Date: Thu, 23 Jul 2015 15:24:25 -0700 (PDT) From: Don Lewis <truckman@FreeBSD.org> To: current@FreeBSD.org Subject: null pointer dereference panic in cap_rights_contains() on 11.0-CURRENT r285785 amd64 Message-ID: <201507232224.t6NMOPuX010901@gw.catspoiler.org>
next in thread | raw e-mail | index | archive | help
I just got this panic while using poudriere to build packages for FreeBSD 8.4 i386. This is hand transcribed because I was not able to get a core file. Fatal trap 12: page fault while in kernel mode cpuid = 6; apic id = 16 fault virtual address = 0x0 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80a51e14 stack pointer = 0x20:0xfffffe005acc77a0 frame pointer = 0x20:0xfffffe005acc77d0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 78211 (initial thread) [ thread pid 78211 tid 101405 ] Stopped at cap_rights_contains+0x24: movq (%r14),%rcx) db> bt Tracing pid 78211 tid 101405 td 0xfffff80139td29a0 cap_rights_contains() at cap_rights_contains+0x24/frame 0xfffffe005acc772d0 cap_check() at cap_check+0x15/frame 0xfffffe005acc7800 fget_unlocked() at fget_unlocked+0xca/frame 0xfffffe005acc7870 fget() at fget+0x2b/frame 0xfffffe005acc78a0 ksem_get at ksem_get+0x1e/frame 0xfffffe05acc78e0 sys_ksem_close() at sys_ksem_close+0x23/frame 0xfffffe005acc7920 ia32_syscall() at ia32_syscall+0x2a5/frame 0xfffffe005acc7a30 Xint0x00_syscall() at Xint0x00_syscall+0x95/frame 0xfffffe00acc7a30 --- syscall (400, FreeBSD ELF32, sys_ksem_close), rip = 0x2828676b, rsp = 0xffffc60c, rbp = 0xffffc628 --- # kgdb /boot/kernel/kernel /dev/kmem GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... Failed to open vmcore: cannot mmap corefile (kgdb) list cap_rights_contains+0x24 Junk at end of line specification. (kgdb) list *cap_rights_contains+0x24 0xffffffff80a51e14 is in cap_rights_contains (/usr/src/sys/kern/subr_capability.c:294). 289 cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little) 290 { 291 unsigned int i, n; 292 293 assert(CAPVER(big) == CAP_RIGHTS_VERSION_00); 294 assert(CAPVER(little) == CAP_RIGHTS_VERSION_00); 295 assert(CAPVER(big) == CAPVER(little)); 296 297 n = CAPARSIZE(big); 298 assert(n >= CAPARSIZE_MIN && n <= CAPARSIZE_MAX); (kgdb) This machine has mirrored swap and dumpdev=AUTO. Calling doadump in ddb seemed to dump memory contents somewhere, but savecore wasn't able to find it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507232224.t6NMOPuX010901>