Site Navigation

Date:      Wed, 2 Aug 2006 08:17:14 -0500
From:      ejc <eric.j.christeson@gmail.com>
To:        "John Baldwin" <john@baldwin.cx>
Cc:        "m.ehinger@ltur.de" <m.ehinger@ltur.de>, freebsd-stable@freebsd.org
Subject:   Re: ncplogin panic
Message-ID:  <7e3339060608020617m183022a7l8f4aeb07efa61800@mail.gmail.com>
In-Reply-To: <200608011515.37682.john@baldwin.cx>
References:  <OF7528D9D2.2C92731A-ONC12571BD.00292BB3-C12571BD.002A2EAE@gateway-inter.net> <7e3339060608011128rd7034ebg6f7dd029a00c4f2@mail.gmail.com> <200608011515.37682.john@baldwin.cx>

---

index | next in thread | previous in thread | raw e-mail

---

[-- Attachment #1 --]
On 8/1/06, John Baldwin <john@baldwin.cx> wrote:
> On Tuesday 01 August 2006 14:28, ejc wrote:
> > On 8/1/06, m.ehinger@ltur.de <m.ehinger@ltur.de> wrote:
> > >
> > > Hi,
> > >
> > > i had the same problem. See my thread on the freebsd-fs mailinglist
> > >
> > > http://lists.freebsd.org/pipermail/freebsd-fs/2006-July/002060.html
> > >
> > >
> > > After some research i use the attached patch against ncp_sock.c.
> > >
> > > So it is not the real solution to this problem it only avoids the panics.
> I'm using it quiet a while without any other known
> > > problems.
> > > Hopefully someone with more knowledge can help on this.
> > >
> > > I also get some "md_get_mem(461): incomplete copy" messages which seem to
> do no harm, so far.
> > >
> > > Regards,
> > >
> > > Maik
> > >
> > >
> > > !!! Use atyour own risk !!!
> > >
> > > --- ncp_sock.c.orig            Fri Jan  7 02:45:49 2005
> > > +++ ncp_sock.c           Thu Jul 20 14:12:45 2006
> > > @@ -189,7 +189,12 @@
> > >      struct thread *td = curthread;
> > >      struct ucred *cred = NULL;
> > >
> > > -    return so->so_proto->pr_usrreqs->pru_sopoll(so, events, cred, td);
> > > +    if ( td->td_selq.tqh_last == NULL ) {
> > > +        printf("ncp_poll: td->td_selq.tqh_last == NULL\n");
> > > +        return 0;
> > > +    }
> > > +
> > > +   return so->so_proto->pr_usrreqs->pru_sopoll(so, events, cred, td);
> > >  }
> > >
> > >  int
> > >
> > > ---- pach ends here ---
> >
> > After setting my bios to only use one CPU I was able to get a core
> > dump and the panic is happening at the exact same place as yours:
> > in selrecord (../../../kern/sys_generic.c:1105)
> > 1100             * it alone as we've already added pointed it at us
> > and added it to
> > 1101             * our list.
> > 1102             */
> > 1103            if (sip->si_thread == NULL) {
> > 1104                    sip->si_thread = selector;
> > 1105                    TAILQ_INSERT_TAIL(&selector->td_selq, sip,
> si_thrlist);
> > 1106            } else if (sip->si_thread != selector) {
> > 1107                    sip->si_flags |= SI_COLL;
> > 1108            }
> > 1109
> >
> > I found your backtrace by digging a bit through the freebsd-fs list
> > and we appear to be reaching selrecord though different paths.  Mine
> > is in sopoll() at ../../../kern/uipc_socket.c:2059
> >
> > I don't know if it makes a difference, but I'm trying to use IP
> > instead of IPX to access our server.
> > My dump backtrace is attached.
>
> It would be very helpful if you could get the symbols loaded for the modules
> in you backtrace.  You can either compile everything into a static kernel or
> you can use the 'asf' tool to generate appropriate gdb script commands to
> source to get symbols for your modules.  You can find a kldstat gdb command
> in src/tools/debugscripts/ that would be helpful to use with asf.
>
> --
> John Baldwin

Backtrace with module symbols loaded.  It looks almost exactly the
same as Maik's .

Thanks
Eric

[-- Attachment #2 --]
Script started on Wed Aug  2 08:13:01 200
ejc@chicadee$ sudo kgdb /usr/src/sys/i386/compile/DEBUG/kernel.debug /usr/core/vmcore.0
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Ready to go.  Enter 'tr' to connect to the remote target
with /dev/cuad0, 'tr /dev/cuad1' to connect to a different port
or 'trf portno' to connect to the remote target with the firewire
interface.  portno defaults to 5556.

Type 'getsyms' after connection to load kld symbols.

If you're debugging a local system, you can use 'kldsyms' instead
to load the kld symbols.  That's a less obnoxious interface.

