port-i386: panic: trap on 4MB 386 under heavy load

Subject: panic: trap on 4MB 386 under heavy load
To: None <current-users@NetBSD.ORG, port-i386@NetBSD.ORG>
From: Dave Huang <khym@bga.com>
List: port-i386
Date: 03/09/1997 22:53:59
Hi, I've got a 4MB 386 that seems to crash if I try to ftp while it's
paging/thrashing (and with 4MB of RAM, it thrashes fairly often :) I don't
normally have a monitor hooked up to it, and I don't have DDB in the
kernel, so all I get is a "savecore: reboot after panic: trap" message in
/var/log/messages. Shouldn't the diagnostic info it prints before it
panics get logged too? Anyways, I hooked a monitor up to it and was able
to get it to panic again... it says:

vm_fault(f8284000, f8287000, 1, 0) -> 1

followed by a register dump that I didn't have time to write down. I've
also got a couple of core files and a kernel with debugging symbols in it
if anyone wants to take a look.

BTW, how is one supposed to use a kernel with debugging info? I did gdb -k
netbsd.gdb netbsd.7.core, but the stack trace doesn't look right. I think
I was able to trace it by hand by looking at the contents of
dumppcb.pcb_tss.tss_ebp and working my way back, but that's not very
convenient :) Doing a "frame dumppcb.pcb_tss.tss_ebp" doesn't work either.

Assuming I did this correctly, in one core dump, struct trapframe in
arch/i386/i386/trap.c:trap() is:

$2 = {tf_es = 0xf8290010, tf_ds = 0xf8200010, tf_edi = 0xf8292718, 
  tf_esi = 0xf8201a18, tf_ebp = 0xf98039f8, tf_ebx = 0xf86b5800, 
  tf_edx = 0xe00044e2, tf_ecx = 0xf8697fdc, tf_eax = 0xe00044e2, 
  tf_trapno = 0x6, tf_err = 0xf86b0000, tf_eip = 0xf814f457, 
  tf_cs = 0xf8140008, tf_eflags = 0x10296, tf_esp = 0xf8201a18, 
  tf_ss = 0xf86b5800, tf_vm86_es = 0x10000000, tf_vm86_ds = 0xa, 
  tf_vm86_fs = 0xf86cf2e0, tf_vm86_gs = 0xf8697fdc}

And tf_eip (0xf814f457) is in pppstart (../../../../net/ppp_tty.c:673):
672                 /* Finished with this mbuf; free it and move on. */
673                 MFREE(m, m2);
674                 m = m2;

And in another core dump, struct trapframe is:
$2 = {tf_es = 0xf8c90010, tf_ds = 0xf97f0010, tf_edi = 0xf8120b48, 
  tf_esi = 0xf86f2700, tf_ebp = 0xf97f0b9c, tf_ebx = 0x0, tf_edx = 0xc0000000, 
  tf_ecx = 0x80000000, tf_eax = 0xf86f0000, tf_trapno = 0x6, 
  tf_err = 0xb3b70000, tf_eip = 0xf816256c, tf_cs = 0xf8160008, 
  tf_eflags = 0x10217, tf_esp = 0xf81f808c, tf_ss = 0xf81f7f88, 
  tf_vm86_es = 0x80000000, tf_vm86_ds = 0xf97f0bbc, tf_vm86_fs = 0xf8120b7d, 
  tf_vm86_gs = 0xf8c9b050}

and tf_eip (0xf816256c) is in tcp_fasttimo
(../../../../netinet/tcp_timer.c:82):
81                  inp = inp->inp_queue.cqe_next) {
82                      if ((tp = (struct tcpcb *)inp->inp_ppcb) &&
83                          (tp->t_flags & TF_DELACK)) {

I'm sure I can make more core files on request :)

My system is running a NetBSD 1.2C kernel from March 7.

Name: Dave Huang     |   Mammal, mammal / their names are called /
INet: khym@bga.com   |   they raise a paw / the bat, the cat /
FurryMUCK: Dahan     |   dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 21 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++