Date: Tue, 15 Dec 2015 17:42:38 +0100 From: Fabian Keil <freebsd-listen@fabiankeil.de> To: FreeBSD Current <freebsd-current@freebsd.org> Subject: fork_findpid() - Fatal trap 12: page fault while in kernel mode Message-ID: <20151215174238.2d7cc3bb@fabiankeil.de>
next in thread | raw e-mail | index | archive | help
--Sig_/LrvoB/L5kZ/nNHZs9BSwUTW
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
I've seen the following panic a couple of times in the last three
months, usually while poudriere was running and with sh being the
current process.
This one is from a system based on r290926 running with
kern.randompid=3D9001 and forking frequently (>1000 forks/second)
due to poudriere and afl-fuzz:
Fatal trap 12: page fault while in kernel mode
cpuid =3D 1; apic id =3D 04
fault virtual address =3D 0x618b00a8
fault code =3D supervisor read data, page not present
instruction pointer =3D 0x20:0xffffffff80909158
stack pointer =3D 0x28:0xfffffe011e03b940
frame pointer =3D 0x28:0xfffffe011e03b960
code segment =3D base 0x0, limit 0xfffff, type 0x1b
=3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags =3D interrupt enabled, resume, IOPL =3D 0
current process =3D 71325 (sh)
trap number =3D 12
panic: page fault
cpuid =3D 1
KDB: stack backtrace:
[...]
Uptime: 13d20h43m20s
[...]
(kgdb) where
#0 doadump (textdump=3D1) at pcpu.h:221
#1 0xffffffff8094a923 in kern_reboot (howto=3D260) at /usr/src/sys/kern/ke=
rn_shutdown.c:364
#2 0xffffffff8094ae8b in vpanic (fmt=3D<value optimized out>, ap=3D<value =
optimized out>) at /usr/src/sys/kern/kern_shutdown.c:757
#3 0xffffffff8094acc3 in panic (fmt=3D0x0) at /usr/src/sys/kern/kern_shutd=
own.c:688
#4 0xffffffff80c2fbb1 in trap_fatal (frame=3D<value optimized out>, eva=3D=
<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:834
#5 0xffffffff80c2fda4 in trap_pfault (frame=3D0xfffffe011e03b890, usermode=
=3D<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:684
#6 0xffffffff80c2f55e in trap (frame=3D0xfffffe011e03b890) at /usr/src/sys=
/amd64/amd64/trap.c:435
#7 0xffffffff80c120a7 in calltrap () at /usr/src/sys/amd64/amd64/exception=
.S:234
#8 0xffffffff80909158 in fork_findpid (flags=3D<value optimized out>) at /=
usr/src/sys/kern/kern_fork.c:281
#9 0xffffffff80907225 in do_fork (td=3D0xfffff8009db9a9a0, flags=3D20, p2=
=3D0xfffff8009dbe1a90, td2=3D0xfffff800aa6884d0, vm2=3D0xfffff800a9eee000, =
pdflags=3D0) at /usr/src/sys/kern/kern_fork.c:385
#10 0xffffffff80906c08 in fork1 (td=3D0xfffff8009db9a9a0, flags=3D20, pages=
=3D<value optimized out>, procp=3D0xfffffe011e03bac0, procdescp=3D0x0, pdfl=
ags=3D99999, fcaps=3D<value optimized out>)
at /usr/src/sys/kern/kern_fork.c:937
#11 0xffffffff809066ca in sys_fork (td=3D0xfffff8009db9a9a0, uap=3D<value o=
ptimized out>) at /usr/src/sys/kern/kern_fork.c:108
#12 0xffffffff80c3054b in amd64_syscall (td=3D0xfffff8009db9a9a0, traced=3D=
0) at subr_syscall.c:140
#13 0xffffffff80c1238b in Xfast_syscall () at /usr/src/sys/amd64/amd64/exce=
ption.S:394
#14 0x00000008009257aa in ?? ()
Previous frame inner to this frame (corrupt stack?)
Current language: auto; currently minimal
(kgdb) f 8
#8 0xffffffff80909158 in fork_findpid (flags=3D<value optimized out>) at /=
usr/src/sys/kern/kern_fork.c:281
warning: Source file is more recent than executable.
=20
281 (p->p_pgrp !=3D NULL &&
(kgdb) l -
271 * id is kept reserved only while there is a
272 * non-reaped process in the subtree, so amount of
273 * reserved pids is limited by process limit times
274 * two.
