Date: Fri, 30 Nov 2012 17:21:48 +0100 From: Andreas Longwitz <longwitz@incore.de> To: Andriy Gapon <avg@FreeBSD.org> Cc: freebsd-stable@FreeBSD.org Subject: Re: page fault on verbose boot Message-ID: <50B8DD1C.4010308@incore.de> In-Reply-To: <50B8CD59.1050308@FreeBSD.org> References: <50ABE8BC.1010904@incore.de> <50B8CD59.1050308@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for looking in this problem.
> Could you please execute the following commands?
>
> In kgdb (if you have exactly the same kernel, or otherwise with a new offset from
> a new panic):
> disassemble intr_execute_handlers+0x15
>
> In ddb:
> bt
> show apic
> show idt
> show intrcnt
> show lapic
> x/ax interrupt_sources,32
>From live system with same kernel:
(kgdb) disassemble intr_execute_handlers+0x15
Dump of assembler code for function intr_execute_handlers:
0xc08e8e00 <intr_execute_handlers+0>: push %ebp
0xc08e8e01 <intr_execute_handlers+1>: mov %esp,%ebp
0xc08e8e03 <intr_execute_handlers+3>: sub $0x18,%esp
0xc08e8e06 <intr_execute_handlers+6>: mov %ebx,0xfffffff4(%ebp)
0xc08e8e09 <intr_execute_handlers+9>: mov %esi,0xfffffff8(%ebp)
0xc08e8e0c <intr_execute_handlers+12>: mov %edi,0xfffffffc(%ebp)
0xc08e8e0f <intr_execute_handlers+15>: mov 0x8(%ebp),%ebx
0xc08e8e12 <intr_execute_handlers+18>: mov 0x8(%ebx),%eax
0xc08e8e15 <intr_execute_handlers+21>: addl $0x1,(%eax)
0xc08e8e18 <intr_execute_handlers+24>: incl %fs:0x40
0xc08e8e1f <intr_execute_handlers+31>: mov 0x4(%ebx),%esi
0xc08e8e22 <intr_execute_handlers+34>: mov (%ebx),%eax
0xc08e8e24 <intr_execute_handlers+36>: mov %ebx,(%esp)
0xc08e8e27 <intr_execute_handlers+39>: call *0x14(%eax)
0xc08e8e2a <intr_execute_handlers+42>: mov %eax,%edi
0xc08e8e2c <intr_execute_handlers+44>: test %eax,%eax
0xc08e8e2e <intr_execute_handlers+46>: jne 0xc08e8e3a
<intr_execute_handlers+58>
0xc08e8e30 <intr_execute_handlers+48>: movl $0x1,0xc0a9d148
0xc08e8e3a <intr_execute_handlers+58>: mov 0xc(%ebp),%eax
0xc08e8e3d <intr_execute_handlers+61>: mov %eax,0x4(%esp)
0xc08e8e41 <intr_execute_handlers+65>: mov %esi,(%esp)
0xc08e8e44 <intr_execute_handlers+68>: call 0xc06afbf0
<intr_event_handle>
0xc08e8e49 <intr_execute_handlers+73>: test %eax,%eax
0xc08e8e4b <intr_execute_handlers+75>: je 0xc08e8ea4
<intr_execute_handlers+164>
0xc08e8e4d <intr_execute_handlers+77>: mov (%ebx),%eax
0xc08e8e4f <intr_execute_handlers+79>: movl $0x0,0x4(%esp)
0xc08e8e57 <intr_execute_handlers+87>: mov %ebx,(%esp)
0xc08e8e5a <intr_execute_handlers+90>: call *0x4(%eax)
0xc08e8e5d <intr_execute_handlers+93>: mov 0xc(%ebx),%eax
0xc08e8e60 <intr_execute_handlers+96>: addl $0x1,(%eax)
0xc08e8e63 <intr_execute_handlers+99>: mov 0xc(%ebx),%eax
0xc08e8e66 <intr_execute_handlers+102>: mov (%eax),%eax
0xc08e8e68 <intr_execute_handlers+104>: cmp $0x4,%eax
0xc08e8e6b <intr_execute_handlers+107>: ja 0xc08e8e87
<intr_execute_handlers+135>
0xc08e8e6d <intr_execute_handlers+109>: mov %edi,0x8(%esp)
0xc08e8e71 <intr_execute_handlers+113>: movl $0xc09a1c4e,0x4(%esp)
0xc08e8e79 <intr_execute_handlers+121>: movl $0x3,(%esp)
0xc08e8e80 <intr_execute_handlers+128>: call 0xc070d310 <log>
0xc08e8e85 <intr_execute_handlers+133>: jmp 0xc08e8ea4
<intr_execute_handlers+164>
0xc08e8e87 <intr_execute_handlers+135>: cmp $0x5,%eax
0xc08e8e8a <intr_execute_handlers+138>: jne 0xc08e8ea4
<intr_execute_handlers+164>
0xc08e8e8c <intr_execute_handlers+140>: mov %edi,0x8(%esp)
0xc08e8e90 <intr_execute_handlers+144>: movl $0xc09a1c5b,0x4(%esp)
0xc08e8e98 <intr_execute_handlers+152>: movl $0x2,(%esp)
0xc08e8e9f <intr_execute_handlers+159>: call 0xc070d310 <log>
0xc08e8ea4 <intr_execute_handlers+164>: mov 0xfffffff4(%ebp),%ebx
0xc08e8ea7 <intr_execute_handlers+167>: mov 0xfffffff8(%ebp),%esi
0xc08e8eaa <intr_execute_handlers+170>: mov 0xfffffffc(%ebp),%edi
0xc08e8ead <intr_execute_handlers+173>: mov %ebp,%esp
0xc08e8eaf <intr_execute_handlers+175>: pop %ebp
0xc08e8eb0 <intr_execute_handlers+176>: ret
End of assembler dump.
