Subject: port-i386/35150: panic: kernel diagnostic assertion "pmap->pm_pdirpa == rcr3()" failed
To: None <port-i386-maintainer@netbsd.org, gnats-admin@netbsd.org,>
From: None <he@NetBSD.org>
List: netbsd-bugs
Date: 11/28/2006 23:45:02
>Number: 35150
>Category: port-i386
>Synopsis: panic: kernel diagnostic assertion "pmap->pm_pdirpa == rcr3()" failed
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: port-i386-maintainer
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Nov 28 23:45:02 +0000 2006
>Originator: Havard Eidnes
>Release: NetBSD 3.1_STABLE
>Organization:
Trying...
>Environment:
System: NetBSD quattro.urc.uninett.no 3.1_STABLE NetBSD 3.1_STABLE (QUATTRO) #1: Tue Nov 21 02:34:49 CET 2006 he@quattro.urc.uninett.no:/usr/obj/sys/arch/i386/compile/QUATTRO i386
Architecture: i386
Machine: i386
>Description:
While trying to dig up information on a deadlock, I turned on
DIAGNOSTIC and LOCKDEBUG.
This has however now twice resulted in a panic apparently
unrelated to the deadlock.
This machine is, when it's up, doing UPDATE rebuilds of
NetBSD-current, one per CPU.
Here's the console log (with some substitution to get it all here):
panic: kernel diagnostic assertion "pmap->pm_pdirpa == rcr3()" failed: file "/usr/src/sys/arch/i386/i386/pmap.c", line 2151
Stopped in pid 16830.1 (sh) at netbsd:cpu_Debugger+0x4: leave
db{2}: tra
cpu_Debugger(0,0,d27b7cbc,d40146a4,d6fe3594) at netbsd:cpu_Debugger+0x4
panic(c083f5e0,c07952a0,c07aec47,c080b9c0,867) at netbsd:panic+0x121
__main(c07952a0,c080b9c0,867,c07aec47,211) at netbsd:__main
pmap_deactivate2(d51a863c,0,d27b7d0c,c03aa391,c08d3a78) at netbsd:pmap_deactivate2+0x63
uvm_proc_exit(d6fe3594,ce438140,0,246,d35d47e8) at netbsd:uvm_proc_exit+0x26
exit1(d51a863c,e06,40000,0,0) at netbsd:exit1+0x256
sys_execve(d51a863c,d27b7f64,d27b7f5c,c0851b04,c039ccdb) at netbsd:sys_execve+0xc0a
syscall_plain() at netbsd:syscall_plain+0x1a5
--- syscall (number 59) ---
0xbdb2b1af:
db{2}: machine cpu 0
using CPU 0
db{2}: tra
_kernel_lock(0,d33f7f64,c,c0851870,c08d81b0) at netbsd:_kernel_lock+0xda
syscall_plain() at netbsd:syscall_plain+0x193
--- syscall (number 4) ---
0x38803:
db{2}: machine cpu 1
using CPU 1
db{2}: tra
__cpu_simple_lock_try(c08d20cc,c36b4500,3,202,c0100f9e) at netbsd:__cpu_simple_lock_try+0xd
_simple_lock_try(c08d20cc,c07a7c94,585,0,c08538d4) at netbsd:_simple_lock_try+0x3e
_kernel_lock(0,d2862f64,18,c08521b8,282) at netbsd:_kernel_lock+0xa9
syscall_plain() at netbsd:syscall_plain+0x193
--- syscall (number 202) ---
0xbdba5ffb:
db{2}: machine cpu 2
using CPU 2
db{2}: tra
cpu_Debugger(0,0,d27b7cbc,d40146a4,d6fe3594) at netbsd:cpu_Debugger+0x4
panic(c083f5e0,c07952a0,c07aec47,c080b9c0,867) at netbsd:panic+0x121
__main(c07952a0,c080b9c0,867,c07aec47,211) at netbsd:__main
pmap_deactivate2(d51a863c,0,d27b7d0c,c03aa391,c08d3a78) at netbsd:pmap_deactivate2+0x63
uvm_proc_exit(d6fe3594,ce438140,0,246,d35d47e8) at netbsd:uvm_proc_exit+0x26
exit1(d51a863c,e06,40000,0,0) at netbsd:exit1+0x256
sys_execve(d51a863c,d27b7f64,d27b7f5c,c0851b04,c039ccdb) at netbsd:sys_execve+0xc0a
syscall_plain() at netbsd:syscall_plain+0x1a5
--- syscall (number 59) ---
0xbdb2b1af:
db{2}: machine cpu 3
using CPU 3
db{2}: tra
__cpu_simple_lock_try(c08d20cc,c36b0030,10,297,c) at netbsd:__cpu_simple_lock_try+0xd
_simple_lock_try(c08d20cc,c07a7c94,585,7,f443a) at netbsd:_simple_lock_try+0x3e
_kernel_lock(42,c3d20010,c08d0010,d26c0030,10) at netbsd:_kernel_lock+0xa9
intr_biglock_wrapper(c3b53700,4,10,30,10) at netbsd:intr_biglock_wrapper+0x11
Xintr_ioapic_level20() at netbsd:Xintr_ioapic_level20+0xa0
--- interrupt ---
Xspllower(4,c07a7c94,585,246,d26c6e9c) at netbsd:Xspllower+0xe
_kernel_lock(42,c0140122,246,0,d26c6eec) at netbsd:_kernel_lock+0xfd
x86_softintlock(ce1d0010,30,10,d26c0010,c) at netbsd:x86_softintlock+0xd
DDB lost frame for netbsd:Xsoftclock+0x18, trying 0xd26c6ea0
Xsoftclock() at netbsd:Xsoftclock+0x18
--- interrupt ---
Bad frame pointer: 0xc0860160
0x7:
db{2}: reboot 104
dumping to dev 19,1 offset 931214
...