275 */
276 p =3D LIST_FIRST(&allproc);
277 again:
278 for (; p !=3D NULL; p =3D LIST_NEXT(p, p_list)) {
279 while (p->p_pid =3D=3D trypid ||
280 p->p_reapsubtree =3D=3D trypid ||
(kgdb) l
281 (p->p_pgrp !=3D NULL &&
282 (p->p_pgrp->pg_id =3D=3D trypid ||
283 (p->p_session !=3D NULL &&
284 p->p_session->s_sid =3D=3D trypid)))) {
285 trypid++;
286 if (trypid >=3D pidchecked)
287 goto retry;
288 }
289 if (p->p_pid > trypid && pidchecked > p->p_=
pid)
290 pidchecked =3D p->p_pid;
(kgdb) f 6
#6 0xffffffff80c2f55e in trap (frame=3D0xfffffe011e03b890) at /usr/src/sys=
/amd64/amd64/trap.c:435
warning: Source file is more recent than executable.
=20
435 (void) trap_pfault(frame, FALSE);
(kgdb) p *frame
$2 =3D {tf_rdi =3D 1636499584, tf_rsi =3D 51281, tf_rdx =3D -8795282608128,=
tf_rcx =3D 1, tf_r8 =3D 99999, tf_r9 =3D 99999, tf_rax =3D 0, tf_rbx =3D 6=
0137, tf_rbp =3D -2194224727712, tf_r10 =3D 0, tf_r11 =3D 0,
tf_r12 =3D -8793446540656, tf_r13 =3D -2194224727360, tf_r14 =3D 0, tf_r1=
5 =3D -8793450915184, tf_trapno =3D 12, tf_fs =3D 19, tf_gs =3D 27, tf_addr=
=3D 1636499624, tf_flags =3D 1, tf_es =3D 59, tf_ds =3D 59, tf_err =3D 0,
tf_rip =3D -2138009256, tf_cs =3D 32, tf_rflags =3D 66050, tf_rsp =3D -21=
94224727728, tf_ss =3D 40}
(kgdb) f 9
#9 0xffffffff80907225 in do_fork (td=3D0xfffff8009db9a9a0, flags=3D20, p2=
=3D0xfffff8009dbe1a90, td2=3D0xfffff800aa6884d0, vm2=3D0xfffff800a9eee000, =
pdflags=3D0) at /usr/src/sys/kern/kern_fork.c:385
385 trypid =3D fork_findpid(flags);
(kgdb) p flags
$3 =3D 20
(kgdb) p *td
$4 =3D {td_lock =3D 0xffffffff8129b100, td_proc =3D 0xfffff8009d7b5a90, td_=
plist =3D {tqe_next =3D 0x0, tqe_prev =3D 0xfffff8009d7b5aa0}, td_runq =3D =
{tqe_next =3D 0x0, tqe_prev =3D 0xffffffff8129b740}, td_slpq =3D {
tqe_next =3D 0x0, tqe_prev =3D 0xfffff800066de400}, td_lockq =3D {tqe_n=
ext =3D 0x0, tqe_prev =3D 0xfffffe011e176908}, td_hash =3D {le_next =3D 0x0=
, le_prev =3D 0xfffffe0000c98d98}, td_cpuset =3D 0xfffff800a943f9c0,=20
td_sel =3D 0xfffff800a9b20e00, td_sleepqueue =3D 0xfffff800066de400, td_t=
urnstile =3D 0xfffff8000672b480, td_rlqe =3D 0xfffff8000688ba28, td_umtxq =
=3D 0xfffff80024736880, td_vm_dom_policy =3D {seq =3D 0, p =3D {
policy =3D VM_POLICY_NONE, domain =3D -1}}, td_tid =3D 101811, td_sig=
queue =3D {sq_signals =3D {__bits =3D 0xfffff8009db9aa40}, sq_kill =3D {__b=
its =3D 0xfffff8009db9aa50}, sq_list =3D {tqh_first =3D 0x0,=20
tqh_last =3D 0xfffff8009db9aa60}, sq_proc =3D 0xfffff8009d7b5a90, sq_=
flags =3D 1}, td_lend_user_pri =3D 255 '=C3=BF', td_flags =3D 67174406, td_=
inhibitors =3D 0, td_pflags =3D 0, td_dupfd =3D 0, td_sqqueue =3D 0,=20
