From owner-freebsd-current@FreeBSD.ORG Mon Feb 9 20:57:02 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from green.homeunix.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id E0FE516A4CE for ; Mon, 9 Feb 2004 20:57:01 -0800 (PST) Received: from green.homeunix.org (green@localhost [127.0.0.1]) by green.homeunix.org (8.12.10/8.12.9) with ESMTP id i1A4v1wg001534 for ; Mon, 9 Feb 2004 23:57:01 -0500 (EST) (envelope-from green@green.homeunix.org) Received: from localhost (green@localhost)i1A4v1As001530 for ; Mon, 9 Feb 2004 23:57:01 -0500 (EST) Message-Id: <200402100457.i1A4v1As001530@green.homeunix.org> X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4 To: current@FreeBSD.org From: Brian Fundakowski Feldman Mime-Version: 1.0 Content-Type: multipart/mixed ; boundary="==_Exmh_-3609971720" Date: Mon, 09 Feb 2004 23:57:01 -0500 Sender: green@green.homeunix.org Subject: panic (page fault) in poll (on pipe) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Feb 2004 04:57:02 -0000 This is a multipart MIME message. --==_Exmh_-3609971720 Content-Type: text/plain; charset=us-ascii Please note that the poll(2) call only had one valid file descriptor (the others were marked POLLNVAL), and that one is a pipe. Locking bug? New pipe bug? I'd love it if someone had an idea :-/ Only one day of uptime before I saw this one, on a brand new kernel. --==_Exmh_-3609971720 Content-Type: text/plain ; name="sel_crash.txt"; charset=us-ascii Content-Description: sel_crash.txt Content-Disposition: attachment; filename="sel_crash.txt" Script started on Mon Feb 9 23:51:53 2004 {"/home/crash"}# gdb -k /usr/src/sys/i386/compile/GREEN/kernel.debug vmcore. {"/home/crash"}# le/GREEN/kernel.debug vmcore.0 < GNU gdb 5.2.1 (FreeBSD) Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-undermydesk-freebsd"... panic: page fault panic messages: --- Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0xdeadc0e6 fault code = supervisor write, page not present instruction pointer = 0x8:0xc04cab65 stack pointer = 0x10:0xd8c0fb84 frame pointer = 0x10:0xd8c0fb98 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 33167 (mozilla-bin) trap number = 12 panic: page fault at line 819 in file ../../../i386/i386/trap.c cpuid = 1; Stack backtrace: backtrace(c063b6fb,1,333,c064b767,100) at backtrace+0x17 __panic(c064b767,333,c064184c,c064b5a0,1) at __panic+0x14f trap_fatal(d8c0fb44,deadc0e6,2,0,c32e8a80) at trap_fatal+0x326 trap_pfault(d8c0fb44,0,deadc0e6,c06ace00,deadc0e6) at trap_pfault+0x1b7 trap(18,10,10,c32e8a80,0) at trap+0x30c calltrap() at calltrap+0x5 --- trap 0xc, eip = 0xc04cab65, esp = 0xd8c0fb84, ebp = 0xd8c0fb98 --- clear_selinfo_list(c32e8a80,0,c0630474,3ec,18) at clear_selinfo_list+0x35 poll(c32e8a80,d8c0fd14,c,438,3) at poll+0x474 syscall(2f,2f,2f,80c8c00,ffffffff) at syscall+0x272 Xint0x80_syscall() at Xint0x80_syscall+0x1d --- syscall (209), eip = 0x288e890f, esp = 0xbfaedc94, ebp = 0xbfaedcb0 --- boot() called on cpu#1 Uptime: 23h48m56s Dumping 511 MB Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x0 fault code = supervisor read, page not present instruction pointer = 0x8:0x0 stack pointer = 0x10:0xd523acc0 frame pointer = 0x10:0xd523ace4 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 41 (swi7: task queue) trap number = 12 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480[CTRL-C to abort] [CTRL-C to abort] 496[CTRL-C to abort] --- Reading symbols from /boot/kernel/if_dc.ko...done. Loaded symbols for /boot/kernel/if_dc.ko Reading symbols from /boot/kernel/miibus.ko...done. Loaded symbols for /boot/kernel/miibus.ko Reading symbols from /boot/kernel/if_xl.ko...done. Loaded symbols for /boot/kernel/if_xl.ko Reading symbols from /boot/kernel/snd_pcm.ko...done. Loaded symbols for /boot/kernel/snd_pcm.ko Reading symbols from /boot/kernel/snd_cmi.ko...done. Loaded symbols for /boot/kernel/snd_cmi.ko Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/usb/usb.ko.debug...done. Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/usb/usb.ko.debug Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/uhid/uhid.ko.debug...done. Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/uhid/uhid.ko.debug Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/ums/ums.ko.debug...done. Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/ums/ums.ko.debug Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/umass/umass.ko.debug...done. Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/umass/umass.ko.debug Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/cam/cam.ko.debug...done. Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/cam/cam.ko.debug Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/agp/agp.ko.debug...done. Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/agp/agp.ko.debug Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/random/random.ko.debug...done. Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/random/random.ko.debug Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done. Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/acpi/acpi.ko.debug Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/procfs/procfs.ko.debug...done. Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/procfs/procfs.ko.debug Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/pseudofs/pseudofs.ko.debug...done. Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/pseudofs/pseudofs.ko.debug Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/fdescfs/fdescfs.ko.debug...done. Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/fdescfs/fdescfs.ko.debug Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/ntfs/ntfs.ko.debug...done. Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/ntfs/ntfs.ko.debug Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/linprocfs/linprocfs.ko.debug...done. Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/linprocfs/linprocfs.ko.debug Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/linux/linux.ko.debug...done. Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/linux/linux.ko.debug Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/nfsclient/nfsclient.ko.debug...done. Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/nfsclient/nfsclient.ko.debug Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/nfsserver/nfsserver.ko.debug...done. Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/nfsserver/nfsserver.ko.debug Reading symbols from /boot/kernel/green_saver.ko...done. Loaded symbols for /boot/kernel/green_saver.ko #0 doadump () at ../../../kern/kern_shutdown.c:240 240 dumping++; (kgdb) p bt #0 doadump () at ../../../kern/kern_shutdown.c:240 #1 0xc049f463 in boot (howto=0x104) at ../../../kern/kern_shutdown.c:374 #2 0xc049f86b in __panic () at ../../../kern/kern_shutdown.c:552 #3 0xc06037a6 in trap_fatal (frame=0xd8c0fb44, eva=0x0) at ../../../i386/i386/trap.c:819 #4 0xc0603457 in trap_pfault (frame=0xd8c0fb44, usermode=0x0, eva=0xdeadc0e6) at ../../../i386/i386/trap.c:733 #5 0xc060304c in trap (frame= {tf_fs = 0x18, tf_es = 0x10, tf_ds = 0x10, tf_edi = 0xc32e8a80, tf_esi = 0x0, tf_ebp = 0xd8c0fb98, tf_isp = 0xd8c0fb70, tf_ebx = 0xc32e8a80, tf_edx = 0xc32e8a80, tf_ecx = 0x1, tf_eax = 0xdeadc0de, tf_trapno = 0xc, tf_err = 0x2, tf_eip = 0xc04cab65, tf_cs = 0x8, tf_eflags = 0x10286, tf_esp = 0xc06ace00, tf_ss = 0x1}) at ../../../i386/i386/trap.c:420 #6 0xc04cab65 in clear_selinfo_list (td=0xc32e8a80) at ../../../kern/sys_generic.c:1139 #7 0xc04ca904 in poll (td=0xc32e8a80, uap=0xd8c0fd14) at ../../../kern/sys_generic.c:1037 #8 0xc0603ae2 in syscall (frame= {tf_fs = 0x2f, tf_es = 0x2f, tf_ds = 0x2f, tf_edi = 0x80c8c00, tf_esi = 0xffffffff, tf_ebp = 0xbfaedcb0, tf_isp = 0xd8c0fd74, tf_ebx = 0x2818947c, tf_edx = 0x8d5a5e0, tf_ecx = 0x0, tf_eax = 0xd1, tf_trapno = 0x16, tf_err = 0x2, tf_eip = 0x288e890f, tf_cs = 0x1f, tf_eflags = 0x286, tf_esp = 0xbfaedc94, tf_ss = 0x2f}) at ../../../i386/i386/trap.c:1008 #9 0x288e890f in ?? () ---Can't read userspace from dump, or kernel process--- (kgdb) frame 7 #7 0xc04ca904 in poll (td=0xc32e8a80, uap=0xd8c0fd14) at ../../../kern/sys_generic.c:1037 1037 clear_selinfo_list(td); (kgdb) p td->td_proc->p_comm $1 = "mozilla-bin\0\0\0\0\0\0\0\0" (kgdb) p td->td_selq $2 = {tqh_first = 0xc44a4c0c, tqh_last = 0xc44a4c0c} (kgdb) p td->td_selq.tqh_first $3 = (struct selinfo *) 0xc44a4c0c (kgdb) p td->td_selq.tqh_first[0] $4 = {si_thrlist = {tqe_next = 0xdeadc0de, tqe_prev = 0xc32e8ab0}, si_thread = 0x0, si_note = { slh_first = 0xdeadc0de}, si_flags = 0xc0de} (kgdb) p *(struct pipe *)td->r td_proc->p_fd->fd_ofiles[6]->f_data $5 = {pipe_buffer = {cnt = 0x1, in = 0x1, out = 0x0, size = 0x4000, buffer = 0xd3589000 "8888"}, pipe_map = { kva = 0x0, cnt = 0x0, pos = 0x0, npages = 0x0, ms = {0x0 }}, pipe_sel = {si_thrlist = { tqe_next = 0xc44a4c0c, tqe_prev = 0xc32e8ab0}, si_thread = 0x0, si_note = {slh_first = 0x0}, si_flags = 0x0}, pipe_atime = {tv_sec = 0x402847c5, tv_nsec = 0x0}, pipe_mtime = {tv_sec = 0x402847c5, tv_nsec = 0x0}, pipe_ctime = { tv_sec = 0x402845bc, tv_nsec = 0x0}, pipe_sigio = 0x0, pipe_peer = 0xc3c9352c, pipe_pair = 0xc3c93480, pipe_state = 0x800, pipe_busy = 0x0, pipe_present = 0x1} (kgdb) p $5.pipe_sel.si_thrlist.tqe_next $6 = (struct selinfo *) 0xc44a4c0c (kgdb) p *$5.pipe_peer $7 = {pipe_buffer = {cnt = 0x0, in = 0x0, out = 0x0, can not access 0xd358d000, invalid address (d358d000) can not access 0xd358d000, invalid address (d358d000) can not access 0xd358d000, invalid address (d358d000) can not access 0xd358d000, invalid address (d358d000) can not access 0xd358d000, invalid address (d358d000) can not access 0xd358d000, invalid address (d358d000) size = 0x4000, buffer = 0xd358d000
}, pipe_map = {kva = 0x0, cnt = 0x0, pos = 0x0, npages = 0x0, ms = {0x0 }}, pipe_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0, si_note = {slh_first = 0x0}, si_flags = 0x0}, pipe_atime = {tv_sec = 0x402845bc, tv_nsec = 0x0}, pipe_mtime = {tv_sec = 0x402845bc, tv_nsec = 0x0}, pipe_ctime = {tv_sec = 0x402845bc, tv_nsec = 0x0}, pipe_sigio = 0x0, pipe_peer = 0xc3c93480, pipe_pair = 0xc3c93480, pipe_state = 0x800, pipe_busy = 0x0, pipe_present = 0x1} (kgdb) {"/home/crash"}# ^D Script done on Mon Feb 9 23:53:48 2004 --==_Exmh_-3609971720 Content-Type: text/plain; charset=us-ascii -- Brian Fundakowski Feldman \'[ FreeBSD ]''''''''''\ <> green@FreeBSD.org \ The Power to Serve! \ Opinions expressed are my own. \,,,,,,,,,,,,,,,,,,,,,,\ --==_Exmh_-3609971720--