Core file is available for further inspection.
Dmesg from machine:
Press return to boot now, any other key for boot menu
booting hd0a:netbsd - starting in 0
7600728+305508+374868 [377152+351822]=0x899474
BIOS CFG: Model-SubM-Rev: fc-01-00, 0x74<EBDA,KBDINT,RTC,IC2>
Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
The NetBSD Foundation, Inc. All rights reserved.
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.
NetBSD 3.1_STABLE (QUATTRO) #1: Tue Nov 21 02:34:49 CET 2006
he@quattro.urc.uninett.no:/usr/obj/sys/arch/i386/compile/QUATTRO
total memory = 2047 MB
avail memory = 1973 MB
BIOS32 rev. 0 found at 0xffe90
mainbus0 (root)
mainbus0: Intel MP Specification (Version 1.4) (DELL POWEREDGE A2)
cpu0 at mainbus0: apid 3 (boot processor)
cpu0: Intel Pentium III Xeon (686-class), 699.35 MHz, id 0x6a1
cpu0: features 383fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR>
cpu0: features 383fbff<PGE,MCA,CMOV,PAT,PSE36,MMX>
cpu0: features 383fbff<FXSR,SSE>
cpu0: I-cache 16 KB 32B/line 4-way, D-cache 16 KB 32B/line 4-way
cpu0: L2 cache 2 MB 32B/line 8-way
cpu0: ITLB 32 4 KB entries 4-way, 2 4 MB entries fully associative
cpu0: DTLB 64 4 KB entries 4-way, 8 4 MB entries 4-way
cpu0: calibrating local timer
cpu0: apic clock running at 99 MHz
cpu0: 64 page colors
cpu1 at mainbus0: apid 0 (application processor)
cpu1: starting
cpu1: Intel Pentium III Xeon (686-class), 699.29 MHz, id 0x6a1
cpu1: features 383fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR>
cpu1: features 383fbff<PGE,MCA,CMOV,PAT,PSE36,MMX>
cpu1: features 383fbff<FXSR,SSE>
cpu1: I-cache 16 KB 32B/line 4-way, D-cache 16 KB 32B/line 4-way
cpu1: L2 cache 2 MB 32B/line 8-way
cpu1: ITLB 32 4 KB entries 4-way, 2 4 MB entries fully associative
cpu1: DTLB 64 4 KB entries 4-way, 8 4 MB entries 4-way
cpu2 at mainbus0: apid 2 (application processor)
cpu2: starting
cpu2: Intel Pentium III Xeon (686-class), 699.29 MHz, id 0x6a1
cpu2: features 383fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR>
cpu2: features 383fbff<PGE,MCA,CMOV,PAT,PSE36,MMX>
cpu2: features 383fbff<FXSR,SSE>
cpu2: I-cache 16 KB 32B/line 4-way, D-cache 16 KB 32B/line 4-way
cpu2: L2 cache 2 MB 32B/line 8-way
cpu2: ITLB 32 4 KB entries 4-way, 2 4 MB entries fully associative
cpu2: DTLB 64 4 KB entries 4-way, 8 4 MB entries 4-way
cpu3 at mainbus0: apid 1 (application processor)
cpu3: starting
cpu3: Intel Pentium III Xeon (686-class), 699.29 MHz, id 0x6a1
cpu3: features 383fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR>
cpu3: features 383fbff<PGE,MCA,CMOV,PAT,PSE36,MMX>
cpu3: features 383fbff<FXSR,SSE>
cpu3: I-cache 16 KB 32B/line 4-way, D-cache 16 KB 32B/line 4-way
cpu3: L2 cache 2 MB 32B/line 8-way
cpu3: ITLB 32 4 KB entries 4-way, 2 4 MB entries fully associative
cpu3: DTLB 64 4 KB entries 4-way, 8 4 MB entries 4-way
mpbios: bus 0 is type PCI
mpbios: bus 1 is type PCI
mpbios: bus 2 is type PCI
mpbios: bus 3 is type PCI
mpbios: bus 4 is type PCI
mpbios: bus 5 is type PCI
mpbios: bus 6 is type PCI
mpbios: bus 7 is type PCI
mpbios: bus 8 is type PCI