td_wchan =3D 0x0, td_wmesg =3D 0x0, td_owepreempt =3D 0 '\0', td_tsqueue =
=3D 0 '\0', td_locks =3D 0, td_rw_rlocks =3D 0, td_lk_slocks =3D 0, td_stop=
sched =3D 1, td_blocked =3D 0x0, td_lockname =3D 0x0, td_contested =3D {
lh_first =3D 0x0}, td_sleeplocks =3D 0x0, td_intr_nesting_level =3D 0, =
td_pinned =3D 1, td_ucred =3D 0xfffff8009d8d5200, td_limit =3D 0xfffff80118=
817a00, td_estcpu =3D 0, td_slptick =3D 0, td_blktick =3D 0,=20
td_swvoltick =3D -950283881, td_cow =3D 55789, td_ru =3D {ru_utime =3D {t=
v_sec =3D 0, tv_usec =3D 0}, ru_stime =3D {tv_sec =3D 0, tv_usec =3D 0}, ru=
_maxrss =3D 3044, ru_ixrss =3D 175824, ru_idrss =3D 15984, ru_isrss =3D 170=
496,=20
ru_minflt =3D 99693, ru_majflt =3D 0, ru_nswap =3D 0, ru_inblock =3D 15=
1, ru_oublock =3D 19, ru_msgsnd =3D 0, ru_msgrcv =3D 0, ru_nsignals =3D 0, =
ru_nvcsw =3D 5210, ru_nivcsw =3D 18301}, td_rux =3D {rux_runtime =3D 118034=
16060,=20
rux_uticks =3D 428, rux_sticks =3D 122, rux_iticks =3D 0, rux_uu =3D 0,=
rux_su =3D 0, rux_tu =3D 0}, td_incruntime =3D 399768428, td_runtime =3D 1=
2203184488, td_pticks =3D 764, td_sticks =3D 777, td_iticks =3D 0,=20
td_uticks =3D 5, td_intrval =3D 0, td_oldsigmask =3D {__bits =3D 0xfffff8=
009db9abf4}, td_generation =3D 23511, td_sigstk =3D {ss_sp =3D 0x0, ss_size=
=3D 0, ss_flags =3D 4}, td_xsig =3D 0, td_profil_addr =3D 0,=20
td_profil_ticks =3D 0, td_name =3D 0xfffff8009db9ac34 "sh", td_fpop =3D 0=
x0, td_dbgflags =3D 0, td_dbgksi =3D {ksi_link =3D {tqe_next =3D 0x0, tqe_p=
rev =3D 0x0}, ksi_info =3D {si_signo =3D 0, si_errno =3D 0, si_code =3D 0,=
=20
si_pid =3D 0, si_uid =3D 0, si_status =3D 0, si_addr =3D 0x0, si_valu=
e =3D {sival_int =3D 0, sival_ptr =3D 0x0, sigval_int =3D 0, sigval_ptr =3D=
0x0}, _reason =3D {_fault =3D {_trapno =3D 0}, _timer =3D {_timerid =3D 0,=
=20
_overrun =3D 0}, _mesgq =3D {_mqd =3D 0}, _poll =3D {_band =3D 0}=
, __spare__ =3D {__spare1__ =3D 0, __spare2__ =3D 0xfffff8009db9ac98}}}, ks=
i_flags =3D 0, ksi_sigq =3D 0x0}, td_ng_outbound =3D 0, td_osd =3D {
osd_nslots =3D 0, osd_slots =3D 0x0, osd_next =3D {le_next =3D 0x0, le_=
prev =3D 0x0}}, td_map_def_user =3D 0x0, td_dbg_forked =3D 0, td_vp_reserv =
=3D 0, td_no_sleeping =3D 0, td_dom_rr_idx =3D 0, td_su =3D 0x0, td_sigmask=
=3D {
__bits =3D 0xfffff8009db9ad10}, td_rqindex =3D 25 '\031', td_base_pri =
=3D 174 '=C2=AE', td_priority =3D 174 '=C2=AE', td_pri_class =3D 3 '\003', =
td_user_pri =3D 187 '=C2=BB', td_base_user_pri =3D 187 '=C2=BB', td_dbg_sc_=
code =3D 0,=20
td_dbg_sc_narg =3D 0, td_pcb =3D 0xfffffe011e03bcc0, td_state =3D TDS_RUN=
NING, td_uretoff =3D {tdu_retval =3D 0xfffff8009db9ad40, tdu_off =3D 0}, td=
