From nobody@FreeBSD.org  Tue Apr 27 04:28:00 2004
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2436F16A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 27 Apr 2004 04:28:00 -0700 (PDT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1C2D143D62
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 27 Apr 2004 04:28:00 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.11/8.12.11) with ESMTP id i3RBRxmD061106
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 27 Apr 2004 04:27:59 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.11/8.12.11/Submit) id i3RBRxlp061105;
	Tue, 27 Apr 2004 04:27:59 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200404271127.i3RBRxlp061105@www.freebsd.org>
Date: Tue, 27 Apr 2004 04:27:59 -0700 (PDT)
From: Kostik Belousov <kostya@tessart.kiev.ua>
To: freebsd-gnats-submit@FreeBSD.org
Subject: kernel panic in pagedaemon (triggered by vmware ?)
X-Send-Pr-Version: www-2.3

>Number:         66024
>Category:       misc
>Synopsis:       kernel panic in pagedaemon (triggered by vmware ?)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 27 04:30:17 PDT 2004
>Closed-Date:    Tue Apr 27 04:42:09 PDT 2004
>Last-Modified:  Tue Apr 27 04:42:09 PDT 2004
>Originator:     Kostik Belousov
>Release:        Freebsd 4.10-RC
>Organization:
Tessart
>Environment:
FreeBSD deviant.tessart.kiev.ua 4.10-RC FreeBSD 4.10-RC #2: Mon Apr 26 10:35:45 EEST 2004     root@deviant.tessart.kiev.ua:/usr/obj/usr/src/sys/DEVIANT  i386
>Description:
I have installed fresh vmware port (vmware3-3.2.1.2242_6,1) on FreeBSD 4.10-RC. By short time (approx 5, max 10 minutes) after vmware started and guest OS finished loading, I consistently get the kernel panic.

IdlePTD at physical address 0x0039c000
initial pcb at physical address 0x002d5d80
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x24
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc022b573
stack pointer           = 0x10:0xd2d2af14
frame pointer           = 0x10:0xd2d2af84
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 3 (pagedaemon)
interrupt mask          = none
trap number             = 12
panic: page fault

syncing disks... 8
done


Backtrace:

#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1  0xc01645bb in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:316
#2  0xc01649f9 in panic (fmt=0xc02a838c "%s")
    at /usr/src/sys/kern/kern_shutdown.c:595
#3  0xc025848f in trap_fatal (frame=0xd2d2aed4, eva=36)
    at /usr/src/sys/i386/i386/trap.c:974
#4  0xc025813d in trap_pfault (frame=0xd2d2aed4, usermode=0, eva=36)
    at /usr/src/sys/i386/i386/trap.c:867
#5  0xc0257ce3 in trap (frame={tf_fs = -1058996208, tf_es = -1059389424, 
      tf_ds = -1063518192, tf_edi = 0, tf_esi = 0, tf_ebp = -757944444, 
      tf_isp = -757944576, tf_ebx = -1063086944, tf_edx = -1063088804, 
      tf_ecx = -1074786292, tf_eax = 0, tf_trapno = 12, tf_err = 0, 
      tf_eip = -1071467149, tf_cs = 8, tf_eflags = 66118, tf_esp = 0, 
      tf_ss = 0}) at /usr/src/sys/i386/i386/trap.c:466
#6  0xc022b573 in vm_pageout_scan (pass=0) at /usr/src/sys/vm/vm_pageout.c:1001
#7  0xc022bd63 in vm_pageout () at /usr/src/sys/vm/vm_pageout.c:1405

Code at the frame #6:

(kgdb) frame 6
#6  0xc022b573 in vm_pageout_scan (pass=0) at /usr/src/sys/vm/vm_pageout.c:1001
1001                    if (m->object->ref_count != 0) {
(kgdb) list
996
997                     /*
998                      * Check to see "how much" the page has been used.
999                      */
1000                    actcount = 0;
1001                    if (m->object->ref_count != 0) {
1002                            if (m->flags & PG_REFERENCED) {
1003                                    actcount += 1;
1004                            }
1005                            actcount += pmap_ts_referenced(m);


The problem is: at the frame #6, some page m has m -> object == 0 in the scanned page queue (dissasemble shows that variable m lives in %ebx):
(kgdb) p/x *(struct vm_page *)-1063086944
$5 = {pageq = {tqe_next = 0xc0a28d5c, tqe_prev = 0xc03012c0}, hnext = 0x0, 
  listq = {tqe_next = 0xc0a28d5c, tqe_prev = 0xd3c64184}, object = 0x0, <---- 
  pindex = 0x2c8, phys_addr = 0x15859000, md = {pv_list_count = 0x0, 
    pv_list = {tqh_first = 0x0, tqh_last = 0xc0a294c4}}, queue = 0x22, 
  flags = 0x0, pc = 0x19, wire_count = 0x0, hold_count = 0x0, act_count = 0xd, 
  busy = 0x0, valid = 0xff, dirty = 0xff}


>How-To-Repeat:
Run vmware with relatively large memory allocated for guest OS (I have 512Mb RAM and allocated 256 Mb for guest)
>Fix:
      
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: ceri 
State-Changed-When: Tue Apr 27 04:41:49 PDT 2004 
State-Changed-Why:  
Duplicate of kern/66025, which has a bit more info. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=66024 
>Unformatted:
