7.0 Crashing
Kostik Belousov
kostikbel at gmail.com
Mon Jul 28 10:18:47 UTC 2008
On Sun, Jul 27, 2008 at 06:54:59PM -0400, Michael Toth wrote:
>
>
>
> Kostik Belousov wrote:
> >On Sun, Jul 27, 2008 at 04:25:15PM -0400, Michael toth wrote:
> >
> >>Fatal trap 12: page fault while in kernel mode
> >>cpuid = 4; apic id = 04
> >>fault virtual address = 0x188
> >>fault code = supervisor read, page not present
> >>instruction pointer = 0x20:0xc0775284
> >>stack pointer = 0x28:0xe7d6bad0
> >>frame pointer = 0x28:0xe7d6bae8
> >>code segment = base 0x0, limit 0xfffff, type 0x1b
> >> = DPL 0, pres 1, def32 1, gran 1
> >>processor eflags = interrupt enabled, resume, IOPL = 0
> >>current process = 4838 (egrep)
> >>trap number = 12
> >>panic: page fault
> >>cpuid = 4
> >>Uptime: 1h2m48s
> >>Physical memory: 2035 MB
> >>Dumping 87 MB: 72 56 40 24 8
> >>
> >>Reading symbols from /boot/kernel/acpi.ko...Reading symbols from
> >>/boot/kernel/acpi.ko.symbols...done.
> >>done.
> >>Loaded symbols for /boot/kernel/acpi.ko
> >>#0 doadump () at pcpu.h:195
> >>195 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
> >>(kgdb) backtrace
> >>#0 doadump () at pcpu.h:195
> >>#1 0xc0782597 in boot (howto=260) at
> >>/usr/src/sys/kern/kern_shutdown.c:418
> >>#2 0xc0782859 in panic (fmt=Variable "fmt" is not available.
> >>) at /usr/src/sys/kern/kern_shutdown.c:572
> >>#3 0xc0a8b39c in trap_fatal (frame=0xe7d6ba90, eva=392) at
> >>/usr/src/sys/i386/i386/trap.c:899
> >>#4 0xc0a8b620 in trap_pfault (frame=0xe7d6ba90, usermode=0, eva=392) at
> >>/usr/src/sys/i386/i386/trap.c:812
> >>#5 0xc0a8bfcc in trap (frame=0xe7d6ba90) at
> >>/usr/src/sys/i386/i386/trap.c:490
> >>#6 0xc0a71bdb in calltrap () at /usr/src/sys/i386/i386/exception.s:139
> >>#7 0xc0775284 in _mtx_lock_sleep (m=0xc600d174, tid=3318745216, opts=0,
> >>file=0x0, line=0) at /usr/src/sys/kern/kern_mutex.c:339
> >>#8 0xc09a93d7 in vm_fault (map=0xc56b5570, vaddr=671809536,
> >>fault_type=2 '\002', fault_flags=8) at /usr/src/sys/vm/vm_fault.c:293
> >>#9 0xc0a8b50b in trap_pfault (frame=0xe7d6bd38, usermode=1,
> >>eva=671813488) at /usr/src/sys/i386/i386/trap.c:789
> >>#10 0xc0a8be57 in trap (frame=0xe7d6bd38) at
> >>/usr/src/sys/i386/i386/trap.c:357
> >>#11 0xc0a71bdb in calltrap () at /usr/src/sys/i386/i386/exception.s:139
> >>#12 0x2806e607 in ?? ()
> >>Previous frame inner to this frame (corrupt stack?)
> >>(kgdb) up
> >>#1 0xc0782597 in boot (howto=260) at
> >>/usr/src/sys/kern/kern_shutdown.c:418
> >>418 doadump();
> >>(kgdb) up
> >>#2 0xc0782859 in panic (fmt=Variable "fmt" is not available.