_cowgen =3D 0, td_slpcallout =3D {c_links =3D {le =3D {le_next =3D 0x0,=20
le_prev =3D 0xfffffe0000cde4d0}, sle =3D {sle_next =3D 0x0}, tqe =
=3D {tqe_next =3D 0x0, tqe_prev =3D 0xfffffe0000cde4d0}}, c_time =3D 514451=
4421357134, c_precision =3D 268435437, c_arg =3D 0xfffff8009db9a9a0,=20
c_func =3D 0xffffffff8099c020 <sleepq_timeout>, c_lock =3D 0x0, c_flags=
=3D 0, c_iflags =3D 272, c_cpu =3D 1}, td_frame =3D 0xfffffe011e03bc00, td=
_kstack_obj =3D 0xfffff8009d99b700, td_kstack =3D 18446741879484809216,=20
td_kstack_pages =3D 4, td_critnest =3D 4294960822, td_md =3D {md_spinlock=
_count =3D -6474, md_saved_flags =3D 582, md_spurflt_addr =3D 0}, td_sched =
=3D 0xfffff8009db9ae40, td_ar =3D 0x0, td_lprof =3D 0xfffff8009db9ade0,=20
td_dtrace =3D 0xfffff8009d2b6400, td_errno =3D 0, td_vnet =3D 0x0, td_vne=
t_lpush =3D 0x0, td_intr_frame =3D 0x0, td_rfppwait_p =3D 0xfffff800a99e454=
8, td_ma =3D 0x0, td_ma_cnt =3D 0, td_emuldata =3D 0x0, td_lastcpu =3D 1,=20
td_oncpu =3D 1}
(kgdb) p *p2
$5 =3D {p_list =3D {le_next =3D 0x0, le_prev =3D 0xffffffff813f3cd0}, p_thr=
eads =3D {tqh_first =3D 0xfffff800aa6884d0, tqh_last =3D 0xfffff800aa6884e0=
}, p_slock =3D {lock_object =3D {
lo_name =3D 0xffffffff80e22449 "process slock", lo_flags =3D 53706752=
0, lo_data =3D 0, lo_witness =3D 0x0}, mtx_lock =3D 4}, p_ucred =3D 0xfffff=
8009d8d5200, p_fd =3D 0x0, p_fdtol =3D 0x0, p_stats =3D 0xfffff800aaa08a00,=
=20
p_limit =3D 0x0, p_limco =3D {c_links =3D {le =3D {le_next =3D 0x0, le_pr=
ev =3D 0x0}, sle =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D 0x0, tqe_pre=
v =3D 0x0}}, c_time =3D 0, c_precision =3D 0, c_arg =3D 0x0, c_func =3D 0,=
=20
c_lock =3D 0xfffff8009dbe1bb0, c_flags =3D 0, c_iflags =3D 0, c_cpu =3D=
0}, p_sigacts =3D 0x0, p_flag =3D 268460034, p_flag2 =3D 0, p_state =3D PR=
S_ZOMBIE, p_pid =3D 49173, p_hash =3D {le_next =3D 0xfffff8000643b000,=20
le_prev =3D 0xfffffe0000c8a0a8}, p_pglist =3D {le_next =3D 0xfffff80023=
df1000, le_prev =3D 0xfffff8009d7b5b60}, p_pptr =3D 0xfffff8009d7b5a90, p_s=
ibling =3D {le_next =3D 0xfffff80023df1000,=20
le_prev =3D 0xfffff8009d7b5b88}, p_children =3D {lh_first =3D 0x0}, p_r=
eaper =3D 0xfffff800029a5548, p_reaplist =3D {lh_first =3D 0x0}, p_reapsibl=
ing =3D {le_next =3D 0xfffff800a99e4548, le_prev =3D 0xfffff800029a5650},=20
p_mtx =3D {lock_object =3D {lo_name =3D 0xffffffff80e2243c "process lock"=
, lo_flags =3D 558039040, lo_data =3D 0, lo_witness =3D 0x0}, mtx_lock =3D =
4}, p_statmtx =3D {lock_object =3D {lo_name =3D 0xffffffff80e22457 "pstatl"=
,=20
lo_flags =3D 537067520, lo_data =3D 0, lo_witness =3D 0x0}, mtx_lock =
