On Sat, Dec 22, 2012 at 01:08:10PM +0200, Andriy Gapon wrote:
> on 22/12/2012 02:21 Garrett Cooper said the following:
> > Fatal trap 1: privileged instruction fault while in kernel mode
> > Fatal trap 1: privileged instruction fault while in kernel mode
>
> Unrelated to the original topic - this looks very weird.
> I mean all the CPUs getting this unusual trap...
> Could you please do 'disassemble 0x80af5099' in kgdb with the same
> kernel. Or if you have a different kernel now, please use "instruction
> pointer"
> value from a trap with that kernel.
>
This is due to the vtoslab() returning NULL. Since slabref is
dereferenced later, clang tries to be helpful as usual and converts
the !(p->flags & PG_SLAB) case from vtoslab() into the jump to un2
instruction if vtoslab() result is NULL.
So instead of KASSERT triggering the next line, you see this improvement.
> > Memory modified after free 0xff800040d000(9216) val=5a5a5a5a @
> > 0xff800040d000
> > Fatal trap 1: privileged instruction fault while in kernel mode
> > cpuid = 3;
> > cpuid = 1;
> > apic id = 02
> > cpuid = 0; apic id = 06
> > apic id = 00
> > instruction pointer = 0x20:0x80af5099
> > instruction pointer = 0x20:0x80af5099
> > instruction pointer = 0x20:0x80af5099
> > Fatal trap 1: privileged instruction fault while in kernel mode
> > stack pointer = 0x28:0xff8496fff880
> > stack pointer = 0x28:0xff8496fe1880
> > cpuid = 2; frame pointer= 0x28:0xff8496fff8b0
> > frame pointer = 0x28:0xff8496fe18b0
> > stack pointer = 0x28:0xff849705d880
> > code segment= base 0x0, limit 0xf, type 0x1b
> > frame pointer = 0x28:0xff849705d8b0
> > apic id = 04
> > code segment= base 0x0, limit 0xf, type 0x1b
> > code segment= base 0x0, limit 0xf, type 0x1b
> > = DPL 0, pres 1, long 1, def32 0, gran 1
> > = DPL 0, pres 1, long 1, def32 0, gran 1
> > instruction pointer = 0x20:0x80af5099
> > processor eflags= = DPL 0, pres 1, long
> > 1, def32 0, gran 1
> > interrupt enabled, processor eflags = stack pointer =
> > 0x28:0xff8497067880
> > interrupt enabled, resume, resume, frame pointer=
> > 0x28:0xff84970678b0
> > IOPL = 0
> > code segment= base 0x0, limit 0xf, type 0x1b
> > current process = = DPL 0, pres 1, long
> > 1, def32 0, gran 1
> > processor eflags= 12 (irq280: ix0:que 3)
> > ilock order reversal: (Giant after non-sleepable)
> > 1st 0xfe0078148b38 ix0:rx(3) (ix0:rx(3)) @
> > /usr/src/sys/modules/ixgbe/../../dev/ixgbe/ixgbe.c:4296
> > 2nd 0x814457b8 Giant (Giant) @
> > /usr/src/sys/dev/usb/input/ukbd.c:1946
> > KDB: stack backtrace:
> > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> > 0xff8496fff320
> > kdb_backtrace() at kdb_backtrace+0x39/frame 0xff8496fff3d0
> > witness_checkorder() at witness_checkorder+0xc47/frame 0xff8496fff450
> > __mtx_lock_flags() at __mtx_lock_flags+0x89/frame 0xff8496fff490
> > ukbd_poll() at ukbd_poll+0x28/frame 0xff8496fff4b0
> > kbdmux_poll() at kbdmux_poll+0x5b/frame 0xff8496fff4d0
> > cngrab() at cngrab+0x35/frame 0xff8496fff4f0
> > kdb_trap() at kdb_trap+0x124/frame 0xff8496fff550
> > trap_fatal() at trap_fatal+0x345/frame 0xff8496fff5b0
> > trap() at trap+0x836/frame 0xff8496fff7c0
> > calltrap() at calltrap+0x8/frame 0xff8496fff7c0
> > --- trap 0x1, rip = 0x80af5099, rsp = 0xff8496fff880, rbp
> > = 0xff8496fff8b0 ---
> > uma_find_refcnt() at uma_find_refcnt+0x79/frame 0xff8496fff8b0
>
>
> --
> Andriy Gapon
> ___
> freebsd-current@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
pgps9pTddrmqz.pgp
Description: PGP signature
