Date: Mon, 13 Aug 2001 11:39:29 -0700 (PDT) From: John Baldwin <jhb@FreeBSD.org> To: Alexander Langer <alex@big.endian.de> Cc: freebsd-current@FreeBSD.org Subject: RE: trap in vm_object_pip_add Message-ID: <XFMail.010813113929.jhb@FreeBSD.org> In-Reply-To: <20010811161646.A1603@kawoserv.kawo2.rwth-aachen.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11-Aug-01 Alexander Langer wrote:
> Hi!
>
> Under high network load together with high ata disk i/o, I can
> easily reprocude this trap. I think it happens when a fork() is done
> (I always got it when starting new programs...).
Ewwww. I used to get this on my test SMP alpha machine a lot with the giant
vm lock. I hadn't seen it before then and haven't seen it since. :( The
problem is that vm_map_lookup() is returning RV_SUCCESS (or whatever the
SUCCESS return value is) but the value it returns in fs.fs_object is NULL. :(
I have no idea what the cause of this bug is.
> Script started on Sat Aug 11 16:12:07 2001
> mobile# gdb -k kernel.debug vmcore.3
> GNU gdb 4.18
> Copyright 1998 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for details.
> This GDB was configured as "i386-unknown-freebsd"...
> IdlePTD 4931584
> initial pcb at 3b5a20
> panicstr: from debugger
> panic messages:
> ---
> ACPI debug layer 0x0 debug level 0x0
> Copyright (c) 1992-2001 The FreeBSD Project.
> Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
> The Regents of the University of California. All rights reserved.
> FreeBSD 5.0-CURRENT #1: Fri Aug 10 13:45:01 CEST 2001
> alex@mobile.cichlids.com:/usr/obj/usr/src/sys/MOBILE
> Timecounter "i8254" frequency 1193182 Hz
> Timecounter "TSC" frequency 647190237 Hz
> CPU: Pentium III/Pentium III Xeon/Celeron (647.19-MHz 686-class CPU)
> Origin = "GenuineIntel" Id = 0x683 Stepping = 3
>
> Features=0x387f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PA
> T,PSE36,PN,MMX,FXSR,SSE>
> real memory = 67043328 (65472K bytes)
> avail memory = 60137472 (58728K bytes)
> Preloaded elf kernel "kernel" at 0xc0495000.
> Preloaded elf module "agp.ko" at 0xc049509c.
> Preloaded elf module "random.ko" at 0xc0495138.
> Warning: module random already exists
> Pentium Pro MTRR support enabled
> WARNING: Driver mistake: repeat make_dev("random")
> Using $PIR table, 4 entries at 0xc00fdf80
> acpi0: <PTLTD RSDT > on motherboard
> Timecounter "ACPI" frequency 3579545 Hz
> acpi_cpu0: <CPU> on acpi0
> acpi_tz0: <thermal zone> on acpi0
> acpi_pcib0: <Host-PCI bridge> on acpi0
> pci0: <PCI bus> on acpi_pcib0
> agp0: <Intel 82443BX (440 BX) host to PCI bridge> mem 0xf8000000-0xfbffffff
> at device 0.0 on pci0
> pcib1: <PCI-PCI bridge> at device 1.0 on pci0
> pci1: <PCI bus> on pcib1
> pci1: <display, VGA> at 0.0 (no driver attached)
> isab0: <PCI-ISA bridge> at device 7.0 on pci0
> isa0: <ISA bus> on isab0
> atapci0: <Intel PIIX4 ATA33 controller> port 0x1050-0x105f at device 7.1 on
> pci0
> ata0: at 0x1f0 irq 14 on atapci0
> ata1: at 0x170 irq 15 on atapci0
> uhci0: <Intel 82371AB/EB (PIIX4) USB controller> port 0x1060-0x107f irq 11 at
> device 7.2 on pci0
> usb0: <Intel 82371AB/EB (PIIX4) USB controller> on uhci0
> usb0: USB revision 1.0
> uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
> uhub0: 2 ports with 2 removable, self powered
> pci0: <bridge, PCI-unknown> at 7.3 (no driver attached)
> pci0: <multimedia, audio> at 9.0 (no driver attached)
> pci0: <input device> at 9.1 (no driver attached)
> pcic0: <Ricoh RL5C475 PCI-CardBus Bridge> mem 0x44000000-0x44000fff irq 11 at
> device 12.0 on pci0
> pccard0: <PC Card bus (classic)> on pcic0
> acpi_ec0: <embedded controller> on acpi0
> acpi_acad0: <AC adapter> on acpi0
> acpi_cmbat0: <Control method Battery> on acpi0
> acpi_lid0: <Control Method Lid Switch> on acpi0
> acpi_button0: <Sleep Button> on acpi0
> acpi_button1: <Power Button> on acpi0
> acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0
> npx0: <math processor> on motherboard
> npx0: INT 16 interface
> too many dependant configs
> too many dependant configs
> too many dependant configs
> too many dependant configs
> too many dependant configs
> too many dependant configs
> too many dependant configs
> too many dependant configs
> orm0: <Option ROM> at iomem 0xc0000-0xcffff on isa0
> atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
> atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
> kbd0 at atkbd0
> psm0: <PS/2 Mouse> irq 12 on atkbdc0
> psm0: model GlidePoint, device ID 0
> fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
> fdc0: FIFO enabled, 8 bytes threshold
> fd0: <1440-KB 3.5" drive> on fdc0 drive 0
> pmtimer0 on isa0
> ppc0: parallel port not found.
