NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kern/40210: 5.0 BETA WAPBL related crash
>Number: 40210
>Category: kern
>Synopsis: 5.0 BETA WAPBL related crash
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Dec 17 16:45:00 +0000 2008
>Originator: Juraj Hercek
>Release: 5.0_BETA
>Organization:
>Environment:
NetBSD lizard 5.0_BETA NetBSD 5.0_BETA (XEN3_DOM0) #0: Mon Dec 15 12:13:02 CET
2008 admin@builder:/bsd/netbsd/obj/sys/arch/amd64/compile/XEN3_DOM0 amd64
cpuctl identify 0:
cpu0: Intel Core 2 (Merom) (686-class), id 0x6fb
cpu0: features bfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR>
cpu0: features bfebfbff<PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX>
cpu0: features bfebfbff<FXSR,SSE,SSE2,SS,HTT,TM,SBF>
cpu0: features2
e3bd<SSE3,DTES64,MONITOR,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM>
cpu0: features3 20100800<SYSCALL/SYSRET,XD,EM64T>
cpu0: "Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz"
cpu0: I-cache 32KB 64B/line 8-way, D-cache 32KB 64B/line 8-way
cpu0: L2 cache 4MB 64B/line 16-way
cpu0: ITLB 128 4KB entries 4-way
cpu0: DTLB 256 4KB entries 4-way, 32 4MB entries 4-way
cpu0: Initial APIC ID 0
cpu0: Cluster/Package ID 0
cpu0: Core ID 0
cpu0: family 06 model 0f extfamily 00 extmodel 00
>Description:
# mount | grep mnt
/local/mnt on /mnt type null (hidden, local)
/dev/sd0p on /mnt/data type ffs (log, local)
# umount /mnt/data
uvm_fault(0xffffa00026c29b80, 0x0, 1) -> e
fatal page fault in supervisor mode
trap type 6 code 0 rip ffffffff803597d4 cs e030 rflags 10246 cr2 19 cpl 0 rsp
ffffa000275f6940
kernel: page fault trap, code=0
Stopped in pid 44.1 (umount) at netbsd:ffs_itimes+0x64: cmpq $0x1,0x18(%rax)
ffs_itimes() at netbsd:ffs_itimes+0x64
ffs_update() at netbsd:ffs_update+0x50
ffs_full_fsync() at netbsd:ffs_full_fsync+0x3d1
spec_fsync() at netbsd:spec_fsync+0x59
VOP_FSYNC() at netbsd:VOP_FSYNC+0x34
ffs_flushfiles() at netbsd:ffs_flushfiles+0xf7
ffs_unmount() at netbsd:ffs_unmount+0x55
dounmount() at netbsd:dounmount+0xd5
sys_unmount() at netbsd:sys_unmount+0x11c
syscall() at netbsd:syscall+0xb4
ds 0x1201
es 0x6940
fs 0x640
gs 0x1a51
rdi 0
rsi 0
rbp 0xffffa000275f6980
rbx 0xffffa000276485f0
rdx 0xf9ebdb518b4e8d7f
rcx 0xe8b81201
rax 0x1
r8 0
r9 0x100000
r10 0
r11 0xffffa000278d5e60
r12 0xffffa000275f6940
r13 0
r14 0
r15 0xffffa000275f6940
rip 0xffffffff803597d4 ffs_itimes+0x64
cs 0xe030
rflags 0x10246
rsp 0xffffa000275f6940
ss 0xe02b
netbsd:ffs_itimes+0x64: cmpq $0x1,0x18(%rax)
db>
or, another time crash occurs on a bit different place
