Re: panic in pmap_remove_pages()
On Fri, Jan 23, 2015 at 07:58:08AM -0800, Steve Kargl wrote:
> On Fri, Jan 23, 2015 at 12:51:00PM +0200, Konstantin Belousov wrote:
> > On Wed, Jan 21, 2015 at 01:47:06PM -0800, Steve Kargl wrote:
> > > Fatal trap 9: general protection fault while in kernel mode
> > > cpuid = 3; apic id = 13
> > > instruction pointer = 0x20:0x8079abf9
> > > stack pointer = 0x28:0xfe047325e360
> > > frame pointer = 0x28:0xfe047325e440
> > > code segment= base 0x0, limit 0xf, type 0x1b
> > > = DPL 0, pres 1, long 1, def32 0, gran 1
> > > processor eflags= interrupt enabled, resume, IOPL = 0
> > > current process = 41779 (z)
> > > trap number = 9
> > > panic: general protection fault
> > > cpuid = 3
> > > KDB: stack backtrace:
> > > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> > > 0xfe047325e020
> > > panic() at panic+0x1c1/frame 0xfe047325e0e0
> > > trap_fatal() at trap_fatal+0x396/frame 0xfe047325e140
> > > trap() at trap+0x6ce/frame 0xfe047325e2a0
> > > calltrap() at calltrap+0x8/frame 0xfe047325e2a0
> > > --- trap 0x9, rip = 0x8079abf9, rsp = 0xfe047325e360, rbp =
> > > 0xfe047325e440 ---
> > > pmap_remove_pages() at pmap_remove_pages+0x539/frame 0xfe047325e440
> > > exec_new_vmspace() at exec_new_vmspace+0x180/frame 0xfe047325e4a0
> > > exec_elf64_imgact() at exec_elf64_imgact+0x6c0/frame 0xfe047325e570
> > > kern_execve() at kern_execve+0x484/frame 0xfe047325e8c0
> > > sys_execve() at sys_execve+0x35/frame 0xfe047325e920
> > > amd64_syscall() at amd64_syscall+0x289/frame 0xfe047325ea30
> > > Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfe047325ea30
> > > --- syscall (59, FreeBSD ELF64, sys_execve), rip = 0x4251ba, rsp =
> > > 0x7e8ebab8, rbp = 0x7e8ec1c0 ---
> > > Uptime: 22d22h22m46s
> > >
> > > #0 doadump (textdump=1) at pcpu.h:219
> > > 219 pcpu.h: No such file or directory.
> > > in pcpu.h
> > > (kgdb) #0 doadump (textdump=1) at pcpu.h:219
> > > #1 0x80555bd7 in kern_reboot (howto=260)
> > > at /usr/src/sys/kern/kern_shutdown.c:447
> > > #2 0x80556040 in panic (fmt=)
> > > at /usr/src/sys/kern/kern_shutdown.c:746
> > > #3 0x807a2986 in trap_fatal (frame=,
> > > eva=) at /usr/src/sys/amd64/amd64/trap.c:867
> > > #4 0x807a25de in trap (frame=)
> > > at /usr/src/sys/amd64/amd64/trap.c:201
> > > #5 0x80787ca3 in calltrap ()
> > > at /usr/src/sys/amd64/amd64/exception.S:235
> > > #6 0x8079abf9 in pmap_remove_pages (pmap=0xf801c627dec8)
> > > at /usr/src/sys/amd64/amd64/pmap.c:5389
> > Please do 'frame 6' and from there, do 'p *m'. Is it reproducable ?
> >
>
> (kgdb) p *m
> $9 = {plinks = {q = {tqe_next = 0xf804384044c0,
> tqe_prev = 0xf8042e89eac0}, s = {ss = {
> sle_next = 0xf804384044c0}, pv = 0xf8042e89eac0}, memguard = {
> p = 18446735295740134592, v = 18446735295577189056}}, listq = {
> tqe_next = 0xf8043cddb158, tqe_prev = 0xf804335c2358},
> object = 0xf801882d5100, pindex = 30, phys_addr = 4352778240, md = {
> pv_list = {tqh_first = 0xf800bc1d37a8, tqh_last = 0xfefff800bc1d37b0},
The tqh_last has single-bit error, note the 0xf_e_fff8... pattern of the
pv_list.tqh_last value. It is consistent with the general protection
fault which was reported, amd64 reacts this way to the non-canonical
address. It is theoretically possible that some random memory corruption
occured, but I tend to believe that hardware bit-flipping took place.
