Re: SMP kernel panic with traceback

From: Bruce Evans <bde_at_zeta.org.au>
Date: Thu, 18 Sep 2003 05:43:09 +1000 (EST)
On Wed, 17 Sep 2003, Daniel Eischen wrote:

> I'm getting crashes when trying to debug mozilla (under KSE).
> The panic message is "panic: absolutely cannot call smp_ipi_shootdown
> with interrupts already disabled".  Attached is the trace.
> Any ideas?

% (kgdb) bt
% #0  doadump () at /opt/FreeBSD/src/src/sys/kern/kern_shutdown.c:240
% #1  0xc02d52ab in boot (howto=260) at /opt/FreeBSD/src/src/sys/kern/kern_shutdown.c:372
% #2  0xc02d56b6 in panic () at /opt/FreeBSD/src/src/sys/kern/kern_shutdown.c:550
% #3  0xc0443b39 in smp_tlb_shootdown (vector=0, addr1=0, addr2=0)
%     at /opt/FreeBSD/src/src/sys/i386/i386/mp_machdep.c:2396
% #4  0xc0443df9 in smp_invlpg_range (addr1=0, addr2=0)
%     at /opt/FreeBSD/src/src/sys/i386/i386/mp_machdep.c:2527
% #5  0xc0445fe8 in pmap_invalidate_range (pmap=0xc0599280, sva=3512557568, eva=1)
%     at /opt/FreeBSD/src/src/sys/i386/i386/pmap.c:719
% #6  0xc04463bd in pmap_qenter (sva=3512557568, m=0xdd6ad884, count=0)
%     at /opt/FreeBSD/src/src/sys/i386/i386/pmap.c:968
% #7  0xc0321de8 in vm_hold_load_pages (bp=0xce65ddf0, from=3512557568, to=3512573952)
%     at /opt/FreeBSD/src/src/sys/kern/vfs_bio.c:3594
% #8  0xc0320381 in allocbuf (bp=0xce65ddf0, size=16384) at /opt/FreeBSD/src/src/sys/kern/vfs_bio.c:2767
% #9  0xc032001c in geteblk (size=16384) at /opt/FreeBSD/src/src/sys/kern/vfs_bio.c:2649
% #10 0xc031c702 in bwrite (bp=0x4000) at /opt/FreeBSD/src/src/sys/kern/vfs_bio.c:815
% #11 0xc031d1bc in bawrite (bp=0x0) at /opt/FreeBSD/src/src/sys/kern/vfs_bio.c:1139
% #12 0xc03261e9 in vop_stdfsync (ap=0xdd6ad9dc) at /opt/FreeBSD/src/src/sys/kern/vfs_default.c:742
% #13 0xc029ae40 in spec_fsync (ap=0xdd6ad9dc) at /opt/FreeBSD/src/src/sys/fs/specfs/spec_vnops.c:417
% #14 0xc029a118 in spec_vnoperate (ap=0x0) at /opt/FreeBSD/src/src/sys/fs/specfs/spec_vnops.c:122
% #15 0xc03e4797 in ffs_sync (mp=0xc4196200, waitfor=2, cred=0xc150df00, td=0xc05351e0) at vnode_if.h:627
% #16 0xc03324fb in sync (td=0xc05351e0, uap=0x0) at /opt/FreeBSD/src/src/sys/kern/vfs_syscalls.c:142
% #17 0xc02d4dff in boot (howto=256) at /opt/FreeBSD/src/src/sys/kern/kern_shutdown.c:281
% #18 0xc02d56b6 in panic () at /opt/FreeBSD/src/src/sys/kern/kern_shutdown.c:550
% #19 0xc0443b39 in smp_tlb_shootdown (vector=0, addr1=0, addr2=0)
%     at /opt/FreeBSD/src/src/sys/i386/i386/mp_machdep.c:2396
% #20 0xc0443dba in smp_invlpg (addr=0) at /opt/FreeBSD/src/src/sys/i386/i386/mp_machdep.c:2514
% #21 0xc0445f63 in pmap_invalidate_page (pmap=0x1, va=3715026944)
%     at /opt/FreeBSD/src/src/sys/i386/i386/pmap.c:691
% #22 0xc0447651 in pmap_remove_all (m=0xc0cffda8) at /opt/FreeBSD/src/src/sys/i386/i386/pmap.c:1783
% #23 0xc04057e2 in vm_object_page_remove (object=0xc056fd20, start=120814, end=120815, clean_only=0)
%     at /opt/FreeBSD/src/src/sys/vm/vm_object.c:1749
% #24 0xc03ff89e in vm_map_delete (map=0xc082f000, start=3226926368, end=3715031040)
%     at /opt/FreeBSD/src/src/sys/vm/vm_map.c:2190
% #25 0xc03ffae8 in vm_map_remove (map=0xc082f000, start=3715026944, end=3715031040)
%     at /opt/FreeBSD/src/src/sys/vm/vm_map.c:2243
% #26 0xc03fbe82 in kmem_free (map=0x0, addr=0, size=4096) at /opt/FreeBSD/src/src/sys/vm/vm_kern.c:240
% ---Type <return> to continue, or q <return> to quit---
% #27 0xc044a690 in user_ldt_free (td=0xc082f000) at /opt/FreeBSD/src/src/sys/i386/i386/sys_machdep.c:363
% #28 0xc044d226 in cpu_exit (td=0x0) at /opt/FreeBSD/src/src/sys/i386/i386/vm_machdep.c:275
% #29 0xc02be454 in exit1 (td=0xc464dab0, rv=5) at /opt/FreeBSD/src/src/sys/kern/kern_exit.c:484
% #30 0xc02da09c in sigexit () at /opt/FreeBSD/src/src/sys/kern/kern_sig.c:2422
% #31 0xc02d8523 in trapsignal (td=0xc464dab0, sig=5, code=0)
%     at /opt/FreeBSD/src/src/sys/kern/kern_sig.c:1550
% #32 0xc044b386 in trap (frame=
%       {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 0, tf_esi = 257, tf_ebp = -1077943800, tf_isp = -580199052, tf_ebx = 671717336, tf_edx = 1, tf_ecx = 0, tf_eax = 671728984, tf_trapno = 3, tf_err = 0, tf_eip = 671620737, tf_cs = 31, tf_eflags = 646, tf_esp = -1077943860, tf_ss = 47})
%     at /opt/FreeBSD/src/src/sys/i386/i386/trap.c:623
% #33 0xc04338b8 in calltrap () at {standard input}:103
% ---Can't read userspace from dump, or kernel process---

Eeek.  Looks like I forgot an attachment to i386/machdep.c 1.468 2001/08/13
(use interrupt gates instead of trap gates for breakpoint and trace traps).
Keeping interrupts disabled is only correct for these traps if they are
from kernel mode.  It's surprising how few problems this has caused.

%%%
Index: trap.c
===================================================================
RCS file: /home/ncvs/src/sys/i386/i386/trap.c,v
retrieving revision 1.256
diff -u -2 -r1.256 trap.c
--- trap.c	15 Aug 2003 15:20:27 -0000	1.256
+++ trap.c	16 Aug 2003 00:32:07 -0000
_at__at_ -275,4 +318,5 _at__at_
 		case T_BPTFLT:		/* bpt instruction fault */
 		case T_TRCTRAP:		/* trace trap */
+			enable_intr();
 			frame.tf_eflags &= ~PSL_T;
 			i = SIGTRAP;
%%%

Bruce
Received on Wed Sep 17 2003 - 10:44:37 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:22 UTC