Re: [panic] swi4 page fault (ip_slowtimo())

On Mon, Jun 24, 2013 at 02:21:56PM +0400, Gleb Smirnoff wrote:
> On Fri, Jun 21, 2013 at 08:17:12PM -0400, Glen Barber wrote:
> G> Hi,
> G> 
> G> I have the following kgdb session from a page fault seemingly triggered
> G> in pf(4).
> 
> pfslowtimo() isn't related to pf(4). "pf" stands here for "protocol family".
> 

Ah, thanks.

> G> (kgdb) list *0xffffffff80772688
> G> 0xffffffff80772688 is in ip_slowtimo (/usr/src/sys/netinet/ip_input.c:1242).
> G> 1237				for(fp = TAILQ_FIRST(&V_ipq[i]); fp;) {
> G> 1238					struct ipq *fpp;
> G> 1239	
> G> 1240					fpp = fp;
> G> 1241					fp = TAILQ_NEXT(fp, ipq_list);
> G> 1242					if(--fpp->ipq_ttl == 0) {
> G> 1243						IPSTAT_ADD(ips_fragtimeout,
> G> 1244						    fpp->ipq_nfrags);
> G> 1245						ip_freef(&V_ipq[i], fpp);
> G> 1246					}
> G> (kgdb) p *ipq
> G> $1 = {tqh_first = 0x0, tqh_last = 0xffffffff80e20e80}
> 
> Can you please "print ipq", so that we can look at entire array.
> 

Sure, output follows.

Glen

Script started on Mon Jun 24 06:28:36 2013
root_at_orion:/usr/obj/usr/src/sys/ORION # kgdb ./kernel.debug /var/crash/vmcore.8
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0x11
fault code		= supervisor read data, page not present
instruction pointer	= 0x20:0xffffffff80772688
stack pointer	        = 0x28:0xffffff800026da20
frame pointer	        = 0x28:0xffffff800026da40
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 12 (swi4: clock)
trap number		= 12
panic: page fault
cpuid = 0
KDB: stack backtrace:
#0 0xffffffff80676a46 at kdb_backtrace+0x66
#1 0xffffffff8063ae6b at panic+0x13b
#2 0xffffffff80918ba0 at trap_fatal+0x290
#3 0xffffffff80918f11 at trap_pfault+0x221
#4 0xffffffff809194c4 at trap+0x344
#5 0xffffffff80902c53 at calltrap+0x8
#6 0xffffffff806a29ce at pfslowtimo+0x2e
#7 0xffffffff80651476 at softclock_call_cc+0x106
#8 0xffffffff80651b09 at softclock+0xa9
#9 0xffffffff8060c06d at intr_event_execute_handlers+0xfd
#10 0xffffffff8060d81b at ithread_loop+0x9b
#11 0xffffffff80608c1f at fork_exit+0x11f
#12 0xffffffff8090317e at fork_trampoline+0xe
Uptime: 42d1h53m40s
(ada0:ahcich0:0:0:0): FLUSHCACHE48. ACB: ea 00 00 00 00 40 00 00 00 00 00 00
(ada0:ahcich0:0:0:0): CAM status: CCB request is in progress
(ada0:ahcich0:0:0:0): Error 5, Retries exhausted
(ada0:ahcich0:0:0:0): Synchronize cache failed
(ada1:ahcich1:0:0:0): FLUSHCACHE48. ACB: ea 00 00 00 00 40 00 00 00 00 00 00
(ada1:ahcich1:0:0:0): CAM status: CCB request is in progress
(ada1:ahcich1:0:0:0): Error 5, Retries exhausted
(ada1:ahcich1:0:0:0): Synchronize cache failed
(ada2:ahcich4:0:0:0): FLUSHCACHE48. ACB: ea 00 00 00 00 40 00 00 00 00 00 00
(ada2:ahcich4:0:0:0): CAM status: CCB request is in progress
(ada2:ahcich4:0:0:0): Error 5, Retries exhausted
(ada2:ahcich4:0:0:0): Synchronize cache failed
(ada3:ahcich5:0:0:0): FLUSHCACHE48. ACB: ea 00 00 00 00 40 00 00 00 00 00 00
(ada3:ahcich5:0:0:0): CAM status: CCB request is in progress
(ada3:ahcich5:0:0:0): Error 5, Retries exhausted
(ada3:ahcich5:0:0:0): Synchronize cache failed
Dumping 2263 out of 6048 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

