Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 Dec 2008 17:43:45 +0100
From:      Roman Divacky <rdivacky@freebsd.org>
To:        current@freebsd.org
Subject:   [PANIC]: rw_lock panic in in_pcballoc() in r185864
Message-ID:  <20081210164345.GA32188@freebsd.org>
next in thread | raw e-mail | index | archive | help 

--cNdxnHkX5QqsyA0e
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Fatal trap 12: page fault while in kernel mode
cpuid =3D 1; apic id =3D 01
fault virtual address   =3D 0x1a4
fault code              =3D supervisor read, page not present
instruction pointer     =3D 0x20:0xc0528cc9
stack pointer           =3D 0x28:0xc3e77ba8
frame pointer           =3D 0x28:0xc3e77bcc
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, def32 1, gran 1
processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
current process         =3D 160 (ifconfig)
Physical memory: 978 MB
Dumping 46 MB: 31 15

Reading symbols from /boot/kernel/snd_hda.ko...Reading symbols from /boot/k=
ernel
/snd_hda.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/snd_hda.ko
Reading symbols from /boot/kernel/sound.ko...Reading symbols from /boot/ker=
nel/s
ound.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/sound.ko
Reading symbols from /boot/modules/nvidia.ko...done.
Loaded symbols for /boot/modules/nvidia.ko
#0  doadump () at pcpu.h:246
246     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:246
#1  0xc045c834 in db_fncall (dummy1=3D-1008240272, dummy2=3D0, dummy3=3D0,
    dummy4=3D0xc3e7793c "\001") at ../../../ddb/db_command.c:548
#2  0xc045cbaf in db_command (last_cmdp=3D0xc076765c, cmd_table=3D0x0, dopa=
ger=3D1)
    at ../../../ddb/db_command.c:445
#3  0xc045ce36 in db_command_loop () at ../../../ddb/db_command.c:498
#4  0xc045ec9f in db_trap (type=3D12, code=3D0) at ../../../ddb/db_main.c:2=
29
#5  0xc055966a in kdb_trap (type=3D12, code=3D0, tf=3D0xc3e77b68)
    at ../../../kern/subr_kdb.c:534
#6  0xc06d7a1a in trap_fatal (frame=3D0xc3e77b68, eva=3D420)
    at ../../../i386/i386/trap.c:920
#7  0xc06d7daa in trap_pfault (frame=3D0xc3e77b68, usermode=3D0, eva=3D420)
    at ../../../i386/i386/trap.c:842
#8  0xc06d883c in trap (frame=3D0xc3e77b68) at ../../../i386/i386/trap.c:522
#9  0xc06bd28b in calltrap () at ../../../i386/i386/exception.s:165
#10 0xc0528cc9 in _rw_wlock_hard (rw=3D0xc45a00a4, tid=3D3293569600, file=
=3D0x0,
    line=3D0) at ../../../kern/kern_rwlock.c:616
#11 0xc05eae42 in in_pcballoc (so=3D0xc459e000, pcbinfo=3D0xc0794b40)
    at ../../../netinet/in_pcb.c:238
#12 0xc060b403 in udp_attach (so=3D0xc459e000, proto=3D0, td=3D0xc44fe240)
    at ../../../netinet/udp_usrreq.c:1131
#13 0xc0586df5 in socreate (dom=3D2, aso=3D0xc3e77c6c, type=3D2, proto=3D0,
#14 0xc058d974 in socket (td=3D0xc44fe240, uap=3D0xc3e77cf8)
---Type <return> to continue, or q <return> to quit---Dec 10 17:29:23 witte=
n log
in: ROOT LOGIN (root) ON ttyv1

    at ../../../kern/uipc_syscalls.c:178
#15 0xc06d8010 in syscall (frame=3D0xc3e77d38) at ../../../i386/i386/trap.c=
:1076
#16 0xc06bd320 in Xint0x80_syscall () at ../../../i386/i386/exception.s:261
#17 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)

(kgdb) p *pcbinfo
$2 =3D {ipi_listhead =3D 0xc0794b24, ipi_count =3D 1, ipi_hashbase =3D 0xc4=
2fe000,
  ipi_hashmask =3D 127, ipi_porthashbase =3D 0xc42fce00, ipi_porthashmask =
=3D 127,
  ipi_lastport =3D 0, ipi_lastlow =3D 0, ipi_lasthi =3D 0, ipi_zone =3D 0xc=
1471360,
  ipi_gencnt =3D 0, ipi_lock =3D {lock_object =3D {lo_name =3D 0xc0713b87 "=
udp",
      lo_flags =3D 69926928, lo_data =3D 0, lo_witness =3D 0x0},
    rw_lock =3D 3293569600}, ipi_pspare =3D {
(kgdb) p *pcbinfo->ipi_zone
$4 =3D {uz_name =3D 0xc0716712 "udpcb", uz_lock =3D 0xc147ed88,
  uz_keg =3D 0xc147ed80, uz_link =3D {le_next =3D 0x0, le_prev =3D 0xc147ed=
a8},
  uz_full_bucket =3D {lh_first =3D 0x0}, uz_free_bucket =3D {lh_first =3D 0=
x0},
  uz_ctor =3D 0, uz_dtor =3D 0, uz_init =3D 0, uz_fini =3D 0, uz_allocs =3D=
 0,
  uz_frees =3D 0, uz_fails =3D 0, uz_fills =3D 0, uz_count =3D 23, uz_cpu =
=3D {{
      uc_freebucket =3D 0x0, uc_allocbucket =3D 0x0, uc_allocs =3D 0,
      uc_frees =3D 0}}}

the code tries to rw_rwlock() the inp->inp_lock, the inp is allocated
from an UMA zone which has no constructor and in the in_pcballoc()=20
the rwlock is never initialized. I believe that's why it crashes

can someone confirm/fix that?

thnx

roman

--cNdxnHkX5QqsyA0e
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)

iEYEARECAAYFAkk/8cEACgkQLVEj6D3CBEyRwwCbBjcLeSXyinWPClj5i05AGHyy
ngsAn2GC/xCuG0qVZ6GF8qQMSrD2nO5Y
=Ktsa
-----END PGP SIGNATURE-----

--cNdxnHkX5QqsyA0e--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081210164345.GA32188>