Bogus signal handler causes kernel panic (5.2.1-p8/i386)

Simon Barner barner at in.tum.de
Sat Jun 19 12:03:48 GMT 2004 

Hi,

I'll call that one patch3.

> Index: machdep.c
> ===================================================================
> RCS file: /home/ncvs/src/sys/i386/i386/machdep.c,v
> retrieving revision 1.590
> diff -u -2 -r1.590 machdep.c
> --- machdep.c	11 Jun 2004 11:16:22 -0000	1.590
> +++ machdep.c	19 Jun 2004 05:27:18 -0000
> @@ -1134,4 +1134,7 @@
>          }
> 
> +	/* XXX drop the FP state correctly, unlike in the next 3 statements. */
> +	fpstate_drop(td);
> +
>  	/*
>  	 * Initialize the math emulator (if any) for the current process.
> %%%

I was not sure whether to back out patch2 (against npx.c) before
applying patch3, so I tried both combinations.

Unfortunately, I have to refer you to the attached stack traces once
again :(

Anyway, thanks a lot for your time and effort!

Simon
-------------- next part --------------
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
panic: arithmetic trap
panic messages:
---
Fatal trap 6: arithmetic trap while in kernel mode
instruction pointer	= 0x8:0xc061671a
stack pointer	        = 0x10:0xcc43d9e4
frame pointer	        = 0x10:0xcc43d9e4
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= resume, IOPL = 0
current process		= 694 (a.out)
trap number		= 6
panic: arithmetic trap

syncing disks, buffers remaining... 800 800 800 800 800 800 800 800 800 800 800 800 800 800 800 800 800 800 800 800 
giving up on 589 buffers
Uptime: 1m16s
Dumping 192 MB
 16 32 48 64 80 96 112 128 144 160 176
---
Reading symbols from /usr/src/sys/i386/compile/KISTE/modules/usr/src/sys/modules/fdescfs/fdescfs.ko.debug...done.
Loaded symbols for /usr/src/sys/i386/compile/KISTE/modules/usr/src/sys/modules/fdescfs/fdescfs.ko.debug
Reading symbols from /boot/kernel/green_saver.ko...done.
Loaded symbols for /boot/kernel/green_saver.ko
#0  doadump () at ../../../kern/kern_shutdown.c:240
240		dumping++;
(kgdb) bt
#0  doadump () at ../../../kern/kern_shutdown.c:240
#1  0xc04f0cbb in boot (howto=256) at ../../../kern/kern_shutdown.c:372
#2  0xc04f0f91 in panic () at ../../../kern/kern_shutdown.c:550
#3  0xc0611f70 in trap_fatal (frame=0xcc43d9a4, eva=0)
    at ../../../i386/i386/trap.c:821
#4  0xc0611abc in trap (frame=
      {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 0, tf_esi = -1034840832, tf_ebp = -867968540, tf_isp = -867968560, tf_ebx = 514, tf_edx = -1034840832, tf_ecx = -867968368, tf_eax = -867968368, tf_trapno = 6, tf_err = 0, tf_eip = -1067358438, tf_cs = 8, tf_eflags = 65606, tf_esp = -867968524, tf_ss = -1067358516})
    at ../../../i386/i386/trap.c:618
#5  0xc0605998 in calltrap () at {standard input}:94
#6  0xc06166cc in npxsetregs (td=0x0, addr=0x0) at ../../../i386/isa/npx.c:963
#7  0xc060bd73 in set_fpcontext (td=0xc2519500, mcp=0x0)
    at ../../../i386/i386/machdep.c:2532
#8  0xc060a76a in sigreturn (td=0xc2519500, uap=0x0)
    at ../../../i386/i386/machdep.c:982
#9  0xc0612253 in syscall (frame=
      {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = -1077940888, tf_esi = -1077940880, tf_ebp = -1077940960, tf_isp = -867967628, tf_ebx = 1, tf_edx = 672409248, tf_ecx = 13, tf_eax = 417, tf_trapno = 22, tf_err = 2, tf_eip = -1077936211, tf_cs = 31, tf_eflags = 582, tf_esp = -1077941832, tf_ss = 47})
    at ../../../i386/i386/trap.c:1010
#10 0xc06059ed in Xint0x80_syscall () at {standard input}:136
---Can't read userspace from dump, or kernel process---

