[panic] swi4 page fault (ip_slowtimo())

From: Glen Barber <gjb_at_FreeBSD.org>
Date: Fri, 21 Jun 2013 20:17:12 -0400
Hi,

I have the following kgdb session from a page fault seemingly triggered
in pf(4).

I realize the -CURRENT is about a month old, but I cannot find any
commits that seem relevant to this area of the code.

I am happy to dig further and provide any information that is requested.

Glen

Script started on Fri Jun 21 19:57:21 2013
root_at_orion:/usr/obj/usr/src/sys/ORION # uname -a
FreeBSD orion 10.0-CURRENT FreeBSD 10.0-CURRENT #10 r250476: Fri May 10 16:29:54 EDT 2013     root_at_orion:/usr/obj/usr/src/sys/ORION  amd64
root_at_orion:/usr/obj/usr/src/sys/ORION # kgdb ./kernel.debug /var/crash/vmcore.8
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0x11
fault code		= supervisor read data, page not present
instruction pointer	= 0x20:0xffffffff80772688
stack pointer	        = 0x28:0xffffff800026da20
frame pointer	        = 0x28:0xffffff800026da40
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 12 (swi4: clock)
trap number		= 12
panic: page fault
cpuid = 0
KDB: stack backtrace:
#0 0xffffffff80676a46 at kdb_backtrace+0x66
#1 0xffffffff8063ae6b at panic+0x13b
#2 0xffffffff80918ba0 at trap_fatal+0x290
#3 0xffffffff80918f11 at trap_pfault+0x221
#4 0xffffffff809194c4 at trap+0x344
#5 0xffffffff80902c53 at calltrap+0x8
#6 0xffffffff806a29ce at pfslowtimo+0x2e
#7 0xffffffff80651476 at softclock_call_cc+0x106
#8 0xffffffff80651b09 at softclock+0xa9
#9 0xffffffff8060c06d at intr_event_execute_handlers+0xfd
#10 0xffffffff8060d81b at ithread_loop+0x9b
#11 0xffffffff80608c1f at fork_exit+0x11f
#12 0xffffffff8090317e at fork_trampoline+0xe
Uptime: 42d1h53m40s
(ada0:ahcich0:0:0:0): FLUSHCACHE48. ACB: ea 00 00 00 00 40 00 00 00 00 00 00
(ada0:ahcich0:0:0:0): CAM status: CCB request is in progress
(ada0:ahcich0:0:0:0): Error 5, Retries exhausted
(ada0:ahcich0:0:0:0): Synchronize cache failed
(ada1:ahcich1:0:0:0): FLUSHCACHE48. ACB: ea 00 00 00 00 40 00 00 00 00 00 00
(ada1:ahcich1:0:0:0): CAM status: CCB request is in progress
(ada1:ahcich1:0:0:0): Error 5, Retries exhausted
(ada1:ahcich1:0:0:0): Synchronize cache failed
(ada2:ahcich4:0:0:0): FLUSHCACHE48. ACB: ea 00 00 00 00 40 00 00 00 00 00 00
(ada2:ahcich4:0:0:0): CAM status: CCB request is in progress
(ada2:ahcich4:0:0:0): Error 5, Retries exhausted
(ada2:ahcich4:0:0:0): Synchronize cache failed
(ada3:ahcich5:0:0:0): FLUSHCACHE48. ACB: ea 00 00 00 00 40 00 00 00 00 00 00
(ada3:ahcich5:0:0:0): CAM status: CCB request is in progress
(ada3:ahcich5:0:0:0): Error 5, Retries exhausted
(ada3:ahcich5:0:0:0): Synchronize cache failed
Dumping 2263 out of 6048 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

