From dillon@flea.best.net  Thu Nov 20 12:06:24 1997
Received: from flea.best.net (root@flea.best.net [206.184.139.131])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id MAA02442
          for <FreeBSD-gnats-submit@freebsd.org>; Thu, 20 Nov 1997 12:06:19 -0800 (PST)
          (envelope-from dillon@flea.best.net)
Received: (from dillon@localhost) by flea.best.net (8.8.7/8.7.3) id MAA05616; Thu, 20 Nov 1997 12:06:06 -0800 (PST)
Message-Id: <199711202006.MAA05616@flea.best.net>
Date: Thu, 20 Nov 1997 12:06:06 -0800 (PST)
From: Matt Dillon <dillon@best.net>
Reply-To: dillon@best.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: kernel page fault / crash in pmap_testbit
X-Send-Pr-Version: 3.2

>Number:         5110
>Category:       kern
>Synopsis:       kernel crash & core in pmap_testbit during pageout
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    dillon
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 20 12:10:01 PST 1997
>Closed-Date:    Mon Dec 10 14:34:31 PST 2001
>Last-Modified:  Mon Dec 10 14:35:24 PST 2001
>Originator:     Matt Dillon
>Release:        FreeBSD 2.2.5-STABLE i386
>Organization:
Best Internet Communications
>Environment:

	FreeBSD 2.2.5 running on PPro 200's

>Description:

	We had a kernel panic in the pagedaemon as shown below

...
#12 0xf01014e2 in db_command_loop () at ../../ddb/db_command.c:462
#13 0xf0103c28 in db_trap (type=0xc, code=0x0) at ../../ddb/db_trap.c:73
#14 0xf01b4e8b in kdb_trap (type=0xc, code=0x0, regs=0xefbffec4)
    at ../../i386/i386/db_interface.c:126
#15 0xf01bedbf in trap_fatal (frame=0xefbffec4) at ../../i386/i386/trap.c:738
#16 0xf01be8b8 in trap_pfault (frame=0xefbffec4, usermode=0x0)
    at ../../i386/i386/trap.c:653
#17 0xf01be557 in trap (frame={tf_es = 0xf09a0010, tf_ds = 0xf0aa0010, 
      tf_edi = 0x7fffffff, tf_esi = 0x80000000, tf_ebp = 0xefbfff0c, 
      tf_isp = 0xefbffeec, tf_ebx = 0xf0c2c914, tf_edx = 0xf0a14120, 
      tf_ecx = 0x40, tf_eax = 0x0, tf_trapno = 0xc, tf_err = 0x0, 
      tf_eip = 0xf01bcde1, tf_cs = 0x8, tf_eflags = 0x10296, 
      tf_esp = 0xf0acc444, tf_ss = 0xf01e63e4}) at ../../i386/i386/trap.c:311
#18 0xf01bcde1 in pmap_testbit (pa=0x7016000, bit=0x40)
    at ../../i386/i386/pmap.c:2692
#19 0xf01bd191 in pmap_is_modified (pa=0x7016000)
    at ../../i386/i386/pmap.c:2908
#20 0xf01ad10d in vm_page_test_dirty (m=0xf0acc444) at ../../vm/vm_page.c:1262
#21 0xf01ae288 in vm_pageout_scan () at ../../vm/vm_pageout.c:644
#22 0xf01aeaf0 in vm_pageout () at ../../vm/vm_pageout.c:1013
#23 0xf010907a in kproc_start (udata=0xf01e3480) at ../../kern/init_main.c:244
#24 0xf0109018 in main (framep=0xefbfffb8) at ../../kern/init_main.c:194

    Additional information:  in frame #21

(kgdb) print m
$3 = (struct vm_page *) 0xf0acc444
(kgdb) print *m
$4 = {
  pageq = {
    tqe_next = 0xf0acc410, 
    tqe_prev = 0xf0ab8c78
  }, 
  hashq = {
    tqe_next = 0x0, 
    tqe_prev = 0xf0acc418
  }, 
  listq = {
    tqe_next = 0x0, 
    tqe_prev = 0xf0acc420
  }, 
  object = 0xf2265280, 
  pindex = 0x7, 
  phys_addr = 0x7016000, 
  queue = 0x81, 
  flags = 0x24, 
  pc = 0x16, 
  wire_count = 0x0, 
  hold_count = 0x0, 
  act_count = 0x0, 
  busy = 0x0, 
  valid = 0xff, 
  dirty = 0x0
}

(kgdb) print *m->object
$6 = {
  object_list = {
    tqe_next = 0xf2265400, 
    tqe_prev = 0xf2266800
  }, 
  cached_list = {
    tqe_next = 0x0, 
    tqe_prev = 0x0
  }, 
  shadow_head = {
    tqh_first = 0xf28be280, 
    tqh_last = 0xf2770518
  }, 
  shadow_list = {
    tqe_next = 0x0, 
    tqe_prev = 0xf2265410
  }, 
  memq = {
    tqh_first = 0xf0acc478, 
    tqh_last = 0xf0acc454
  }, 
  type = OBJT_SWAP, 
  size = 0x9, 
  ref_count = 0x8, 
  shadow_count = 0x7, 
  pg_color = 0x1f, 
  flags = 0x180, 
  paging_in_progress = 0x0, 
  behavior = 0x0, 
  resident_page_count = 0x9, 
  paging_offset = 0x0000000000000000, 
  backing_object = 0x0, 
  backing_object_offset = 0x0000000000000000, 
  last_read = 0x0, 
  page_hint = 0xf0acc374, 
  pager_object_list = {
    tqe_next = 0xf2266280, 
    tqe_prev = 0xf22657e4
  }, 
  handle = 0x0, 
  un_pager = {
    vnp = {
      vnp_size = 0x0000004800000002
    }, 
    devp = {
      devp_pglist = {
        tqh_first = 0x2, 
        tqh_last = 0x48
      }
    }, 
    swp = {
      swp_nblocks = 0x2, 
      swp_allocsize = 0x48, 
      swp_blocks = 0xf29b4580, 
      swp_poip = 0x0
    }
  }
}



>How-To-Repeat:

	no idea

>Fix:
	
	no idea

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->dillon 
Responsible-Changed-By: johan 
Responsible-Changed-When: Thu Aug 10 23:40:38 PDT 2000 
Responsible-Changed-Why:  
Let Matt handle his own PRs. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=5110 
State-Changed-From-To: open->closed 
State-Changed-By: dillon 
State-Changed-When: Mon Dec 10 14:34:31 PST 2001 
State-Changed-Why:  
probably fixed in 4.0 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=5110 
>Unformatted:
