Two crashes in CURRENT from October 7th, both mention
Xint0x80_syscall()
Eivind Olsen
eivind at aminor.no
Wed Oct 29 01:46:36 PST 2003
Hello. I've experienced some crashes here with FreeBSD 5.1-CURRENT from
October 7th. I tried yesterday to upgrade to a more recent CURRENT but it
crashed (the 2nd. crash here).
Both crashes stop at different places, but they both refer to
Xint0x80_syscall - I don't know if this is relevant or not.
I'm no kernel hacker / C programmer, so I'm not sure how to debug this. It
would be great if someone could give me a clue. :)
eivind at vimes:~ > uname -a
FreeBSD vimes.eivind 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Tue Oct 7
11:54:50 CEST 2003 root at vimes.eivind:/usr/obj/usr/src/sys/VIMES i386
My kernel is GENERIC with just a few small changes (removed special
debugging options, added options for IPFILTER):
eivind at vimes:/usr/src/sys/i386/conf > diff GENERIC VIMES
25c25
< ident GENERIC
---
> ident VIMES
63,66c63,66
< options INVARIANTS #Enable calls of extra sanity
checking
< options INVARIANT_SUPPORT #Extra sanity checks of internal
structures, required by INVARIANTS
< options WITNESS #Enable checks to detect deadlocks
and cycles
< options WITNESS_SKIPSPIN #Don't run witness on spinlocks for
speed
---
> #options INVARIANTS #Enable calls of extra sanity
checking
> #options INVARIANT_SUPPORT #Extra sanity checks of internal
structures, required by INVARIANTS
> #options WITNESS #Enable checks to detect deadlocks
and cycles
> #options WITNESS_SKIPSPIN #Don't run witness on spinlocks for
speed
272a273,279
>
> # These options are a subset of the IPFILTER options.
> options IPFILTER #ipfilter support
> options IPFILTER_LOG #ipfilter logging
> options IPFILTER_DEFAULT_BLOCK #block all packets by default
> options PFIL_HOOKS
>
eivind at vimes:/usr/src/sys/i386/conf >
Here is the first crash. This first part is manually written down from the
output on the screen, the second part is some output from gdb.
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0xc2000000
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc0656611
stack pointer = 0x10:0xd0790bdc
frame pointer = 0x10:0xd0790bec
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 87468 (make)
kernel: type 12 trap, code=0
Stopped at sigtd+0x41: andl 0(%eax,%edi,4),%ecx
db> show reg
cs 0x8
ds 0x30010
es 0x10
fs 0xf0018
ss 0x10
eax 0xc2000000
ecx 0x80000
edx 0xc2d31d10
ebx 0x80000
esp 0xd0790bdc
ebp 0xd0790bec
esi 0
edi 0
eip 0xc0656611 sigtd+0x41
efl 0x10286
dr0 0
dr1 0
dr2 0
dr3 0
dr4 0xffff0ff0
dr5 0x400
dr6 0xffff0ff0
dr7 0x400
sigtd+0x41: andl 0(%eax,%edi,4),%ecx
db> trace
sigtd(c2e4d3c8,14,90,c2ea6b58,d0790cb8) at sigtd+0x41
psignal(c2e4d3c8,14,c2f03e88,0,c2f792a8) at psignal+0x47
exit1(c2ea85f0,0,c2ea6b58,c2ea85f0,bfbffad0) at exit1+0x12e3
sys_exit(c2ea85f0,d0790d10,4,c,1) at sys_exit+0x67
syscall(2f,2f,2f,bfbffad0,0) at syscall+0x2b0
Xint0x80_syscall() at Xint0x80_syscall+0x1d
--- syscall (1, FreeBSD ELF32, sys_exit), eip = 0x806424b, esp =
0xbfbffa8c, ebp = 0xbfbffaa8 ---
db>
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0xc2000000
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc0656611
stack pointer = 0x10:0xd0790bdc
frame pointer = 0x10:0xd0790bec
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 87468 (make)
panic: from debugger
Fatal trap 3: breakpoint instruction fault while in kernel mode
instruction pointer = 0x8:0xc07f47a4
stack pointer = 0x10:0xd0790954
frame pointer = 0x10:0xd0790960
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = IOPL = 0
current process = 87468 (make)
panic: from debugger
Uptime: 14h17m57s
Dumping 191 MB
16 32 48 64 80 96 112 128 144 160 176
---
Reading symbols from /boot/kernel/vinum.ko...done.
