Date: Wed, 29 Oct 2003 10:46:48 +0100 From: Eivind Olsen <eivind@aminor.no> To: freebsd-current@freebsd.org Subject: Two crashes in CURRENT from October 7th, both mention Xint0x80_syscall() Message-ID: <14280000.1067420808@hades.ttyl.internal>
next in thread | raw e-mail | index | archive | help
Hello. I've experienced some crashes here with FreeBSD 5.1-CURRENT from October 7th. I tried yesterday to upgrade to a more recent CURRENT but it crashed (the 2nd. crash here). Both crashes stop at different places, but they both refer to Xint0x80_syscall - I don't know if this is relevant or not. I'm no kernel hacker / C programmer, so I'm not sure how to debug this. It would be great if someone could give me a clue. :) eivind@vimes:~ > uname -a FreeBSD vimes.eivind 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Tue Oct 7 11:54:50 CEST 2003 root@vimes.eivind:/usr/obj/usr/src/sys/VIMES i386 My kernel is GENERIC with just a few small changes (removed special debugging options, added options for IPFILTER): eivind@vimes:/usr/src/sys/i386/conf > diff GENERIC VIMES 25c25 < ident GENERIC --- > ident VIMES 63,66c63,66 < options INVARIANTS #Enable calls of extra sanity checking < options INVARIANT_SUPPORT #Extra sanity checks of internal structures, required by INVARIANTS < options WITNESS #Enable checks to detect deadlocks and cycles < options WITNESS_SKIPSPIN #Don't run witness on spinlocks for speed --- > #options INVARIANTS #Enable calls of extra sanity checking > #options INVARIANT_SUPPORT #Extra sanity checks of internal structures, required by INVARIANTS > #options WITNESS #Enable checks to detect deadlocks and cycles > #options WITNESS_SKIPSPIN #Don't run witness on spinlocks for speed 272a273,279 > > # These options are a subset of the IPFILTER options. > options IPFILTER #ipfilter support > options IPFILTER_LOG #ipfilter logging > options IPFILTER_DEFAULT_BLOCK #block all packets by default > options PFIL_HOOKS > eivind@vimes:/usr/src/sys/i386/conf > Here is the first crash. This first part is manually written down from the output on the screen, the second part is some output from gdb. Fatal trap 12: page fault while in kernel mode fault virtual address = 0xc2000000 fault code = supervisor read, page not present instruction pointer = 0x8:0xc0656611 stack pointer = 0x10:0xd0790bdc frame pointer = 0x10:0xd0790bec code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 87468 (make) kernel: type 12 trap, code=0 Stopped at sigtd+0x41: andl 0(%eax,%edi,4),%ecx db> show reg cs 0x8 ds 0x30010 es 0x10 fs 0xf0018 ss 0x10 eax 0xc2000000 ecx 0x80000 edx 0xc2d31d10 ebx 0x80000 esp 0xd0790bdc ebp 0xd0790bec esi 0 edi 0 eip 0xc0656611 sigtd+0x41 efl 0x10286 dr0 0 dr1 0 dr2 0 dr3 0 dr4 0xffff0ff0 dr5 0x400 dr6 0xffff0ff0 dr7 0x400 sigtd+0x41: andl 0(%eax,%edi,4),%ecx db> trace sigtd(c2e4d3c8,14,90,c2ea6b58,d0790cb8) at sigtd+0x41 psignal(c2e4d3c8,14,c2f03e88,0,c2f792a8) at psignal+0x47 exit1(c2ea85f0,0,c2ea6b58,c2ea85f0,bfbffad0) at exit1+0x12e3 sys_exit(c2ea85f0,d0790d10,4,c,1) at sys_exit+0x67 syscall(2f,2f,2f,bfbffad0,0) at syscall+0x2b0 Xint0x80_syscall() at Xint0x80_syscall+0x1d --- syscall (1, FreeBSD ELF32, sys_exit), eip = 0x806424b, esp = 