Hi, I have the following kgdb session from a page fault seemingly triggered in pf(4).
I realize the -CURRENT is about a month old, but I cannot find any
commits that seem relevant to this area of the code.
I am happy to dig further and provide any information that is requested.
Glen
Script started on Fri Jun 21 19:57:21 2013
root@orion:/usr/obj/usr/src/sys/ORION # uname -a
FreeBSD orion 10.0-CURRENT FreeBSD 10.0-CURRENT #10 r250476: Fri May 10
16:29:54 EDT 2013 root@orion:/usr/obj/usr/src/sys/ORION amd64
root@orion:/usr/obj/usr/src/sys/ORION # kgdb ./kernel.debug /var/crash/vmcore.8
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x11
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff80772688
stack pointer = 0x28:0xffffff800026da20
frame pointer = 0x28:0xffffff800026da40
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 12 (swi4: clock)
trap number = 12
panic: page fault
cpuid = 0
KDB: stack backtrace:
#0 0xffffffff80676a46 at kdb_backtrace+0x66
#1 0xffffffff8063ae6b at panic+0x13b
#2 0xffffffff80918ba0 at trap_fatal+0x290
#3 0xffffffff80918f11 at trap_pfault+0x221
#4 0xffffffff809194c4 at trap+0x344
#5 0xffffffff80902c53 at calltrap+0x8
#6 0xffffffff806a29ce at pfslowtimo+0x2e
#7 0xffffffff80651476 at softclock_call_cc+0x106
#8 0xffffffff80651b09 at softclock+0xa9
#9 0xffffffff8060c06d at intr_event_execute_handlers+0xfd
#10 0xffffffff8060d81b at ithread_loop+0x9b
#11 0xffffffff80608c1f at fork_exit+0x11f
#12 0xffffffff8090317e at fork_trampoline+0xe
Uptime: 42d1h53m40s
(ada0:ahcich0:0:0:0): FLUSHCACHE48. ACB: ea 00 00 00 00 40 00 00 00 00 00 00
(ada0:ahcich0:0:0:0): CAM status: CCB request is in progress
(ada0:ahcich0:0:0:0): Error 5, Retries exhausted
(ada0:ahcich0:0:0:0): Synchronize cache failed
(ada1:ahcich1:0:0:0): FLUSHCACHE48. ACB: ea 00 00 00 00 40 00 00 00 00 00 00
(ada1:ahcich1:0:0:0): CAM status: CCB request is in progress
(ada1:ahcich1:0:0:0): Error 5, Retries exhausted
(ada1:ahcich1:0:0:0): Synchronize cache failed
(ada2:ahcich4:0:0:0): FLUSHCACHE48. ACB: ea 00 00 00 00 40 00 00 00 00 00 00
(ada2:ahcich4:0:0:0): CAM status: CCB request is in progress
(ada2:ahcich4:0:0:0): Error 5, Retries exhausted
(ada2:ahcich4:0:0:0): Synchronize cache failed
(ada3:ahcich5:0:0:0): FLUSHCACHE48. ACB: ea 00 00 00 00 40 00 00 00 00 00 00
(ada3:ahcich5:0:0:0): CAM status: CCB request is in progress
(ada3:ahcich5:0:0:0): Error 5, Retries exhausted
(ada3:ahcich5:0:0:0): Synchronize cache failed
Dumping 2263 out of 6048 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%
Reading symbols from /boot/kernel/zfs.ko.symbols...done.
Loaded symbols for /boot/kernel/zfs.ko.symbols
Reading symbols from /boot/kernel/opensolaris.ko.symbols...done.