# umount /mnt/data
uvm_fault(0xffffa00026c29730, 0x0, 1) -> e
fatal page fault in supervisor mode
trap type 6 code 0 rip ffffffff8035987b cs e030 rflags 10246 cr2 19 cpl 0 rsp
ffffa000275f9940
kernel: page fault trap, code=0
Stopped in pid 364.1 (umount) at netbsd:ffs_itimes+0x10b: cmpq $0x1,0x18(%rax)
ffs_itimes() at netbsd:ffs_itimes+0x10b
ffs_update() at netbsd:ffs_update+0x50
ffs_full_fsync() at netbsd:ffs_full_fsync+0x3d1
spec_fsync() at netbsd:spec_fsync+0x59
VOP_FSYNC() at netbsd:VOP_FSYNC+0x34
ffs_flushfiles() at netbsd:ffs_flushfiles+0xf7
ffs_unmount() at netbsd:ffs_unmount+0x55
dounmount() at netbsd:dounmount+0xd5
sys_unmount(0 at netbsd:sys_unmount+0x11c
syscall() at netbsd:syscall+0xb4
ds 0x120a
es 0x9940
fs 0x4278
gs 0x1a51
rdi 0
rsi 0
rbp 0xffffa000275f9980
rbx 0xffffa000276485f0
rdx 0xf9402ed2473c510f
rcx 0xe8b8120a
rax 0x1
r8 0
r9 0x100000
r10 0
r11 0xffffa000278d4148
r12 0
r13 0
r14 0xffffa000275f9940
r15 0xffffa000275f9940
rip 0xffffffff8035987b ffs_itimes+0x10b
cs 0xe030
rflags 0x10246
rsp 0xffffa000275f9940
ss 0xe02b
netbsd:ffs_itimes+0x10b: cmpq $0x1,0x18(%rax)
db>
Disasembled ffs_itimes function:
ffs_itimes():
ffffffff80359770: 55 push %rbp
ffffffff80359771: 48 89 e5 mov %rsp,%rbp
ffffffff80359774: 48 83 ec 40 sub $0x40,%rsp
ffffffff80359778: 48 89 5d d8 mov
%rbx,0xffffffffffffffd8(%rbp)
ffffffff8035977c: 4c 89 65 e0 mov
%r12,0xffffffffffffffe0(%rbp)
ffffffff80359780: 48 89 fb mov %rdi,%rbx
ffffffff80359783: 4c 89 6d e8 mov
%r13,0xffffffffffffffe8(%rbp)
ffffffff80359787: 4c 89 75 f0 mov
%r14,0xfffffffffffffff0(%rbp)
ffffffff8035978b: 49 89 f4 mov %rsi,%r12
ffffffff8035978e: 4c 89 7d f8 mov
%r15,0xfffffffffffffff8(%rbp)
ffffffff80359792: f7 47 50 07 20 00 00 testl $0x2007,0x50(%rdi)
ffffffff80359799: 49 89 d5 mov %rdx,%r13
ffffffff8035979c: 49 89 ce mov %rcx,%r14
ffffffff8035979f: 75 16 jne ffffffff803597b7
<ffs_itimes+0x47>
ffffffff803597a1: 48 8b 5d d8 mov
0xffffffffffffffd8(%rbp),%rbx
ffffffff803597a5: 4c 8b 65 e0 mov
0xffffffffffffffe0(%rbp),%r12
ffffffff803597a9: 4c 8b 6d e8 mov
0xffffffffffffffe8(%rbp),%r13
ffffffff803597ad: 4c 8b 75 f0 mov
0xfffffffffffffff0(%rbp),%r14
ffffffff803597b1: 4c 8b 7d f8 mov
0xfffffffffffffff8(%rbp),%r15
ffffffff803597b5: c9 leaveq
ffffffff803597b6: c3 retq
ffffffff803597b7: 4c 8d 7d c0 lea
0xffffffffffffffc0(%rbp),%r15
ffffffff803597bb: 4c 89 ff mov %r15,%rdi
ffffffff803597be: e8 5d fe 10 00 callq ffffffff80469620
<vfs_timestamp>
ffffffff803597c3: f6 43 50 01 testb $0x1,0x50(%rbx)
ffffffff803597c7: 74 43 je ffffffff8035980c
<ffs_itimes+0x9c>