mpbios: bus 9 is type PCI
mpbios: bus 10 is type PCI
mpbios: bus 11 is type PCI
mpbios: bus 12 is type PCI
mpbios: bus 13 is type PCI
mpbios: bus 14 is type PCI
mpbios: bus 15 is type PCI
mpbios: bus 16 is type PCI
mpbios: bus 17 is type PCI
mpbios: bus 18 is type PCI
mpbios: bus 19 is type PCI
mpbios: bus 20 is type ISA
ioapic0 at mainbus0 apid 4 (I/O APIC)
ioapic0: pa 0xfec00000, version 11, 16 pins
ioapic0: misconfigured as apic 0
ioapic0: remapped to apic 4
ioapic1 at mainbus0 apid 5 (I/O APIC)
ioapic1: pa 0xfec01000, version 11, 16 pins
ioapic1: misconfigured as apic 0
ioapic1: remapped to apic 5
pci0 at mainbus0 bus 0: configuration mode 1
pci0: i/o space, memory space enabled, rd/line, rd/mult, wr/inv ok
pchb0 at pci0 dev 0 function 0
pchb0: ServerWorks CNB20-HE PCI bridge (rev. 0x21)
pchb1 at pci0 dev 0 function 1
pchb1: ServerWorks CNB20-HE PCI bridge (rev. 0x01)
pchb2 at pci0 dev 0 function 2
pchb2: ServerWorks CNB30-LE PCI bridge (rev. 0x00)
pci1 at pchb2 bus 3
pci1: i/o space, memory space enabled, rd/line, rd/mult, wr/inv ok
ppb0 at pci1 dev 9 function 0: Digital Equipment DC21152 PCI-PCI Bridge (rev. 0x03)
pci2 at ppb0 bus 4
pci2: i/o space, memory space enabled, rd/line, wr/inv ok
fxp0 at pci2 dev 4 function 0: i82558 Ethernet, rev 5
fxp0: interrupting at ioapic1 pin 7 (irq 11)
fxp0: Ethernet address 00:03:47:71:ba:a2
inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 0
inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp1 at pci2 dev 5 function 0: i82558 Ethernet, rev 5
fxp1: interrupting at ioapic1 pin 11 (irq 10)
fxp1: Ethernet address 00:03:47:71:ba:a3
inphy1 at fxp1 phy 1: i82555 10/100 media interface, rev. 0
inphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
ppb1 at pci1 dev 11 function 0: Intel i960 RN PCI-PCI (rev. 0x01)
pci3 at ppb1 bus 5
pci3: i/o space, memory space enabled, rd/line, wr/inv ok
amr0 at pci1 dev 11 function 1: AMI RAID <Series 467>
amr0: interrupting at ioapic1 pin 9 (irq 10)
amr0: firmware <1.01>, BIOS <1p00>, 64MB RAM
ld0 at amr0 unit 0: RAID 5, optimal
ld0: 51834 MB, 6607 cyl, 255 head, 63 sec, 512 bytes/sect x 106156032 sectors
pchb3 at pci0 dev 0 function 3
pchb3: ServerWorks CNB30-LE PCI bridge (rev. 0x00)
pci4 at pchb3 bus 14
pci4: i/o space, memory space enabled, rd/line, rd/mult, wr/inv ok
ppb2 at pci4 dev 13 function 0: Digital Equipment DC21154 PCI-PCI Bridge (rev. 0x05)
pci5 at ppb2 bus 15
pci5: i/o space, memory space enabled, rd/line, wr/inv ok
mly0 at pci5 dev 8 function 0: Mylex eXtremeRAID 3000
mly0: interrupting at ioapic1 pin 4 (irq 11)
mly0: controller initialization started
mly0: 3 physical channels, firmware 7.02-0-00 (20021213), 128MB RAM
scsibus0 at mly0 channel 0: 16 targets, 1 lun per target
scsibus1 at mly0 channel 1: 16 targets, 1 lun per target
scsibus2 at mly0 channel 2: 16 targets, 1 lun per target
scsibus3 at mly0 channel 3: 16 targets, 1 lun per target
scsibus4 at mly0 channel 4: 16 targets, 1 lun per target
vga1 at pci0 dev 4 function 0: ATI Technologies 3D Rage IIC (rev. 0x7a)
wsdisplay0 at vga1 kbdmux 1