Reading symbols from /boot/kernel/zfs.ko.symbols...done.
Loaded symbols for /boot/kernel/zfs.ko.symbols
Reading symbols from /boot/kernel/opensolaris.ko.symbols...done.
Loaded symbols for /boot/kernel/opensolaris.ko.symbols
#0  doadump (textdump=<value optimized out>) at pcpu.h:231
231		__asm("movq %%gs:%1,%0" : "=r" (td)
(kgdb) bt
#0  doadump (textdump=<value optimized out>) at pcpu.h:231
#1  0xffffffff8063a9d6 in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:447
#2  0xffffffff8063ae55 in panic (fmt=<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:754
#3  0xffffffff80918ba0 in trap_fatal (frame=0xc, eva=<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:872
#4  0xffffffff80918f11 in trap_pfault (frame=0xffffff800026d970, usermode=0) at /usr/src/sys/amd64/amd64/trap.c:789
#5  0xffffffff809194c4 in trap (frame=0xffffff800026d970) at /usr/src/sys/amd64/amd64/trap.c:463
#6  0xffffffff80902c53 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:228
#7  0xffffffff80772688 in ip_slowtimo () at /usr/src/sys/netinet/ip_input.c:1237
#8  0xffffffff806a29ce in pfslowtimo (arg=0x0) at /usr/src/sys/kern/uipc_domain.c:508
#9  0xffffffff80651476 in softclock_call_cc (c=0xffffffff80e1ac60, cc=0xffffffff80dc6800, direct=0)
    at /usr/src/sys/kern/kern_timeout.c:674
#10 0xffffffff80651b09 in softclock (arg=<value optimized out>) at /usr/src/sys/kern/kern_timeout.c:802
#11 0xffffffff8060c06d in intr_event_execute_handlers (p=<value optimized out>, ie=0xfffffe0010811900)
    at /usr/src/sys/kern/kern_intr.c:1263
#12 0xffffffff8060d81b in ithread_loop (arg=0xfffffe0010819000) at /usr/src/sys/kern/kern_intr.c:1276
#13 0xffffffff80608c1f in fork_exit (callout=0xffffffff8060d780 <ithread_loop>, arg=0xfffffe0010819000, frame=0xffffff800026dc00)
    at /usr/src/sys/kern/kern_fork.c:991
#14 0xffffffff8090317e in fork_trampoline () at /usr/src/sys/amd64/amd64/exception.S:602
#15 0x0000000000000000 in ?? ()
(kgdb) frame 6
#6  0xffffffff80902c53 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:228
228		call	trap
Current language:  auto; currently asm
(kgdb) list *0xffffffff80902c53
0xffffffff80902c53 is at /usr/src/sys/amd64/amd64/exception.S:230.
225		.type	calltrap,_at_function
226	calltrap:
227		movq	%rsp,%rdi
228		call	trap
229		MEXITCOUNT
230		jmp	doreti			/* Handle any pending ASTs */
231	
232		/*
233		 * alltraps_noen entry point.  Unlike alltraps above, we want to
234		 * leave the interrupts disabled.  This corresponds to
(kgdb) up
#7  0xffffffff80772688 in ip_slowtimo () at /usr/src/sys/netinet/ip_input.c:1237
1237				for(fp = TAILQ_FIRST(&V_ipq[i]); fp;) {
Current language:  auto; currently c
(kgdb) list *0xffffffff80772688
0xffffffff80772688 is in ip_slowtimo (/usr/src/sys/netinet/ip_input.c:1242).
1237				for(fp = TAILQ_FIRST(&V_ipq[i]); fp;) {
1238					struct ipq *fpp;
1239	
1240					fpp = fp;
1241					fp = TAILQ_NEXT(fp, ipq_list);
1242					if(--fpp->ipq_ttl == 0) {
1243						IPSTAT_ADD(ips_fragtimeout,
1244						    fpp->ipq_nfrags);
1245						ip_freef(&V_ipq[i], fpp);
1246					}
(kgdb) p *ipq
$1 = {tqh_first = 0x0, tqh_last = 0xffffffff80e20e80}
(kgdb) up
#8  0xffffffff806a29ce in pfslowtimo (arg=0x0) at /usr/src/sys/kern/uipc_domain.c:508
508					(*pr->pr_slowtimo)();
(kgdb) list *0xffffffff806a29ce