=3D 4}, p_itimmtx =3D {lock_object =3D {lo_name =3D 0xffffffff80e2245e "pit=
iml", lo_flags =3D 537067520, lo_data =3D 0, lo_witness =3D 0x0},=20
mtx_lock =3D 4}, p_profmtx =3D {lock_object =3D {lo_name =3D 0xffffffff=
80e22465 "pprofl", lo_flags =3D 537067520, lo_data =3D 0, lo_witness =3D 0x=
0}, mtx_lock =3D 4}, p_ksi =3D 0xfffff8000639dd20, p_sigqueue =3D {
sq_signals =3D {__bits =3D 0xfffff8009dbe1c38}, sq_kill =3D {__bits =3D=
0xfffff8009dbe1c48}, sq_list =3D {tqh_first =3D 0x0, tqh_last =3D 0xfffff8=
009dbe1c58}, sq_proc =3D 0xfffff8009dbe1a90, sq_flags =3D 1}, p_oppid =3D 0=
,=20
p_vmspace =3D 0x0, p_swtick =3D 3344683415, p_cowgen =3D 0, p_realtimer =
=3D {it_interval =3D {tv_sec =3D 0, tv_usec =3D 0}, it_value =3D {tv_sec =
=3D 0, tv_usec =3D 0}}, p_ru =3D {ru_utime =3D {tv_sec =3D 0, tv_usec =3D 0=
}, ru_stime =3D {
tv_sec =3D 0, tv_usec =3D 0}, ru_maxrss =3D 0, ru_ixrss =3D 0, ru_idr=
ss =3D 0, ru_isrss =3D 0, ru_minflt =3D 74, ru_majflt =3D 0, ru_nswap =3D 0=
, ru_inblock =3D 0, ru_oublock =3D 0, ru_msgsnd =3D 0, ru_msgrcv =3D 0,=20
ru_nsignals =3D 0, ru_nvcsw =3D 2, ru_nivcsw =3D 2}, p_rux =3D {rux_run=
time =3D 2047260, rux_uticks =3D 0, rux_sticks =3D 0, rux_iticks =3D 0, rux=
_uu =3D 0, rux_su =3D 0, rux_tu =3D 0}, p_crux =3D {rux_runtime =3D 0,=20
rux_uticks =3D 0, rux_sticks =3D 0, rux_iticks =3D 0, rux_uu =3D 0, rux=
_su =3D 0, rux_tu =3D 0}, p_profthreads =3D 0, p_exitthreads =3D 0, p_trace=
flag =3D 0, p_tracevp =3D 0x0, p_tracecred =3D 0x0, p_textvp =3D 0x0, p_loc=
k =3D 0,=20
p_sigiolst =3D {slh_first =3D 0x0}, p_sigparent =3D 20, p_sig =3D 0, p_co=
de =3D 0, p_stops =3D 0, p_stype =3D 0, p_step =3D 0 '\0', p_pfsflags =3D 0=
'\0', p_nlminfo =3D 0x0, p_aioinfo =3D 0x0, p_singlethread =3D 0x0,=20
p_suspcount =3D 0, p_xthread =3D 0xfffff800aa6884d0, p_boundary_count =3D=
0, p_pendingcnt =3D 0, p_itimers =3D 0x0, p_procdesc =3D 0x0, p_treeflag =
=3D 0, p_magic =3D 3203398350, p_osrel =3D 1100090,=20
p_comm =3D 0xfffff8009dbe1e54 "pwait", p_pgrp =3D 0x0, p_sysent =3D 0xfff=
fffff8118f9f8, p_args =3D 0x0, p_cpulimit =3D 9223372036854775807, p_nice =
=3D 0 '\0', p_fibnum =3D 0, p_reapsubtree =3D 28, p_xexit =3D 0, p_xsig =3D=
0,=20
p_klist =3D {kl_list =3D {slh_first =3D 0x0}, kl_lock =3D 0xffffffff808fc=
960 <knlist_mtx_lock>, kl_unlock =3D 0xffffffff808fc9c0 <knlist_mtx_unlock>=
, kl_assert_locked =3D 0xffffffff808fca30 <knlist_mtx_assert_locked>,=20
kl_assert_unlocked =3D 0xffffffff808fca40 <knlist_mtx_assert_unlocked>,=
kl_lockarg =3D 0xfffff8009dbe1bb0}, p_numthreads =3D 1, p_md =3D {md_ldt =
=3D 0x0, md_ldt_sd =3D {sd_lolimit =3D 0, sd_lobase =3D 0, sd_type =3D 0,=20
