NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
port-amd64/52222: One-off kernel panic in x86 pmap
>Number: 52222
>Category: port-amd64
>Synopsis: One-off kernel panic in x86 pmap
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: port-amd64-maintainer
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon May 08 22:40:00 +0000 2017
>Originator: coypu
>Release: NetBSD 7.99.70
>Organization:
>Environment:
NetBSD loggy 7.99.70 NetBSD 7.99.70 (GENERIC) #5: Sat Apr 22 11:50:07 IDT 2017 fly@loggy:/home/fly/amd64/sys/arch/amd64/compile/GENERIC amd64
>Description:
Under very heavy load (make -j20)
I have a netbsd.gdb and a netbsd.core
uvm_fault(0xfffffe83eaec7e68, 0x7fbbb2ada000, 1) -> e
fatal page fault in supervisor mode
trap type 6 code 0 rip 0xffffffff8023bdf7 cs 0x8 rflags 0x10206 cr2 0x7fbbb2ada5c0 ilevel 0 rsp
0xfffffe811df58bd0
curlwp 0xfffffe84480bca80 pid 252.1 lowest kstack 0xfffffe811df552c0
Not in crash but in ddb it said:
Stopped in pid 252.1 (cc1plus) at netbsd:pmap_extract.part.7+0xa5: m
ovq 0(%rdx,%rax,0),%rdx
dumping to dev 0,1 (offset=1664, size=4150224):
dump
crash> bt
_KERNEL_OPT_NARCNET() at 0
_KERNEL_OPT_NARCNET() at 0
db_reboot_cmd() at db_reboot_cmd
db_command() at db_command+0xeb
db_command_loop() at db_command_loop+0x90
db_trap() at db_trap+0xe3
kdb_trap() at kdb_trap+0xe1
trap() at trap+0x62e
--- trap (number 6) ---
pmap_extract.part.7() at pmap_extract.part.7+0xa5
uvm_fault_internal() at uvm_fault_internal+0x477
trap() at trap+0x29c
--- trap (number 6) ---
77655b4bb442:
(gdb) bt full
#0 0xffffffff80219f55 in cpu_reboot (howto=howto@entry=256, bootstr=bootstr@entry=0x0)
at /usr/src/sys/arch/amd64/amd64/machdep.c:674
syncdone = false
s = <optimized out>
#1 0xffffffff80748994 in db_sync_cmd (addr=<optimized out>, have_addr=<optimized out>,
count=<optimized out>, modif=<optimized out>) at /usr/src/sys/ddb/db_command.c:1380
No locals.
#2 0xffffffff8074915e in db_command (
last_cmdp=last_cmdp@entry=0xffffffff8146f700 <db_last_command>)
at /usr/src/sys/ddb/db_command.c:914
command = 0xffffffff80ff68b8 <db_command_table+696>
last_count = -2139043195
addr = -1644469844112
count = -2139043195
modif = "\000\000\000\000\000\000\000\000\n\000\000\000\000\000\000\000\220\207\365\035\376\377\377\070\n\377\377\377\377\240\207\365\035\376\377\377\n\000\000\000\000\000\000\nÀ\365\035\376\377\377\366\265t\377\377\377\377À\365\035\376\377\377DrS\377\377\377\377c\000\000\000\000\000\000\000\r\000\000\000\000\000\000\000ð\365\035\376\377\377\r\250t\377\377\377\377vø\021\377\377\377\377"
t = <optimized out>
have_addr = false
#3 0xffffffff807494c5 in db_command_loop () at /usr/src/sys/ddb/db_command.c:572
db_jmpbuf = {val = {0, -1644469843960, -1644469843840, -1644469843760,
-1644469843232, 0, 0, -2139843442}}
savejmp = 0x0
#4 0xffffffff8074ccde in db_trap (type=type@entry=6, code=code@entry=0)
at /usr/src/sys/ddb/db_trap.c:90
bkpt = false
watchpt = false
#5 0xffffffff80216a02 in kdb_trap (type=type@entry=6, code=code@entry=0,
regs=regs@entry=0xfffffe811df58ae0) at /usr/src/sys/arch/amd64/amd64/db_interface.c:227
dbreg = {tf_rdi = 131277207076864, tf_rsi = 18446744071576771232,
tf_rdx = 140187732541440, tf_r10 = 1, tf_r8 = 62597850,
tf_r9 = 18446744073709551604, tf_arg6 = 18446744071576771232,
tf_arg7 = 18446742443150645664, tf_arg8 = 0, tf_arg9 = 0, tf_rcx = 5870882919,
tf_r11 = 0, tf_r12 = 0, tf_r13 = 18446742443150645664,
tf_r14 = 18446742442830711424, tf_r15 = 0, tf_rbp = 18446742429239708688,
tf_rbx = 131277207076864, tf_rax = 32050099384, tf_gs = 51840, tf_fs = 39328,
tf_es = 34944, tf_ds = 35960, tf_trapno = 6, tf_err = 0,
tf_rip = 18446744071564410359, tf_cs = 8, tf_rflags = 66054,
tf_rsp = 18446742429239708624, tf_ss = 0}
#6 0xffffffff8021b549 in trap (frame=0xfffffe811df58ae0)
at /usr/src/sys/arch/amd64/amd64/trap.c:286
p = <optimized out>
pcb = <optimized out>
vframe = <optimized out>
ksi = {ksi_flags = 1, ksi_list = {tqe_next = 0x0, tqe_prev = 0x0}, ksi_info = {
_signo = 11, _code = 2, _errno = 0, _pad = 0, _reason = {_rt = {_pid = 0,
_uid = 0, _value = {sival_int = 6, sival_ptr = 0x6}}, _child = {_pid = 0,
_uid = 0, _status = 6, _utime = 0, _stime = 0}, _fault = {_addr = 0x0,
_trap = 6, _trap2 = 0, _trap3 = 0}, _poll = {_band = 0, _fd = 6}}},
ksi_lid = 0}
onfault = <optimized out>
type = 6
error = <optimized out>
cr2 = <optimized out>
pfail = <optimized out>
#7 0xffffffff8020113e in alltraps ()
No symbol table info available.
