Fatal trap 12: page fault while in kernel mode

Yuri Khotyaintsev yuri at irfu.se
Tue Dec 6 23:47:21 PST 2005 

On Friday 02 December 2005 14.54, John Baldwin wrote:
> On Friday 02 December 2005 05:00 am, Yuri Khotyaintsev wrote:
> > I have the following panic occurring several times a week. The machine is
> > an NFS server, and it usually panics early in the morning, when first
> > people try to access it. After reboot it may work OK for 1-2 days, and
> > then panics again. I have tried changing memory and replacing disk which
> > was exported via NFS, but nothing helped :(
> >
> > Any suggestion on how to fix this panic will be very much appreciated !
>
> This panic (in propagate_priority) is usually caused when a thread goes to
> sleep while holding a mutex (which is forbidden).  If you enable INVARIANTS
> and/or WITNESS you should get a better panic, and with WITNESS you will
> even be warned when a thread goes to sleep while holding a mutex.  However,
> these options do introduce considerable execution overhead, and sometimes
> that overhead changes the timing enough to hide the race. :(

Here are the two panics which I got with INVARIANTS and WITNESS enabled.

# kgdb /usr/obj/usr/src/sys/HEM.DEBUG/kernel.debug vmcore.8 
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: 
Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:
Memory modified after free 0xc4759e00(508) val=0 @ 0xc4759e00
panic: Most recently used by UFS dirhash

Uptime: 11h8m36s
Dumping 511 MB (2 chunks)
  chunk 0: 1MB (160 pages) ... ok
  chunk 1: 511MB (130800 pages) 495 479 463 447 431 415 399 383 367 351 335 
319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
165	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) where
#0  doadump () at pcpu.h:165
#1  0xc050fd4f in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
#2  0xc0510043 in panic (fmt=0xc06dccbb "Most recently used by %s\n")
    at /usr/src/sys/kern/kern_shutdown.c:555
#3  0xc0648ccf in mtrash_ctor (mem=0xc4759e00, size=0, arg=0x0, flags=2)
    at /usr/src/sys/vm/uma_dbg.c:137
#4  0xc06469c1 in uma_zalloc_arg (zone=0xc104d980, udata=0x0, flags=2)
    at /usr/src/sys/vm/uma_core.c:1850
#5  0xc05043cd in malloc (size=400, mtp=0xc06fb700, flags=2) at uma.h:275
#6  0xc063fba9 in ufs_readdir (ap=0xd56eaaec)
    at /usr/src/sys/ufs/ufs/ufs_vnops.c:1846
#7  0xc06a61cc in VOP_READDIR_APV (vop=0x0, a=0xd56eaaec) at vnode_if.c:1427
#8  0xc0607716 in nfsrv_readdir (nfsd=0xc4368c00, slp=0x0, td=0xc3326780, 
    mrq=0xd56eac80) at vnode_if.h:746
#9  0xc060fa5b in nfssvc_nfsd (td=0x0)
    at /usr/src/sys/nfsserver/nfs_syscalls.c:472
#10 0xc060f280 in nfssvc (td=0xc3326780, uap=0xd56ead04)
    at /usr/src/sys/nfsserver/nfs_syscalls.c:181
#11 0xc069b6b0 in syscall (frame=
---Type <return> to continue, or q <return> to quit---
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 0, tf_esi = 0, tf_ebp = 
-1077941464, tf_isp = -714166940, tf_ebx = 0, tf_edx = -1077936144, tf_ecx = 
1, tf_eax = 155, tf_trapno = 12, tf_err = 2, tf_eip = 671852067, tf_cs = 51, 
tf_eflags = 582, tf_esp = -1077941492, tf_ss = 59}) 
at /usr/src/sys/i386/i386/trap.c:981
#12 0xc068947f in Xint0x80_syscall () 
at /usr/src/sys/i386/i386/exception.s:200
#13 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) quit

