Date: Tue, 9 Jan 2001 15:05:32 +0200 (IST) From: Roman Shterenzon <roman@xpert.com> To: Greg Lehey <grog@lemis.com>, Yonatan Bokovza <yonatan@xpert.com> Cc: <hackers@freebsd.org> Subject: Re: Dump analysis (was: Ideas? (fwd)) Message-ID: <Pine.LNX.4.30.0101091502030.31208-200000@jamus.xpert.com> In-Reply-To: <20010108185709.D83353@wantadilla.lemis.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Mon, 8 Jan 2001, Greg Lehey wrote: > On Monday, 8 January 2001 at 10:04:44 +0200, Roman Shterenzon wrote: > > * Roman Shterenzon <roman@xpert.com> [010107 10:24] wrote: > >> Hi, > >> > >> Could you please take a look at : > >> http://www.freebsd.org/cgi/query-pr.cgi?pr=24019 > >> It's my friend's PR. Can you give me some hints on how can I debug this > >> issue. I'm completely puzzled here. > >> It panics on "goto out" with page fault. What I understand from it is that > (kgdb) x/10i epread > (kgdb) x/10i 0xc012a038 > > (kgdb) x/10i epread > 0xc0165f8c <epread>: push %ebp > 0xc0165f8d <epread+1>: mov %esp,%ebp > 0xc0165f8f <epread+3>: sub $0x1c,%esp > 0xc0165f92 <epread+6>: push %edi > 0xc0165f93 <epread+7>: push %esi > 0xc0165f94 <epread+8>: push %ebx > 0xc0165f95 <epread+9>: mov 0x8(%ebp),%eax > 0xc0165f98 <epread+12>: mov %eax,0xfffffff4(%ebp) > 0xc0165f9b <epread+15>: mov 0x118(%eax),%edx > 0xc0165fa1 <epread+21>: add $0x8,%edx The addresses changed (he erased the old crash dump, but attached's the gdb output from the dump we captured). The "lea" instruction, should it be there? --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] [-- Attachment #2 --] Script started on Tue Jan 9 14:48:16 2001 Temujin:/root# gdb -k /usr/obj/usr/src/sys/TEMUJIN/kernel.debug /usr/crash/vmcore.1 GNU gdb 4.18 Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-unknown-freebsd"... IdlePTD 3624960 initial pcb at 2dbb60 panicstr: from debugger panic messages: --- Fatal trap 12: page fault while in kernel mode fault virtual address = 0x73c07a00 fault code = supervisor read, page not present instruction pointer = 0x8:0xc012a0a0 stack pointer = 0x10:0xc0291490 frame pointer = 0x10:0xc02914b8 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = Idle interrupt mask = net bio cam panic: from debugger panic: from debugger Uptime: 29m57s dumping to dev #ad/0x30001, offset 262528 dump ata0: resetting devices .. done 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 --- #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:469 469 if (dumping++) { (kgdb) bt #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:469 #1 0xc0150fb4 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:309 #2 0xc0151355 in panic (fmt=0xc0259414 "from debugger") at /usr/src/sys/kern/kern_shutdown.c:556 #3 0xc0126dd9 in db_panic (addr=-1072521056, have_addr=0, count=-1, modif=0xc02912fc "") at /usr/src/sys/ddb/db_command.c:433 #4 0xc0126d77 in db_command (last_cmdp=0xc029594c, cmd_table=0xc02957ac, aux_cmd_tablep=0xc02d6ffc) at /usr/src/sys/ddb/db_command.c:333 #5 0xc0126e3e in db_command_loop () at /usr/src/sys/ddb/db_command.c:455 #6 0xc0128fdf in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:71 #7 0xc023802c in kdb_trap (type=12, code=0, regs=0xc0291450) at /usr/src/sys/i386/i386/db_interface.c:158 #8 0xc024447c in trap_fatal (frame=0xc0291450, eva=1941993984) at /usr/src/sys/i386/i386/trap.c:946 #9 0xc024413d in trap_pfault (frame=0xc0291450, usermode=0, eva=1941993984) at /usr/src/sys/i386/i386/trap.c:844 #10 0xc0243ccb in trap (frame={tf_fs = -1066139632, tf_es = -1066139632, tf_ds = -1066139632, tf_edi = 1, tf_esi = 1, tf_ebp = -1071049544, tf_isp = -1071049604, tf_ebx = 7225416, tf_edx = 1941993984, tf_ecx = -1053079552, tf_eax = 7225416, tf_trapno = 12, tf_err = 0, tf_eip = -1072521056, tf_cs = 8, tf_eflags = 66054, tf_esp = 8208, tf_ss = -1053079552}) at /usr/src/sys/i386/i386/trap.c:443 #11 0xc012a0a0 in epread (sc=0xc13b4800) at /usr/src/sys/dev/ep/if_ep.c:690 #12 0xc0129f1b in ep_intr (arg=0xc13b4800) at /usr/src/sys/dev/ep/if_ep.c:572 ---Type <return> to continue, or q <return> to quit--- #13 0xc014f33b in add_interrupt_randomness (vsc=0xc02f2d64) at /usr/src/sys/kern/kern_random.c:245 #14 0xc0239e7a in vec3 () #15 0xc0198da7 in ether_output (ifp=0xc13b4800, m=0xc073bf00, dst=0xc02deb54, rt0=0xc13fce00) at /usr/src/sys/net/if_ethersubr.c:354 #16 0xc01af313 in ip_output (m0=0xc073bf00, opt=0x0, ro=0xc02deb50, flags=1, imo=0x0) at /usr/src/sys/netinet/ip_output.c:787 #17 0xc01ae515 in ip_forward (m=0xc073bf00, srcrt=0) at /usr/src/sys/netinet/ip_input.c:1552 #18 0xc01ad567 in ip_input (m=0xc073bf00) at /usr/src/sys/netinet/ip_input.c:563 #19 0xc01ad8d3 in ipintr () at /usr/src/sys/netinet/ip_input.c:759 (kgdb) x/20i epread 0xc012a06c <epread>: push %ebp 0xc012a06d <epread+1>: mov %esp,%ebp 0xc012a06f <epread+3>: sub $0x1c,%esp 0xc012a072 <epread+6>: push %edi 0xc012a073 <epread+7>: push %esi 0xc012a074 <epread+8>: push %ebx 0xc012a075 <epread+9>: mov 0x8(%ebp),%eax 0xc012a078 <epread+12>: mov %eax,0xfffffff4(%ebp) 0xc012a07b <epread+15>: mov 0x118(%eax),%edx 0xc012a081 <epread+21>: add $0x8,%edx 0xc012a084 <epread+24>: in (%dx),%ax 0xc012a086 <epread+26>: mov %ax,0xffffffec(%ebp) 0xc012a08a <epread+30>: mov 0xffffffec(%ebp),%edx 0xc012a08d <epread+33>: test $0x40,%dh 0xc012a090 <epread+36>: je 0xc012a10c <epread+160> 0xc012a092 <epread+38>: mov 0xfffffff4(%ebp),%ecx 0xc012a095 <epread+41>: incl 0x4c(%ecx) 0xc012a098 <epread+44>: jmp 0xc012a5fc <epread+1424> 0xc012a09d <epread+49>: lea 0x0(%esi),%esi 0xc012a0a0 <epread+52>: mov (%edx),%eax (kgdb) x/20i 0xc012a09e 0xc012a09e <epread+50>: jbe 0xc012a0a0 <epread+52> 0xc012a0a0 <epread+52>: mov (%edx),%eax 0xc012a0a2 <epread+54>: mov %eax,0xc02f472c 0xc012a0a7 <epread+59>: decl 0xc02f4740 0xc012a0ad <epread+65>: mov %di,0x10(%edx) 0xc012a0b1 <epread+69>: lea 0x0(,%edi,4),%eax 0xc012a0b8 <epread+76>: incl 0xc02f4740(%eax) 0xc012a0be <epread+82>: movl $0x0,(%edx) 0xc012a0c4 <epread+88>: movl $0x0,0x4(%edx) 0xc012a0cb <epread+95>: lea 0x2c(%edx),%eax 0xc012a0ce <epread+98>: mov %eax,0x8(%edx) 0xc012a0d1 <epread+101>: movw $0x2,0x12(%edx) 0xc012a0d7 <epread+107>: movl $0x0,0x14(%edx) 0xc012a0de <epread+114>: movl $0x0,0x20(%edx) 0xc012a0e5 <epread+121>: movl $0x0,0x28(%edx) 0xc012a0ec <epread+128>: mov %edx,%esi 0xc012a0ee <epread+130>: push %ebx 0xc012a0ef <epread+131>: call 0xc024ca80 <splx> 0xc012a0f4 <epread+136>: add $0x4,%esp 0xc012a0f7 <epread+139>: jmp 0xc012a17a <epread+270> (kgdb) quit Temujin:/root# Script done on Tue Jan 9 14:58:04 2001help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.30.0101091502030.31208-200000>