Null pointer deref in swp_pager_meta_ctl

From: Kris Kennaway <kris_at_obsecurity.org>
Date: Tue, 6 Dec 2005 03:24:09 -0500
I configured a 74GB swap-backed md on sparc64..after a week or two
(during which time swap was slowly filling as more of the md was
dirtied) it panicked:

#10 0x00000000c0179ec8 in panic (fmt=0xc03dcb80 "trap: %s") at ../../../kern/kern_shutdown.c:539
#11 0x00000000c031e818 in trap (tf=0xee0e32f0) at ../../../sparc64/sparc64/trap.c:369
#12 0x00000000c0048fc0 in tl1_trap ()
#13 0x00000000c02dc928 in swp_pager_meta_ctl (object=0x0, pindex=3874086912, flags=-420880384)
    at ../../../vm/swap_pager.c:1902
#14 0x00000000c01a6a90 in turnstile_release (lock=0x0) at ../../../kern/subr_turnstile.c:489
#15 0x00000000c02dafa4 in swap_pager_getpages (object=0xfffff8005c94b260, m=0xee0e3628, count=1, reqpage=0)
    at ../../../vm/swap_pager.c:992
#16 0x00000000c00e66c0 in mdstart_swap (sc=0xfffff80025ebd000, bp=0xfffff80122255b00) at vm_pager.h:130
#17 0x00000000c00e6c94 in md_kthread (arg=0xfffff80025ebd000) at ../../../dev/md/md.c:676
#18 0x00000000c015e7fc in fork_exit (callout=0xc00e6a00 <md_kthread>, arg=0xfffff80025ebd000, frame=0xee0e3880)
    at ../../../kern/kern_fork.c:789
#19 0x00000000c00491b0 in fork_trampoline ()
#20 0x00000000c00491b0 in fork_trampoline ()
Previous frame identical to this frame (corrupt stack?)
(kgdb) frame 15
#15 0x00000000c02dafa4 in swap_pager_getpages (object=0xfffff8005c94b260, m=0xee0e3628, count=1, reqpage=0)
    at ../../../vm/swap_pager.c:992
992             blk = swp_pager_meta_ctl(mreq->object, mreq->pindex, 0);
(kgdb) print *mreq
$2 = {pageq = {tqe_next = 0xfffff80139cbdd70, tqe_prev = 0xfffff8013b249470}, listq = {tqe_next = 0xfffff8013c93e080,
    tqe_prev = 0xfffff801393111f8}, left = 0xfffff801393111e8, right = 0xfffff8013d505a38, object = 0x0, pindex = 4341534,
  phys_addr = 1870839808, md = {tte_list = {tqh_first = 0xbee6e9c0, tqh_last = 0xbee6e9d0}, pmap = 0x0, colors = {1, 0},
    color = 0, flags = 0}, queue = 23, flags = 0, pc = 22, wire_count = 0, cow = 0, hold_count = 0, act_count = 0 '\0',
  busy = 0 '\0', valid = 0, dirty = 0}
(kgdb) print swap_pager_avail
$3 = 6210309

What else can I extract from the core to help diagnose this?

Kris
Received on Tue Dec 06 2005 - 07:24:12 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:48 UTC