wsmux1: connecting to wsdisplay0
ahc1 at pci0 dev 5 function 0: Adaptec aic7899 Ultra160 SCSI adapter
ahc1: interrupting at ioapic1 pin 1 (irq 11)
ahc1: aic7899: Ultra160 Wide Channel A, SCSI Id=7, 32/253 SCBs
scsibus5 at ahc1: 16 targets, 8 luns per target
ahc2 at pci0 dev 5 function 1: Adaptec aic7899 Ultra160 SCSI adapter
ahc2: interrupting at ioapic1 pin 2 (irq 10)
ahc2: aic7899: Ultra160 Wide Channel B, SCSI Id=7, 32/253 SCBs
scsibus6 at ahc2: 16 targets, 8 luns per target
fxp2 at pci0 dev 8 function 0: i82559 Ethernet, rev 8
fxp2: interrupting at ioapic1 pin 10 (irq 11)
fxp2: Ethernet address 00:b0:d0:49:8f:87
inphy2 at fxp2 phy 1: i82555 10/100 media interface, rev. 4
inphy2: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
pcib0 at pci0 dev 15 function 0
pcib0: ServerWorks OSB4 southbridge (rev. 0x4f)
rccide0 at pci0 dev 15 function 1
rccide0: ServerWorks OSB4 IDE Controller (rev. 0x00)
rccide0: bus-master DMA support present
rccide0: primary channel configured to compatibility mode
rccide0: primary channel interrupting at ioapic0 pin 14 (irq 14)
atabus0 at rccide0 channel 0
rccide0: secondary channel configured to compatibility mode
rccide0: secondary channel interrupting at ioapic0 pin 15 (irq 15)
atabus1 at rccide0 channel 1
ohci0 at pci0 dev 15 function 2: ServerWorks OSB4/CSB5 USB Host Controller (rev. 0x04)
ohci0: interrupting at ioapic0 pin 5 (irq 5)
ohci0: OHCI version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: ServerWorks OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 4 ports with 4 removable, self powered
isa0 at pcib0
lpt0 at isa0 port 0x378-0x37b irq 7
com0 at isa0 port 0x3f8-0x3ff irq 4: ns16550a, working fifo
com0: console
com1 at isa0 port 0x2f8-0x2ff irq 3: ns16550a, working fifo
pckbc0 at isa0 port 0x60-0x64
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
isapnp0 at isa0 port 0x279: ISA Plug 'n Play device support
npx0 at isa0 port 0xf0-0xff: using exception 16
fdc0 at isa0 port 0x3f0-0x3f7 irq 6 drq 2
isapnp0: no ISA Plug 'n Play devices found
ioapic0: enabling
ioapic1: enabling
fd0 at fdc0 drive 0: 1.44MB, 80 cyl, 2 head, 18 sec
Kernelized RAIDframe activated
scsibus5: waiting 2 seconds for devices to settle...
scsibus6: waiting 2 seconds for devices to settle...
atapibus0 at atabus0: 2 targets
sd0 at scsibus3 target 0 lun 0: <MYLEX, RAID 5, ONLN> disk fixed
cd0 at atapibus0 drive 0: <TEAC CD-ROM CD-224E, , 3.7D> cdrom removable
sd0: 237 GB, 660 cyl, 128 head, 5890 sec, 512 bytes/sect x 497631232 sectors
sd0: sync (50.00ns offset 8), 16-bit (40.000MB/s) transfers, tagged queueing
cd0: 32-bit data port
cd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 2 (Ultra/33)
cd0(rccide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2 (Ultra/33) (using DMA)
boot device: ld0
root on ld0a dumps on ld0b
root file system type: ffs
cpu1: CPU 0 running
cpu3: CPU 1 running
cpu2: CPU 2 running
>How-To-Repeat:
Run a DIAGNOSTIC kernel on an MP machine, and stress it with
rebuilds. Watch it occasionally panic as above.
>Fix:
Sorry, don't know.
>Unformatted: