misc/66024: kernel panic in pagedaemon (triggered by vmware ?)
Kostik Belousov
kostya at tessart.kiev.ua
Tue Apr 27 04:30:18 PDT 2004
>Number: 66024
>Category: misc
>Synopsis: kernel panic in pagedaemon (triggered by vmware ?)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Apr 27 04:30:17 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator: Kostik Belousov
>Release: Freebsd 4.10-RC
>Organization:
Tessart
>Environment:
FreeBSD deviant.tessart.kiev.ua 4.10-RC FreeBSD 4.10-RC #2: Mon Apr 26 10:35:45 EEST 2004 root at deviant.tessart.kiev.ua:/usr/obj/usr/src/sys/DEVIANT i386
>Description:
I have installed fresh vmware port (vmware3-3.2.1.2242_6,1) on FreeBSD 4.10-RC. By short time (approx 5, max 10 minutes) after vmware started and guest OS finished loading, I consistently get the kernel panic.
IdlePTD at physical address 0x0039c000
initial pcb at physical address 0x002d5d80
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x24
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc022b573
stack pointer = 0x10:0xd2d2af14
frame pointer = 0x10:0xd2d2af84
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 3 (pagedaemon)
interrupt mask = none
trap number = 12
panic: page fault
syncing disks... 8
done
Backtrace:
#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1 0xc01645bb in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:316
#2 0xc01649f9 in panic (fmt=0xc02a838c "%s")
at /usr/src/sys/kern/kern_shutdown.c:595
#3 0xc025848f in trap_fatal (frame=0xd2d2aed4, eva=36)
at /usr/src/sys/i386/i386/trap.c:974
#4 0xc025813d in trap_pfault (frame=0xd2d2aed4, usermode=0, eva=36)
at /usr/src/sys/i386/i386/trap.c:867
#5 0xc0257ce3 in trap (frame={tf_fs = -1058996208, tf_es = -1059389424,
tf_ds = -1063518192, tf_edi = 0, tf_esi = 0, tf_ebp = -757944444,
tf_isp = -757944576, tf_ebx = -1063086944, tf_edx = -1063088804,
tf_ecx = -1074786292, tf_eax = 0, tf_trapno = 12, tf_err = 0,
tf_eip = -1071467149, tf_cs = 8, tf_eflags = 66118, tf_esp = 0,
tf_ss = 0}) at /usr/src/sys/i386/i386/trap.c:466
#6 0xc022b573 in vm_pageout_scan (pass=0) at /usr/src/sys/vm/vm_pageout.c:1001
#7 0xc022bd63 in vm_pageout () at /usr/src/sys/vm/vm_pageout.c:1405
Code at the frame #6:
(kgdb) frame 6
#6 0xc022b573 in vm_pageout_scan (pass=0) at /usr/src/sys/vm/vm_pageout.c:1001
1001 if (m->object->ref_count != 0) {
(kgdb) list
996
997 /*
998 * Check to see "how much" the page has been used.
999 */
1000 actcount = 0;
1001 if (m->object->ref_count != 0) {
1002 if (m->flags & PG_REFERENCED) {
1003 actcount += 1;
1004 }
1005 actcount += pmap_ts_referenced(m);
The problem is: at the frame #6, some page m has m -> object == 0 in the scanned page queue (dissasemble shows that variable m lives in %ebx):
(kgdb) p/x *(struct vm_page *)-1063086944
$5 = {pageq = {tqe_next = 0xc0a28d5c, tqe_prev = 0xc03012c0}, hnext = 0x0,
listq = {tqe_next = 0xc0a28d5c, tqe_prev = 0xd3c64184}, object = 0x0, <----
pindex = 0x2c8, phys_addr = 0x15859000, md = {pv_list_count = 0x0,
pv_list = {tqh_first = 0x0, tqh_last = 0xc0a294c4}}, queue = 0x22,
flags = 0x0, pc = 0x19, wire_count = 0x0, hold_count = 0x0, act_count = 0xd,
busy = 0x0, valid = 0xff, dirty = 0xff}
>How-To-Repeat:
Run vmware with relatively large memory allocated for guest OS (I have 512Mb RAM and allocated 256 Mb for guest)
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list