kern/137310: reproducable kernel panic: page fault FreeBSD 7.2-STABLE

Jamie Landeg Jones jamie at bishopston.net
Thu Aug 20 15:20:06 UTC 2009


The following reply was made to PR kern/137310; it has been noted by GNATS.

From: Jamie Landeg Jones <jamie at bishopston.net>
To: FreeBSD-gnats-submit at FreeBSD.org
Cc:  
Subject: Re: kern/137310: reproducable kernel panic: page fault FreeBSD
 7.2-STABLE
Date: Thu, 20 Aug 2009 16:13:11 +0100

 This is a multi-part message in MIME format.
 
 --=_4a8d6807.ZUT2Fiky2wRmBS/l+DzoioihvRRAQgbvuSxZGcKRJnWC5eKu
 Content-Type: text/plain; charset=us-ascii
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 
 Also occurs in 8.0-BETA2
 
 
 --=_4a8d6807.ZUT2Fiky2wRmBS/l+DzoioihvRRAQgbvuSxZGcKRJnWC5eKu
 Content-Type: text/plain;
  charset=us-ascii
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
  filename="typescript"
 
 GNU gdb 6.1.1 [FreeBSD]
 Copyright 2004 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and you are
 welcome to change it and/or distribute copies of it under certain conditions.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for details.
 This GDB was configured as "i386-marcel-freebsd"...
 
 Unread portion of the kernel message buffer:
 kernel trap 12 with interrupts disabled
 
 
 Fatal trap 12: page fault while in kernel mode
 cpuid = 0; apic id = 00
 fault virtual address   = 0x14
 fault code              = supervisor read, page not present
 instruction pointer     = 0x20:0xc064c150
 stack pointer           = 0x28:0xe70649fc
 frame pointer           = 0x28:0xe7064a18
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
 processor eflags        = resume, IOPL = 0
 current process         = 9475 (rsync)
 trap number             = 12
 panic: page fault
 cpuid = 0
 Uptime: 3h39m11s
 Physical memory: 1463 MB
 Dumping 206 MB: 191 175 159 143 127 111 95 79 63 47 (CTRL-C to abort)  31 (CTRL-C to abort)  15 (CTRL-C to abort)  (CTRL-C to abort) 
 
