[Bug 194225] New: double fault after page fault on 8.4 Stable
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Oct 7 16:18:36 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194225
Bug ID: 194225
Summary: double fault after page fault on 8.4 Stable
Product: Base System
Version: 8.4-RELEASE
Hardware: i386
OS: Any
Status: Needs Triage
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: longwitz at incore.de
On a server running 8.4-STABLE #0 r268802 i386 I got the following double fault
and need help to debug this, because I like to know the reason (hardware or
software ?). The server runs FreeBSD for many years without any problems:
Fatal double fault:
eip = 0xc0910b45
esp = 0xc75cbc30
ebp = 0xc75cbc30
cpuid = 1; apic id = 01
kernel trap 12 with interrupts disabled
Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 06
fault virtual address = 0x0
fault code = supervisor write, page not present
instruction pointer = 0x20:0xc092fd4e
stack pointer = 0x28:0xea85c7d8
frame pointer = 0x28:0xea85c7e0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = resume, IOPL = 0
current process = 20528 (sh)
timeout stopping cpus
[thread pid 20528 tid 100522 ]
Stopped at bcopy+0x1a: repe movsl (%esi),%es:(%edi)
db:0:kdb.enter.default> watchdog
No argument provided, disabling watchdog
db:0:kdb.enter.default> run ddbinfo
db:1:ddbinfo> capture on
db:1:on> run lockinfo
db:2:lockinfo> show lock Giant
class: sleep mutex
name: Giant
flags: {DEF, RECURSE}
state: {UNOWNED}
db:2:Giant> show lockedvnods
Locked vnodes
db:2:lockedvnods> show lockchain
thread 100522 (pid 20528, sh) running on CPU 2
db:2:lockchain> show sleepchain
thread 100522 (pid 20528, sh) running on CPU 2
db:1:sleepchain> show pcpu
cpuid = 2
dynamic pcpu = 0x6b71200
curthread = 0xcafb3b80: pid 20528 "sh"
curpcb = 0xea85cd80
fpcurthread = none
idlethread = 0xc79355c0: tid 100004 "idle: cpu2"
APIC ID = 6
currentldt = 0x50
db:1:pcpu> show allpcpu
Current CPU: 2
cpuid = 0
dynamic pcpu = 0x1df200
curthread = 0xcb825000: pid 20527 "tifftopnm"
curpcb = 0xeac84d80
fpcurthread = none
idlethread = 0xc7935000: tid 100006 "idle: cpu0"
APIC ID = 0
currentldt = 0x50
cpuid = 1
dynamic pcpu = 0x6b6e200
curthread = 0xc79352e0: pid 11 "idle: cpu1"
curpcb = 0xc75cbd80
fpcurthread = none
idlethread = 0xc79352e0: tid 100005 "idle: cpu1"
APIC ID = 1
currentldt = 0x50
cpuid = 2
dynamic pcpu = 0x6b71200
curthread = 0xcafb3b80: pid 20528 "sh"
curpcb = 0xea85cd80
fpcurthread = none
idlethread = 0xc79355c0: tid 100004 "idle: cpu2"
APIC ID = 6
currentldt = 0x50
cpuid = 3
dynamic pcpu = 0x6b74200
curthread = 0xc79358a0: pid 11 "idle: cpu3"
curpcb = 0xc75c5d80
fpcurthread = none
idlethread = 0xc79358a0: tid 100003 "idle: cpu3"
APIC ID = 7
currentldt = 0x50
db:1:allpcpu> bt
Tracing pid 20528 tid 100522 td 0xcafb3b80
bcopy(ea85cdc0,0,200) at bcopy+0x1a
savectx(4,ea85c8a8,c09328b6,cafb3b80,50,...) at savectx+0x63
ipi_nmi_handler(cafb3b80,50,33,0,cf52b000,...) at ipi_nmi_handler+0x2f
trap(ea85c8b4) at trap+0x36
calltrap() at calltrap+0x6
--- trap 0x13, eip = 0xc0927bb2, esp = 0xea85c8f4, ebp = 0xea85c91c ---
smp_tlb_shootdown(ea85c944,c09299bf,c5e6f000,c5e70000,0,...) at
smp_tlb_shootdown+0xd2
smp_invlpg_range(c5e6f000,c5e70000,0,ea85c964,1,...) at smp_invlpg_range+0x1c
pmap_invalidate_range(c0adb8a0,c5e6f000,c5e70000) at pmap_invalidate_range+0x4f
pmap_qremove(c5e6f000,1,c06ed30a,c8261d9c,cafb3b80,...) at pmap_qremove+0x58
pmap_remove_pages(cce9b0b0,cf52b000,ea85cbb4,0,c0a1fbc0,...) at
pmap_remove_pages+0x410
exec_new_vmspace(ea85cbb4,c0a31c20,8,c826bd48,80,...) at exec_new_vmspace+0x1b0
exec_elf32_imgact(ea85cbb4,ea85cbfc,c09b88e7,cafb3b80,50,...) at
exec_elf32_imgact+0x48e
kern_execve(cafb3b80,ea85cc48,0,883024b4,8830250c,e4c17000,e4c17000,e4c170b3,e4c17264,e4c57400,3fd9c,8,e,0)
at kern_execve+0x541
execve(cafb3b80,ea85ccec,c,c,c,...) at execve+0x4c
syscall(ea85cd28) at syscall+0x342
Xint0x80_syscall() at Xint0x80_syscall+0x21
--- syscall (59, FreeBSD ELF32, execve), eip = 0x88169c2b, esp = 0xbfbfe9bc,
ebp = 0xbfbfe9d8 ---
db:1:bt> ps
pid ppid pgrp uid state wmesg wchan cmd
20528 29408 62482 993 R CPU 2 sh
20527 20526 3552 993 RL CPU 0 tifftopnm
20526 3749 3552 993 S wait 0xca80b560 initial thread
19983 3099 26 0 S nanslp 0xc0a77c04 sleep
20578 2917 2917 125 S kqread 0xca258180 initial thread
3749 3552 3552 993 S wait 0xcd17e560 sh
3552 3550 3552 993 Ss wait 0xc8607810 sh
.................