Loaded symbols for /boot/kernel/vinum.ko
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
240 dumping++;
(kgdb) bt
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
#1 0xc06529c0 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:372
#2 0xc0652da8 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
#3 0xc0475ae2 in db_panic () at /usr/src/sys/ddb/db_command.c:450
#4 0xc0475a42 in db_command (last_cmdp=0xc0903d80, cmd_table=0x0,
aux_cmd_tablep=0xc08881a4,
aux_cmd_tablep_end=0xc08881bc) at /usr/src/sys/ddb/db_command.c:346
#5 0xc0475b85 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472
#6 0xc0478b95 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:73
#7 0xc07f44ec in kdb_trap (type=12, code=0, regs=0xd0790b9c) at
/usr/src/sys/i386/i386/db_interface.c:171
#8 0xc0806a06 in trap_fatal (frame=0xd0790b9c, eva=0) at
/usr/src/sys/i386/i386/trap.c:814
#9 0xc08066d2 in trap_pfault (frame=0xd0790b9c, usermode=0,
eva=3254779904) at /usr/src/sys/i386/i386/trap.c:733
#10 0xc0806205 in trap (frame=
{tf_fs = 983064, tf_es = 16, tf_ds = 196624, tf_edi = 0, tf_esi = 0,
tf_ebp = -797373460, tf_isp = -797373496, tf_ebx = 524288, tf_edx =
-1026351856, tf_ecx = 524288, tf_eax = -1040187392, tf_trapno = 12, tf_err
= 0, tf_eip = -1067096559, tf_cs = 8, tf_eflags = 66182, tf_esp = 0, tf_ss
= 20}) at /usr/src/sys/i386/i386/trap.c:418
#11 0xc07f5e98 in calltrap () at {standard input}:102
#12 0xc06566b7 in psignal (p=0x0, sig=524288) at
/usr/src/sys/kern/kern_sig.c:1641
#13 0xc06389b3 in exit1 (td=0xc2ea85f0, rv=0) at
/usr/src/sys/kern/kern_exit.c:468
#14 0xc06376c7 in sys_exit () at /usr/src/sys/kern/kern_exit.c:102
#15 0xc0806d60 in syscall (frame=
{tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = -1077937456, tf_esi =
0, tf_ebp = -1077937496, tf_isp = -797373068, tf_ebx = -1, tf_edx = 10,
tf_ecx = 0, tf_eax = 1, tf_trapno = 0, tf_err = 2, tf_eip = 134627915,
tf_cs = 31, tf_eflags = 646, tf_esp = -1077937524, tf_ss = 47}) at
/usr/src/sys/i386/i386/trap.c:1006
#16 0xc07f5eed in Xint0x80_syscall () at {standard input}:144
---Can't read userspace from dump, or kernel process---
(kgdb) l *sigtd+0x41
0xc0656611 is in sigtd (/usr/src/sys/kern/kern_sig.c:1596).
1591 FOREACH_THREAD_IN_PROC(p, td) {
1592 if (td->td_waitset != NULL &&
1593 SIGISMEMBER(*(td->td_waitset), sig))
1594 return (td);
1595 if (!SIGISMEMBER(td->td_sigmask, sig)) {
1596 if (td == curthread)
1597 signal_td = curthread;
1598 else if (signal_td == NULL)
1599 signal_td = td;
1600 }
(kgdb) l *psignal+0x47
0xc06566b7 is in psignal (/usr/src/sys/kern/kern_sig.c:1643).
1638
1639 tdsignal(td, sig, SIGTARGET_P);
1640 }
1641
1642 /*
1643 * MPSAFE
1644 */
1645 void
1646 tdsignal(struct thread *td, int sig, sigtarget_t target)
1647 {
(kgdb) l *exit1+0x12e3
0xc06389b3 is in exit1 (machine/atomic.h:362).
357 machine/atomic.h: No such file or directory.
in machine/atomic.h
(kgdb) l *sys_exit+0x67
0xc06376c7 is at /usr/src/sys/kern/kern_exit.c:102.