ffffffff803597c9: 48 8b 43 40 mov 0x40(%rbx),%rax
ffffffff803597cd: 4d 85 e4 test %r12,%r12
ffffffff803597d0: 4d 0f 44 e7 cmove %r15,%r12
ffffffff803597d4: 48 83 78 18 01 cmpq $0x1,0x18(%rax)
ffffffff803597d9: 0f 84 ff 00 00 00 je ffffffff803598de
<ffs_itimes+0x16e>
ffffffff803597df: 49 63 04 24 movslq (%r12),%rax
ffffffff803597e3: 48 8b 93 e8 00 00 00 mov 0xe8(%rbx),%rdx
ffffffff803597ea: 48 89 42 20 mov %rax,0x20(%rdx)
ffffffff803597ee: 48 8b 43 40 mov 0x40(%rbx),%rax
ffffffff803597f2: 48 83 78 18 01 cmpq $0x1,0x18(%rax)
ffffffff803597f7: 0f 84 04 01 00 00 je ffffffff80359901
<ffs_itimes+0x191>
ffffffff803597fd: 48 8b 93 e8 00 00 00 mov 0xe8(%rbx),%rdx
ffffffff80359804: 49 8b 44 24 08 mov 0x8(%r12),%rax
ffffffff80359809: 89 42 44 mov %eax,0x44(%rdx)
ffffffff8035980c: f7 43 50 04 20 00 00 testl $0x2004,0x50(%rbx)
ffffffff80359813: 74 52 je ffffffff80359867
<ffs_itimes+0xf7>
ffffffff80359815: f6 83 d2 00 00 00 20 testb $0x20,0xd2(%rbx)
ffffffff8035981c: 75 42 jne ffffffff80359860
<ffs_itimes+0xf0>
ffffffff8035981e: 48 8b 43 40 mov 0x40(%rbx),%rax
ffffffff80359822: 4d 85 ed test %r13,%r13
ffffffff80359825: 4d 0f 44 ef cmove %r15,%r13
ffffffff80359829: 48 83 78 18 01 cmpq $0x1,0x18(%rax)
ffffffff8035982e: 0f 84 e1 00 00 00 je ffffffff80359915
<ffs_itimes+0x1a5>
ffffffff80359834: 49 63 45 00 movslq 0x0(%r13),%rax
ffffffff80359838: 48 8b 93 e8 00 00 00 mov 0xe8(%rbx),%rdx
ffffffff8035983f: 48 89 42 28 mov %rax,0x28(%rdx)
ffffffff80359843: 48 8b 43 40 mov 0x40(%rbx),%rax
ffffffff80359847: 48 83 78 18 01 cmpq $0x1,0x18(%rax)
ffffffff8035984c: 0f 84 d6 00 00 00 je ffffffff80359928
<ffs_itimes+0x1b8>
ffffffff80359852: 48 8b 93 e8 00 00 00 mov 0xe8(%rbx),%rdx
ffffffff80359859: 49 8b 45 08 mov 0x8(%r13),%rax
ffffffff8035985d: 89 42 40 mov %eax,0x40(%rdx)
ffffffff80359860: 48 ff 83 80 00 00 00 incq 0x80(%rbx)
ffffffff80359867: f7 43 50 02 20 00 00 testl $0x2002,0x50(%rbx)
ffffffff8035986e: 74 39 je ffffffff803598a9
<ffs_itimes+0x139>
ffffffff80359870: 48 8b 43 40 mov 0x40(%rbx),%rax
ffffffff80359874: 4d 85 f6 test %r14,%r14
ffffffff80359877: 4d 0f 44 f7 cmove %r15,%r14
ffffffff8035987b: 48 83 78 18 01 cmpq $0x1,0x18(%rax)
ffffffff80359880: 74 4d je ffffffff803598cf
<ffs_itimes+0x15f>
ffffffff80359882: 49 63 06 movslq (%r14),%rax
ffffffff80359885: 48 8b 93 e8 00 00 00 mov 0xe8(%rbx),%rdx
ffffffff8035988c: 48 89 42 30 mov %rax,0x30(%rdx)
ffffffff80359890: 48 8b 43 40 mov 0x40(%rbx),%rax
ffffffff80359894: 48 83 78 18 01 cmpq $0x1,0x18(%rax)
ffffffff80359899: 74 56 je ffffffff803598f1
<ffs_itimes+0x181>
ffffffff8035989b: 48 8b 93 e8 00 00 00 mov 0xe8(%rbx),%rdx
