i386/79288: System crash (with core)

Dariusz Kulinski takeda at takeda.tk
Sun Mar 27 14:50:05 PST 2005 

>Number:         79288
>Category:       i386
>Synopsis:       System crash (with core)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-i386
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar 27 22:50:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Dariusz Kulinski
>Release:        FreeBSD 5.3-RELEASE-p5 i386
>Organization:
>Environment:
System: FreeBSD chinatsu.takeda.tk 5.3-RELEASE-p5 FreeBSD 5.3-RELEASE-p5 #6: Mon Jan 24 15:50:04 PST 2005 root at chinatsu.takeda.tk:/usr/obj/usr/src/sys/CHINATSU i386


	
>Description:
Here is result from console:
db> panic
panic: from debugger
KDB: stack backtrace:
kdb_backtrace(c06d09c4,c0725520,c06c3f8d,cbd25a28,cbd25a1c) at kdb_backtrace+0x2e
panic(c06c3f8d,cbd25ae0,c0441b92,c04e9d3f,0) at panic+0xb7
db_panic(c04e9d3f,0,ffffffff,cbd25a54,cbd25a50) at db_panic+0x12
db_command(c071bf24,c06ee960,c06ea7fc,c06ea800,cbd25b4c) at db_command+0x2b2
db_command_loop(c04e9d3f,0,2,313200,0) at db_command_loop+0x75
db_trap(c,0,10,cbd25b98,c069e014) at db_trap+0xe5
kdb_trap(c,0,cbd25be4,1,1) at kdb_trap+0x77
trap_fatal(cbd25be4,d15b2c64,c27d2500,0,d15b2c64) at trap_fatal+0x2e4
trap(c1b40018,10,c1820010,0,0) at trap+0x113
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0xc04e9d3f, esp = 0xcbd25c24, ebp = 0xcbd25c44 ---
sigtd(c18f68d4,e,81,c18f68d4,cbd25c94) at sigtd+0xaf
psignal(c18f68d4,e,c050b0a0,c1b41640,ffffffff) at psignal+0x4b
realitexpire(c18f68d4,0,cbd25cb8,2119bc,fb59fafe) at realitexpire+0x60
softclock(0,0,0,0,0) at softclock+0x26e
ithread_loop(c14dd580,cbd25d48,0,0,0) at ithread_loop+0x1b8
fork_exit(c04cbd20,c14dd580,cbd25d48) at fork_exit+0x80
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip = 0, esp = 0xcbd25d7c, ebp = 0 ---

>From dmesg log:
kernel trap 12 with interrupts disabled


Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0xd15b2c64
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc04e9d3f
stack pointer           = 0x10:0xcbd25c24
frame pointer           = 0x10:0xcbd25c44
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = resume, IOPL = 0
current process         = 27 (swi5: clock sio)
panic: from debugger
KDB: stack backtrace:
Uptime: 25d2h34m36s
Dumping 255 MB
 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240
Dump complete
Automatic reboot in 15 seconds - press a key on the console to abort
--> Press a key on the console to reboot,
--> or switch off the system now.
Rebooting...