97 void
98 sys_exit(struct thread *td, struct sys_exit_args *uap)
99 {
100
101 mtx_lock(&Giant);
102 exit1(td, W_EXITCODE(uap->rval, 0));
103 /* NOTREACHED */
104 }
105
106 /*
(kgdb) l *syscall+0x2b0
0xc0806d60 is in syscall (/usr/src/sys/i386/i386/trap.c:1006).
1001 if (error == 0) {
1002 td->td_retval[0] = 0;
1003 td->td_retval[1] = frame.tf_edx;
1004
1005 STOPEVENT(p, S_SCE, narg);
1006
1007 PTRACESTOP_SC(p, td, S_PT_SCE);
1008
1009 error = (*callp->sy_call)(td, args);
1010 }
(kgdb) l *Xint0x80_syscall+0x1d
0xc07f5eed is at {standard input}:146.
141 {standard input}: No such file or directory.
in {standard input}
(kgdb)
Here is the second crash:
TPTE at 0xbfca0f6c IS ZERO @ VA 283db000
panic: bad pte
Debugger("panic")
Stopped at Debugger+0x54: xchgl %ebx,in_Debugger.0
db>
db> show reg
cs 0x8
ds 0xc27d0010
es 0xc27d0010
fs 0xc1030018
ss 0x10
eax 0x12
ecx 0x20
edx 0
ebx 0
esp 0xcfea9ba0
ebp 0xcfea9bac
esi 0xc0882b1f
edi 0x1
eip 0xc07f47a4 Debugger+0x54
efl 0x292
dr0 0
dr1 0
dr2 0
dr3 0
dr4 0xffff0ff0
dr5 0x400
dr6 0xffff0ff0
dr7 0x400
Debugger+0x54: xchgl %ebx,in_Debugger.0
db> trace
Debugger(c086cc17,c092c520,c0882b1f,cfea9bec,100) at Debugger+0x54
panic(c0882b1f,bfca0f6c,283db000,1,c2a255ac) at panic+0xd5
pmap_remove_pages(c2ef8b84,0,bfc00000,c2ef8ad4,c2dbb0b4) at
pmap_remove_pages+0x9b
exit1(c2758be0,0,cfea9cf4,c0679a86,0) at exit1+0x785
sys_exit(c2758be0,cfea9d10,4,c,1) at sys_exit+0x67
syscall(813002f,2f,bfbf002f,0,ffffffff) at syscall+0x2b0
Xint0x80_syscall() at Xint0x80_syscall+0x1d
--- syscall (1, FreeBSD ELF32, sys_exit), eip = 0x2839aa2b, esp =
0xbfbff58c, ebp = 0xbfbff5a8 ---
db>
eivind at vimes:~/tmp/debug/2003-10-28 > gdb -k kernel.debug vmcore.4
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: bad pte
panic messages:
---
panic: bad pte
panic: from debugger
Uptime: 2h29m34s
Dumping 191 MB
16 32 48 64 80 96 112 128 144 160 176
---
Reading symbols from /boot/kernel/vinum.ko...done.