Loaded symbols for /boot/kernel/opensolaris.ko.symbols
#0 doadump (textdump=<value optimized out>) at pcpu.h:231
231 __asm("movq %%gs:%1,%0" : "=r" (td)
(kgdb) bt
#0 doadump (textdump=<value optimized out>) at pcpu.h:231
#1 0xffffffff8063a9d6 in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:447
#2 0xffffffff8063ae55 in panic (fmt=<value optimized out>) at
/usr/src/sys/kern/kern_shutdown.c:754
#3 0xffffffff80918ba0 in trap_fatal (frame=0xc, eva=<value optimized out>) at
/usr/src/sys/amd64/amd64/trap.c:872
#4 0xffffffff80918f11 in trap_pfault (frame=0xffffff800026d970, usermode=0) at
/usr/src/sys/amd64/amd64/trap.c:789
#5 0xffffffff809194c4 in trap (frame=0xffffff800026d970) at
/usr/src/sys/amd64/amd64/trap.c:463
#6 0xffffffff80902c53 in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:228
#7 0xffffffff80772688 in ip_slowtimo () at /usr/src/sys/netinet/ip_input.c:1237
#8 0xffffffff806a29ce in pfslowtimo (arg=0x0) at
/usr/src/sys/kern/uipc_domain.c:508
#9 0xffffffff80651476 in softclock_call_cc (c=0xffffffff80e1ac60,
cc=0xffffffff80dc6800, direct=0)
at /usr/src/sys/kern/kern_timeout.c:674
#10 0xffffffff80651b09 in softclock (arg=<value optimized out>) at
/usr/src/sys/kern/kern_timeout.c:802
#11 0xffffffff8060c06d in intr_event_execute_handlers (p=<value optimized out>,
ie=0xfffffe0010811900)
at /usr/src/sys/kern/kern_intr.c:1263
#12 0xffffffff8060d81b in ithread_loop (arg=0xfffffe0010819000) at
/usr/src/sys/kern/kern_intr.c:1276
#13 0xffffffff80608c1f in fork_exit (callout=0xffffffff8060d780 <ithread_loop>,
arg=0xfffffe0010819000, frame=0xffffff800026dc00)
at /usr/src/sys/kern/kern_fork.c:991
#14 0xffffffff8090317e in fork_trampoline () at
/usr/src/sys/amd64/amd64/exception.S:602
#15 0x0000000000000000 in ?? ()
(kgdb) frame 6
#6 0xffffffff80902c53 in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:228
228 call trap
Current language: auto; currently asm
(kgdb) list *0xffffffff80902c53
0xffffffff80902c53 is at /usr/src/sys/amd64/amd64/exception.S:230.
225 .type calltrap,@function
226 calltrap:
227 movq %rsp,%rdi
228 call trap
229 MEXITCOUNT
230 jmp doreti /* Handle any pending ASTs */
231
232 /*
233 * alltraps_noen entry point. Unlike alltraps above, we want to
234 * leave the interrupts disabled. This corresponds to
(kgdb) up
#7 0xffffffff80772688 in ip_slowtimo () at /usr/src/sys/netinet/ip_input.c:1237
1237 for(fp = TAILQ_FIRST(&V_ipq[i]); fp;) {
Current language: auto; currently c
(kgdb) list *0xffffffff80772688
0xffffffff80772688 is in ip_slowtimo (/usr/src/sys/netinet/ip_input.c:1242).
1237 for(fp = TAILQ_FIRST(&V_ipq[i]); fp;) {
1238 struct ipq *fpp;
1239
1240 fpp = fp;
1241 fp = TAILQ_NEXT(fp, ipq_list);
1242 if(--fpp->ipq_ttl == 0) {
1243 IPSTAT_ADD(ips_fragtimeout,
1244 fpp->ipq_nfrags);
1245 ip_freef(&V_ipq[i], fpp);
1246 }
(kgdb) p *ipq
$1 = {tqh_first = 0x0, tqh_last = 0xffffffff80e20e80}
(kgdb) up
#8 0xffffffff806a29ce in pfslowtimo (arg=0x0) at
/usr/src/sys/kern/uipc_domain.c:508
508 (*pr->pr_slowtimo)();
(kgdb) list *0xffffffff806a29ce
0xffffffff806a29ce is in pfslowtimo (/usr/src/sys/kern/uipc_domain.c:506).
