197503 – Kernel panic during wake up from suspend to ram (pmap_copy)

Bug 197503 - Kernel panic during wake up from suspend to ram (pmap_copy)

Summary: Kernel panic during wake up from suspend to ram (pmap_copy)

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	CURRENT
Hardware:	amd64 Any

Importance:	--- Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-02-10 01:36 UTC by Danilo Egea Gondolfo
Modified:	2018-02-27 23:22 UTC (History)
CC List:	0 users

See Also:

Attachments
core.txt (212.92 KB, text/plain) 2015-02-10 01:36 UTC, Danilo Egea Gondolfo	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Danilo Egea Gondolfo freebsd_committer

2015-02-10 01:36:09 UTC

Created attachment 152827 [details]
core.txt

After dozen times using suspend to RAM... :(


Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0xfffffe758ffff000
fault code		= supervisor read data, page not present
instruction pointer	= 0x20:0xffffffff80961158
stack pointer	        = 0x28:0xfffffe0120a1d780
frame pointer	        = 0x28:0xfffffe0120a1d820
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 1581 (sh)


(kgdb) bt
#0  doadump (textdump=Unhandled dwarf expression opcode 0x93
) at pcpu.h:219
#1  0xffffffff8031abae in db_dump (dummy=<value optimized out>, dummy2=Unhandled dwarf expression opcode 0x93
) at /usr/src/sys/ddb/db_command.c:533
#2  0xffffffff8031a68c in db_command (cmd_table=0x0) at /usr/src/sys/ddb/db_command.c:440
#3  0xffffffff8031a3f4 in db_command_loop () at /usr/src/sys/ddb/db_command.c:493
#4  0xffffffff8031cfb0 in db_trap (type=<value optimized out>, code=Unhandled dwarf expression opcode 0x93
) at /usr/src/sys/ddb/db_main.c:251
#5  0xffffffff8067074e in kdb_trap (type=Unhandled dwarf expression opcode 0x93
) at /usr/src/sys/kern/subr_kdb.c:654
#6  0xffffffff8096b739 in trap_fatal (frame=0xfffffe0120a1d6d0, eva=<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:856
#7  0xffffffff8096bab1 in trap_pfault (frame=0xfffffe0120a1d6d0, usermode=<value optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:678
#8  0xffffffff8096b0ee in trap (frame=0xfffffe0120a1d6d0) at /usr/src/sys/amd64/amd64/trap.c:426
#9  0xffffffff8094e7d2 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:235
#10 0xffffffff80961158 in pmap_copy (dst_pmap=0xfffff800ad55b8f8, src_pmap=0xfffff80002960ae8, dst_addr=<value optimized out>, 
    len=<value optimized out>, src_addr=<value optimized out>) at /usr/src/sys/amd64/amd64/pmap.c:581
#11 0xffffffff8092b20d in vmspace_fork (vm1=0xfffff800029609b0, fork_charge=0xfffffe0120a1d940) at /usr/src/sys/vm/vm_map.c:3192
#12 0xffffffff805f0e51 in fork1 (td=0xfffff80007d534a0, flags=20, pages=Cannot access memory at address 0x4
) at /usr/src/sys/kern/kern_fork.c:849
#13 0xffffffff805f0bbf in sys_fork (td=0xfffff80007d534a0, uap=<value optimized out>) at /usr/src/sys/kern/kern_fork.c:106
#14 0xffffffff8096c1a7 in amd64_syscall (td=0xfffff80007d534a0, traced=0) at subr_syscall.c:133
#15 0xffffffff8094eabb in Xfast_syscall () at /usr/src/sys/amd64/amd64/exception.S:395
#16 0x0000000800b4d56a in ?? ()
Previous frame inner to this frame (corrupt stack?)
Current language:  auto; currently minimal
(kgdb) frame 10
#10 0xffffffff80961158 in pmap_copy (dst_pmap=0xfffff800ad55b8f8, src_pmap=0xfffff80002960ae8, dst_addr=<value optimized out>, 
    len=<value optimized out>, src_addr=<value optimized out>) at /usr/src/sys/amd64/amd64/pmap.c:581
581		if (pdpe == NULL || (*pdpe & PG_V) == 0)
(kgdb) l
576		pdp_entry_t *pdpe;
577		pt_entry_t PG_V;
578	
579		PG_V = pmap_valid_bit(pmap);
580		pdpe = pmap_pdpe(pmap, va);
581		if (pdpe == NULL || (*pdpe & PG_V) == 0)
582			return (NULL);
583		return (pmap_pdpe_to_pde(pdpe, va));
584	}
585	
(kgdb) p pdpe
$1 = <value optimized out>
(kgdb) p *pdpe
Cannot access memory at address 0xa5a5a5a5a5a5a5a5

