kernel panic with pmap_qremove()

John Baldwin jhb at freebsd.org
Fri Feb 10 10:01:33 PST 2006 

On Thursday 09 February 2006 15:04, Anton Barsukov wrote:
> On Wed, 8 Feb 2006 10:42:11 -0500
>
> John Baldwin <jhb at freebsd.org> wrote:
> > On Wednesday 08 February 2006 06:42, Anton Barsukov wrote:
> > > On Mon, 6 Feb 2006 14:58:33 -0500
> > >
> > > John Baldwin <jhb at freebsd.org> wrote:
> > > > On Saturday 28 January 2006 04:23, Anton Barsukov wrote:
> > > > > Hi everybody
> > > > >
> > > > > I install ports/benchmarks/forkbomb,
> > > > > when i run '%forkbomb -f', kernel panic.
> > > > >
> > > > > instruction pointer = pmap_qremove(sva=4290785280, count=0) at
> > > > > /usr/src/sys/i386/i386/pmap.c:896
> > > > >
> > > > > FreeBSD 6.0-RELEASE(GENERIC)  i386
> > > > > machine( MB -- P4P800SE,
> > > > > 	      CPU -- P4 3GHz,
> > > > > 	      RAM -- 2x512Mb )
> > > >
> > > > I wasn't able to reproduce this.  Are you still able to trigger this
> > > > panic?
> > > >
> > > > --
> > > > John Baldwin <jhb at FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
> > > > "Power Users Use the Power to Serve"  =  http://www.FreeBSD.org
> > >
> > > Yes, the panic still arises.
> > > When I start under the user, kernel panics, under su the panic not
> > > present. Custom kernel not panic.
> >
> > Hmm, the count=0 is suspect.  The line numbers don't seem to line up
> > though for pmap.c.  Can you compile in DDB and KDB and capture a stack
> > trace from ddb?
> >
> > --
> > John Baldwin <jhb at FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
> > "Power Users Use the Power to Serve"  =  http://www.FreeBSD.org
>
> Please, if it will help you.
> #0  doadump () at pcpu.h:165
> 165             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
> (kgdb) bt
> #0  doadump () at pcpu.h:165
> #1  0xc0690666 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
> #2  0xc069099a in panic (fmt=0xc08e0869 "from debugger") at
> /usr/src/sys/kern/kern_shutdown.c:555
> #3  0xc0470eb7 in db_panic (addr=-1064671193, have_addr=0, count=-1,
> modif=0xf7aba7fc "") at /usr/src/sys/ddb/db_command.c:438
> #4  0xc0470e30 in db_command (last_cmdp=0xc09b6a24, cmd_table=0x0,
> aux_cmd_tablep=0xc0934108, aux_cmd_tablep_end=0xc0934124)
> at /usr/src/sys/ddb/db_command.c:350 
> #5  0xc0470f21 in db_command_loop () at /usr/src/sys/ddb/db_command.c:458
> #6  0xc0472e5d in db_trap (type=12, code=0) at
> /usr/src/sys/ddb/db_main.c:221 
> #7  0xc06accaf in kdb_trap (type=0, code=0, tf=0xf7aba9b0) at
> /usr/src/sys/kern/subr_kdb.c:473
> #8  0xc08acaaa in trap_fatal (frame=0xf7aba9b0, eva=0) at
> /usr/src/sys/i386/i386/trap.c:822  
> #9  0xc08ac7d0 in trap_pfault (frame=0xf7aba9b0, usermode=0, eva=3221221376)
> at /usr/src/sys/i386/i386/trap.c:742
> #10 0xc08ac33e in trap (frame=
>       {tf_fs = -1065091064, tf_es = -1036058584, tf_ds = -986644440,
>       tf_edi = 256, tf_esi = -139744736, tf_ebp = -139744772,
>       tf_isp = -139744804, tf_ebx = -4194304, tf_edx = 1047552, tf_ecx = 0,
>       tf_eax = 935379203, tf_trapno = 12, tf_err = 2, tf_eip = -1064671193,
>       tf_cs = 32, tf_eflags = 66054, tf_esp = 2, tf_ss = -986631928}) at
> /usr/src/sys/i386/i386/trap.c:432
> #11 0xc08999ea in calltrap () at /usr/src/sys/i386/i386/exception.s:139
> #12 0xc08a6827 in pmap_qenter (sva=4290768896, m=0xf7abaa20, count=0) at
> pmap.h:270
> #13 0xc08341c5 in vm_thread_new (td=0x2, pages=2) at
> /usr/src/sys/vm/vm_glue.c:301
> #14 0xc069c18a in thread_init (mem=0xc5314a80, size=372, flags=259) at
> /usr/src/sys/kern/kern_thread.c:184

Now this traceback is in pmap_qenter() rather than pmap_qremove().  Still not 
sure why you are seeing a panic though.

-- 
John Baldwin <jhb at FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve"  =  http://www.FreeBSD.org

More information about the freebsd-hackers mailing list