0xbfbffa8c, ebp = 0xbfbffaa8 --- db> Fatal trap 12: page fault while in kernel mode fault virtual address = 0xc2000000 fault code = supervisor read, page not present instruction pointer = 0x8:0xc0656611 stack pointer = 0x10:0xd0790bdc frame pointer = 0x10:0xd0790bec code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 87468 (make) panic: from debugger Fatal trap 3: breakpoint instruction fault while in kernel mode instruction pointer = 0x8:0xc07f47a4 stack pointer = 0x10:0xd0790954 frame pointer = 0x10:0xd0790960 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = IOPL = 0 current process = 87468 (make) panic: from debugger Uptime: 14h17m57s Dumping 191 MB 16 32 48 64 80 96 112 128 144 160 176 --- Reading symbols from /boot/kernel/vinum.ko...done. Loaded symbols for /boot/kernel/vinum.ko #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 240 dumping++; (kgdb) bt #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 #1 0xc06529c0 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:372 #2 0xc0652da8 in panic () at /usr/src/sys/kern/kern_shutdown.c:550 #3 0xc0475ae2 in db_panic () at /usr/src/sys/ddb/db_command.c:450 #4 0xc0475a42 in db_command (last_cmdp=0xc0903d80, cmd_table=0x0, aux_cmd_tablep=0xc08881a4, aux_cmd_tablep_end=0xc08881bc) at /usr/src/sys/ddb/db_command.c:346 #5 0xc0475b85 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472 #6 0xc0478b95 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:73 #7 0xc07f44ec in kdb_trap (type=12, code=0, regs=0xd0790b9c) at /usr/src/sys/i386/i386/db_interface.c:171 #8 0xc0806a06 in trap_fatal (frame=0xd0790b9c, eva=0) at /usr/src/sys/i386/i386/trap.c:814 #9 0xc08066d2 in trap_pfault (frame=0xd0790b9c, usermode=0, eva=3254779904) at /usr/src/sys/i386/i386/trap.c:733 #10 0xc0806205 in trap (frame= {tf_fs = 983064, tf_es = 16, tf_ds = 196624, tf_edi = 0, tf_esi = 0, tf_ebp = -797373460, tf_isp = -797373496, tf_ebx = 524288, tf_edx = -1026351856, tf_ecx = 524288, tf_eax = -1040187392, tf_trapno = 12, tf_err = 0, tf_eip = -1067096559, tf_cs = 8, tf_eflags = 66182, tf_esp = 0, tf_ss = 20}) at /usr/src/sys/i386/i386/trap.c:418 #11 0xc07f5e98 in calltrap () at {standard input}:102 #12 0xc06566b7 in psignal (p=0x0, sig=524288) at /usr/src/sys/kern/kern_sig.c:1641 #13 0xc06389b3 in exit1 (td=0xc2ea85f0, rv=0) at /usr/src/sys/kern/kern_exit.c:468 #14 0xc06376c7 in sys_exit () at /usr/src/sys/kern/kern_exit.c:102 #15 0xc0806d60 in syscall (frame= {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = -1077937456, tf_esi = 0, tf_ebp = -1077937496, tf_isp = -797373068, tf_ebx = -1, tf_edx = 10, tf_ecx = 0, tf_eax = 1, tf_trapno = 0, tf_err = 2, tf_eip = 134627915, tf_cs = 31, tf_eflags = 646, tf_esp = -1077937524, tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1006 #16 0xc07f5eed in Xint0x80_syscall () at {standard input}:144 ---Can't read userspace from dump, or kernel process--- (kgdb) l *sigtd+0x41 0xc0656611 is in sigtd (/usr/src/sys/kern/kern_sig.c:1596). 1591 FOREACH_THREAD_IN_PROC(p, td) { 1592 if (td->td_waitset != NULL && 1593 SIGISMEMBER(*(td->td_waitset), sig)) 1594 return (td); 1595 if (!SIGISMEMBER(td->td_sigmask, sig)) { 1596 if (td == curthread) 1597 signal_td = curthread; 1598 else if (signal_td == NULL) 1599 signal_td = td; 1600 } (kgdb) l *psignal+0x47 0xc06566b7 is in psignal (/usr/src/sys/kern/kern_sig.c:1643). 