After boot verbose:
.....
SMP: AP CPU #1 Launched!
cpu1 AP:
ID: 0x00000000 VER: 0x00040011 LDR: 0x00000000 DFR: 0xffffffff
lint0: 0x00010700 lint1: 0x00000400 TPR: 0x00000000 SVR: 0x000001ff
timer: 0x000200ef therm: 0x00000000 err: 0x000000f0 pmc: 0x00010400
ioapic0: routing intpin 3 (CPU1: local APIC error 0x80
ISA IRQ 3) to lapic 0 vector 48
ioafpliocw0t:a brloeu tcilnega nienrt psitna r6t e(dISA
IRQ 6) to lapic 0 vector 49
ioapic0: routing intpin 14 (ISA IRQ 14) to lapic 0 vector 50
ioapic1: routing intpin 4 (PCI IRQ 20) to lapic 0 vector 51
ioapic1: routing intpin 7 (PCI IRQ 23) to lapic 0 vector 52
ioapic1: routing intpin 9 (PCI IRQ 25) to lapic 0 vector 53
ioapic1: routing intpin 15 (PCI IRQ 31) to lapic 0 vector 54
kernel trap 12 with interrupts disabled
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 03
fault virtual address = 0xf000e2c3
fault code = supervisor write, page not present
instruction pointer = 0x20:0xc08e8e15
stack pointer = 0x28:0xc1020c78
frame pointer = 0x28:0xc1020c90
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = resume, IOPL = 0
current process = 0 (swapper)
[thread pid 0 tid 100000 ]
Stopped at intr_execute_handlers+0x15: addl $0x1,0(%eax)
db> bt
Tracing pid 0 tid 100000 td 0xc0a35350
intr_execute_handlers(0,c1020cb4,3,c1020cf8,c08e4625,...) at
intr_execute_handlers+0x15
lapic_handle_intr(36,c1020cb4) at lapic_handle_intr+0x4c
Xapic_isr1() at Xapic_isr1+0x35
--- interrupt, eip = 0xc08ee8fb, esp = 0xc1020cf4, ebp = 0xc1020cf8 ---
spinlock_exit(c09a1e2e,0,36,3,c1020d38,...) at spinlock_exit+0x2b
ioapic_assign_cpu(c4d1565c,0,0,0,c08f3d29,...) at ioapic_assign_cpu+0x2b0
intr_shuffle_irqs(0,101ec00,101ec00,101e000,1025000,...) at
intr_shuffle_irqs+0xba
mi_startup() at mi_startup+0xac
begin() at begin+0x2c
db> show apic
Interrupts bound to lapic 0
vec 0x30 -> IRQ 3
vec 0x31 -> IRQ 6
vec 0x32 -> IRQ 14
vec 0x33 -> IRQ 20
vec 0x34 -> IRQ 23
vec 0x35 -> IRQ 25
vec 0x36 -> IRQ 31
vec 0xef -> lapic timer
Interrupts bound to lapic 3
vec 0x30 -> IRQ 31
vec 0x31 -> IRQ 18
vec 0x32 -> IRQ 26
vec 0x34 -> IRQ 24
vec 0x38 -> IRQ 21
vec 0x39 -> IRQ 4
vec 0x3c -> IRQ 1
vec 0x3d -> IRQ 12
vec 0xef -> lapic timer
db> show idt
0 Xdiv
1 Xdbg
2 Xnmi
3 Xbpt
4 Xofl
5 Xbnd
6 Xill
7 Xdna
8 0
9 Xfpusegm
10 Xtss
11 Xmissing
12 Xstk
13 Xprot
14 Xpage
16 Xfpu
17 Xalign
18 Xmchk
19 Xxmm
32 Xatpic_intr0
33 Xatpic_intr1
35 Xatpic_intr3
36 Xatpic_intr4
37 Xatpic_intr5
38 Xatpic_intr6
39 Xatpic_intr7
40 Xatpic_intr8