0xffffffff806a29ce is in pfslowtimo (/usr/src/sys/kern/uipc_domain.c:506).
501	{
502		struct domain *dp;
503		struct protosw *pr;
504	
505		for (dp = domains; dp; dp = dp->dom_next)
506			for (pr = dp->dom_protosw; pr < dp->dom_protoswNPROTOSW; pr++)
507				if (pr->pr_slowtimo)
508					(*pr->pr_slowtimo)();
509		callout_reset(&pfslow_callout, hz/2, pfslowtimo, NULL);
510	}
(kgdb) p *dp
$2 = {dom_family = 2, dom_name = 0xffffffff80a56512 "internet", dom_init = 0, dom_destroy = 0, dom_externalize = 0, dom_dispose = 0, 
  dom_protosw = 0xffffffff80d16320, dom_protoswNPROTOSW = 0xffffffff80d16ce0, dom_next = 0x0, 
  dom_rtattach = 0xffffffff8076d070 <in_inithead>, dom_rtdetach = 0, dom_rtoffset = 32, dom_maxrtkey = 16, 
  dom_ifattach = 0xffffffff807626c0 <in_domifattach>, dom_ifdetach = 0xffffffff80762690 <in_domifdetach>}
(kgdb) p *dp
$3 = {dom_family = 2, dom_name = 0xffffffff80a56512 "internet", dom_init = 0, dom_destroy = 0, dom_externalize = 0, dom_dispose = 0, 
  dom_protosw = 0xffffffff80d16320, dom_protoswNPROTOSW = 0xffffffff80d16ce0, dom_next = 0x0, 
  dom_rtattach = 0xffffffff8076d070 <in_inithead>, dom_rtdetach = 0, dom_rtoffset = 32, dom_maxrtkey = 16, 
  dom_ifattach = 0xffffffff807626c0 <in_domifattach>, dom_ifdetach = 0xffffffff80762690 <in_domifdetach>}
(kgdb) p *domains
$4 = {dom_family = 17, dom_name = 0xffffffff809acd08 "route", dom_init = 0, dom_destroy = 0, dom_externalize = 0, dom_dispose = 0, 
  dom_protosw = 0xffffffff80d11300, dom_protoswNPROTOSW = 0xffffffff80d11368, dom_next = 0xffffffff80d21de0, dom_rtattach = 0, 
  dom_rtdetach = 0, dom_rtoffset = 0, dom_maxrtkey = 0, dom_ifattach = 0, dom_ifdetach = 0}
(kgdb) p *dp->dom_protoswNPROTOSW
$5 = {pr_type = 2, pr_domain = 0xffffffff80a56512, pr_protocol = 0, pr_flags = 0, pr_input = 0, pr_output = 0, pr_ctlinput = 0, 
  pr_ctloutput = 0xffffffff80d16320 <inetsw>, pr_init = 0xffffffff80d16ce0 <inetdomain>, pr_destroy = 0, 
  pr_fasttimo = 0xffffffff8076d070 <in_inithead>, pr_slowtimo = 0, pr_drain = 0x1000000020, pr_usrreqs = 0xffffffff807626c0}
(kgdb) p pfslow_callout
$6 = {c_links = {le = {le_next = 0x0, le_prev = 0xffffffff80dc6910}, sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, 
      tqe_prev = 0xffffffff80dc6910}}, c_time = 15614872462233060, c_precision = 134217718, c_arg = 0x0, 
  c_func = 0xffffffff806a29a0 <pfslowtimo>, c_lock = 0x0, c_flags = 146, c_cpu = 0}
(kgdb) p *pfslowtimo
$7 = {void (void *)} 0xffffffff806a29a0 <pfslowtimo>
(kgdb) up
#9  0xffffffff80651476 in softclock_call_cc (c=0xffffffff80e1ac60, cc=0xffffffff80dc6800, direct=0)
    at /usr/src/sys/kern/kern_timeout.c:674
674		c_func(c_arg);
(kgdb) list *0xffffffff80651476
0xffffffff80651476 is in softclock_call_cc (/usr/src/sys/kern/kern_timeout.c:675).
670		sbt1 = sbinuptime();
671	#endif
672		THREAD_NO_SLEEPING();
673		SDT_PROBE(callout_execute, kernel, , callout_start, c, 0, 0, 0, 0);
674		c_func(c_arg);
675		SDT_PROBE(callout_execute, kernel, , callout_end, c, 0, 0, 0, 0);
676		THREAD_SLEEPING_OK();
677	#if defined(DIAGNOSTIC) || defined(CALLOUT_PROFILING)
678		sbt2 = sbinuptime();
679		sbt2 -= sbt1;
(kgdb) quit
root_at_orion:/usr/obj/usr/src/sys/ORION # ^D

Script done on Fri Jun 21 19:57:39 2013
Received on Fri Jun 21 2013 - 22:17:18 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:38 UTC