Comment 1 Danilo Egea Gondolfo freebsd_committer

2015-02-20 16:22:21 UTC

Again, on ZFS this time:

Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address	= 0x38
fault code		= supervisor read data, page not present
instruction pointer	= 0x20:0xffffffff81273f23
stack pointer	        = 0x28:0xfffffe01202a0980
frame pointer	        = 0x28:0xfffffe01202a09b0
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 5 (arc_reclaim_thread)

(kgdb) bt
#0  doadump (textdump=Unhandled dwarf expression opcode 0x93
) at pcpu.h:219
#1  0xffffffff8031adee in db_dump (dummy=<value optimized out>, dummy2=Unhandled dwarf expression opcode 0x93
) at /usr/src/sys/ddb/db_command.c:533
#2  0xffffffff8031a8cc in db_command (cmd_table=0x0) at /usr/src/sys/ddb/db_command.c:440
#3  0xffffffff8031a634 in db_command_loop () at /usr/src/sys/ddb/db_command.c:493
#4  0xffffffff8031d1f0 in db_trap (type=<value optimized out>, code=Unhandled dwarf expression opcode 0x93
) at /usr/src/sys/ddb/db_main.c:251
#5  0xffffffff806724ee in kdb_trap (type=Unhandled dwarf expression opcode 0x93
) at /usr/src/sys/kern/subr_kdb.c:654
#6  0xffffffff8096d469 in trap_fatal (frame=0xfffffe01202a08d0, eva=<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:856
#7  0xffffffff8096d7e1 in trap_pfault (frame=0xfffffe01202a08d0, usermode=<value optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:678
#8  0xffffffff8096ce1e in trap (frame=0xfffffe01202a08d0) at /usr/src/sys/amd64/amd64/trap.c:426
#9  0xffffffff80950472 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:235
#10 0xffffffff81273f23 in dbuf_destroy (db=0xfffff80107f000e0) at /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dbuf.c:1826
#11 0xffffffff812786b1 in dbuf_do_evict (private=<value optimized out>)
    at /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dbuf.c:1792
#12 0xffffffff8126bc61 in arc_do_user_evicts () at /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/arc.c:2484
#13 0xffffffff8126f1bf in arc_reclaim_thread (dummy=0x0) at /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/arc.c:2785
#14 0xffffffff805f42ca in fork_exit (callout=0xffffffff8126ef90 <arc_reclaim_thread>, arg=0x0, frame=0xfffffe01202a0ac0)
    at /usr/src/sys/kern/kern_fork.c:996
#15 0xffffffff809509ae in fork_trampoline () at /usr/src/sys/amd64/amd64/exception.S:610
#16 0x0000000000000000 in ?? ()

(kgdb) frame 10
#10 0xffffffff81273f23 in dbuf_destroy (db=0xfffff80107f000e0) at /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dbuf.c:1826
1826			dbuf_hash_remove(db);

(kgdb) p *db
$1 = {db = {db_object = 4593513014824267775, db_offset = 18446744071562051071, db_size = 17255535289300942782, db_data = 0x0}, 
  db_objset = 0xfffff80007474c00, db_dnode_handle = 0x0, db_parent = 0xfffff8010baf9380, db_hash_next = 0x0, db_blkid = 0, 
  db_blkptr = 0x0, db_level = 0 '\0', db_mtx = {lock_object = {lo_name = 0xffffffff8137234d "db->db_mtx", lo_flags = 40960000, 
      lo_data = 0, lo_witness = 0x0}, sx_lock = 1}, db_state = DB_EVICTING, db_holds = {rc_count = 0}, db_buf = 0x0, db_changed = {
    cv_description = 0xffffffff81372359 "db->db_changed", cv_waiters = 0}, db_data_pending = 0x0, db_last_dirty = 0x0, db_link = {
    avl_child = {0x0, 0x0}, avl_pcb = 1}, db_user_ptr = 0x0, db_evict_func = 0, db_immediate_evict = 0 '\0', 
  db_freed_in_flight = 0 '\0', db_dirtycnt = 0 '\0'}

Comment 2 Danilo Egea Gondolfo freebsd_committer

2018-02-27 23:22:11 UTC

Closing. Not sure if it was fixed but it never happened again.