Kernel panic in 6.0 revisited
Joe Marcus Clarke
marcus at marcuscom.com
Fri Sep 3 21:57:32 PDT 2004
A few days ago, I reported a kernel panic in HEAD while building
packages on my tinderbox machine. I was unable to get a core dump fro
that crash, and after switching from ULE to 4BSD, I had thought it had
gone away.
Well, today, the machine panicked twice. It was the same panic both
times, and the same panic I got a few days ago. This time, however, I
was able to get a core dump. Here is the panic message:
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x1c
fault code = supervisor write, page not present
instruction pointer = 0x8:0xc0533d07
stack pointer = 0x10:0xf5f30a4c
frame pointer = 0x10:0xf5f30a58
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 27441 (cpp0)
Stopped at vfs_vmio_release+0x1b: lock cmpxchgl %ecx,0x1c(%edx)
Here is the full backtrace:
#0 doadump () at pcpu.h:159
No locals.
#1 0xc044790a in db_fncall (dummy1=0, dummy2=0, dummy3=-1067408529, dummy4=0xf3832640 "l&\203óÔ\205`ÀX&\203ó\\&\203ó\220\a") at /usr/src/sys/ddb/db_command.c:531
fn_addr = -1068568116
args = {0 <repeats 11 times>}
nargs = 11
retval = 0
func = (fcn_10args_t *) 0xc04ef1cc <doadump>
t = 0
#2 0xc0447718 in db_command (last_cmdp=0xc06aa344, cmd_table=0x0, aux_cmd_tablep=0xc0678980, aux_cmd_tablep_end=0xc0678984) at /usr/src/sys/ddb/db_command.c:349
cmd = (struct command *) 0xc067e7c0
t = 0
modif = "l&\203óÔ\205`ÀX&\203ó\\&\203ó\220\a\000\000\220\a\000\000Ï\a\000\000\000\000\000\000\000|mÀ\r\000\000\000\000|mÀ\000|mÀ\r\000\000\000\001\000\000\000\230&\203ó\a\177`À\230&\203ó \177`À OlÀà´kÀx\000\000\000@¬jÀ\f\000\000\000¸&\203ó|\226DÀ_\035fÀì\223DÀ\f\000\000\000@¬jÀ\236\213DÀ"
addr = 0
count = -1067408529
have_addr = 0
result = 0
#3 0xc04477e0 in db_command_loop () at /usr/src/sys/ddb/db_command.c:455
No locals.
#4 0xc0449359 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:221
jb = {{_jb = {-209508616, -209508636, -209508564, -209508396, 12, -1069247758, 12, -209508540, -1068464337, -1066976222, -1068464204, -209508560}}}
prev_jb = (void *) 0x0
bkpt = 0
#5 0xc0506cb7 in kdb_trap (type=12, code=0, tf=0x1) at /usr/src/sys/kern/subr_kdb.c:418
did_stop_cpus = 1
handled = -209508396
#6 0xc06239c1 in trap_fatal (frame=0xf38327d4, eva=28) at /usr/src/sys/i386/i386/trap.c:804
code = 16
type = 12
ss = 16
esp = 0
softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_xx = 3, ssd_xx1 = 3, ssd_def32 = 1, ssd_gran = 1}
#7 0xc062371f in trap_pfault (frame=0xf38327d4, usermode=0, eva=28) at /usr/src/sys/i386/i386/trap.c:727
va = 0
vm = (struct vmspace *) 0x0
map = 0xc308a4b0
rv = 1
ftype = 1 '\001'
td = (struct thread *) 0xc3184420
p = (struct proc *) 0xc35bb380
#8 0xc0623335 in trap (frame={tf_fs = -1068629992, tf_es = -601620464, tf_ds = 1048592, tf_edi = -601584980, tf_esi = -601584980, tf_ebp = -209508320, tf_isp = -209508352, tf_ebx = -601584980, tf_edx = 0, tf_ecx = -1021819872, tf_eax = 4, tf_trapno = 12, tf_err = 2, tf_eip = -1068290701, tf_cs = 8, tf_eflags = 66050, tf_esp = -601584980, tf_ss = -601584980}) at /usr/src/sys/i386/i386/trap.c:417
td = (struct thread *) 0xc3184420
p = (struct proc *) 0xc35bb380
sticks = 3227240939
i = 0
ucode = 0
type = 12
code = 2
eva = 28
#9 0xc0611c2a in calltrap () at /usr/src/sys/i386/i386/exception.s:140
No locals.
#10 0xc04e0018 in ktrnamei (path=0xdc248aac "\002") at /usr/src/sys/kern/kern_ktrace.c:372
req = (struct ktr_request *) 0x0
namelen = -601584980
buf = 0xdc248aac "\002"
#11 0xc05335d2 in getnewbuf (slpflag=0, slptimeo=0, size=2048, maxsize=16384) at /usr/src/sys/kern/vfs_bio.c:1886
qindex = 1
bp = (struct buf *) 0xdc248aac
nbp = (struct buf *) 0xdc248aac
defrag = 0
nqindex = 524306
flushingbufs = 0
#12 0xc0534a59 in getblk (vp=0xc6f20108, blkno=0, size=2048, slpflag=0, slptimeo=0, flags=0) at /usr/src/sys/kern/vfs_bio.c:2586
bsize = 16384
maxsize = 0
vmio = 1
offset = Unhandled dwarf expression opcode 0x93
And here is the output of "l *vfs_vmio_release+0x1b":
0xc0533d07 is in vfs_vmio_release (atomic.h:154).
149 static __inline int
150 atomic_cmpset_int(volatile u_int *dst, u_int exp, u_int src)
151 {
152 int res = exp;
153
154 __asm __volatile (
155 " " __XSTRING(MPLOCKED) " "
156 " cmpxchgl %1,%2 ; "
157 " setz %%al ; "
158 " movzbl %%al,%0 ; "
Kernel config is at http://www.marcuscom.com/downloads/FUGU.kernel and
the dmesg output is at http://www.marcuscom.com/downloads/FUGU.dmesg
Let me know if you need anything else. Thanks.
Joe
--
PGP Key : http://www.marcuscom.com/pgp.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040904/c3c3771f/attachment.bin
More information about the freebsd-current
mailing list