Re: Panic in vfs_cache on i386

From: Andreas Tobler <andreast-list_at_fgznet.ch>
Date: Tue, 14 Apr 2009 20:28:33 +0200
Joe Marcus Clarke wrote:
> I'm seeing this panic on my -CURRENT i386 Tinderbox machine (using
> looped back NFS).  The backtrace does not point to a line number in
> vfs_cache.c, and I can't figure out how atomic_cmpset_int is being
> called, so I'm confused as to exactly what is causing this.  Any clues?
> 
> FreeBSD fugu.marcuscom.com 8.0-CURRENT FreeBSD 8.0-CURRENT #20: Mon Apr 13 17:21:39 EDT 2009     gnome_at_fugu.marcuscom.com:/space/obj/usr/src/sys/FUGU  i386
> 
> Fatal trap 12: page fault while in kernel mode
> cpuid = 1; apic id = 01
> fault virtual address	= 0x84
> fault code		= supervisor write, page not present
> instruction pointer	= 0x20:0x80670cf0
> stack pointer	        = 0x28:0xb9d59974
> frame pointer	        = 0x28:0xb9d599a0
> code segment		= base 0x0, limit 0xfffff, type 0x1b
> 			= DPL 0, pres 1, def32 1, gran 1
> processor eflags	= interrupt enabled, resume, IOPL = 0
> current process		= 82240 (sh)
> panic: from debugger
> cpuid = 1
> 
> 
> #0  doadump () at pcpu.h:246
> #1  0x804958c9 in db_fncall (dummy1=1, dummy2=0, dummy3=-2137255936, dummy4=0xb9d59708 "\200��\204") at /usr/src/sys/ddb/db_command.c:548
> #2  0x80495cc1 in db_command (last_cmdp=0x8094251c, cmd_table=0x0, dopager=1) at /usr/src/sys/ddb/db_command.c:445
> #3  0x80495e1a in db_command_loop () at /usr/src/sys/ddb/db_command.c:498
> #4  0x80497c5d in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:229
> #5  0x80629ef6 in kdb_trap (type=12, code=0, tf=0xb9d59934) at /usr/src/sys/kern/subr_kdb.c:534
> #6  0x808666ef in trap_fatal (frame=0xb9d59934, eva=132) at /usr/src/sys/i386/i386/trap.c:917
> #7  0x80866990 in trap_pfault (frame=0xb9d59934, usermode=0, eva=132) at /usr/src/sys/i386/i386/trap.c:839
> #8  0x80867362 in trap (frame=0xb9d59934) at /usr/src/sys/i386/i386/trap.c:521
> #9  0x8084b93b in calltrap () at /usr/src/sys/i386/i386/exception.s:165
> #10 0x80670cf0 in cache_lookup (dvp=0x8a55a10c, vpp=0xb9d59b78, cnp=0xb9d59b8c) at atomic.h:153
> #11 0x80670f93 in vfs_cache_lookup (ap=0xb9d59a40) at /usr/src/sys/kern/vfs_cache.c:869
> #12 0x808736e6 in VOP_LOOKUP_APV (vop=0x8092a680, a=0xb9d59a40) at vnode_if.c:123
> #13 0x80678351 in lookup (ndp=0xb9d59b60) at vnode_if.h:54
> #14 0x806792ab in namei (ndp=0xb9d59b60) at /usr/src/sys/kern/vfs_lookup.c:256
> #15 0x8068893b in kern_statat_vnhook (td=0x86085000, flag=0, fd=-100, path=0x33f02400 <Address 0x33f02400 out of bounds>, pathseg=UIO_USERSPACE, sbp=0xb9d59c18, hook=0) at /usr/src/sys/kern/vfs_syscalls.c:2356