(kgdb) bt full
#0  doadump () at ../../../kern/kern_shutdown.c:240
No locals.
#1  0xc04f0cbb in boot (howto=256) at ../../../kern/kern_shutdown.c:372
No locals.
#2  0xc04f0f91 in panic () at ../../../kern/kern_shutdown.c:550
	td = (struct thread *) 0xc2519500
	bootopt = 256
	newpanic = 0
	ap = 0xcc43d94c "g\001e?"
	buf = "arithmetic trap", '\0' <repeats 240 times>
#3  0xc0611f70 in trap_fatal (frame=0xcc43d9a4, eva=0)
    at ../../../i386/i386/trap.c:821
	code = 16
	type = 6
	ss = 16
	esp = 0
	softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, 
  ssd_dpl = 0, ssd_p = 1, ssd_xx = 5, ssd_xx1 = 1, ssd_def32 = 1, ssd_gran = 1}
#4  0xc0611abc in trap (frame=
      {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 0, tf_esi = -1034840832, tf_ebp = -867968540, tf_isp = -867968560, tf_ebx = 514, tf_edx = -1034840832, tf_ecx = -867968368, tf_eax = -867968368, tf_trapno = 6, tf_err = 0, tf_eip = -1067358438, tf_cs = 8, tf_eflags = 65606, tf_esp = -867968524, tf_ss = -1067358516})
    at ../../../i386/i386/trap.c:618
---Type <return> to continue, or q <return> to quit---
	td = (struct thread *) 0xc2519500
	p = (struct proc *) 0xc251854c
	sticks = 3260122444
	i = 0
	ucode = 0
	type = 6
	code = 0
	eva = 0
#5  0xc0605998 in calltrap () at {standard input}:94
No locals.
#6  0xc06166cc in npxsetregs (td=0x0, addr=0x0) at ../../../i386/isa/npx.c:963
	s = 514
#7  0xc060bd73 in set_fpcontext (td=0xc2519500, mcp=0x0)
    at ../../../i386/i386/machdep.c:2532
	addr = (union savefpu *) 0xcc43da90
#8  0xc060a76a in sigreturn (td=0xc2519500, uap=0x0)
    at ../../../i386/i386/machdep.c:982
	uc = {uc_sigmask = {__bits = {0, 0, 0, 0}}, uc_mcontext = {
    mc_onstack = 0, mc_gs = 47, mc_fs = 47, mc_es = 47, mc_ds = 47, 
    mc_edi = -1077940888, mc_esi = -1077940880, mc_ebp = -1077940960, 
    mc_isp = -867967628, mc_ebx = 1, mc_edx = 672409248, mc_ecx = 13, 
    mc_eax = 1, mc_trapno = 12, mc_err = 2, mc_eip = 671874187, mc_cs = 31, 
    mc_eflags = 662, mc_esp = -1077941012, mc_ss = 47, mc_len = 640, 
    mc_fpformat = 65537, mc_ownedfp = 131074, mc_spare1 = {0}, mc_fpstate = {
---Type <return> to continue, or q <return> to quit---
      -60801, -65536, -1, 0, 0, 0, -65536, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
      1072726020, 0, -2147483648, 16355, 0, 1071874048, 40544256, -30851378, 
      1744846849, -1351024913, 1072994650, 0 <repeats 101 times>}, 
    mc_spare2 = {0, 0, 0, 0, 0, 0, 0, 0}}, uc_link = 0x0, uc_stack = {
    ss_sp = 0x0, ss_size = 0, ss_flags = 4}, uc_flags = 0, __spare__ = {0, 0, 
    0, 0}}
	p = (struct proc *) 0xc251854c
	regs = (struct trapframe *) 0xcc43dd48
	cs = 0
	eflags = 662
	error = 0
	ret = 0
#9  0xc0612253 in syscall (frame=
      {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = -1077940888, tf_esi = -1077940880, tf_ebp = -1077940960, tf_isp = -867967628, tf_ebx = 1, tf_edx = 672409248, tf_ecx = 13, tf_eax = 417, tf_trapno = 22, tf_err = 2, tf_eip = -1077936211, tf_cs = 31, tf_eflags = 582, tf_esp = -1077941832, tf_ss = 47})
    at ../../../i386/i386/trap.c:1010
	params = 0xbfbfe9bc---Can't read userspace from dump, or kernel process---
-------------- next part --------------
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
panic: arithmetic trap
panic messages:
---
Fatal trap 6: arithmetic trap while in kernel mode
instruction pointer	= 0x8:0xc061671a
stack pointer	        = 0x10:0xcbd139e4
frame pointer	        = 0x10:0xcbd139e4
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= resume, IOPL = 0
current process		= 655 (a.out)
trap number		= 6
panic: arithmetic trap