 Reading symbols from /boot/kernel/ntfs.ko...Reading symbols from /boot/kernel/ntfs.ko.symbols...done.
 done.
 Loaded symbols for /boot/kernel/ntfs.ko
 Reading symbols from /boot/kernel/linprocfs.ko...Reading symbols from /boot/kernel/linprocfs.ko.symbols...done.
 done.
 Loaded symbols for /boot/kernel/linprocfs.ko
 Reading symbols from /boot/kernel/linsysfs.ko...Reading symbols from /boot/kernel/linsysfs.ko.symbols...done.
 done.
 Loaded symbols for /boot/kernel/linsysfs.ko
 Reading symbols from /usr/local/modules/fuse.ko...done.
 Loaded symbols for /usr/local/modules/fuse.ko
 Reading symbols from /boot/kernel/fade_saver.ko...Reading symbols from /boot/kernel/fade_saver.ko.symbols...done.
 done.
 Loaded symbols for /boot/kernel/fade_saver.ko
 Reading symbols from /usr/local/modules/rtc.ko...done.
 Loaded symbols for /usr/local/modules/rtc.ko
 #0  doadump () at pcpu.h:246
 246             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
 (kgdb) list *0xc064c150
 0xc064c150 is in turnstile_broadcast (/usr/src/sys/kern/subr_turnstile.c:831).
 826     
 827             /*
 828              * Transfer the blocked list to the pending list.
 829              */
 830             mtx_lock_spin(&td_contested_lock);
 831             TAILQ_CONCAT(&ts->ts_pending, &ts->ts_blocked[queue], td_lockq);
 832             mtx_unlock_spin(&td_contested_lock);
 833     
 834             /*
 835              * Give a turnstile to each thread.  The last thread gets
 836              * this turnstile if the turnstile is empty.
 837              */
 838             TAILQ_FOREACH(td, &ts->ts_pending, td_lockq) {
 839                     if (LIST_EMPTY(&ts->ts_free)) {
 840                             MPASS(TAILQ_NEXT(td, td_lockq) == NULL);
 841                             ts1 = ts;
 842     #ifdef TURNSTILE_PROFILING
 843                             tc->tc_depth--;
 844     #endif
 845                     } else
 846                             ts1 = LIST_FIRST(&ts->ts_free);
 847                     MPASS(ts1 != NULL);
 848                     LIST_REMOVE(ts1, ts_hash);
 849                     td->td_turnstile = ts1;
 850             }
 851     }
 852     
 853     /*
 854      * Wakeup all threads on the pending list and adjust the priority of the
 855      * current thread appropriately.  This must be called with the turnstile
 856      * chain locked.
 857      */
 858     void
 859     turnstile_unpend(struct turnstile *ts, int owner_type)
 860     {
 861             TAILQ_HEAD( ,thread) pending_threads;
 862             struct turnstile *nts;
 863             struct thread *td;
 864             u_char cp, pri;
 865     
 866             MPASS(ts != NULL);
 867             mtx_assert(&ts->ts_lock, MA_OWNED);
 868             MPASS(ts->ts_owner == curthread || ts->ts_owner == NULL);
 869             MPASS(!TAILQ_EMPTY(&ts->ts_pending));
 870     
 871             /*
 872              * Move the list of pending threads out of the turnstile and
 873              * into a local variable.
 874              */
 875             TAILQ_INIT(&pending_threads);
 (kgdb) back
 #0  doadump () at pcpu.h:246
 #1  0xc0615843 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:416
 #2  0xc0615b26 in panic (fmt=Variable "fmt" is not available.
 ) at /usr/src/sys/kern/kern_shutdown.c:579
 #3  0xc088d3cd in trap_fatal (frame=0xe70649bc, eva=20) at /usr/src/sys/i386/i386/trap.c:931
 #4  0xc088dcf3 in trap (frame=0xe70649bc) at /usr/src/sys/i386/i386/trap.c:323
 #5  0xc0872b7b in calltrap () at /usr/src/sys/i386/i386/exception.s:165
 #6  0xc064c150 in turnstile_broadcast (ts=0x0, queue=0) at /usr/src/sys/kern/subr_turnstile.c:831
 #7  0xc06069e7 in _mtx_unlock_sleep (m=0xc4af92a0, opts=0, file=0x0, line=0) at /usr/src/sys/kern/kern_mutex.c:677
 #8  0xc05b338d in pfs_getextattr (va=0xe7064aa0) at pseudofs_internal.h:110
 #9  0xc089d9e3 in VOP_GETEXTATTR_APV (vop=0xc0936f80, a=0xe7064aa0) at vnode_if.c:2978
 #10 0xc068983c in extattr_get_vp (vp=0xc4a2353c, attrnamespace=1, attrname=0xe7064b71 "rsync.%stat", data=0xbfbfb2b0, nbytes=255, td=0xc54f4230) at vnode_if.h:1332
 #11 0xc06899b0 in extattr_get_link (td=0xc54f4230, uap=0xe7064cf8) at /usr/src/sys/kern/vfs_extattr.c:492
 #12 0xc088d942 in syscall (frame=0xe7064d38) at /usr/src/sys/i386/i386/trap.c:1071
 #13 0xc0872be0 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:261
 #14 0x00000033 in ?? ()
 Previous frame inner to this frame (corrupt stack?)
 (kgdb) 
 
 --=_4a8d6807.ZUT2Fiky2wRmBS/l+DzoioihvRRAQgbvuSxZGcKRJnWC5eKu--


More information about the freebsd-bugs mailing list