> sc0: <System console> at flags 0x100 on isa0
> sc0: VGA <16 virtual consoles, flags=0x300>
> vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
> unknown: <PNP0200> can't assign resources
> unknown: <PNP0303> can't assign resources
> unknown: <PNP0F13> can't assign resources
> unknown: <PNP0700> can't assign resources
> sio0: <16550A-compatible COM port> at port 0x3f8-0x3ff irq 4 on isa0
> sio0: type 16550A
> sio1: configured irq 3 not in bitmap of probed irqs 0
> IP packet filtering initialized, divert disabled, rule-based forwarding
> enabled, default to accept, logging disabled
> acpi_cpu0: set speed to 100.0%
> acpi_cpu: CPU throttling enabled, 8 steps from 100% to 12.5%
> ad0: 5729MB <TOSHIBA MK6015MAP> [12416/15/63] at ata0-master UDMA33
> Mounting root from ufs:/dev/ad0s2a
> pccard: card inserted, slot 0
> WARNING: / was not properly dismounted
> pcic0: Event mask 0x9
> stray irq 7
> WARNING: /usr was not properly dismounted
> ed0 at port 0x300-0x31f irq 11 slot 0 on pccard0
> ed0: address 00:e0:98:7e:60:10, type Linksys (16 bit)
> ukphy0: <Generic IEEE 802.3u media interface> on miibus0
> ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
> ed0: device timeout
> ed0: device timeout
>
> <some 10 minutes work here, with high network/disk i/o>
>
> Fatal trap 12: page fault while in kernel mode
> fault virtual address = 0x3a
> fault code = supervisor write, page not present
> instruction pointer = 0x8:0xc02d9ab6
> stack pointer = 0x10:0xca6a4d74
> frame pointer = 0x10:0xca6a4d8c
> code segment = base 0x0, limit 0xfffff, type 0x1b
> = DPL 0, pres 1, def32 1, gran 1
> processor eflags = interrupt enabled, resume, IOPL = 0
> current process = 14 (random)
> panic: from debugger
> panic: from debugger
> Uptime: 8m41s
>
> dumping to dev ad0s2b, offset 176256
> dump ata0: resetting devices .. done
> 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38
> 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12
> 11 10 9 8 7 6 5 4 3 2 1 0
> ---
>#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:478
> 478 if (dumpdev == NODEV)
> (kgdb) up
>#1 0xc01f22cb in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:321
> 321 /*
> (kgdb) up
>#2 0xc01f26e5 in panic (fmt=0xc03330fe "from debugger")
> at /usr/src/sys/kern/kern_shutdown.c:600
> 600 }
> (kgdb) bt
>#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:478
>#1 0xc01f22cb in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:321
>#2 0xc01f26e5 in panic (fmt=0xc03330fe "from debugger")
> at /usr/src/sys/kern/kern_shutdown.c:600
>#3 0xc0166751 in db_panic (addr=-1070753098, have_addr=0, count=-1,
> modif=0xca6a4be0 "") at /usr/src/sys/ddb/db_command.c:443
>#4 0xc01666ef in db_command (last_cmdp=0xc037cb94, cmd_table=0xc037c9d4,
> aux_cmd_tablep=0xc0375a38, aux_cmd_tablep_end=0xc0375a3c)
> at /usr/src/sys/ddb/db_command.c:341
>#5 0xc01667bb in db_command_loop () at /usr/src/sys/ddb/db_command.c:465
>#6 0xc016898f in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:72
>#7 0xc02f88da in kdb_trap (type=12, code=0, regs=0xca6a4d34)
> at /usr/src/sys/i386/i386/db_interface.c:167