> #16 0x80688aac in kern_statat (td=0x86085000, flag=0, fd=-100, path=0x33f02400 <Address 0x33f02400 out of bounds>, pathseg=UIO_USERSPACE, sbp=0xb9d59c18) at /usr/src/sys/kern/vfs_syscalls.c:2337
> #17 0x80688bf6 in kern_stat (td=0x86085000, path=0x33f02400 <Address 0x33f02400 out of bounds>, pathseg=UIO_USERSPACE, sbp=0xb9d59c18) at /usr/src/sys/kern/vfs_syscalls.c:2329
> #18 0x80688c9f in stat (td=0x86085000, uap=0xb9d59cf8) at /usr/src/sys/kern/vfs_syscalls.c:2298
> #19 0x80866cd5 in syscall (frame=0xb9d59d38) at /usr/src/sys/i386/i386/trap.c:1066
> #20 0x8084b9a0 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:261
> #21 0x00000033 in ?? ()
> Previous frame inner to this frame (corrupt stack?)
> 
> print *dvp
> $6 = {v_type = VDIR, v_tag = 0x808c518a "ufs", v_op = 0x8092a160, 
>   v_data = 0x8a1f707c, v_mount = 0x8531b500, v_nmntvnodes = {
>     tqe_next = 0x8a554754, tqe_prev = 0x8a55a65c}, v_un = {vu_mount = 0x0, 
>     vu_socket = 0x0, vu_cdev = 0x0, vu_fifoinfo = 0x0, vu_yield = 0}, 
>   v_hashlist = {le_next = 0x8600d324, le_prev = 0x8503b170}, 
>   v_hash = 10739825, v_cache_src = {lh_first = 0x0}, v_cache_dst = {
>     tqh_first = 0x0, tqh_last = 0x8a55a13c}, v_cache_dd = 0x86770120, 
>   v_cstart = 0, v_lasta = 0, v_lastw = 0, v_clen = 0, v_lock = {lock_object = {
>       lo_name = 0x808c518a "ufs", lo_flags = 91947009, lo_data = 0, 
>       lo_witness = 0x0}, lk_lock = 1, lk_timo = 51, lk_pri = 80}, 
>   v_interlock = {lock_object = {lo_name = 0x808d15c1 "vnode interlock", 
>       lo_flags = 16973824, lo_data = 0, lo_witness = 0x0}, mtx_lock = 4}, 
>   v_vnlock = 0x8a55a164, v_holdcnt = 3, v_usecount = 3, v_iflag = 0, 
>   v_vflag = 0, v_writecount = 0, v_freelist = {tqe_next = 0x0, 
>     tqe_prev = 0x0}, v_bufobj = {bo_mtx = {lock_object = {
>         lo_name = 0x808d15d1 "bufobj interlock", lo_flags = 16973824, 
>         lo_data = 0, lo_witness = 0x0}, mtx_lock = 4}, bo_clean = {bv_hd = {
>         tqh_first = 0x0, tqh_last = 0x8a55a1c8}, bv_root = 0x0, bv_cnt = 0}, 
>     bo_dirty = {bv_hd = {tqh_first = 0x0, tqh_last = 0x8a55a1d8}, 
>       bv_root = 0x0, bv_cnt = 0}, bo_numoutput = 0, bo_flag = 0, 
>     bo_ops = 0x8091ab80, bo_bsize = 16384, bo_object = 0x8a6c245c, 
>     bo_synclist = {le_next = 0x0, le_prev = 0x0}, bo_private = 0x8a55a10c, 
>     __bo_vnode = 0x8a55a10c}, v_pollinfo = 0x0, v_label = 0x0, v_lockf = 0x0}
> 
> print *vpp
> $7 = (struct vnode *) 0x0
> 
> print *cnp
> $9 = {cn_nameiop = 0, cn_flags = 83943748, cn_thread = 0x86085000, 
>   cn_cred = 0x85ad4d00, cn_lkflags = 2097152, cn_pnbuf = 0x8acf6400 "..", 
>   cn_nameptr = 0x8acf6400 "..", cn_namelen = 2, cn_consume = 0}