501 {
502 struct domain *dp;
503 struct protosw *pr;
504
505 for (dp = domains; dp; dp = dp->dom_next)
506 for (pr = dp->dom_protosw; pr <
dp->dom_protoswNPROTOSW; pr++)
507 if (pr->pr_slowtimo)
508 (*pr->pr_slowtimo)();
509 callout_reset(&pfslow_callout, hz/2, pfslowtimo, NULL);
510 }
(kgdb) p *dp
$2 = {dom_family = 2, dom_name = 0xffffffff80a56512 "internet", dom_init = 0,
dom_destroy = 0, dom_externalize = 0, dom_dispose = 0,
dom_protosw = 0xffffffff80d16320, dom_protoswNPROTOSW = 0xffffffff80d16ce0,
dom_next = 0x0,
dom_rtattach = 0xffffffff8076d070 <in_inithead>, dom_rtdetach = 0,
dom_rtoffset = 32, dom_maxrtkey = 16,
dom_ifattach = 0xffffffff807626c0 <in_domifattach>, dom_ifdetach =
0xffffffff80762690 <in_domifdetach>}
(kgdb) p *dp
$3 = {dom_family = 2, dom_name = 0xffffffff80a56512 "internet", dom_init = 0,
dom_destroy = 0, dom_externalize = 0, dom_dispose = 0,
dom_protosw = 0xffffffff80d16320, dom_protoswNPROTOSW = 0xffffffff80d16ce0,
dom_next = 0x0,
dom_rtattach = 0xffffffff8076d070 <in_inithead>, dom_rtdetach = 0,
dom_rtoffset = 32, dom_maxrtkey = 16,
dom_ifattach = 0xffffffff807626c0 <in_domifattach>, dom_ifdetach =
0xffffffff80762690 <in_domifdetach>}
(kgdb) p *domains
$4 = {dom_family = 17, dom_name = 0xffffffff809acd08 "route", dom_init = 0,
dom_destroy = 0, dom_externalize = 0, dom_dispose = 0,
dom_protosw = 0xffffffff80d11300, dom_protoswNPROTOSW = 0xffffffff80d11368,
dom_next = 0xffffffff80d21de0, dom_rtattach = 0,
dom_rtdetach = 0, dom_rtoffset = 0, dom_maxrtkey = 0, dom_ifattach = 0,
dom_ifdetach = 0}
(kgdb) p *dp->dom_protoswNPROTOSW
$5 = {pr_type = 2, pr_domain = 0xffffffff80a56512, pr_protocol = 0, pr_flags =
0, pr_input = 0, pr_output = 0, pr_ctlinput = 0,
pr_ctloutput = 0xffffffff80d16320 <inetsw>, pr_init = 0xffffffff80d16ce0
<inetdomain>, pr_destroy = 0,
pr_fasttimo = 0xffffffff8076d070 <in_inithead>, pr_slowtimo = 0, pr_drain =
0x1000000020, pr_usrreqs = 0xffffffff807626c0}
(kgdb) p pfslow_callout
$6 = {c_links = {le = {le_next = 0x0, le_prev = 0xffffffff80dc6910}, sle =
{sle_next = 0x0}, tqe = {tqe_next = 0x0,
tqe_prev = 0xffffffff80dc6910}}, c_time = 15614872462233060, c_precision
= 134217718, c_arg = 0x0,
c_func = 0xffffffff806a29a0 <pfslowtimo>, c_lock = 0x0, c_flags = 146, c_cpu
= 0}
(kgdb) p *pfslowtimo
$7 = {void (void *)} 0xffffffff806a29a0 <pfslowtimo>
(kgdb) up
#9 0xffffffff80651476 in softclock_call_cc (c=0xffffffff80e1ac60,
cc=0xffffffff80dc6800, direct=0)
at /usr/src/sys/kern/kern_timeout.c:674
674 c_func(c_arg);
(kgdb) list *0xffffffff80651476
0xffffffff80651476 is in softclock_call_cc
(/usr/src/sys/kern/kern_timeout.c:675).
670 sbt1 = sbinuptime();
671 #endif
672 THREAD_NO_SLEEPING();
673 SDT_PROBE(callout_execute, kernel, , callout_start, c, 0, 0, 0,
0);
674 c_func(c_arg);
675 SDT_PROBE(callout_execute, kernel, , callout_end, c, 0, 0, 0,
0);
676 THREAD_SLEEPING_OK();
677 #if defined(DIAGNOSTIC) || defined(CALLOUT_PROFILING)
678 sbt2 = sbinuptime();
679 sbt2 -= sbt1;
(kgdb) quit
root@orion:/usr/obj/usr/src/sys/ORION # ^D
Script done on Fri Jun 21 19:57:39 2013
pgpza_ZX5efdk.pgp
Description: PGP signature