> pv_gen = 1012, pat_mode = 6}, wire_count = 0, busy_lock = 1,
> hold_count = 0, flags = 0, aflags = 1 '\001', oflags = 0 '\0',
> queue = 1 '\001', psind = 0 '\0', segind = 7 '\a', order = 13 '\r',
> pool = 0 '\0', act_count = 5 '\005', valid = 255 '?', dirty = 255 '?'}
>
> It would have been reproducible except that the panic truncated
> the program 'z' (which caused the panic) to 0 bytes and took the
> source code I was writing. Neither 'z' nor the source code appeared
> in /usr/lost+found. Unfortunately, the source code was a quickly
> written Fortran program with obviously a programming error, and I
> doubt that I'll be able to replicate the program.
>
> --
> Steve
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: panic in pmap_remove_pages()
On Fri, Jan 23, 2015 at 12:51:00PM +0200, Konstantin Belousov wrote:
> On Wed, Jan 21, 2015 at 01:47:06PM -0800, Steve Kargl wrote:
> > Fatal trap 9: general protection fault while in kernel mode
> > cpuid = 3; apic id = 13
> > instruction pointer = 0x20:0x8079abf9
> > stack pointer = 0x28:0xfe047325e360
> > frame pointer = 0x28:0xfe047325e440
> > code segment= base 0x0, limit 0xf, type 0x1b
> > = DPL 0, pres 1, long 1, def32 0, gran 1
> > processor eflags= interrupt enabled, resume, IOPL = 0
> > current process = 41779 (z)
> > trap number = 9
> > panic: general protection fault
> > cpuid = 3
> > KDB: stack backtrace:
> > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> > 0xfe047325e020
> > panic() at panic+0x1c1/frame 0xfe047325e0e0
> > trap_fatal() at trap_fatal+0x396/frame 0xfe047325e140
> > trap() at trap+0x6ce/frame 0xfe047325e2a0
> > calltrap() at calltrap+0x8/frame 0xfe047325e2a0
> > --- trap 0x9, rip = 0x8079abf9, rsp = 0xfe047325e360, rbp =
> > 0xfe047325e440 ---
> > pmap_remove_pages() at pmap_remove_pages+0x539/frame 0xfe047325e440
> > exec_new_vmspace() at exec_new_vmspace+0x180/frame 0xfe047325e4a0
> > exec_elf64_imgact() at exec_elf64_imgact+0x6c0/frame 0xfe047325e570
> > kern_execve() at kern_execve+0x484/frame 0xfe047325e8c0
> > sys_execve() at sys_execve+0x35/frame 0xfe047325e920
> > amd64_syscall() at amd64_syscall+0x289/frame 0xfe047325ea30
> > Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfe047325ea30
> > --- syscall (59, FreeBSD ELF64, sys_execve), rip = 0x4251ba, rsp =
> > 0x7e8ebab8, rbp = 0x7e8ec1c0 ---
> > Uptime: 22d22h22m46s
> >
> > #0 doadump (textdump=1) at pcpu.h:219
> > 219 pcpu.h: No such file or directory.
> > in pcpu.h
> > (kgdb) #0 doadump (textdump=1) at pcpu.h:219
> > #1 0x80555bd7 in kern_reboot (howto=260)
> > at /usr/src/sys/kern/kern_shutdown.c:447
> > #2 0x80556040 in panic (fmt=)
> > at /usr/src/sys/kern/kern_shutdown.c:746
> > #3 0x807a2986 in trap_fatal (frame=,
> > eva=) at /usr/src/sys/amd64/amd64/trap.c:867
> > #4 0x807a25de in trap (frame=)
> > at /usr/src/sys/amd64/amd64/trap.c:201
> > #5 0x80787ca3 in calltrap ()
> > at /usr/src/sys/amd64/amd64/exception.S:235
> > #6 0x8079abf9 in pmap_remove_pages (pmap=0xf801c627dec8)
> > at /usr/src/sys/amd64/amd64/pmap.c:5389
> Please do 'frame 6' and from there, do 'p *m'. Is it reproducable ?
>
(kgdb) p *m
$9 = {plinks = {q = {tqe_next = 0xf804384044c0,
tqe_prev = 0xf8042e89eac0}, s = {ss = {
sle_next = 0xf804384044c0}, pv = 0xf8042e89eac0}, memguard = {
p = 18446735295740134592, v = 18446735295577189056}}, listq = {
tqe_next = 0xf8043cddb158, tqe_prev = 0xf804335c2358},
object = 0xf801882d5100, pindex = 30, phys_addr = 4352778240, md = {
pv_list = {tqh_first = 0xf800bc1d37a8, tqh_last = 0xfefff800bc1d37b0},
pv_gen = 1012, pat_mode = 6}, wire_count = 0, busy_lock = 1,
hold_count = 0, flags = 0, aflags = 1 '\001', oflags = 0 '\0',
queue = 1 '\001', psind = 0 '\0', segind = 7 '\a', order = 13 '\r',
pool = 0 '\0', act_count = 5 '\005', valid = 255 'ÿ', dirty = 255 'ÿ'}
It would have been reproducible except that the panic truncated
the program 'z' (which caused the panic) to 0 bytes and took the
source code I was writing. Neither 'z' nor the source code appeared
in /usr/lost+found. Unfortunately, the source code was a quickly
written Fortran program with obviously a programming error, and I
doubt that I'll be able to replicate the program.