>#8 0xc0306fd8 in trap_fatal (frame=0xca6a4d34, eva=58)
> at /usr/src/sys/i386/i386/trap.c:932
>#9 0xc0306d4d in trap_pfault (frame=0xca6a4d34, usermode=0, eva=58)
> at /usr/src/sys/i386/i386/trap.c:851
>#10 0xc030639c in trap (frame={tf_fs = -1070202856, tf_es = 16,
> tf_ds = -941686768, tf_edi = -1069669076, tf_esi = 0,
> tf_ebp = -899002996, tf_isp = -899003040, tf_ebx = 1,
> tf_edx = -917949984, tf_ecx = 1, tf_eax = 1, tf_trapno = 12, tf_err =
> 2,
> tf_eip = -1070753098, tf_cs = 8, tf_eflags = 66118,
> tf_esp = -1069573312, tf_ss = 1}) at /usr/src/sys/i386/i386/trap.c:410
>#11 0xc02d9ab6 in vm_object_pip_add (object=0x0, i=1)
> ---Type <return> to continue, or q <return> to quit---
> at /usr/src/sys/vm/vm_object.c:235
>#12 0xc02d0706 in vm_fault1 (map=0xc03e252c, vaddr=3226034176,
> fault_type=2 '\002', fault_flags=0) at /usr/src/sys/vm/vm_fault.c:274
>#13 0xc02d050b in vm_fault (map=0xc03e252c, vaddr=3226034176, fault_type=2,
> fault_flags=0) at /usr/src/sys/vm/vm_fault.c:198
>#14 0xc0306cf1 in trap_pfault (frame=0xca6a4ed0, usermode=0, eva=3226036098)
> at /usr/src/sys/i386/i386/trap.c:838
>#15 0xc030639c in trap (frame={tf_fs = -1069875176, tf_es = 16,
> tf_ds = -1070268400, tf_edi = 3, tf_esi = -1068949920,
> tf_ebp = -899002556, tf_isp = -899002628, tf_ebx = -1068950300,
> tf_edx = 18722, tf_ecx = -1068968744, tf_eax = -1068949815,
> tf_trapno = 12, tf_err = 2, tf_eip = -1069017353, tf_cs = 8,
> tf_eflags = 66183, tf_esp = -1068950300, tf_ss = -1068950312})
> at /usr/src/sys/i386/i386/trap.c:410
>#16 0xc04816f7 in ?? ()
>#17 0xc04810bb in ?? ()
>#18 0xc0480e10 in ?? ()
>#19 0xc01e21dc in fork_exit (callout=0xc0480d88, arg=0x0, frame=0xca6a4fa8)
> at /usr/src/sys/kern/kern_fork.c:723
> (kgdb) up 5
>#7 0xc02f88da in kdb_trap (type=12, code=0, regs=0xca6a4d34)
> at /usr/src/sys/i386/i386/db_interface.c:167
> 167
> (kgdb) up
>#8 0xc0306fd8 in trap_fatal (frame=0xca6a4d34, eva=58)
> at /usr/src/sys/i386/i386/trap.c:932
> 932 /**
> (kgdb) up
>#9 0xc0306d4d in trap_pfault (frame=0xca6a4d34, usermode=0, eva=58)
> at /usr/src/sys/i386/i386/trap.c:851
> 851 return((rv == KERN_PROTECTION_FAILURE) ? SIGBUS : SIGSEGV);
> (kgdb) up
>#10 0xc030639c in trap (frame={tf_fs = -1070202856, tf_es = 16,
> tf_ds = -941686768, tf_edi = -1069669076, tf_esi = 0,
> tf_ebp = -899002996, tf_isp = -899003040, tf_ebx = 1,
> tf_edx = -917949984, tf_ecx = 1, tf_eax = 1, tf_trapno = 12, tf_err =
> 2,
> tf_eip = -1070753098, tf_cs = 8, tf_eflags = 66118,
> tf_esp = -1069573312, tf_ss = 1}) at /usr/src/sys/i386/i386/trap.c:410
> 410
> (kgdb) up
>#11 0xc02d9ab6 in vm_object_pip_add (object=0x0, i=1)
> at /usr/src/sys/vm/vm_object.c:235
> 235 * vm_object_reference:
> (kgdb) x vm_object_reference
> 0xc02d9d38 <vm_object_reference>: 0x53e58955
> (kgdb) quit
> mobile# exit
> exit
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message
--
John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/
PGP Key: http://www.baldwin.cx/~john/pgpkey.asc
"Power Users Use the Power to Serve!" - http://www.FreeBSD.org/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.010813113929.jhb>