6.0-release i386 sysctl panic
Gleb Kozyrev
gkozyrev at ukr.net
Sat Nov 19 22:59:32 GMT 2005
Hello, All!
After 14 days of uptime I ran "sysctl -a" and it triggered a panic.
In ddb:
=========Beginning of the citation==============
db> bt
Tracing pid 15840 tid 100071 td 0xc1553600
dev2udev(c20bf300,88,0,0,0) at dev2udev+0x11
sysctl_kern_ttys(c08d4500,0,0,cc865c04,c08d4500) at sysctl_kern_ttys+0xdf
sysctl_root(0,cc865c74,2,cc865c04,c1553600) at sysctl_root+0x107
userland_sysctl(c1553600,cc865c74,2,0,bfbfd5bc) at userland_sysctl+0xec
__sysctl(c1553600,cc865d04,6,a,296) at __sysctl+0x93
syscall(3b,3b,bfbf003b,2,bfbfd5bc) at syscall+0x2b7
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (202, FreeBSD ELF32, __sysctl), eip = 0x280b7a33, esp = 0xbfbfd52c,
ebp = 0xbfbfd568 ---
=========The end of the citation================
After call doadump() and reboot:
=========Beginning of the citation==============
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0xbf
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc05f46ed
stack pointer = 0x28:0xcc865b18
frame pointer = 0x28:0xcc865b18
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 15840 (sysctl)
Dumping 127 MB (3 chunks)
chunk 0: 1MB (159 pages) ... ok
chunk 1: 64MB (16381 pages) 49 33 17 ... ok
chunk 2: 63MB (16128 pages) 48 32 16
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc0468487 in db_fncall (dummy1=-1063902272, dummy2=0, dummy3=0, dummy4=0xcc865944 "pY\206ы\224C\177■\\Y\206ы`Y\206ы\222\a")
at /usr/src/sys/ddb/db_command.c:492
fn_addr = -1067198068
args = {1, 0, 545675548, -1065401452, -863610616, -863610612, 1938, 1938, 2, -1064703968}
nargs = 0
retval = 0
t = 0
#2 0xc046828c in db_command (last_cmdp=0xc09181c4, cmd_table=0x0, aux_cmd_tablep=0xc089589c, aux_cmd_tablep_end=0xc08958b8)
at /usr/src/sys/ddb/db_command.c:350
cmd = (struct command *) 0xc089e9c0
t = 0
modif =
"pY\206ы\224C\177■\\Y\206ы`Y\206ы\222\a\000\000▄\003\000\000\220Y\206ы\f\000\000\000|Y\206ы▄\003\000\000\200Y\206ыQЃ~■▄\003\000\000▄
\003\000\000\r\000\000\000мY\206ыBє~■\220Y\206ы▄\003\000\000\f\000\017\003x\000\000\000■\212\221■\f\000\000\000+Y\206ы\004?F■\235;\2
07■?\237F■\f\000\000\000■\212\221■│\227F■"
addr = -1063902272
count = 0
have_addr = 0
result = 0
#3 0xc0468354 in db_command_loop () at /usr/src/sys/ddb/db_command.c:458
No locals.
#4 0xc0469f61 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:221
jb = {{_jb = {-863610372, -863610392, -863610320, -863610152, 12, -1069113606,
12, -863610296, -1067089549, -1064761795, -1067089416, -863610316}}}
prev_jb = (void *) 0x0
bkpt = 0
#5 0xc065666b in kdb_trap (type=12, code=0, tf=0xcc865ad8) at /usr/src/sys/kern/subr_kdb.c:473
handled = -863610152
#6 0xc08104b0 in trap_fatal (frame=0xcc865ad8, eva=191) at /usr/src/sys/i386/i386/trap.c:822
eflags = 514
code = 514
type = 12
ss = 514
esp = 0
softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_xx = 2, ssd_xx1 = 2, ssd_def32 = 1,
ssd_gran = 1}
#7 0xc081021f in trap_pfault (frame=0xcc865ad8, usermode=0, eva=191) at /usr/src/sys/i386/i386/trap.c:742
va = 0
vm = (struct vmspace *) 0x0
map = 0xc1598708
rv = 1
ftype = 1 '\001'
td = (struct thread *) 0xc1553600
p = (struct proc *) 0xc155620c
#8 0xc080fe19 in trap (frame=
{tf_fs = -863633400, tf_es = 40, tf_ds = -863633368, tf_edi = -863609988, tf_esi = -1052413952, tf_ebp = -863610088, tf_isp
= -863610108, tf_ebx = -1052413952, tf_edx = -1039404288, tf_ecx = 0, tf_eax = -1, tf_trapno = 12, tf_err = 0, tf_eip = -1067497747,
tf_cs = 32, tf_eflags = 66182, tf_esp = -863609920, tf_ss = -1066996549}) at /usr/src/sys/i386/i386/trap.c:432
td = (struct thread *) 0xc1553600
p = (struct proc *) 0xc155620c
sticks = 3431357272
i = 0
ucode = 0
type = 12
code = 0
eva = 191
#9 0xc07ff31a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
No locals.