--
Steve
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: panic in pmap_remove_pages()
On Wed, Jan 21, 2015 at 01:47:06PM -0800, Steve Kargl wrote: > Just got this panic. If anyone is interested I have the > kenrel and core, so can do some additional poking around. > > troutmask.apl.washington.edu dumped core - see /var/crash/vmcore.0 > > Wed Jan 21 13:28:04 PST 2015 > > FreeBSD troutmask.apl.washington.edu 11.0-CURRENT FreeBSD 11.0-CURRENT #7 > r276378M: Mon Dec 29 14:13:57 PST 2014 > ka...@troutmask.apl.washington.edu:/data/obj/usr/src/sys/SPEW amd64 > > panic: general protection fault > > Unread portion of the kernel message buffer: > > Fatal trap 9: general protection fault while in kernel mode > cpuid = 3; apic id = 13 > instruction pointer = 0x20:0x8079abf9 > stack pointer = 0x28:0xfe047325e360 > frame pointer = 0x28:0xfe047325e440 > code segment = base 0x0, limit 0xf, type 0x1b > = DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 41779 (z) > trap number = 9 > panic: general protection fault > cpuid = 3 > KDB: stack backtrace: > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfe047325e020 > panic() at panic+0x1c1/frame 0xfe047325e0e0 > trap_fatal() at trap_fatal+0x396/frame 0xfe047325e140 > trap() at trap+0x6ce/frame 0xfe047325e2a0 > calltrap() at calltrap+0x8/frame 0xfe047325e2a0 > --- trap 0x9, rip = 0x8079abf9, rsp = 0xfe047325e360, rbp = > 0xfe047325e440 --- > pmap_remove_pages() at pmap_remove_pages+0x539/frame 0xfe047325e440 > exec_new_vmspace() at exec_new_vmspace+0x180/frame 0xfe047325e4a0 > exec_elf64_imgact() at exec_elf64_imgact+0x6c0/frame 0xfe047325e570 > kern_execve() at kern_execve+0x484/frame 0xfe047325e8c0 > sys_execve() at sys_execve+0x35/frame 0xfe047325e920 > amd64_syscall() at amd64_syscall+0x289/frame 0xfe047325ea30 > Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfe047325ea30 > --- syscall (59, FreeBSD ELF64, sys_execve), rip = 0x4251ba, rsp = > 0x7e8ebab8, rbp = 0x7e8ec1c0 --- > Uptime: 22d22h22m46s > > #0 doadump (textdump=1) at pcpu.h:219 > 219 pcpu.h: No such file or directory. > in pcpu.h > (kgdb) #0 doadump (textdump=1) at pcpu.h:219 > #1 0x80555bd7 in kern_reboot (howto=260) > at /usr/src/sys/kern/kern_shutdown.c:447 > #2 0x80556040 in panic (fmt=) > at /usr/src/sys/kern/kern_shutdown.c:746 > #3 0x807a2986 in trap_fatal (frame=, > eva=) at /usr/src/sys/amd64/amd64/trap.c:867 > #4 0x807a25de in trap (frame=) > at /usr/src/sys/amd64/amd64/trap.c:201 > #5 0x80787ca3 in calltrap () > at /usr/src/sys/amd64/amd64/exception.S:235 > #6 0x8079abf9 in pmap_remove_pages (pmap=0xf801c627dec8) > at /usr/src/sys/amd64/amd64/pmap.c:5389 Please do 'frame 6' and from there, do 'p *m'. Is it reproducable ? > #7 0x8051fa00 in exec_new_vmspace (imgp=0xfe047325e6e0, > sv=0x80b3e8e8) at /usr/src/sys/kern/kern_exec.c:1036 > #8 0x804fed20 in exec_elf64_imgact (imgp=0xfe047325e6e0) > at /usr/src/sys/kern/imgact_elf.c:830 > #9 0x8051e4f4 in kern_execve (td=0xf8027588f490, > args=0xfe047325e8d8, mac_p=0x1da) at /usr/src/sys/kern/kern_exec.c:486 > #10 0x8051de15 in sys_execve (td=, > uap=) at /usr/src/sys/kern/kern_exec.c:210 > #11 0x807a3199 in amd64_syscall (td=0xf8027588f490, traced=0) > at subr_syscall.c:133 > #12 0x80787f8b in Xfast_syscall () > at /usr/src/sys/amd64/amd64/exception.S:395 > #13 0x004251ba in ?? () > > -- > Steve > ___ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