> >>) at /usr/src/sys/kern/kern_shutdown.c:572
> >>572 boot(bootopt);
> >>(kgdb) up
> >>#3 0xc0a8b39c in trap_fatal (frame=0xe7d6ba90, eva=392) at
> >>/usr/src/sys/i386/i386/trap.c:899
> >>899 panic("%s", trap_msg[type]);
> >>(kgdb) up
> >>#4 0xc0a8b620 in trap_pfault (frame=0xe7d6ba90, usermode=0, eva=392) at
> >>/usr/src/sys/i386/i386/trap.c:812
> >>812 trap_fatal(frame, eva);
> >>(kgdb) up
> >>#5 0xc0a8bfcc in trap (frame=0xe7d6ba90) at
> >>/usr/src/sys/i386/i386/trap.c:490
> >>490 (void) trap_pfault(frame, FALSE, eva);
> >>(kgdb) up
> >>#6 0xc0a71bdb in calltrap () at /usr/src/sys/i386/i386/exception.s:139
> >>139 call trap
> >>Current language: auto; currently asm
> >>(kgdb) up
> >>#7 0xc0775284 in _mtx_lock_sleep (m=0xc600d174, tid=3318745216, opts=0,
> >>file=0x0, line=0) at /usr/src/sys/kern/kern_mutex.c:339
> >>339 owner = (struct thread *)(v &
> >>~MTX_FLAGMASK);
> >>Current language: auto; currently c
> >>(kgdb) up
> >>#8 0xc09a93d7 in vm_fault (map=0xc56b5570, vaddr=671809536,
> >>fault_type=2 '\002', fault_flags=8) at /usr/src/sys/vm/vm_fault.c:293
> >>293 VM_OBJECT_LOCK(fs.first_object);
> >>(kgdb) p fs
> >>$1 = {m = 0x0, object = 0x12, pindex = 13878757899709627520, first_m =
> >>0xc5f0a8b8, first_object = 0xc600d174, first_pindex = 0, map =
> >>0xc56b5570, entry = 0xc59fc7f8, lookup_still_valid = 2, vp = 0xc55c5220}
> >>(kgdb) p fs.first_object
> >>$2 = 0xc600d174
> >>(kgdb)
> >>
> >
> >Please, show the output of
> > p/x *(fs.first_object)
> >
> >BTW, you have said that you got a lot of the panics. Are backtraces
> >the same for all of them ?
> >
> Here is the p/x *(fs.first_object) ..
> and it appears that vmcore.6 is different (vmcore.6 is new from a few
> hours ago)
>
> So does this point to a hardware issue?
>
> Thanks
>
> # kgdb kernel.debug /var/crash/vmcore.5
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for details.
> This GDB was configured as "i386-marcel-freebsd"...
>
> Unread portion of the kernel message buffer:
>
>
> Fatal trap 12: page fault while in kernel mode
> cpuid = 4; apic id = 04
> fault virtual address = 0x188
> fault code = supervisor read, page not present
> instruction pointer = 0x20:0xc0775284
> stack pointer = 0x28:0xe7d6bad0
> frame pointer = 0x28:0xe7d6bae8
> code segment = base 0x0, limit 0xfffff, type 0x1b
> = DPL 0, pres 1, def32 1, gran 1
> processor eflags = interrupt enabled, resume, IOPL = 0
> current process = 4838 (egrep)
> trap number = 12
> panic: page fault
> cpuid = 4
> Uptime: 1h2m48s
> Physical memory: 2035 MB
> Dumping 87 MB: 72 56 40 24 8
>
> Reading symbols from /boot/kernel/acpi.ko...Reading symbols from
> /boot/kernel/acpi.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/acpi.ko
> #0 doadump () at pcpu.h:195
> 195 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
> (kgdb) up
> #1 0xc0782597 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
> 418 doadump();
> (kgdb) up
> #2 0xc0782859 in panic (fmt=Variable "fmt" is not available.