#10 0xc05f46ed in dev2udev (x=0xc20bf300) at /usr/src/sys/fs/devfs/devfs_vnops.c:1145
No locals.
#11 0xc066ecbb in sysctl_kern_ttys (oidp=0xc08d4500, arg1=0x0, arg2=0, req=0xcc865c04) at /usr/src/sys/kern/tty.c:3040
tp = (struct tty *) 0xc1457000
tp2 = (struct tty *) 0xc1457000
xt = {xt_size = 136, xt_rawcc = 0, xt_cancc = 0, xt_outcc = 0, xt_line = 0, xt_dev = 0, xt_state = 0, xt_flags = 0,
xt_timeout = 0, xt_pgid = 0,
xt_sid = 0, xt_termios = {c_iflag = 0, c_oflag = 0, c_cflag = 0, c_lflag = 0, c_cc = '\0' <repeats 19 times>, c_ispeed = 0,
c_ospeed = 0}, xt_winsize = {
ws_row = 0, ws_col = 0, ws_xpixel = 0, ws_ypixel = 0}, xt_column = 0, xt_rocount = 0, xt_rocol = 0, xt_ififosize = 0, xt_ihiwat
= 0, xt_ilowat = 0,
xt_ispeedwat = 0, xt_ohiwat = 0, xt_olowat = 0, xt_ospeedwat = 0}
error = -1052413952
#12 0xc0645c63 in sysctl_root (oidp=0x0, arg1=0x0, arg2=0, req=0xcc865c04) at /usr/src/sys/kern/kern_sysctl.c:1248
oid = (struct sysctl_oid *) 0xc08d4500
error = -1
indx = 2
lvl = -1
#13 0xc0645e60 in userland_sysctl (td=0xffffffff, name=0xcc865c74, namelen=2, old=0xcc865c04, oldlenp=0xbfbfd5bc, inkernel=0,
new=0x0, newlen=4294967295,
retval=0xcc865c70, flags=-1) at /usr/src/sys/kern/kern_sysctl.c:1347
error = -1077946948
req = {td = 0xc1553600, lock = 1, oldptr = 0x0, oldlen = 0, oldidx = 3536, oldfunc = 0xc06459a4 <sysctl_old_user>, newptr =
0x0, newlen = 0,
newidx = 0, newfunc = 0xc0645a10 <sysctl_new_user>, validlen = 0, flags = 0}
#14 0xc0645d03 in __sysctl (td=0xc1553600, uap=0xcc865d04) at /usr/src/sys/kern/kern_sysctl.c:1282
error = -1051368948
name = {1, 533, 1, 533, -1, -1, 0, -1048488688, -1051368948, 0, -1051380224, -863609636, -1067059971, -1051380224,
1, -863609668, -1051368948,
-1051380224, -863609544, -863609640, -1067068430, -1051380224, -1051368948, 0}
j = 10
#15 0xc08107ff in syscall (frame=
{tf_fs = 59, tf_es = 59, tf_ds = -1078001605, tf_edi = 2, tf_esi = -1077946948, tf_ebp = -1077947032, tf_isp = -863609500,
tf_ebx = 672367844, tf_edx = 0, tf_ecx = -1077944736, tf_eax = 202, tf_trapno = 0, tf_err = 2, tf_eip = 671840819, tf_cs = 51,
tf_eflags = 662, tf_esp = -1077947092, tf_ss = 59})
at /usr/src/sys/i386/i386/trap.c:976
params = 0xbfbfd530 <Address 0xbfbfd530 out of bounds>
callp = (struct sysent *) 0xc08cb8d8
td = (struct thread *) 0xc1553600
p = (struct proc *) 0xc155620c
orig_tf_eflags = 662
sticks = 10
error = 0
narg = 6
args = {-1077944736, 2, 0, -1077946948, 0, 0, -863609548, 672367844}
code = 202
#16 0xc07ff36f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200
No locals.