#8 0xffffffff8023bdf7 in pmap_extract (pmap=0xfffffe845b1d99a0, va=131277207076864, pap=0x0)
at /usr/src/sys/arch/x86/x86/pmap.c:2996
ptes = 0x7f8000000000
pte = <optimized out>
pde = 5870882919
pdes = 0xffffffff80e05aa0 <normal_pdes>
pmap2 = 0x0
ci = <optimized out>
pa = 0
hard = <optimized out>
rv = false
#9 0xffffffff8023beb2 in pmap_extract (pmap=<optimized out>, va=va@entry=131277207076864,
pap=pap@entry=0x0) at /usr/src/sys/arch/x86/x86/pmap.c:3013
No locals.
#10 0xffffffff80904caa in uvm_fault_upper_lookup (pages=0xfffffe811df58d60, anons=0x0,
flt=0xfffffe811df58c78, ufi=0xfffffe811df58ca8) at /usr/src/sys/uvm/uvm_fault.c:1161
anon = <optimized out>
pg = <optimized out>
amap = 0x0
lcv = 0
currva = 131277207076864
shadowed = false
#11 uvm_fault_internal (orig_map=orig_map@entry=0xfffffe83eaec7e68,
vaddr=vaddr@entry=131277207089152, access_type=access_type@entry=4,
fault_flag=fault_flag@entry=0) at /usr/src/sys/uvm/uvm_fault.c:849
cd = <optimized out>
ucpu = <optimized out>
ufi = {orig_map = 0xfffffe83eaec7e68, orig_rvaddr = 131277207089152,
orig_size = 4096, map = 0xfffffe83eaec7e68, mapv = 3606,
entry = 0xfffffe830cc636c8, size = 4096}
flt = {access_type = 4, startva = 131277207076864, npages = 8, centeridx = 3,
narrow = true, wire_mapping = false, wire_paging = false, cow_now = false,
enter_prot = 5, anon_spare = 0x0, promote = false}
maxprot = false
anons_store = {0xfffffe83b3dd2dc8, 0xfffffe821fb2e140, 0xfffffe83428ddf40, 0x0,
0xfffffe83dcaed7a8, 0xfffffe820d3371e0, 0xfffffe820d3371c0, 0xfffffe820d3371a0,
0xfffffe812778d548, 0x0, 0xfffffe811df58d70, 0xffffffff809ecc36 <VOP_UNLOCK+96>,
0xfffffe812778d548, 0x1df58df0, 0xffffffff81050b80 <vop_unlock_desc>,
0xfffffe812778d548}
anons = <optimized out>
pages_store = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0,
0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff,
0x49, 0x8000, 0x8000, 0x0, 0xfffffe811df58dd0,
0xffffffff80962013 <kpreempt_disabled+46>, 0xfffffe811df58e30,
0xffffffff8023e4a6 <pmap_tlb_shootnow+22>}
pages = 0xfffffe811df58d60
error = <optimized out>
#12 0xffffffff8021b1b7 in trap (frame=0xfffffe811df58f00)
at /usr/src/sys/arch/amd64/amd64/trap.c:578
va = 131277207089152
vm = 0xfffffe83eaec7e68
map = 0xfffffe83eaec7e68
ftype = <optimized out>
p = 0xfffffe84444c93d8
pcb = <optimized out>
vframe = <optimized out>
ksi = {ksi_flags = 18446742429239709336, ksi_list = {
tqe_next = 0xffffffff8092cd66 <statclock+294>, tqe_prev = 0xfffffe84480bca80},
ksi_info = {_signo = -2137601515, _code = -1, _errno = 502632184, _pad = -383,
_reason = {_rt = {_pid = 485253184, _uid = 4294966913, _value = {
sival_int = 502632184, sival_ptr = 0xfffffe811df58ef8}}, _child = {
_pid = 485253184, _uid = 4294966913, _status = 502632184,
_utime = 4294966913, _stime = 1208732288}, _fault = {
_addr = 0xfffffe811cec6040, _trap = 502632184, _trap2 = -383,
_trap3 = 1208732288}, _poll = {_band = -1644487221184, _fd = 502632184}}},
ksi_lid = 502632168}
onfault = 0x0
type = 262
error = <optimized out>
cr2 = 131277207090242
pfail = <optimized out>
#13 0xffffffff8020113e in alltraps ()
No symbol table info available.
>How-To-Repeat:
No idea.
>Fix:
??
One thing I can see is that the hard path in pmap_extract
seems to include a check for the easy path too, but with a
less strict check, but that doesn't seem too relevant.
ptepp / pte seems like it will always be PTE_BASE.
Home |
Main Index |
Thread Index |
Old Index