Date: Sat, 5 Oct 2002 15:55:04 +0200 From: Stefan Farfeleder <e0026813@stud3.tuwien.ac.at> To: John Baldwin <jhb@FreeBSD.org> Cc: Juli Mallett <jmallett@FreeBSD.org>, current@FreeBSD.org Subject: Re: Junior Kernel Hacker page updated... Message-ID: <20021005135504.GA254@frog.fafoe> In-Reply-To: <XFMail.20021004163317.jhb@FreeBSD.org> References: <20021004132203.A78223@FreeBSD.org> <XFMail.20021004163317.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 04, 2002 at 04:33:17PM -0400, John Baldwin wrote:
I wrote:
> >> Fatal trap 12: page fault while in kernel mode
> >> cpuid = 0; lapic.id = 00000000
> >> fault virtual address = 0x8
> >> fault code = supervisor read, page not present
> >> instruction pointer = 0x8:0xc01a1212
> >> stack pointer = 0x10:0xe5226c14
> >> frame pointer = 0x10:0xe5226ca0
> >> code segment = base 0x0, limit 0xfffff, type 0x1b
> >> = DPL 0, pres 1, def32 1, gran 1
> >> processor eflags = interrupt enabled, resume, IOPL = 0
> >> current process = 56525 (make)
> >>
> >> kernel: type 12 trap, code = 0
> >>
> >> Stopped at kqueue_scan+0x242: cmpl $0,0x8(%ebx)
> >> db> trace
> >> kqueue_scan(c6472bf4,4,bfbfebc0,0,c70ecea0) at kqueue_scan+0x242
> >> kevent(c70ecea0,e5226d10,c0351d80,418,6) at kevent+0x1e1
> >> syscall(2f,2f,2f,818d780,818d960) at syscall+0x2be
> >> %%%
> Even better, pop up gdb on kernel.debug and do
> 'l *kqueue_scan+0x242' to look at the offending line of code.
> addr2line can also be useful here similarly.
(kgdb) l *kqueue_scan+0x242
0xc01a1212 is in kqueue_scan
(/freebsd/current/src/sys/kern/kern_event.c:716).
711 }
712
713 TAILQ_INSERT_TAIL(&kq->kq_head, &marker, kn_tqe);
714 while (count) {
715 kn = TAILQ_FIRST(&kq->kq_head);
translates to: mov (%edi),%ebx
716 TAILQ_REMOVE(&kq->kq_head, kn, kn_tqe);
translates to: cmpl $0x0,0x8(%ebx)
This line causes the page fault because %ebx is 0.
je fe3 <kqueue_scan+0x253>
mov 0x8(%ebx),%edx
[...]
717 if (kn == &marker) {
718 splx(s);
719 if (count == maxevents)
720 goto retry;
I've added this after line 715:
716 if (kn == NULL) {
717 Debugger("TAILQ_FIRST returns NULL");
718 }
and after 4 freezes, I really came into ddb in line 717. However, when
trying to produce a dump, this occured:
db> panic
panic: from debugger
cpuid = 1; lapic.id = 01000000
boot() called on cpu#1
syncing disks... panic: bremfree: bp 0xd2a42990 not locked
boot() called on cpu#1
Uptime: 10m13s
pfs_vncache_unload(): 1 entries remaining
Dumping 1023 MB
ata0: resetting devices
ata0: mask=03 ostat0=50 ostat2=00
ad0: ATAPI 00 00
ata0-slave: ATAPI 00 00
ata0: mask=03 stat0=50 stat1=00
ad0: ATA 01 a5
ata0: devices=01
and I had to reboot without a dump :-(
Regards,
Stefan Farfeleder
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021005135504.GA254>