1638 1639 tdsignal(td, sig, SIGTARGET_P); 1640 } 1641 1642 /* 1643 * MPSAFE 1644 */ 1645 void 1646 tdsignal(struct thread *td, int sig, sigtarget_t target) 1647 { (kgdb) l *exit1+0x12e3 0xc06389b3 is in exit1 (machine/atomic.h:362). 357 machine/atomic.h: No such file or directory. in machine/atomic.h (kgdb) l *sys_exit+0x67 0xc06376c7 is at /usr/src/sys/kern/kern_exit.c:102. 97 void 98 sys_exit(struct thread *td, struct sys_exit_args *uap) 99 { 100 101 mtx_lock(&Giant); 102 exit1(td, W_EXITCODE(uap->rval, 0)); 103 /* NOTREACHED */ 104 } 105 106 /* (kgdb) l *syscall+0x2b0 0xc0806d60 is in syscall (/usr/src/sys/i386/i386/trap.c:1006). 1001 if (error == 0) { 1002 td->td_retval[0] = 0; 1003 td->td_retval[1] = frame.tf_edx; 1004 1005 STOPEVENT(p, S_SCE, narg); 1006 1007 PTRACESTOP_SC(p, td, S_PT_SCE); 1008 1009 error = (*callp->sy_call)(td, args); 1010 } (kgdb) l *Xint0x80_syscall+0x1d 0xc07f5eed is at {standard input}:146. 141 {standard input}: No such file or directory. in {standard input} (kgdb) Here is the second crash: TPTE at 0xbfca0f6c IS ZERO @ VA 283db000 panic: bad pte Debugger("panic") Stopped at Debugger+0x54: xchgl %ebx,in_Debugger.0 db> db> show reg cs 0x8 ds 0xc27d0010 es 0xc27d0010 fs 0xc1030018 ss 0x10 eax 0x12 ecx 0x20 edx 0 ebx 0 esp 0xcfea9ba0 ebp 0xcfea9bac esi 0xc0882b1f edi 0x1 eip 0xc07f47a4 Debugger+0x54 efl 0x292 dr0 0 dr1 0 dr2 0 dr3 0 dr4 0xffff0ff0 dr5 0x400 dr6 0xffff0ff0 dr7 0x400 Debugger+0x54: xchgl %ebx,in_Debugger.0 db> trace Debugger(c086cc17,c092c520,c0882b1f,cfea9bec,100) at Debugger+0x54 panic(c0882b1f,bfca0f6c,283db000,1,c2a255ac) at panic+0xd5 pmap_remove_pages(c2ef8b84,0,bfc00000,c2ef8ad4,c2dbb0b4) at pmap_remove_pages+0x9b exit1(c2758be0,0,cfea9cf4,c0679a86,0) at exit1+0x785 sys_exit(c2758be0,cfea9d10,4,c,1) at sys_exit+0x67 syscall(813002f,2f,bfbf002f,0,ffffffff) at syscall+0x2b0 Xint0x80_syscall() at Xint0x80_syscall+0x1d --- syscall (1, FreeBSD ELF32, sys_exit), eip = 0x2839aa2b, esp = 0xbfbff58c, ebp = 0xbfbff5a8 --- db> eivind@vimes:~/tmp/debug/2003-10-28 > gdb -k kernel.debug vmcore.4 GNU gdb 5.2.1 (FreeBSD) Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-undermydesk-freebsd"... panic: bad pte panic messages: --- panic: bad pte panic: from debugger Uptime: 2h29m34s Dumping 191 MB 16 32 48 64 80 96 112 128 144 160 176 --- Reading symbols from /boot/kernel/vinum.ko...done. Loaded symbols for /boot/kernel/vinum.ko #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 240 dumping++; (kgdb) bt #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 #1 0xc06529c0 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:372 #2 0xc0652da8 in panic () at /usr/src/sys/kern/kern_shutdown.c:550 #3 0xc0475ae2 in db_panic () at /usr/src/sys/ddb/db_command.c:450 #4 0xc0475a42 in db_command (last_cmdp=0xc0903d80, cmd_table=0x0, aux_cmd_tablep=0xc08881a4, aux_cmd_tablep_end=0xc08881bc) at /usr/src/sys/ddb/db_command.c:346 #5 0xc0475b85 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472 #6 0xc0478b95 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_trap.c:73 #7 0xc07f44ec in kdb_trap (type=3, code=0, regs=0xcfea9b60) at /usr/src/sys/i386/i386/db_interface.c:171 #8 0xc0806388 in trap (frame= {tf_fs = -1056767976, tf_es = -1031995376, tf_ds = -1031995376, tf_edi = 1, tf_esi = -1064817889, tf_ebp = -806708308, tf_isp = -806708340, tf_ebx = 0, tf_edx = 0, tf_ecx = 32, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1065400412, tf_cs = 8, tf_eflags = 658, tf_esp = -1064823724, tf_ss = -1064907753}) at /usr/src/sys/i386/i386/trap.c:578 #9 0xc07f5e98 in calltrap () at {standard input}:102 #10 0xc0652ce5 in panic (fmt=0xc0882b1f "bad pte") at /usr/src/sys/kern/kern_shutdown.c:534 #11 0xc080354b in pmap_remove_pages (pmap=0xc2ef8b84, sva=0, eva=3217031168) at /usr/src/sys/i386/i386/pmap.c:2578 #12 0xc0637e55 in exit1 (td=0xc2758be0, rv=0) at /usr/src/sys/vm/vm_map.h:246 #13 0xc06376c7 in sys_exit () at /usr/src/sys/kern/kern_exit.c:102 #14 0xc0806d60 in syscall (frame= {tf_fs = 135462959, tf_es = 47, tf_ds = -1078001617, tf_edi = 0, tf_esi = -1, tf_ebp = -1077938776, tf_isp = -806707852, tf_ebx = 675382820, tf_edx = 10, tf_ecx = 675382480, tf_eax = 1, tf_trapno = 12, tf_err = 2, tf_eip = 674867755, tf_cs = 31, tf_eflags = 646, tf_esp = -1077938804, tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1006 #15 0xc07f5eed in Xint0x80_syscall () at {standard input}:144 ---Can't read userspace from dump, or kernel process--- (kgdb) l *Debugger+0x54 0xc07f47a4 is in Debugger (machine/atomic.h:260). 255 machine/atomic.h: No such file or directory. in machine/atomic.h (kgdb) l *panic+0xd5 0xc0652ce5 is in panic (/usr/src/sys/kern/kern_shutdown.c:534). 529 530 #if defined(DDB) 531 if (newpanic && trace_on_panic) 532 backtrace(); 533 if (debugger_on_panic) 534 Debugger ("panic"); 535 #ifdef RESTARTABLE_PANICS 536 /* See if the user aborted the panic, in which case we continue. */ 537 if (panicstr == NULL) { 538 #ifdef SMP (kgdb) l *pmap_remove_pages+0x9b 0xc080354b is in pmap_remove_pages (/usr/src/sys/i386/i386/pmap.c:2578). 2573 pte = pmap_pte_quick(pv->pv_pmap, pv->pv_va); 2574 #endif 2575 tpte = *pte; 2576 2577 if (tpte == 0) { 2578 printf("TPTE at %p IS ZERO @ VA %08x\n", 2579 pte, pv->pv_va); 2580 panic("bad pte"); 2581 } 2582 (kgdb) l *exit1+0x785 0xc0637e55 is in exit1 (machine/atomic.h:285). 280 machine/atomic.h: No such file or directory. in machine/atomic.h (kgdb) l *sys_exit+0x67 0xc06376c7 is at /usr/src/sys/kern/kern_exit.c:102. 97 void 98 sys_exit(struct thread *td, struct sys_exit_args *uap) 99 { 100 101 mtx_lock(&Giant); 102 exit1(td, W_EXITCODE(uap->rval, 0)); 103 /* NOTREACHED */ 104 } 105 106 /* (kgdb) l *syscall+0x2b0 0xc0806d60 is in syscall (/usr/src/sys/i386/i386/trap.c:1006). 1001 if (error == 0) { 1002 td->td_retval[0] = 0; 1003 td->td_retval[1] = frame.tf_edx; 1004 1005 STOPEVENT(p, S_SCE, narg); 1006 1007 PTRACESTOP_SC(p, td, S_PT_SCE); 1008 1009 error = (*callp->sy_call)(td, args); 1010 } (kgdb) l *Xint0x80_syscall+0x1d 0xc07f5eed is at {standard input}:146. 141 {standard input}: No such file or directory. in {standard input} (kgdb) -- Regards / Hilsen Eivind Olsen <eivind@aminor.no>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14280000.1067420808>