> ) at /usr/src/sys/kern/kern_shutdown.c:572
> 572 boot(bootopt);
> (kgdb) up
> #3 0xc0a8b39c in trap_fatal (frame=0xe7d6ba90, eva=392) at
> /usr/src/sys/i386/i386/trap.c:899
> 899 panic("%s", trap_msg[type]);
> (kgdb) up
> #4 0xc0a8b620 in trap_pfault (frame=0xe7d6ba90, usermode=0, eva=392) at
> /usr/src/sys/i386/i386/trap.c:812
> 812 trap_fatal(frame, eva);
> (kgdb) up
> #5 0xc0a8bfcc in trap (frame=0xe7d6ba90) at
> /usr/src/sys/i386/i386/trap.c:490
> 490 (void) trap_pfault(frame, FALSE, eva);
> (kgdb) up
> #6 0xc0a71bdb in calltrap () at /usr/src/sys/i386/i386/exception.s:139
> 139 call trap
> Current language: auto; currently asm
> (kgdb) up
> #7 0xc0775284 in _mtx_lock_sleep (m=0xc600d174, tid=3318745216, opts=0,
> file=0x0, line=0) at /usr/src/sys/kern/kern_mutex.c:339
> 339 owner = (struct thread *)(v &
> ~MTX_FLAGMASK);
> Current language: auto; currently c
> (kgdb) up
> #8 0xc09a93d7 in vm_fault (map=0xc56b5570, vaddr=671809536,
> fault_type=2 '\002', fault_flags=8) at /usr/src/sys/vm/vm_fault.c:293
> 293 VM_OBJECT_LOCK(fs.first_object);
> (kgdb) p/x *(fs.first_object)
> $1 = {mtx = {lock_object = {lo_name = 0x0, lo_type = 0x0, lo_flags =
> 0x0, lo_witness_data = {lod_list = {stqe_next = 0x0}, lod_witness =
> 0x0}}, mtx_lock = 0x0, mtx_recurse = 0x0}, object_list = {tqe_next = 0x0,
> tqe_prev = 0xc5f3a300}, shadow_head = {lh_first = 0x0}, shadow_list
> = {le_next = 0xc5f3a2e8, le_prev = 0xc55c39d0}, memq = {tqh_first = 0x0,
> tqh_last = 0xc600d1a0}, root = 0x0, size = 0x1, generation = 0x1,
> ref_count = 0x1, shadow_count = 0x0, type = 0x0, flags = 0x2000,
> pg_color = 0x0, paging_in_progress = 0x0, resident_page_count = 0x0,
> backing_object = 0xc55c39b0, backing_object_offset = 0xf000,
> pager_object_list = {
> tqe_next = 0x0, tqe_prev = 0x0}, cache = 0x0, handle = 0x0, un_pager
> = {vnp = {vnp_size = 0x0}, devp = {devp_pglist = {tqh_first = 0x0,
> tqh_last = 0x0}}, swp = {swp_bcount = 0x0}}}
> (kgdb)
>
>
>
>
> # kgdb kernel.debug /var/crash/vmcore.6
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for details.
> This GDB was configured as "i386-marcel-freebsd"...
>
> Unread portion of the kernel message buffer:
> TPTE at 0xbfefeffc IS ZERO @ VA bfbff000
> panic: bad pte
> cpuid = 2
> Uptime: 4h12m47s
> Physical memory: 2035 MB
> Dumping 121 MB: 106 90 74 58 42 26 10
>
> Reading symbols from /boot/kernel/acpi.ko...Reading symbols from
> /boot/kernel/acpi.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/acpi.ko
> #0 doadump () at pcpu.h:195
> 195 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
> (kgdb) bt
> #0 doadump () at pcpu.h:195
> #1 0xc0782597 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
> #2 0xc0782859 in panic (fmt=Variable "fmt" is not available.
> ) at /usr/src/sys/kern/kern_shutdown.c:572
> #3 0xc0a86f26 in pmap_remove_pages (pmap=0xc5527c54) at
> /usr/src/sys/i386/i386/pmap.c:3093
> #4 0xc09b294c in vmspace_exit (td=0xc5fb9aa0) at
> /usr/src/sys/vm/vm_map.c:404
> #5 0xc075e780 in exit1 (td=0xc5fb9aa0, rv=0) at
> /usr/src/sys/kern/kern_exit.c:294
> #6 0xc075fadd in sys_exit (td=Could not find the frame base for "sys_exit".
> ) at /usr/src/sys/kern/kern_exit.c:98
> #7 0xc0a8b975 in syscall (frame=0xe7e6cd38) at
> /usr/src/sys/i386/i386/trap.c:1035
> #8 0xc0a71c40 in Xint0x80_syscall () at
> /usr/src/sys/i386/i386/exception.s:196
> #9 0x00000033 in ?? ()
> Previous frame inner to this frame (corrupt stack?)
> (kgdb)
Both panics you shown are caused by zeroing kernel memory in what seems to
be random locations. This might be caused by the bug, but I would suggest
first making the thorough test of the hardware.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20080728/b5a76d06/attachment.pgp
More information about the freebsd-stable
mailing list