleeping thread (tid 100034, pid 12) owns a non-sleepable lock
sched_switch() at 0xffffffff80330819 = sched_switch+0xf9
mi_switch() at 0xffffffff80313ac6 = mi_switch+0x176
sleepq_timedwait() at 0xffffffff803478a2 = sleepq_timedwait+0x42
_sleep() at 0xffffffff80314041 = _sleep+0x301
ucom_attach() at 0xffffffff8029756b = ucom_attach+0x129b
ucom_attach() at 0xffffffff802976a4 = ucom_attach+0x13d4
ucom_attach() at 0xffffffff8029772b = ucom_attach+0x145b
iicbus_release_bus() at 0xffffffff80230b88 = iicbus_release_bus+0x16f8
sc_puts() at 0xffffffff80263bec = sc_puts+0x24c
sc_attach_unit() at 0xffffffff8026698c = sc_attach_unit+0x56c
cncheckc() at 0xffffffff802cbd55 = cncheckc+0x65
dumpsys() at 0xffffffff804f2865 = dumpsys+0x4d5
isa_nmi() at 0xffffffff804f228c = isa_nmi+0x76c
dumpsys() at 0xffffffff804f2623 = dumpsys+0x293
kproc_shutdown() at 0xffffffff8030ac39 = kproc_shutdown+0x1d9
kproc_shutdown() at 0xffffffff8030b120 = kproc_shutdown+0x6c0
panic() at 0xffffffff8030b551 = panic+0x171
dblfault_handler() at 0xffffffff804c0ca0 = dblfault_handler+0x330
dblfault_handler() at 0xffffffff804c107f = dblfault_handler+0x70f
trap() at 0xffffffff804c155f = trap+0x3df
calltrap() at 0xffffffff804a8de4 = calltrap+0x8
--- trap 0xc, rip = 0xffffffff803d3e20, rsp = 0xffffff80000fc8d0, rbp = 0xffffff80000fc910 ---
ng_address_hook() at 0xffffffff803d3e20 = ng_address_hook+0x190
ng_rmnode_self() at 0xffffffff803daf65 = ng_rmnode_self+0x1c95
ng_rmnode_self() at 0xffffffff803db43d = ng_rmnode_self+0x216d
ip_fastforward() at 0xffffffff80406356 = ip_fastforward+0x7e6
ether_demux() at 0xffffffff803c1841 = ether_demux+0x131
ether_vlanencap() at 0xffffffff803c1c2d = ether_vlanencap+0x27d
ata_sii_chipinit() at 0xffffffff801e725a = ata_sii_chipinit+0xe50a
ata_sii_chipinit() at 0xffffffff801e75d4 = ata_sii_chipinit+0xe884
intr_event_execute_handlers() at 0xffffffff802e4c44 = intr_event_execute_handlers+0x104
swi_add() at 0xffffffff802e62f5 = swi_add+0x285
fork_exit() at 0xffffffff802e26d8 = fork_exit+0x118
fork_trampoline() at 0xffffffff804a92ae = fork_trampoline+0xe
--- trap 0, rip = 0, rsp = 0xffffff80000fccf0, rbp = 0 ---
panic: sleeping thread
cpuid = 2
(gdb) l *0xffffffff803d3e20
0xffffffff803d3e20 is in ng_address_hook (netgraph.h:191).
186 int line);
187
188 static __inline void
189 _chkhook(hook_p hook, char *file, int line)
190 {
191 if (hook->hk_magic != HK_MAGIC) {
192 printf("Accessing freed hook ");
193 dumphook(hook, file, line);
194 }
195 hook->lastline = line;
(gdb) x/i 0xffffffff803d3e20
0xffffffff803d3e20 <ng_address_hook+400>: cmpl $0x78573011,0x64(%r12)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D563F21.2070802>