sd_dpl =3D 0, sd_p =3D 0, sd_hilimit =3D 0, sd_xx0 =3D 0, sd_gran =3D=
0, sd_hibase =3D 0, sd_xx1 =3D 0, sd_mbz =3D 0, sd_xx2 =3D 0}}, p_itcallou=
t =3D {c_links =3D {le =3D {le_next =3D 0x0, le_prev =3D 0x0}, sle =3D {sle=
_next =3D 0x0},=20
tqe =3D {tqe_next =3D 0x0, tqe_prev =3D 0x0}}, c_time =3D 0, c_precis=
ion =3D 0, c_arg =3D 0x0, c_func =3D 0, c_lock =3D 0xfffff8009dbe1bb0, c_fl=
ags =3D 0, c_iflags =3D 0, c_cpu =3D 0}, p_acflag =3D 0, p_peers =3D 0x0,=20
p_leader =3D 0xfffff8009dbe1a90, p_emuldata =3D 0x0, p_label =3D 0x0, p_s=
ched =3D 0xfffff8009dbe1fd8, p_ktr =3D {stqh_first =3D 0x0, stqh_last =3D 0=
xfffff8009dbe1f60}, p_mqnotifier =3D {lh_first =3D 0x0},=20
p_dtrace =3D 0xfffff80061b41e80, p_pwait =3D {cv_description =3D 0xffffff=
ff80e22d2a "ppwait", cv_waiters =3D 0}, p_dbgwait =3D {cv_description =3D 0=
xffffffff80e22d31 "dbgwait", cv_waiters =3D 0}, p_prev_runtime =3D 0,=20
p_racct =3D 0x0, p_throttled =3D 0 '\0', p_vm_dom_policy =3D {seq =3D 2, =
p =3D {policy =3D VM_POLICY_NONE, domain =3D -1}}, p_orphan =3D {le_next =
=3D 0x0, le_prev =3D 0x0}, p_orphans =3D {lh_first =3D 0x0}}
(kgdb) p *td2
$6 =3D {td_lock =3D 0xffffffff8129b100, td_proc =3D 0xfffff8009dbe1a90, td_=
plist =3D {tqe_next =3D 0x0, tqe_prev =3D 0xfffff8009dbe1aa0}, td_runq =3D =
{tqe_next =3D 0x0, tqe_prev =3D 0xffffffff8129b610}, td_slpq =3D {
tqe_next =3D 0x0, tqe_prev =3D 0xfffff8013a4f5180}, td_lockq =3D {tqe_n=
ext =3D 0x0, tqe_prev =3D 0xfffffe011e1d08a8}, td_hash =3D {le_next =3D 0x0=
, le_prev =3D 0xfffffe0000c98dc8}, td_cpuset =3D 0x0,=20
td_sel =3D 0xfffff8009d8a4680, td_sleepqueue =3D 0xfffff8013a4f5180, td_t=
urnstile =3D 0xfffff800b24dba80, td_rlqe =3D 0xfffff8000688b8e8, td_umtxq =
=3D 0xfffff800a9c45c00, td_vm_dom_policy =3D {seq =3D 0, p =3D {
policy =3D VM_POLICY_NONE, domain =3D -1}}, td_tid =3D 101817, td_sig=
queue =3D {sq_signals =3D {__bits =3D 0xfffff800aa688570}, sq_kill =3D {__b=
its =3D 0xfffff800aa688580}, sq_list =3D {tqh_first =3D 0x0,=20
tqh_last =3D 0xfffff800aa688590}, sq_proc =3D 0xfffff8009dbe1a90, sq_=
flags =3D 1}, td_lend_user_pri =3D 255 '=C3=BF', td_flags =3D 65540, td_inh=
ibitors =3D 0, td_pflags =3D 0, td_dupfd =3D 0, td_sqqueue =3D 0, td_wchan =
=3D 0x0,=20
td_wmesg =3D 0x0, td_owepreempt =3D 0 '\0', td_tsqueue =3D 0 '\0', td_loc=
ks =3D 0, td_rw_rlocks =3D 0, td_lk_slocks =3D 0, td_stopsched =3D 0, td_bl=
ocked =3D 0x0, td_lockname =3D 0x0, td_contested =3D {lh_first =3D 0x0},=20
td_sleeplocks =3D 0x0, td_intr_nesting_level =3D 0, td_pinned =3D 0, td_u=
cred =3D 0xfffff8009d8d5200, td_limit =3D 0xfffff80118817a00, td_estcpu =3D=
0, td_slptick =3D 0, td_blktick =3D 0, td_swvoltick =3D -950283880,=20