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0x0
fault code		= supervisor write, page not present
instruction pointer	= 0x20:0xc0507520
stack pointer	        = 0x28:0xc627e8dc
frame pointer	        = 0x28:0xc627e8e4
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 662 (ncplogin)
trap number		= 12
panic: page fault
cpuid = 0
Uptime: 46s
Dumping 63 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 63MB (16128 pages) 48 32 16

#0  doadump () at pcpu.h:165
165		__asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) source /tmp/kgdb.asf.1243 
add symbol table from file "/usr/src/sys/i386/compile/DEBUG/modules/usr/src/sys/modules/ncp/ncp.ko.debug" at
	.text_addr = 0xc072be40
add symbol table from file "/usr/src/sys/i386/compile/DEBUG/modules/usr/src/sys/modules/libmchain/libmchain.ko.debug" at
	.text_addr = 0xc073460c
add symbol table from file "/usr/src/sys/i386/compile/DEBUG/modules/usr/src/sys/modules/nwfs/nwfs.ko.debug" at
	.text_addr = 0xc0739698
add symbol table from file "/usr/src/sys/i386/compile/DEBUG/modules/usr/src/sys/modules/acpi/acpi/acpi.ko.debug" at
	.text_addr = 0xc0752de0
add symbol table from file "/usr/src/sys/i386/compile/DEBUG/modules/usr/src/sys/modules/linprocfs/linprocfs.ko.debug" at
	.text_addr = 0xc138c254
add symbol table from file "/usr/src/sys/i386/compile/DEBUG/modules/usr/src/sys/modules/linux/linux.ko.debug" at
	.text_addr = 0xc1396b14
add symbol table from file "/usr/src/sys/i386/compile/DEBUG/modules/usr/src/sys/modules/ipfw/ipfw.ko.debug" at
	.text_addr = 0xc1615704
(kgdb) kldsyms
add symbol table from file "/usr/src/sys/i386/compile/DEBUG/modules/usr/src/sys/modules/acpi/acpi/acpi.ko.debug" at
	.text_addr = 0xc084ede0
	.data_addr = 0xc08821a0
	.bss_addr = 0xc08844e0
add symbol table from file "/usr/src/sys/i386/compile/DEBUG/modules/usr/src/sys/modules/drm/drm/drm.ko.debug" at
	.text_addr = 0xc081668c
	.data_addr = 0xc0820100
	.bss_addr = 0xc0820b24
add symbol table from file "/usr/src/sys/i386/compile/DEBUG/modules/usr/src/sys/modules/drm/radeon/radeon.ko.debug" at
	.text_addr = 0xc07f613c
	.data_addr = 0xc0809460
	.bss_addr = 0xc080bb60
add symbol table from file "/usr/src/sys/i386/compile/DEBUG/modules/usr/src/sys/modules/ipfw/ipfw.ko.debug" at
	.text_addr = 0xc07bb704
	.data_addr = 0xc07c2000
	.bss_addr = 0xc07c2680
add symbol table from file "/usr/src/sys/i386/compile/DEBUG/modules/usr/src/sys/modules/libmchain/libmchain.ko.debug" at
	.text_addr = 0xc082f60c
	.data_addr = 0xc08310b8
	.bss_addr = 0xc0831150
add symbol table from file "/usr/src/sys/i386/compile/DEBUG/modules/usr/src/sys/modules/linprocfs/linprocfs.ko.debug" at
	.text_addr = 0xc0792254
	.data_addr = 0xc0795740
	.bss_addr = 0xc07959e4
add symbol table from file "/usr/src/sys/i386/compile/DEBUG/modules/usr/src/sys/modules/linux/linux.ko.debug" at
	.text_addr = 0xc079eb14
	.data_addr = 0xc07ac000
	.bss_addr = 0xc07ad6c0
add symbol table from file "/usr/src/sys/i386/compile/DEBUG/modules/usr/src/sys/modules/ncp/ncp.ko.debug" at
	.text_addr = 0xc0825e40
	.data_addr = 0xc082b280
	.bss_addr = 0xc082bb80
add symbol table from file "/usr/src/sys/i386/compile/DEBUG/modules/usr/src/sys/modules/nwfs/nwfs.ko.debug" at
	.text_addr = 0xc0834698
	.data_addr = 0xc083a440
	.bss_addr = 0xc083a960
add symbol table from file "/usr/src/sys/i386/compile/DEBUG/modules/usr/src/sys/modules/sound/sound/sound.ko.debug" at
	.text_addr = 0xc07cec30
	.data_addr = 0xc07dd4c0
	.bss_addr = 0xc07e0d80