ffffffff803598a2: 49 8b 46 08 mov 0x8(%r14),%rax
ffffffff803598a6: 89 42 48 mov %eax,0x48(%rdx)
ffffffff803598a9: 8b 43 50 mov 0x50(%rbx),%eax
ffffffff803598ac: a9 01 20 00 00 test $0x2001,%eax
ffffffff803598b1: 74 06 je ffffffff803598b9
<ffs_itimes+0x149>
ffffffff803598b3: 83 c8 10 or $0x10,%eax
ffffffff803598b6: 89 43 50 mov %eax,0x50(%rbx)
ffffffff803598b9: a8 06 test $0x6,%al
ffffffff803598bb: 74 06 je ffffffff803598c3
<ffs_itimes+0x153>
ffffffff803598bd: 83 c8 08 or $0x8,%eax
ffffffff803598c0: 89 43 50 mov %eax,0x50(%rbx)
ffffffff803598c3: 81 63 50 f8 df ff ff andl $0xffffdff8,0x50(%rbx)
ffffffff803598ca: e9 d2 fe ff ff jmpq ffffffff803597a1
<ffs_itimes+0x31>
ffffffff803598cf: 48 8b 93 e8 00 00 00 mov 0xe8(%rbx),%rdx
ffffffff803598d6: 41 8b 06 mov (%r14),%eax
ffffffff803598d9: 89 42 20 mov %eax,0x20(%rdx)
ffffffff803598dc: eb b2 jmp ffffffff80359890
<ffs_itimes+0x120>
ffffffff803598de: 48 8b 93 e8 00 00 00 mov 0xe8(%rbx),%rdx
ffffffff803598e5: 41 8b 04 24 mov (%r12),%eax
ffffffff803598e9: 89 42 10 mov %eax,0x10(%rdx)
ffffffff803598ec: e9 fd fe ff ff jmpq ffffffff803597ee
<ffs_itimes+0x7e>
ffffffff803598f1: 48 8b 93 e8 00 00 00 mov 0xe8(%rbx),%rdx
ffffffff803598f8: 49 8b 46 08 mov 0x8(%r14),%rax
ffffffff803598fc: 89 42 24 mov %eax,0x24(%rdx)
ffffffff803598ff: eb a8 jmp ffffffff803598a9
<ffs_itimes+0x139>
ffffffff80359901: 48 8b 93 e8 00 00 00 mov 0xe8(%rbx),%rdx
ffffffff80359908: 49 8b 44 24 08 mov 0x8(%r12),%rax
ffffffff8035990d: 89 42 14 mov %eax,0x14(%rdx)
ffffffff80359910: e9 f7 fe ff ff jmpq ffffffff8035980c
<ffs_itimes+0x9c>
ffffffff80359915: 48 8b 93 e8 00 00 00 mov 0xe8(%rbx),%rdx
ffffffff8035991c: 41 8b 45 00 mov 0x0(%r13),%eax
ffffffff80359920: 89 42 18 mov %eax,0x18(%rdx)
ffffffff80359923: e9 1b ff ff ff jmpq ffffffff80359843
<ffs_itimes+0xd3>
ffffffff80359928: 48 8b 93 e8 00 00 00 mov 0xe8(%rbx),%rdx
ffffffff8035992f: 49 8b 45 08 mov 0x8(%r13),%rax
ffffffff80359933: 89 42 1c mov %eax,0x1c(%rdx)
ffffffff80359936: e9 25 ff ff ff jmpq ffffffff80359860
<ffs_itimes+0xf0>
ffffffff8035993b: 66 data16
ffffffff8035993c: 66 data16
ffffffff8035993d: 90 nop
ffffffff8035993e: 66 data16
ffffffff8035993f: 90 nop
Either I don't know how to use addr2line or there is something broken with
addr2line because all my attempts to resolve any address resulted in "??:0"
Related mail thread:
http://mail-index.netbsd.org/current-users/2008/12/16/msg006694.html
>How-To-Repeat:
boot, login, and umount the ffs filesystem mounted with log option
>Fix:
Home |
Main Index |
Thread Index |
Old Index