>From kgdb:
[chinatsu]:/var/crash# kgdb /usr/obj/usr/src/sys/CHINATSU/kernel.debug vmcore.2
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
doadump () at pcpu.h:159
(kgdb) bt
#0  doadump () at pcpu.h:159
#1  0xc04e6024 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:397
#2  0xc04e63d9 in panic (fmt=0xc06c3f8d "from debugger") at /usr/src/sys/kern/kern_shutdown.c:553
#3  0xc0441c22 in db_panic (addr=-1068589761, have_addr=0, count=-1, modif=0xcbd25a54 "")
    at /usr/src/sys/ddb/db_command.c:435
#4  0xc0441b92 in db_command (last_cmdp=0xc071bf24, cmd_table=0x0, aux_cmd_tablep=0xc06ea7fc, aux_cmd_tablep_end=0xc06ea800)
    at /usr/src/sys/ddb/db_command.c:349
#5  0xc0441ca5 in db_command_loop () at /usr/src/sys/ddb/db_command.c:455
#6  0xc0443df5 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:221
#7  0xc0503b87 in kdb_trap (type=0, code=0, tf=0xcbd25be4) at /usr/src/sys/kern/subr_kdb.c:418
#8  0xc069e014 in trap_fatal (frame=0xcbd25be4, eva=0) at /usr/src/sys/i386/i386/trap.c:804
#9  0xc069d633 in trap (frame=
      {tf_fs = -1045168104, tf_es = 16, tf_ds = -1048444912, tf_edi = 0, tf_esi = 0, tf_ebp = -875406268, tf_isp = -875406320, tf_ebx = -1030312432, tf_edx = 8192, tf_ecx = 13, tf_eax = -782554012, tf_trapno = 12, tf_err = 0, tf_eip = -1068589761, tf_cs = 8, tf_eflags = 65666, tf_esp = 0, tf_ss = -1051819632}) at /usr/src/sys/i386/i386/trap.c:247
#10 0xc068ad7a in calltrap () at /usr/src/sys/i386/i386/exception.s:140
#11 0xc1b40018 in ?? ()
#12 0x00000010 in ?? ()
#13 0xc1820010 in ?? ()
#14 0x00000000 in ?? ()
#15 0x00000000 in ?? ()
#16 0xcbd25c44 in ?? ()
#17 0xcbd25c10 in ?? ()
#18 0xc296ae10 in ?? ()
#19 0x00002000 in ?? ()
#20 0x0000000d in ?? ()
#21 0xd15b2c64 in ?? ()
#22 0x0000000c in ?? ()
#23 0x00000000 in ?? ()
#24 0xc04e9d3f in sigtd (p=0xc18f68d4, sig=14, prop=129) at /usr/src/sys/kern/kern_sig.c:1581
#25 0xc04e9e2b in psignal (p=0x0, sig=14) at /usr/src/sys/kern/kern_sig.c:1634
#26 0xc04f5170 in realitexpire (arg=0xc18f68d4) at /usr/src/sys/kern/kern_time.c:554
#27 0xc04f595e in softclock (dummy=0x0) at /usr/src/sys/kern/kern_timeout.c:259
#28 0xc04cbed8 in ithread_loop (arg=0xc14dd580) at /usr/src/sys/kern/kern_intr.c:547
#29 0xc04cac10 in fork_exit (callout=0xc04cbd20 <ithread_loop>, arg=0x0, frame=0x0) at /usr/src/sys/kern/kern_fork.c:811
#30 0xc068addc in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:209
(kgdb) frame 24
#24 0xc04e9d3f in sigtd (p=0xc18f68d4, sig=14, prop=129) at /usr/src/sys/kern/kern_sig.c:1581
1581                    if (td->td_waitset != NULL &&
(kgdb) list 1528
1523                            p->p_sig = sig;         /* XXX to verify code */
1524                            sigexit(td, sig);
1525                    } else {
1526                            cpu_thread_siginfo(sig, code, &siginfo);
1527                            mtx_unlock(&ps->ps_mtx);
1528                            SIGADDSET(td->td_sigmask, sig);
1529                            PROC_UNLOCK(p);
1530                            error = copyout(&siginfo, &td->td_mailbox->tm_syncsig,
1531                                sizeof(siginfo));
1532                            PROC_LOCK(p);
(kgdb) p td
$1 = (struct thread *) 0xc296ae10
(kgdb) p (struct thread *)td
$2 = (struct thread *) 0xc296ae10
(kgdb) p td->td_sigmask
$3 = {__bits = {159751, 0, 0, 0}}
(kgdb) p sig
$4 = 14
(kgdb)

>How-To-Repeat:
No idea, it just happens
>Fix:
No idea how to fix it

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-i386 mailing list