syncing disks, buffers remaining... 818 818 817 817 817 817 817 817 817 817 817 817 817 817 817 817 817 817 817 817 817 817 
giving up on 598 buffers
Uptime: 1m12s
Dumping 192 MB
 16 32 48 64 80 96 112 128 144 160 176
---
Reading symbols from /usr/src/sys/i386/compile/KISTE/modules/usr/src/sys/modules/fdescfs/fdescfs.ko.debug...done.
Loaded symbols for /usr/src/sys/i386/compile/KISTE/modules/usr/src/sys/modules/fdescfs/fdescfs.ko.debug
Reading symbols from /boot/kernel/green_saver.ko...done.
Loaded symbols for /boot/kernel/green_saver.ko
#0  doadump () at ../../../kern/kern_shutdown.c:240
240		dumping++;
(kgdb) bt
#0  doadump () at ../../../kern/kern_shutdown.c:240
#1  0xc04f0cbb in boot (howto=256) at ../../../kern/kern_shutdown.c:372
#2  0xc04f0f91 in panic () at ../../../kern/kern_shutdown.c:550
#3  0xc0611f70 in trap_fatal (frame=0xcbd139a4, eva=0)
    at ../../../i386/i386/trap.c:821
#4  0xc0611abc in trap (frame=
      {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 0, tf_esi = -1036587584, tf_ebp = -875480604, tf_isp = -875480624, tf_ebx = 514, tf_edx = -1036587584, tf_ecx = -875480432, tf_eax = -875480432, tf_trapno = 6, tf_err = 0, tf_eip = -1067358438, tf_cs = 8, tf_eflags = 65606, tf_esp = -875480588, tf_ss = -1067358516})
    at ../../../i386/i386/trap.c:618
#5  0xc0605998 in calltrap () at {standard input}:94
#6  0xc06166cc in npxsetregs (td=0x0, addr=0x0) at ../../../i386/isa/npx.c:954
#7  0xc060bd73 in set_fpcontext (td=0xc236edc0, mcp=0x0)
    at ../../../i386/i386/machdep.c:2532
#8  0xc060a76a in sigreturn (td=0xc236edc0, uap=0x0)
    at ../../../i386/i386/machdep.c:982
#9  0xc0612253 in syscall (frame=
      {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = -1077940888, tf_esi = -1077940880, tf_ebp = -1077940960, tf_isp = -875479692, tf_ebx = 1, tf_edx = 672409248, tf_ecx = 13, tf_eax = 417, tf_trapno = 22, tf_err = 2, tf_eip = -1077936211, tf_cs = 31, tf_eflags = 582, tf_esp = -1077941832, tf_ss = 47})
    at ../../../i386/i386/trap.c:1010
#10 0xc06059ed in Xint0x80_syscall () at {standard input}:136
---Can't read userspace from dump, or kernel process---