Reading symbols from /boot/kernel/zfs.ko.symbols...done.
Loaded symbols for /boot/kernel/zfs.ko.symbols
Reading symbols from /boot/kernel/opensolaris.ko.symbols...done.
Loaded symbols for /boot/kernel/opensolaris.ko.symbols
#0  doadump (textdump=<value optimized out>) at pcpu.h:231
231		__asm("movq %%gs:%1,%0" : "=r" (td)
(kgdb) p ipq
$1 = {{tqh_first = 0x0, tqh_last = 0xffffffff80e20e80}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e20e90}, {tqh_first = 0x0, tqh_last = 0xffffffff80e20ea0}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e20eb0}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e20ec0}, {tqh_first = 0x0, tqh_last = 0xffffffff80e20ed0}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e20ee0}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e20ef0}, {tqh_first = 0x0, tqh_last = 0xffffffff80e20f00}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e20f10}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e20f20}, {tqh_first = 0x0, tqh_last = 0xffffffff80e20f30}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e20f40}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e20f50}, {tqh_first = 0x0, tqh_last = 0xffffffff80e20f60}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e20f70}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e20f80}, {tqh_first = 0x0, tqh_last = 0xffffffff80e20f90}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e20fa0}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e20fb0}, {tqh_first = 0x0, tqh_last = 0xffffffff80e20fc0}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e20fd0}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e20fe0}, {tqh_first = 0x0, tqh_last = 0xffffffff80e20ff0}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e21000}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e21010}, {tqh_first = 0x0, tqh_last = 0xffffffff80e21020}, {
    tqh_first = 0x1, tqh_last = 0xffffffff80e21030}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e21040}, {tqh_first = 0x0, tqh_last = 0xffffffff80e21050}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e21060}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e21070}, {tqh_first = 0x0, tqh_last = 0xffffffff80e21080}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e21090}, {tqh_first = 0x0, 
---Type <return> to continue, or q <return> to quit---
    tqh_last = 0xffffffff80e210a0}, {tqh_first = 0x0, tqh_last = 0xffffffff80e210b0}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e210c0}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e210d0}, {tqh_first = 0x0, tqh_last = 0xffffffff80e210e0}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e210f0}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e21100}, {tqh_first = 0x0, tqh_last = 0xffffffff80e21110}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e21120}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e21130}, {tqh_first = 0x0, tqh_last = 0xffffffff80e21140}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e21150}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e21160}, {tqh_first = 0x0, tqh_last = 0xffffffff80e21170}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e21180}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e21190}, {tqh_first = 0x0, tqh_last = 0xffffffff80e211a0}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e211b0}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e211c0}, {tqh_first = 0x0, tqh_last = 0xffffffff80e211d0}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e211e0}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e211f0}, {tqh_first = 0x0, tqh_last = 0xffffffff80e21200}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e21210}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e21220}, {tqh_first = 0x0, tqh_last = 0xffffffff80e21230}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e21240}, {tqh_first = 0x0, 
    tqh_last = 0xffffffff80e21250}, {tqh_first = 0x0, tqh_last = 0xffffffff80e21260}, {
    tqh_first = 0x0, tqh_last = 0xffffffff80e21270}}
(kgdb) quit
root_at_orion:/usr/obj/usr/src/sys/ORION # ^D

Script done on Mon Jun 24 06:28:46 2013