Loaded symbols for /boot/kernel/vinum.ko
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
240 dumping++;
(kgdb) bt
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
#1 0xc06529c0 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:372
#2 0xc0652da8 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
#3 0xc0475ae2 in db_panic () at /usr/src/sys/ddb/db_command.c:450
#4 0xc0475a42 in db_command (last_cmdp=0xc0903d80, cmd_table=0x0,
aux_cmd_tablep=0xc08881a4,
aux_cmd_tablep_end=0xc08881bc) at /usr/src/sys/ddb/db_command.c:346
#5 0xc0475b85 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472
#6 0xc0478b95 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_trap.c:73
#7 0xc07f44ec in kdb_trap (type=3, code=0, regs=0xcfea9b60) at
/usr/src/sys/i386/i386/db_interface.c:171
#8 0xc0806388 in trap (frame=
{tf_fs = -1056767976, tf_es = -1031995376, tf_ds = -1031995376,
tf_edi = 1, tf_esi = -1064817889, tf_ebp = -806708308, tf_isp = -806708340,
tf_ebx = 0, tf_edx = 0, tf_ecx = 32, tf_eax = 18, tf_trapno = 3, tf_err =
0, tf_eip = -1065400412, tf_cs = 8, tf_eflags = 658, tf_esp = -1064823724,
tf_ss = -1064907753}) at /usr/src/sys/i386/i386/trap.c:578
#9 0xc07f5e98 in calltrap () at {standard input}:102
#10 0xc0652ce5 in panic (fmt=0xc0882b1f "bad pte") at
/usr/src/sys/kern/kern_shutdown.c:534
#11 0xc080354b in pmap_remove_pages (pmap=0xc2ef8b84, sva=0,
eva=3217031168) at /usr/src/sys/i386/i386/pmap.c:2578
#12 0xc0637e55 in exit1 (td=0xc2758be0, rv=0) at
/usr/src/sys/vm/vm_map.h:246
#13 0xc06376c7 in sys_exit () at /usr/src/sys/kern/kern_exit.c:102
#14 0xc0806d60 in syscall (frame=
{tf_fs = 135462959, tf_es = 47, tf_ds = -1078001617, tf_edi = 0,
tf_esi = -1, tf_ebp = -1077938776, tf_isp = -806707852, tf_ebx = 675382820,
tf_edx = 10, tf_ecx = 675382480, tf_eax = 1, tf_trapno = 12, tf_err = 2,
tf_eip = 674867755, tf_cs = 31, tf_eflags = 646, tf_esp = -1077938804,
tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1006
#15 0xc07f5eed in Xint0x80_syscall () at {standard input}:144
---Can't read userspace from dump, or kernel process---
(kgdb) l *Debugger+0x54
0xc07f47a4 is in Debugger (machine/atomic.h:260).
255 machine/atomic.h: No such file or directory.
in machine/atomic.h
(kgdb) l *panic+0xd5
0xc0652ce5 is in panic (/usr/src/sys/kern/kern_shutdown.c:534).
529
530 #if defined(DDB)
531 if (newpanic && trace_on_panic)
532 backtrace();
533 if (debugger_on_panic)
534 Debugger ("panic");
535 #ifdef RESTARTABLE_PANICS
536 /* See if the user aborted the panic, in which case we
continue. */
537 if (panicstr == NULL) {
538 #ifdef SMP
(kgdb) l *pmap_remove_pages+0x9b
0xc080354b is in pmap_remove_pages (/usr/src/sys/i386/i386/pmap.c:2578).
2573 pte = pmap_pte_quick(pv->pv_pmap, pv->pv_va);
2574 #endif
2575 tpte = *pte;
2576
2577 if (tpte == 0) {
2578 printf("TPTE at %p IS ZERO @ VA %08x\n",
2579 pte,
pv->pv_va);
2580 panic("bad pte");
2581 }
2582
(kgdb) l *exit1+0x785
0xc0637e55 is in exit1 (machine/atomic.h:285).
280 machine/atomic.h: No such file or directory.
in machine/atomic.h
(kgdb) l *sys_exit+0x67
0xc06376c7 is at /usr/src/sys/kern/kern_exit.c:102.
97 void
98 sys_exit(struct thread *td, struct sys_exit_args *uap)
99 {
100
101 mtx_lock(&Giant);
102 exit1(td, W_EXITCODE(uap->rval, 0));
103 /* NOTREACHED */
104 }
105
106 /*
(kgdb) l *syscall+0x2b0
0xc0806d60 is in syscall (/usr/src/sys/i386/i386/trap.c:1006).
1001 if (error == 0) {
1002 td->td_retval[0] = 0;
1003 td->td_retval[1] = frame.tf_edx;
1004
1005 STOPEVENT(p, S_SCE, narg);
1006
1007 PTRACESTOP_SC(p, td, S_PT_SCE);
1008
1009 error = (*callp->sy_call)(td, args);
1010 }
(kgdb) l *Xint0x80_syscall+0x1d
0xc07f5eed is at {standard input}:146.
141 {standard input}: No such file or directory.
in {standard input}
(kgdb)
--
Regards / Hilsen
Eivind Olsen
<eivind at aminor.no>
More information about the freebsd-current
mailing list