# kgdb /usr/obj/usr/src/sys/HEM.DEBUG/kernel.debug vmcore.9
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: 
Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:
Memory modified after free 0xc5172800(508) val=0 @ 0xc5172800
panic: Most recently used by UFS dirhash

Uptime: 1d1h7m17s
Dumping 511 MB (2 chunks)
  chunk 0: 1MB (160 pages) ... ok
  chunk 1: 511MB (130800 pages) 495 479 463 447 431 415 399 383 367 351 335 
319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
165	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) where
#0  doadump () at pcpu.h:165
#1  0xc050fd4f in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
#2  0xc0510043 in panic (fmt=0xc06dccbb "Most recently used by %s\n")
    at /usr/src/sys/kern/kern_shutdown.c:555
#3  0xc0648ccf in mtrash_ctor (mem=0xc5172800, size=0, arg=0x0, flags=257)
    at /usr/src/sys/vm/uma_dbg.c:137
#4  0xc06469c1 in uma_zalloc_arg (zone=0xc104d980, udata=0x0, flags=257)
    at /usr/src/sys/vm/uma_core.c:1850
#5  0xc05043cd in malloc (size=368, mtp=0xc070eb60, flags=257) at uma.h:275
#6  0xc063729b in ufsdirhash_build (ip=0xc55664a4)
    at /usr/src/sys/ufs/ufs/ufs_dirhash.c:184
#7  0xc0639441 in ufs_lookup (ap=0xd57c283c)
    at /usr/src/sys/ufs/ufs/ufs_lookup.c:192
#8  0xc06a4e0a in VOP_CACHEDLOOKUP_APV (vop=0x0, a=0xd57c283c)
    at vnode_if.c:150
#9  0xc0565e3b in vfs_cache_lookup (ap=0x0) at vnode_if.h:82
#10 0xc06a4d2f in VOP_LOOKUP_APV (vop=0xc070eee0, a=0xd57c28e4)
    at vnode_if.c:99
#11 0xc056a8d0 in lookup (ndp=0xd57c2bec) at vnode_if.h:56
---Type <return> to continue, or q <return> to quit---
#12 0xc060df58 in nfs_namei (ndp=0xd57c2bec, fhp=0x0, len=0, slp=0x0, nam=0x0, 
    mdp=0xd57c2a04, dposp=0xd57c2a08, retdirp=0xd57c29f0, v3=8, 
    retdirattrp=0x0, retdirattr_retp=0x0, td=0xc350a780, pubflag=0)
    at /usr/src/sys/nfsserver/nfs_srvsubs.c:780
#13 0xc05fd284 in nfsrv_lookup (nfsd=0xc5764100, slp=0x0, td=0xc350a780, 
    mrq=0xd57c2c80) at /usr/src/sys/nfsserver/nfs_serv.c:517
#14 0xc060fa5b in nfssvc_nfsd (td=0x0)
    at /usr/src/sys/nfsserver/nfs_syscalls.c:472
#15 0xc060f280 in nfssvc (td=0xc350a780, uap=0xd57c2d04)
    at /usr/src/sys/nfsserver/nfs_syscalls.c:181
#16 0xc069b6b0 in syscall (frame=
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 0, tf_esi = 0, tf_ebp = 
-1077941464, tf_isp = -713282204, tf_ebx = 0, tf_edx = -1077936144, tf_ecx = 
1, tf_eax = 155, tf_trapno = 12, tf_err = 2, tf_eip = 671852067, tf_cs = 51, 
tf_eflags = 582, tf_esp = -1077941492, tf_ss = 59}) 
at /usr/src/sys/i386/i386/trap.c:981
#17 0xc068947f in Xint0x80_syscall () 
at /usr/src/sys/i386/i386/exception.s:200
#18 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) exit
Undefined command: "exit".  Try "help".
(kgdb) quit

-- 
Dr. Yuri Khotyaintsev
Institutet för rymdfysik (IRF), Uppsala

More information about the freebsd-stable mailing list