Date: Tue, 18 Oct 2005 21:48:36 -0400 From: Alex Goncharov <goncharov.alex@gmail.com> To: Gleb Smirnoff <glebius@freebsd.org> Cc: freebsd-bugs@freebsd.org Subject: Re: kern/87596: [panic] OS crash on a Firefox link click (FreeBSD 6.0-RC1, kernel with options) Message-ID: <a7255c1a0510181848reb11bd5p3232c15f50dfa5e0@mail.gmail.com> In-Reply-To: <200510181120.j9IBKutg040563@freefall.freebsd.org> References: <200510181120.j9IBKutg040563@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Let me know if more information is desirable -- thanks!
(I am assuming that cc:ing freebsd-bugs@freebsd.org is a good idea --
let me know if I this is not so.)
---------------------------------------------------------------------
kgdb kernel.debug /var/crash/vmcore.0
[GDB will not be able to debug user-mode threads:
/usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you ar=
e
welcome to change it and/or distribute copies of it under certain condition=
s.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
fault virtual address =3D 0x1c
fault code =3D supervisor read, page not present
instruction pointer =3D 0x20:0xc063711f
stack pointer =3D 0x28:0xdaa64c1c
frame pointer =3D 0x28:0xdaa64c24
code segment =3D base 0x0, limit 0xfffff, type 0x1b
=3D DPL 0, pres 1, def32 1, gran 1
processor eflags =3D interrupt enabled, resume, IOPL =3D 0
current process =3D 712 (firefox-bin)
trap number =3D 12
panic: page fault
Uptime: 10h18m38s
Dumping 511 MB (2 chunks)
chunk 0: 1MB (159 pages) ... ok
chunk 1: 511MB (130800 pages) 495 479 463 447 431 (CTRL-C to abort)=20
(CTRL-C to abort) (CTRL-C to abort) 415 399 383 367 351 335 319 303
287 271 255 239 223 207 191 175 159 (CTRL-C to abort) 143 (CTRL-C to
abort) (CTRL-C to abort) (CTRL-C to abort) (CTRL-C to abort)=20
(CTRL-C to abort) 127 (CTRL-C to abort) 111 95 (CTRL-C to abort)=20
(CTRL-C to abort) (CTRL-C to abort) 79 63 47 31 15
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=3Dr" (td));
(kgdb) bt
#0 doadump () at pcpu.h:165
#1 0xc0637ffa in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:3=
99
#2 0xc0638290 in panic (fmt=3D0xc084e142 "%s") at
/usr/src/sys/kern/kern_shutdown.c:555
#3 0xc08077f0 in trap_fatal (frame=3D0xdaa64bdc, eva=3D28) at
/usr/src/sys/i386/i386/trap.c:831
#4 0xc080755b in trap_pfault (frame=3D0xdaa64bdc, usermode=3D0, eva=3D28)
at /usr/src/sys/i386/i386/trap.c:742
#5 0xc0807199 in trap (frame=3D
{tf_fs =3D -1037959160, tf_es =3D -626655192, tf_ds =3D -1067188184,
tf_edi =3D -1037895808, tf_esi =3D 0, tf_ebp =3D -626635740, tf_isp =3D
-626635768, tf_ebx =3D 0, tf_edx =3D -1047044096, tf_ecx =3D -1037895808,
tf_eax =3D 0, tf_trapno =3D 12, tf_err =3D 0, tf_eip =3D -1067224801, tf_cs=
=3D
32, tf_eflags =3D 66178, tf_esp =3D -1040612096, tf_ss =3D 0})
at /usr/src/sys/i386/i386/trap.c:432
#6 0xc07f699a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7 0xc063711f in uihold (uip=3D0x0) at pcpu.h:165
#8 0xc0634ebd in crcopy (dest=3D0xc1f98500, src=3D0xc1f98500) at
/usr/src/sys/kern/kern_prot.c:1930
#9 0xc0634efc in crdup (cr=3D0xc1f98500) at /usr/src/sys/kern/kern_prot.c:=
1949
#10 0xc0693c87 in kern_access (td=3D0xc222f780, path=3D0x0,
pathseg=3DUIO_USERSPACE, flags=3D0)
at /usr/src/sys/kern/vfs_syscalls.c:1874
#11 0xc0693c69 in access (td=3D0xc222f780, uap=3D0x0) at
/usr/src/sys/kern/vfs_syscalls.c:1856
#12 0xc0807b07 in syscall (frame=3D
{tf_fs =3D 134611003, tf_es =3D 134676539, tf_ds =3D -1078001605,
tf_edi =3D 142274816, tf_esi =3D 150592228, tf_ebp =3D -1077944312, tf_isp =
=3D
-626635420, tf_ebx =3D 672962600, tf_edx =3D 142274816, tf_ecx =3D
155745584, tf_eax =3D 33, tf_trapno =3D 22, tf_err =3D 2, tf_eip =3D
679314647, tf_cs =3D 51, tf_eflags =3D 658, tf_esp =3D -1077944340, tf_ss =
=3D
59})
at /usr/src/sys/i386/i386/trap.c:976
#13 0xc07f69ef in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s=
:200
#14 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
---------------------------------------------------------------------------=
-------
On 10/18/05, Gleb Smirnoff <glebius@freebsd.org> wrote:
> Synopsis: [panic] OS crash on a Firefox link click (FreeBSD 6.0-RC1, kern=
el with options)
>
> State-Changed-From-To: open->feedback
> State-Changed-By: glebius
> State-Changed-When: Tue Oct 18 11:20:29 GMT 2005
> State-Changed-Why:
> Please obtain kernel stack backtrace from your core, like it
> is described here:
>
> http://www.freebsd.org/doc/en/books/developers-handbook/kerneldebug-gdb=
.html
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=3D87596
>
--
-- Alex -- goncharov.alex@gmail.com ---
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a7255c1a0510181848reb11bd5p3232c15f50dfa5e0>