Hi,
since this weekend my highly loaded newsserver panics every few hours with
the following traceback. Any ideas?
5.1-CURRENT FreeBSD 5.1-CURRENT #6: Mon Aug 4 21:54:06 CEST 2003
Stopped at pmap_remove_all+0x38: xchgl %edx,0(%eax)
db> where
pmap_remove_all(c0f73de0,40,0,f,c0d5e998) at pmap_remove_all+0x38
vfs_busy_pages(d28d1d48,1,db8a2000,e0ba7b18,c03599d9) at vfs_busy_pages+0x178
bwrite(d28d1d48,e0ba7bc8,c0257f2e,d28d1d48,d28d1e78) at bwrite+0x380
bawrite(d28d1d48,d28d1e78,18,c613a390,c6437b68) at bawrite+0x1c
cluster_wbuild(c6437b68,4000,1c2,0,6) at cluster_wbuild+0x90e
vfs_bio_awrite(d29fdc08,0,0,c613a390,e0ba7c78) at vfs_bio_awrite+0x25d
ffs_fsync(e0ba7cc4,20002,c613a390,c03a38c0,0) at ffs_fsync+0x382
sched_sync(0,e0ba7d48,0,0,0) at sched_sync+0x204
fork_exit(c02620b0,0,e0ba7d48) at fork_exit+0xb1
fork_trampoline() at fork_trampoline+0x1a --- trap 0x1, eip = 0, esp = 0xe0ba7d7c, ebp = 0 ---
Script started on Mon Aug 4 23:57:55 2003
[root_at_newscore crash]# gdb -k kernel.debug vmcore.0
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: from debugger
panic messages:
---
Fatal trap 12: page fault while in kernel mode
cpuid = 2; lapic.id = 06000000
fault virtual address = 0xbfceea70
fault code = supervisor write, page not present
instruction pointer = 0x8:0xc035d588
stack pointer = 0x10:0xe0ba7a98
frame pointer = 0x10:0xe0ba7ab0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 41 (syncer)
panic: from debugger
cpuid = 2; lapic.id = 06000000
Fatal trap 3: breakpoint instruction fault while in kernel mode
cpuid = 2; lapic.id = 06000000
instruction pointer = 0x8:0xc0347b65
stack pointer = 0x10:0xe0ba7800
frame pointer = 0x10:0xe0ba780c
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = IOPL = 0
current process = 41 (syncer)
panic: from debugger
cpuid = 2; lapic.id = 06000000
boot() called on cpu#2
Uptime: 1h36m33s
Dumping 1023 MB
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 928 944 960 976 992 1008
---
Reading symbols from /usr/obj/usr/src/sys/NEWSCORE/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done.
Loaded symbols for /usr/obj/usr/src/sys/NEWSCORE/modules/usr/src/sys/modules/acpi/acpi.ko.debug
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
240 dumping++;
(kgdb) wher� �� �� �� �bt full
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
No locals.
#1 0xc0203c61 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:372
No locals.
#2 0xc02040b8 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
td = (struct thread *) 0xc613a390
bootopt = 260
newpanic = 0
ap = 0xe0ba7850 "\byºà\222\222\024À\210Õ5À"
buf = "from debugger", '\0' <repeats 242 times>
#3 0xc0149332 in db_panic () at /usr/src/sys/ddb/db_command.c:450
No locals.
#4 0xc0149292 in db_command (last_cmdp=0xc03e4a60, cmd_table=0xc03bb900,
aux_cmd_tablep=0xc03b5fb8, aux_cmd_tablep_end=0xc03b5fbc)
at /usr/src/sys/ddb/db_command.c:346
cmd = (struct command *) 0xc03799dc
t = 0
modif = "\0S>À¨\204BÀ\230xºà\r\0\0\0 pAÀ\r\0\0\0\001\0\0\0¸xºà\226Ö3À V_at_À\aK\0 pAÀ_at_Ì?ÀÀS>Àx\0\0\0ÀS>À¨\204BÀÜxºàѱ\024À\f³8À\200¯\024À\0\0\0\0\020\0\0\0èxºàøxºà]¨\024À\f³8À¨\204BÀ\byºà\020\0\0"
addr = -1070213752
count = 1
have_addr = 0
result = 0
#5 0xc01493d5 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472
No locals.
#6 0xc014c3f5 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:73
bkpt = 0
#7 0xc034785c in kdb_trap (type=12, code=0, regs=0xe0ba7a58)
at /usr/src/sys/i386/i386/db_interface.c:172
ef = 582
ddb_mode = 1
#8 0xc0361c16 in trap_fatal (frame=0xe0ba7a58, eva=0)
at /usr/src/sys/i386/i386/trap.c:816
code = 16
---Type <return> to continue, or q <return> to quit---
type = 12
ss = 16
esp = 0
softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27,
ssd_dpl = 0, ssd_p = 1, ssd_xx = 0, ssd_xx1 = 0, ssd_def32 = 1, ssd_gran = 1}
#9 0xc03618c2 in trap_pfault (frame=0xe0ba7a58, usermode=0, eva=3218008688)
at /usr/src/sys/i386/i386/trap.c:735
va = 3218006016
vm = (struct vmspace *) 0x0
map = 0x1
rv = 1
ftype = 2 '\002'
td = (struct thread *) 0xc613a390
p = (struct proc *) 0xc6139d3c
#10 0xc036141d in trap (frame=
{tf_fs = -963313640, tf_es = 409075728, tf_ds = -474808304, tf_edi = -1057538592, tf_esi = 16, tf_ebp = -524649808, tf_isp = -524649852, tf_ebx = -1044790456, tf_edx = 0, tf_ecx = -474795080, tf_eax = -1076958608, tf_trapno = 12, tf_err = 2, tf_eip = -1070213752, tf_cs = 8, tf_eflags = 66118, tf_esp = -963262032, tf_ss = 1000980480}) at /usr/src/sys/i386/i386/trap.c:420
td = (struct thread *) 0xc613a390
p = (struct proc *) 0xc6139d3c
sticks = 3323175824
i = 0
ucode = 0
type = 12
code = 2
eva = 3218008688
#11 0xc0349298 in calltrap () at {standard input}:103
No locals.
#12 0xc0253a08 in vfs_busy_pages (bp=0xc0f73de0, clear_modify=1)
at /usr/src/sys/kern/vfs_bio.c:3370
m = 0xc1b9c348
obj = 0x0
foff = 7438336
---Type <return> to continue, or q <return> to quit---
i = 16
bogus = 0
#13 0xc024df20 in bwrite (bp=0xd28d1d48) at /usr/src/sys/kern/vfs_bio.c:859
oldflags = 1677721604
newbp = (struct buf *) 0xd298d638
#14 0xc024eb0c in bawrite (bp=0x0) at /usr/src/sys/kern/vfs_bio.c:1148
No locals.
#15 0xc0257f2e in cluster_wbuild (vp=0xc6437b68, size=16384, start_lbn=456,
len=6) at /usr/src/sys/kern/vfs_cluster.c:985
bp = (struct buf *) 0xd28d1d48
tbp = (struct buf *) 0xd298d638
i = 6
j = 4
totalwritten = 98304
dbsize = 32
#16 0xc02504dd in vfs_bio_awrite (bp=0xd29fdc08)
at /usr/src/sys/kern/vfs_bio.c:1691
i = 6
j = 0
lblkno = 450
vp = (struct vnode *) 0xc6437b68
ncl = 0
nwritten = 0
size = 16384
maxcl = 8
#17 0xc02f6872 in ffs_fsync (ap=0xe0ba7cc4)
at /usr/src/sys/ufs/ffs/ffs_vnops.c:268
vp = (struct vnode *) 0xc6437b68
ip = (struct inode *) 0xd29fdc08
bp = (struct buf *) 0xd29fdc08
nbp = (struct buf *) 0xd2b9cf00
error = 0
wait = 0
passes = 4
skipmeta = 0
---Type <return> to continue, or q <return> to quit---
lbn = 456
#18 0xc02622b4 in sched_sync () at vnode_if.h:627
slp = (struct synclist *) 0xc61994ec
vp = (struct vnode *) 0xc6437b68
mp = (struct mount *) 0xc636b200
starttime = 1060033156
td = (struct thread *) 0xc613a390
#19 0xc01ec621 in fork_exit (callout=0xc02620b0 <sched_sync>, arg=0x0,
frame=0x0) at /usr/src/sys/kern/kern_fork.c:794
td = (struct thread *) 0x0
p = (struct proc *) 0xc6139d3c
(kgdb) quit
[root_at_newscore crash]# exit
Script done on Mon Aug 4 23:58:35 2003
--
Lukas Ertl eMail: l.ertl_at_univie.ac.at
UNIX Systemadministrator Tel.: (+43 1) 4277-14073
Vienna University Computer Center Fax.: (+43 1) 4277-9140
University of Vienna http://mailbox.univie.ac.at/~le/
Received on Tue Aug 05 2003 - 02:12:54 UTC