db:1:ps> show thread
Thread 100522 at 0xcafb3b80:
proc (pid 20528): 0xcf52b000
name: sh
stack: 0xea85b000-0xea85cfff
flags: 0x4 pflags: 0
state: RUNNING (CPU 2)
priority: 180
container lock: sched lock 2 (0xc0a7c900)
db:1:thread> alltrace
Tracing command sh pid 20528 tid 100522 td 0xcafb3b80
bcopy(ea85cdc0,0,200) at bcopy+0x1a
savectx(4,ea85c8a8,c09328b6,cafb3b80,50,...) at savectx+0x63
ipi_nmi_handler(cafb3b80,50,33,0,cf52b000,...) at ipi_nmi_handler+0x2f
trap(ea85c8b4) at trap+0x36
calltrap() at calltrap+0x6
--- trap 0x13, eip = 0xc0927bb2, esp = 0xea85c8f4, ebp = 0xea85c91c ---
smp_tlb_shootdown(ea85c944,c09299bf,c5e6f000,c5e70000,0,...) at
smp_tlb_shootdown+0xd2
smp_invlpg_range(c5e6f000,c5e70000,0,ea85c964,1,...) at smp_invlpg_range+0x1c
pmap_invalidate_range(c0adb8a0,c5e6f000,c5e70000) at pmap_invalidate_range+0x4f
pmap_qremove(c5e6f000,1,c06ed30a,c8261d9c,cafb3b80,...) at pmap_qremove+0x58
pmap_remove_pages(cce9b0b0,cf52b000,ea85cbb4,0,c0a1fbc0,...) at
pmap_remove_pages+0x410
exec_new_vmspace(ea85cbb4,c0a31c20,8,c826bd48,80,...) at exec_new_vmspace+0x1b0
exec_elf32_imgact(ea85cbb4,ea85cbfc,c09b88e7,cafb3b80,50,...) at
exec_elf32_imgact+0x48e
kern_execve(cafb3b80,ea85cc48,0,883024b4,8830250c,e4c17000,e4c17000,e4c170b3,e4c17264,e4c57400,3fd9c,8,e,0)
at kern_execve+0x541
execve(cafb3b80,ea85ccec,c,c,c,...) at execve+0x4c
syscall(ea85cd28) at syscall+0x342
Xint0x80_syscall() at Xint0x80_syscall+0x21
--- syscall (59, FreeBSD ELF32, execve), eip = 0x88169c2b, esp = 0xbfbfe9bc,
ebp = 0xbfbfe9d8 ---
Tracing command tifftopnm pid 20527 tid 100845 td 0xcb825000
cpustop_handler(1,eac849fc,c09328b6,1,eac849a8,...) at cpustop_handler+0x34
ipi_nmi_handler(1,eac849a8,c062a16b,c7bca000,cb1d6560,...) at
ipi_nmi_handler+0x2f
trap(eac84a08) at trap+0x36
calltrap() at calltrap+0x6
--- trap 0x13, eip = 0xc06ecd99, esp = 0xeac84a48, ebp = 0xeac84a60 ---
_mtx_lock_sleep(c0a94ce4,cb825000,0,0,0,...) at _mtx_lock_sleep+0x79
pmap_enter(ca507198,88326000,2,c28a2120,3,...) at pmap_enter+0x66
vm_fault(ca5070e8,88326000,2,8,eac84c70,...) at vm_fault+0x1c14
trap_pfault(0,eac84cc8,c062a16b,c7bca000,cb1d6560,...) at trap_pfault+0x1ce
trap(eac84d28) at trap+0x263
calltrap() at calltrap+0x6
--- trap 0xc, eip = 0x880d5cdd, esp = 0xbfbfb640, ebp = 0xbfbfb698 ---
Tracing command perl5.14.2 pid 20526 tid 100278 td 0xcbc84b80
sched_switch(cbc84b80,0,104,3b38c51a,2123d7,...) at sched_switch+0x297
mi_switch(104,0,15c,ca80b560,ea3a5b70,...) at mi_switch+0x12f
sleepq_switch(cbc84b80,0,c09c15c1,1a3,cbc84b80,...) at sleepq_switch+0xcc
sleepq_catch_signals(15c,0,ea3a5bc4,c07073bc,ca80b560,...) at
sleepq_catch_signals+0x52
sleepq_wait_sig(ca80b560,5c,c09c1fa4,100,0,...) at sleepq_wait_sig+0x18
_sleep(ca80b560,ca80b5e8,15c,c09c1fa4,0,...) at _sleep+0x2bc
kern_wait(cbc84b80,502f,ea3a5c64,0,0,...) at kern_wait+0xfa1
wait4(cbc84b80,ea3a5cec,c,c,c,...) at wait4+0x3b
syscall(ea3a5d28) at syscall+0x342
Xint0x80_syscall() at Xint0x80_syscall+0x21
--- syscall (7, FreeBSD ELF32, wait4), eip = 0x882a1c6b, esp = 0xbfbfeb2c, ebp
= 0xbfbfeb48 ---
I can give more information from ddb output and or the written kerneldump.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list