td_cow =3D 20, td_ru =3D {ru_utime =3D {tv_sec =3D 0, tv_usec =3D 0}, ru_=
stime =3D {tv_sec =3D 0, tv_usec =3D 0}, ru_maxrss =3D 0, ru_ixrss =3D 0, r=
u_idrss =3D 0, ru_isrss =3D 0, ru_minflt =3D 74, ru_majflt =3D 0, ru_nswap =
=3D 0,=20
ru_inblock =3D 0, ru_oublock =3D 0, ru_msgsnd =3D 0, ru_msgrcv =3D 0, r=
u_nsignals =3D 0, ru_nvcsw =3D 2, ru_nivcsw =3D 2}, td_rux =3D {rux_runtime=
=3D 2047260, rux_uticks =3D 0, rux_sticks =3D 0, rux_iticks =3D 0, rux_uu =
=3D 0,=20
rux_su =3D 0, rux_tu =3D 0}, td_incruntime =3D 0, td_runtime =3D 204726=
0, td_pticks =3D 0, td_sticks =3D 0, td_iticks =3D 0, td_uticks =3D 0, td_i=
ntrval =3D 0, td_oldsigmask =3D {__bits =3D 0xfffff800aa688724},=20
td_generation =3D 3, td_sigstk =3D {ss_sp =3D 0x0, ss_size =3D 0, ss_flag=
s =3D 4}, td_xsig =3D 0, td_profil_addr =3D 0, td_profil_ticks =3D 0, td_na=
me =3D 0xfffff800aa688764 "pwait", td_fpop =3D 0x0, td_dbgflags =3D 0,=20
td_dbgksi =3D {ksi_link =3D {tqe_next =3D 0x0, tqe_prev =3D 0x0}, ksi_inf=
o =3D {si_signo =3D 0, si_errno =3D 0, si_code =3D 0, si_pid =3D 0, si_uid =
=3D 0, si_status =3D 0, si_addr =3D 0x0, si_value =3D {sival_int =3D 0,=20
sival_ptr =3D 0x0, sigval_int =3D 0, sigval_ptr =3D 0x0}, _reason =
=3D {_fault =3D {_trapno =3D 0}, _timer =3D {_timerid =3D 0, _overrun =3D 0=
}, _mesgq =3D {_mqd =3D 0}, _poll =3D {_band =3D 0}, __spare__ =3D {__spare=
1__ =3D 0,=20
__spare2__ =3D 0xfffff800aa6887c8}}}, ksi_flags =3D 0, ksi_sigq =
=3D 0x0}, td_ng_outbound =3D 0, td_osd =3D {osd_nslots =3D 0, osd_slots =3D=
0x0, osd_next =3D {le_next =3D 0x0, le_prev =3D 0x0}}, td_map_def_user =3D=
0x0,=20
td_dbg_forked =3D 0, td_vp_reserv =3D 0, td_no_sleeping =3D 0, td_dom_rr_=
idx =3D 0, td_su =3D 0x0, td_sigmask =3D {__bits =3D 0xfffff800aa688840}, t=
d_rqindex =3D 6 '\006', td_base_pri =3D 152 '\230',=20
td_priority =3D 152 '\230', td_pri_class =3D 3 '\003', td_user_pri =3D 17=
4 '=C2=AE', td_base_user_pri =3D 174 '=C2=AE', td_dbg_sc_code =3D 0, td_dbg=
_sc_narg =3D 0, td_pcb =3D 0xfffffe011e059cc0, td_state =3D TDS_INACTIVE,=20
td_uretoff =3D {tdu_retval =3D 0xfffff800aa688870, tdu_off =3D 0}, td_cow=
gen =3D 0, td_slpcallout =3D {c_links =3D {le =3D {le_next =3D 0x0, le_prev=
=3D 0xfffffe0000c56d68}, sle =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D=
0x0,=20
tqe_prev =3D 0xfffffe0000c56d68}}, c_time =3D 5144519038446659, c_p=
recision =3D 268435437, c_arg =3D 0xfffff800aa6884d0, c_func =3D 0xffffffff=
8099c020 <sleepq_timeout>, c_lock =3D 0x0, c_flags =3D 0,=20
c_iflags =3D 272, c_cpu =3D 0}, td_frame =3D 0xfffffe011e059c00, td_kst=
ack_obj =3D 0xfffff800aab1d300, td_kstack =3D 18446741879484932096, td_ksta=