#17 0x00000033 in ?? ()
No symbol table info available.
Previous frame inner to this frame (corrupt stack?)
=========The end of the citation================
FreeBSD 6.0-RELEASE #0: Wed Nov 2 14:36:19 EET 2005 root at localhost.rusanovka:/usr/obj/usr/src/sys/DDB i386
Kernel:
=========Beginning of the citation==============
# GENERIC+DDB
include GENERIC
ident DDB-GENERIC
options KDB # Compile with kernel debugger related code.
options DDB # Enable the ddb debugger backend.
options BREAK_TO_DEBUGGER # A BREAK on a serial console goes to ddb, if available.
=========The end of the citation================
Dmesg:
=========Beginning of the citation==============
Copyright (c) 1992-2005 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 6.0-RELEASE #0: Wed Nov 2 14:36:19 EET 2005
root at localhost.rusanovka:/usr/obj/usr/src/sys/DDB
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Pentium II/Pentium II Xeon/Celeron (331.83-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x660 Stepping = 0
Features=0x183f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR>
real memory = 134217728 (128 MB)
avail memory = 121782272 (116 MB)
npx0: [FAST]
npx0: <math processor> on motherboard
npx0: INT 16 interface
acpi0: <PTLTD RSDT> on motherboard
acpi0: Power Button (fixed)
pci_link0: <ACPI PCI Link LNKA> irq 11 on acpi0
pci_link1: <ACPI PCI Link LNKB> on acpi0
pci_link2: <ACPI PCI Link LNKC> on acpi0
pci_link3: <ACPI PCI Link LNKD> irq 9 on acpi0
Timecounter "ACPI-safe" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x8008-0x800b on acpi0
cpu0: <ACPI CPU> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
agp0: <Intel 82443LX (440 LX) host to PCI bridge> mem 0xf8000000-0xfbffffff at device 0.0 on pci0
pcib1: <PCI-PCI bridge> at device 1.0 on pci0
pci1: <PCI bus> on pcib1
pci1: <display, VGA> at device 0.0 (no driver attached)
isab0: <PCI-ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel PIIX4 UDMA33 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x1420-0x142f at device 7.1 on pci0
ata0: <ATA channel 0> on atapci0
ata1: <ATA channel 1> on atapci0
uhci0: <Intel 82371AB/EB (PIIX4) USB controller> port 0x1400-0x141f irq 9 at device 7.2 on pci0
uhci0: [GIANT-LOCKED]
usb0: <Intel 82371AB/EB (PIIX4) USB controller> on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
pci0: <bridge> at device 7.3 (no driver attached)
rl0: <RealTek 8139 10/100BaseTX> port 0x1000-0x10ff mem 0xf4000000-0xf40000ff irq 11 at device 13.0 on pci0
miibus0: <MII bus> on rl0
rlphy0: <RealTek internal media interface> on miibus0
rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl0: Ethernet address: 00:02:44:77:b2:4b
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
speaker0: <PC speaker> port 0x61 on acpi0
fdc0: <floppy drive controller> port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
fdc0: does not respond
device_attach: fdc0 attach returned 6
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A, console
fdc0: <floppy drive controller> port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
fdc0: does not respond
device_attach: fdc0 attach returned 6
pmtimer0 on isa0
orm0: <ISA Option ROMs> at iomem 0xc0000-0xc7fff,0xe0000-0xe3fff,0xe4000-0xeffff on isa0
ppc0: parallel port not found.
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
sbc0: <ESS ES1868> at port 0x220-0x22f,0x388-0x38b,0x330-0x331 irq 5 drq 1,0 on isa0
sbc0: [GIANT-LOCKED]
pcm0: <ESS 18xx DSP> on sbc0
pcm0: [GIANT-LOCKED]
ata2: <Generic ESDI/IDE/ATA controller> at port 0x168-0x16f,0x36e-0x36f irq 12 on isa0
Timecounter "TSC" frequency 331831501 Hz quality 800
Timecounters tick every 1.000 msec
ad0: 114498MB <SAMSUNG SP1213N TL100-23> at ata0-master UDMA33
acd0: CDRW <PLEXTOR CD-R PX-W8432T/1.09> at ata1-master PIO4
Trying to mount root from ufs:/dev/ad0s1a
=========The end of the citation================
--
With best regards, Gleb Kozyrev.
More information about the freebsd-stable
mailing list