41 Xatpic_intr9
42 Xatpic_intr10
43 Xatpic_intr11
44 Xatpic_intr12
45 Xatpic_intr13
46 Xatpic_intr14
47 Xatpic_intr15
48 Xapic_isr1
49 Xapic_isr1
50 Xapic_isr1
51 Xapic_isr1
52 Xapic_isr1
53 Xapic_isr1
54 Xapic_isr1
55 Xapic_isr1
56 Xapic_isr1
57 Xapic_isr1
58 Xapic_isr1
59 Xapic_isr1
60 Xapic_isr1
61 Xapic_isr1
128 Xint0x80_syscall
239 Xtimerint
240 Xerrorint
242 Xcmcint
243 Xrendezvous
244 Xinvltlb
245 Xinvlpg
246 Xinvlrng
247 Xinvlcache
248 Xlazypmap
249 Xipi_intr_bitmap_handler
250 Xcpustop
255 Xspuriousint
db> show intrcnt
irq1: atkbd0 2
irq6: fdc0 2
irq14: ata0 13
irq18: fxp0 1
irq23: ihfc1 1
irq24: fxp1 1
irq25: fxp2 1
irq31: acpi0 47
cpu0: timer 363
cpu1: timer 593
db> show lapic
lapic ID = 3
version = 1.1
max LVT = 4
SVR = ff (enabled)
TPR = 00
In-service Interrupts:
isr1: 36
TMR Interrupts:
tmr1: 36
IRR Interrupts:
irr7: ef
db> x/ax interrupt_sources,32
interrupt_sources: 0
interrupt_sources+0x4: c4d15864
interrupt_sources+0x8: c4d15888
interrupt_sources+0xc: c4d158ac
interrupt_sources+0x10: c4d158d0
interrupt_sources+0x14: c4d158f4
interrupt_sources+0x18: c4d15918
interrupt_sources+0x1c: c4d1593c
interrupt_sources+0x20: c4d15960
interrupt_sources+0x24: 0
interrupt_sources+0x28: c4d159a8
interrupt_sources+0x2c: c4d159cc
interrupt_sources+0x30: c4d159f0
interrupt_sources+0x34: c4d15a14
interrupt_sources+0x38: c4d15a38
interrupt_sources+0x3c: c4d15a5c
interrupt_sources+0x40: c4d15440
interrupt_sources+0x44: c4d15464
interrupt_sources+0x48: c4d15488
interrupt_sources+0x4c: c4d154ac
interrupt_sources+0x50: c4d154d0
interrupt_sources+0x54: c4d154f4
interrupt_sources+0x58: c4d15518
interrupt_sources+0x5c: c4d1553c
interrupt_sources+0x60: c4d15560
interrupt_sources+0x64: c4d15584
interrupt_sources+0x68: c4d155a8
interrupt_sources+0x6c: c4d155cc
interrupt_sources+0x70: c4d155f0
interrupt_sources+0x74: c4d15614
interrupt_sources+0x78: c4d15638
interrupt_sources+0x7c: c4d1565c
interrupt_sources+0x80: 0
interrupt_sources+0x84: 0
interrupt_sources+0x88: 0
interrupt_sources+0x8c: 0
interrupt_sources+0x90: 0
interrupt_sources+0x94: 0
interrupt_sources+0x98: 0
interrupt_sources+0x9c: 0
interrupt_sources+0xa0: 0
interrupt_sources+0xa4: 0
interrupt_sources+0xa8: 0
interrupt_sources+0xac: 0
interrupt_sources+0xb0: 0
interrupt_sources+0xb4: 0
interrupt_sources+0xb8: 0
interrupt_sources+0xbc: 0
interrupt_sources+0xc0: 0
interrupt_sources+0xc4: 0
db> reset
--
Andreas Longwitz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50B8DD1C.4010308>