I see something similar on an amd64 box.
I can reproduce it while make -j4 buildworld.


Andreas

FreeBSD deuterium_fbsd.andreas.nets 8.0-CURRENT FreeBSD 8.0-CURRENT #1 
r191065M: Tue Apr 14 19:55:16 CEST 2009 
andreast_at_deuterium_fbsd.andreas.nets:/export/devel/obj/export/devel/src/sys/ANDREAST_amd64 
  amd64

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0xd8
fault code		= supervisor write data, page not present
instruction pointer	= 0x20:0xffffffff805d96f6
stack pointer	        = 0x28:0xfffffffe7e8aa6b0
frame pointer	        = 0x28:0xfffffffe7e8aa730
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 12576 (sh)
panic: from debugger
cpuid = 0
Uptime: 2m23s
Physical memory: 2034 MB
Dumping 187 MB: 172 156 140 124 108 92 76 60 44 28 12

#0  doadump () at pcpu.h:223
223	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:223
#1  0xffffffff80563209 in boot (howto=260)
     at /export/devel/src/sys/kern/kern_shutdown.c:420
#2  0xffffffff8056365c in panic (fmt=Variable "fmt" is not available.
)
     at /export/devel/src/sys/kern/kern_shutdown.c:576
#3  0xffffffff801cce47 in db_panic (addr=Variable "addr" is not available.
)
     at /export/devel/src/sys/ddb/db_command.c:478
#4  0xffffffff801cd251 in db_command (last_cmdp=0xffffffff80b97520, 
cmd_table=Variable "cmd_table" is not available.
)
     at /export/devel/src/sys/ddb/db_command.c:445
#5  0xffffffff801cd4a0 in db_command_loop ()
     at /export/devel/src/sys/ddb/db_command.c:498
#6  0xffffffff801cf429 in db_trap (type=Variable "type" is not available.
)
     at /export/devel/src/sys/ddb/db_main.c:229
#7  0xffffffff80593265 in kdb_trap (type=12, code=0, tf=0xfffffffe7e8aa600)
     at /export/devel/src/sys/kern/subr_kdb.c:534
#8  0xffffffff80839e2d in trap_fatal (frame=0xfffffffe7e8aa600, 
eva=Variable "eva" is not available.
)
     at /export/devel/src/sys/amd64/amd64/trap.c:840
#9  0xffffffff8083a204 in trap_pfault (frame=0xfffffffe7e8aa600, usermode=0)
     at /export/devel/src/sys/amd64/amd64/trap.c:761
#10 0xffffffff8083ab18 in trap (frame=0xfffffffe7e8aa600)
     at /export/devel/src/sys/amd64/amd64/trap.c:487
#11 0xffffffff80815973 in calltrap ()
     at /export/devel/src/sys/amd64/amd64/exception.S:223
---Type <return> to continue, or q <return> to quit---
#12 0xffffffff805d96f6 in cache_lookup (dvp=0x0, vpp=0xfffffffe7e8aa970,
     cnp=0xfffffffe7e8aa998) at atomic.h:147
#13 0xffffffff805d9ac0 in vfs_cache_lookup (ap=Variable "ap" is not 
available.
)
     at /export/devel/src/sys/kern/vfs_cache.c:869
#14 0xffffffff80881640 in VOP_LOOKUP_APV (vop=0xffffffff80b6d180,
     a=0xfffffffe7e8aa810) at vnode_if.c:123
#15 0xffffffff805e0b2b in lookup (ndp=0xfffffffe7e8aa940) at vnode_if.h:54
#16 0xffffffff805e1b41 in namei (ndp=0xfffffffe7e8aa940)
     at /export/devel/src/sys/kern/vfs_lookup.c:256
#17 0xffffffff805f0adf in kern_statat_vnhook (td=0xffffff0032352a80, 
flag=Variable "flag" is not available.
)
     at /export/devel/src/sys/kern/vfs_syscalls.c:2356
#18 0xffffffff805f0ca5 in kern_statat (td=Variable "td" is not available.
)
     at /export/devel/src/sys/kern/vfs_syscalls.c:2337
#19 0xffffffff805f0e4a in stat (td=Variable "td" is not available.
)
     at /export/devel/src/sys/kern/vfs_syscalls.c:2298
#20 0xffffffff8083a476 in syscall (frame=0xfffffffe7e8aac90)
     at /export/devel/src/sys/amd64/amd64/trap.c:977
#21 0xffffffff80815c00 in Xfast_syscall ()
     at /export/devel/src/sys/amd64/amd64/exception.S:364
#22 0x000000080099fcfc in ?? ()
Previous frame inner to this frame (corrupt stack?)
Received on Tue Apr 14 2009 - 16:49:23 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:46 UTC