(kgdb) bt full
#0  doadump () at ../../../kern/kern_shutdown.c:240
No locals.
#1  0xc04f0cbb in boot (howto=256) at ../../../kern/kern_shutdown.c:372
No locals.
#2  0xc04f0f91 in panic () at ../../../kern/kern_shutdown.c:550
	td = (struct thread *) 0xc236edc0
	bootopt = 256
	newpanic = 0
	ap = 0xcbd1394c "g\001e?"
	buf = "arithmetic trap", '\0' <repeats 240 times>
#3  0xc0611f70 in trap_fatal (frame=0xcbd139a4, eva=0)
    at ../../../i386/i386/trap.c:821
	code = 16
	type = 6
	ss = 16
	esp = 0
	softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, 
  ssd_dpl = 0, ssd_p = 1, ssd_xx = 0, ssd_xx1 = 0, ssd_def32 = 1, ssd_gran = 1}
#4  0xc0611abc in trap (frame=
      {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 0, tf_esi = -1036587584, tf_ebp = -875480604, tf_isp = -875480624, tf_ebx = 514, tf_edx = -1036587584, tf_ecx = -875480432, tf_eax = -875480432, tf_trapno = 6, tf_err = 0, tf_eip = -1067358438, tf_cs = 8, tf_eflags = 65606, tf_esp = -875480588, tf_ss = -1067358516})
    at ../../../i386/i386/trap.c:618
---Type <return> to continue, or q <return> to quit---
	td = (struct thread *) 0xc236edc0
	p = (struct proc *) 0xc2523000
	sticks = 3260166144
	i = 0
	ucode = 0
	type = 6
	code = 0
	eva = 0
#5  0xc0605998 in calltrap () at {standard input}:94
No locals.
#6  0xc06166cc in npxsetregs (td=0x0, addr=0x0) at ../../../i386/isa/npx.c:954
	s = 514
#7  0xc060bd73 in set_fpcontext (td=0xc236edc0, mcp=0x0)
    at ../../../i386/i386/machdep.c:2532
	addr = (union savefpu *) 0xcbd13a90
#8  0xc060a76a in sigreturn (td=0xc236edc0, uap=0x0)
    at ../../../i386/i386/machdep.c:982
	uc = {uc_sigmask = {__bits = {0, 0, 0, 0}}, uc_mcontext = {
    mc_onstack = 0, mc_gs = 47, mc_fs = 47, mc_es = 47, mc_ds = 47, 
    mc_edi = -1077940888, mc_esi = -1077940880, mc_ebp = -1077940960, 
    mc_isp = -875479692, mc_ebx = 1, mc_edx = 672409248, mc_ecx = 13, 
    mc_eax = 1, mc_trapno = 12, mc_err = 2, mc_eip = 671874187, mc_cs = 31, 
    mc_eflags = 662, mc_esp = -1077941012, mc_ss = 47, mc_len = 640, 
    mc_fpformat = 65537, mc_ownedfp = 131074, mc_spare1 = {0}, mc_fpstate = {
---Type <return> to continue, or q <return> to quit---
      -60801, -65536, -1, 0, 0, 0, -65536, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
      1072726020, 0, -2147483648, 16355, 0, 1071874048, 177295360, -26509676, 
      -805289983, 1914524621, 1072946227, 0 <repeats 101 times>}, mc_spare2 = {
      0, 0, 0, 0, 0, 0, 0, 0}}, uc_link = 0x0, uc_stack = {ss_sp = 0x0, 
    ss_size = 0, ss_flags = 4}, uc_flags = 0, __spare__ = {0, 0, 0, 0}}
	p = (struct proc *) 0xc2523000
	regs = (struct trapframe *) 0xcbd13d48
	cs = 0
	eflags = 662
	error = 0
	ret = 0
#9  0xc0612253 in syscall (frame=
      {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = -1077940888, tf_esi = -1077940880, tf_ebp = -1077940960, tf_isp = -875479692, tf_ebx = 1, tf_edx = 672409248, tf_ecx = 13, tf_eax = 417, tf_trapno = 22, tf_err = 2, tf_eip = -1077936211, tf_cs = 31, tf_eflags = 582, tf_esp = -1077941832, tf_ss = 47})
    at ../../../i386/i386/trap.c:1010
	params = 0xbfbfe9bc---Can't read userspace from dump, or kernel process---
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: Digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040619/544fc6d5/attachment.bin

More information about the freebsd-current mailing list