add symbol table from file "/usr/src/sys/i386/compile/DEBUG/modules/usr/src/sys/modules/sound/driver/ich/snd_ich.ko.debug" at
	.text_addr = 0xc07edb08
	.data_addr = 0xc07f0960
	.bss_addr = 0xc07f0bdc
(kgdb) l *0xc0507520
0xc0507520 is in selrecord (../../../kern/sys_generic.c:1105).
1100		 * it alone as we've already added pointed it at us and added it to
1101		 * our list.
1102		 */
1103		if (sip->si_thread == NULL) {
1104			sip->si_thread = selector;
1105			TAILQ_INSERT_TAIL(&selector->td_selq, sip, si_thrlist);
1106		} else if (sip->si_thread != selector) {
1107			sip->si_flags |= SI_COLL;
1108		}
1109	
(kgdb) bt
#0  doadump () at pcpu.h:165
During symbol reading, Incomplete CFI data; unspecified registers at 0xc04e2109.
#1  0xc04e2676 in boot (howto=0x104) at ../../../kern/kern_shutdown.c:409
#2  0xc04e299d in panic (fmt=0xc0629280 "%s") at ../../../kern/kern_shutdown.c:565
#3  0xc0610ca4 in trap_fatal (frame=0xc627e89c, eva=0x0) at ../../../i386/i386/trap.c:836
#4  0xc06109e3 in trap_pfault (frame=0xc627e89c, usermode=0x0, eva=0x0) at ../../../i386/i386/trap.c:744
#5  0xc061063d in trap (frame=
      {tf_fs = 0x906a0008, tf_es = 0xecc40028, tf_ds = 0x28, tf_edi = 0x0, tf_esi = 0xc174d000, tf_ebp = 0xc627e8e4, tf_isp = 0xc627e8c8, tf_ebx = 0xc17755e0, tf_edx = 0xc174d000, tf_ecx = 0xc1775590, tf_eax = 0x0, tf_trapno = 0xc, tf_err = 0x2, tf_eip = 0xc0507520, tf_cs = 0x20, tf_eflags = 0x10246, tf_esp = 0xc1775590, tf_ss = 0x1})
    at ../../../i386/i386/trap.c:434
#6  0xc05fd1aa in calltrap () at ../../../i386/i386/exception.s:139
#7  0xc0507520 in selrecord (selector=0xc174d000, sip=0xc17755e0) at ../../../kern/sys_generic.c:1105
#8  0xc051eed7 in sopoll (so=0xc1775590, events=0x1, active_cred=0x0, td=0xc174d000)
    at ../../../kern/uipc_socket.c:2059
#9  0xc072cde5 in ncp_poll (so=0xc1775590, events=0x1) at /usr/src/sys/modules/ncp/../../netncp/ncp_sock.c:192
#10 0xc072f74a in ncp_request_int (rqp=0xc1490480) at /usr/src/sys/modules/ncp/../../netncp/ncp_rq.c:270
#11 0xc072d5ee in ncp_ncp_connect (conn=0xc1626100) at /usr/src/sys/modules/ncp/../../netncp/ncp_ncp.c:122
#12 0xc072c456 in ncp_conn_reconnect (ncp=0xc1626100) at /usr/src/sys/modules/ncp/../../netncp/ncp_conn.c:333
#13 0xc072ea57 in ncp_ioctl (dev=0xc121b900, cmd=0x0, data=0xc12a00f0 "\200쿿\020쿿", flag=0x3, td=0xc174d000)
    at /usr/src/sys/modules/ncp/../../netncp/ncp_mod.c:121
#14 0xc04b86d6 in giant_ioctl (dev=0xc121b900, cmd=0x80084e64, data=0xc12a00f0 "\200쿿\020쿿", fflag=0x3, 
    td=0xc174d000) at ../../../kern/kern_conf.c:288
#15 0xc049615f in devfs_ioctl_f (fp=0xc12baa68, com=0x80084e64, data=0xc12a00f0, cred=0xc176b780, td=0xc174d000)
    at ../../../fs/devfs/devfs_vnops.c:407
#16 0xc05061dd in ioctl (td=0xc174d000, uap=0xc627ed04) at file.h:264
#17 0xc0610feb in syscall (frame=
      {tf_fs = 0x3b, tf_es = 0x3b, tf_ds = 0x3b, tf_edi = 0xbfbfed50, tf_esi = 0xbfbfed30, tf_ebp = 0xbfbfebe8, tf_isp = 0xc627ed64, tf_ebx = 0x28089790, tf_edx = 0xffffffff, tf_ecx = 0x28168e00, tf_eax = 0x36, tf_trapno = 0xc, tf_err = 0x2, tf_eip = 0x28159d5f, tf_cs = 0x33, tf_eflags = 0x292, tf_esp = 0xbfbfebac, tf_ss = 0x3b})
    at ../../../i386/i386/trap.c:981
#18 0xc05fd1ff in Xint0x80_syscall () at ../../../i386/i386/exception.s:200
#19 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) ejc@chicadee$ ^D

Script done on Wed Aug  2 08:14:16 200

help

---

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7e3339060608020617m183022a7l8f4aeb07efa61800>

Legal Notices | © 1995-2026 The FreeBSD Project. All rights reserved.

Contact