ck_pages =3D 4, td_critnest =3D 1, td_md =3D {md_spinlock_count =3D 1,=20
md_saved_flags =3D 582, md_spurflt_addr =3D 0}, td_sched =3D 0xfffff800=
aa688970, td_ar =3D 0x0, td_lprof =3D 0xfffff800aa688910, td_dtrace =3D 0xf=
ffff800aad29900, td_errno =3D 0, td_vnet =3D 0x0, td_vnet_lpush =3D 0x0,=20
td_intr_frame =3D 0x0, td_rfppwait_p =3D 0xfffff80040628a90, td_ma =3D 0x=
0, td_ma_cnt =3D 0, td_emuldata =3D 0x0, td_lastcpu =3D 1, td_oncpu =3D -1}
(kgdb) p *vm2
$7 =3D {vm_map =3D {header =3D {prev =3D 0xfffff80109260280, next =3D 0xfff=
ff80083e33400, left =3D 0x0, right =3D 0x0, start =3D 4096, end =3D 1407374=
88355328, avail_ssize =3D 0, adj_free =3D 0, max_free =3D 0, object =3D {
vm_object =3D 0x0, sub_map =3D 0x0}, offset =3D 0, eflags =3D 0, pr=
otection =3D 0 '\0', max_protection =3D 0 '\0', inheritance =3D 0 '\0', rea=
d_ahead =3D 0 '\0', wired_count =3D 0, next_read =3D 0, cred =3D 0x0,=20
wiring_thread =3D 0x0}, lock =3D {lock_object =3D {lo_name =3D 0xffff=
ffff80e56895 "vm map (user)", lo_flags =3D 36896768, lo_data =3D 0, lo_witn=
ess =3D 0x0}, sx_lock =3D 1}, system_mtx =3D {lock_object =3D {
lo_name =3D 0xffffffff80e56885 "vm map (system)", lo_flags =3D 2116=
8128, lo_data =3D 0, lo_witness =3D 0x0}, mtx_lock =3D 4}, nentries =3D 12,=
size =3D 8597504, timestamp =3D 1, needs_wakeup =3D 0 '\0',=20
system_map =3D 0 '\0', flags =3D 0 '\0', root =3D 0xfffff80109260280, p=
map =3D 0xfffff800a9eee138, busy =3D 0}, vm_shm =3D 0x0, vm_swrss =3D 0, vm=
_tsize =3D 33, vm_dsize =3D 3, vm_ssize =3D 32,=20
vm_taddr =3D 0x400000 <Address 0x400000 out of bounds>, vm_daddr =3D 0x62=
1000 <Address 0x621000 out of bounds>, vm_maxsaddr =3D 0x7fffdffff000 <Addr=
ess 0x7fffdffff000 out of bounds>, vm_refcnt =3D 1, vm_pmap =3D {
pm_mtx =3D {lock_object =3D {lo_name =3D 0xffffffff80e56880 "pmap", lo_=
flags =3D 21168128, lo_data =3D 0, lo_witness =3D 0x0}, mtx_lock =3D 4}, pm=
_pml4 =3D 0xfffff800b6314000, pm_cr3 =3D 3056680960, pm_pvchunk =3D {
tqh_first =3D 0xfffff80069221000, tqh_last =3D 0xfffff8008cf38008}, p=
m_active =3D {__bits =3D 0xfffff800a9eee178}, pm_type =3D PT_X86, pm_stats =
=3D {resident_count =3D 761, wired_count =3D 0}, pm_root =3D {rt_root =3D 0=
,=20
rt_flags =3D 0 '\0'}, pm_eptgen =3D 0, pm_flags =3D 256, pm_pcids =3D=
0xfffff800a9eee1cc}}
(kgdb)=20
Fabian
--Sig_/LrvoB/L5kZ/nNHZs9BSwUTW
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlZwQv8ACgkQBYqIVf93VJ1XLwCbBiCrLSKpejgjpAVRtEv0MLP5
VHsAoIvtwISBRws7bWIo+zGtpyMyZXiV
=1a56
-----END PGP SIGNATURE-----
--Sig_/LrvoB/L5kZ/nNHZs9BSwUTW--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151215174238.2d7cc3bb>