kern/52198: Kernel trap 12 when debugging fork() with ald [/usr/ports/devel/ald]

Lolownia lolownia at polbox.com
Tue May 13 15:40:11 PDT 2003


>Number:         52198
>Category:       kern
>Synopsis:       Kernel trap 12 when debugging fork() with ald [/usr/ports/devel/ald]
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 13 15:40:08 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Lolownia
>Release:        FreeBSD 5.0-RELEASE-p7 i386
>Organization:
>Environment:
System: FreeBSD mistress 5.0-RELEASE-p7 FreeBSD 5.0-RELEASE-p7 #0: Sun Apr 27 12:00:07 CEST 2003 root at mistress:/usr/src/sys/i386/compile/NIGDY i386

5.0 Release upgraded from cvsup.


Almost GENERIC kernel:
diff GENERIC OHBUGGER 
25c25
< ident         GENERIC
---
> ident         OHBUGGER
62,63c62,63
< #options      DDB                     #Enable the kernel debugger
< #options      INVARIANTS              #Enable calls of extra sanity checking
---
> options       DDB                     #Enable the kernel debugger
> options       INVARIANTS              #Enable calls of extra sanity checking
65c65
< #options      WITNESS                 #Enable checks to detect deadlocks and c                                           ycles
---
> options       WITNESS                 #Enable checks to detect deadlocks and c                                           ycles
142a143,146
> options SC_NORM_ATTR=(FG_WHITE|BG_BLACK)
> options SC_NORM_REV_ATTR=(FG_BLACK|BG_LIGHTGREY)
> options SC_KERNEL_CONS_ATTR=(FG_LIGHTRED|BG_BLACK)
> options SC_HISTORY_SIZE=800
235a240,241
> 
> device                pcm

Dmesg:

Copyright (c) 1992-2003 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD 5.0-RELEASE-p7 #0: Mon May 12 19:56:02 CEST 2003
    root at mistress:/usr/obj/usr/src/sys/OHBUGGER
Preloaded elf kernel "/boot/bugger/kernel" at 0xc06e1000.
Timecounter "i8254"  frequency 1193182 Hz
Timecounter "TSC"  frequency 601366331 Hz
CPU: Pentium III/Pentium III Xeon/Celeron (601.37-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x683  Stepping = 3
  Features=0x383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
real memory  = 134217728 (128 MB)
avail memory = 122982400 (117 MB)
Initializing GEOMetry subsystem
Pentium Pro MTRR support enabled
npx0: <math processor> on motherboard
npx0: INT 16 interface
Using $PIR table, 9 entries at 0xc00fde70
pcib0: <Intel 82443BX (440 BX) host to PCI bridge> at pcibus 0 on motherboard
pci0: <PCI bus> on pcib0
agp0: <Intel 82443BX (440 BX) host to PCI bridge> mem 0xd8000000-0xdbffffff at device 0.0 on pci0
pcib1: <PCIBIOS PCI-PCI bridge> at device 1.0 on pci0
pci1: <PCI bus> on pcib1
pci1: <display, VGA> at device 0.0 (no driver attached)
isab0: <PCI-ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel PIIX4 ATA33 controller> port 0xf000-0xf00f at device 7.1 on pci0
ata0: at 0x1f0 irq 14 on atapci0
ata1: at 0x170 irq 15 on atapci0
uhci0: <Intel 82371AB/EB (PIIX4) USB controller> port 0xc000-0xc01f irq 9 at device 7.2 on pci0
usb0: <Intel 82371AB/EB (PIIX4) USB controller> on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
ugen0: OmniVision OV511+ Camera, rev 1.00/1.00, addr 2
ulpt0: Hewlett-Packard DeskJet 840C, rev 1.00/1.00, addr 3, iclass 7/1
ulpt0: using bi-directional mode
pci0: <bridge, PCI-unknown> at device 7.3 (no driver attached)
pci0: <simple comms, UART> at device 11.0 (no driver attached)
rl0: <RealTek 8139 10/100BaseTX> port 0xc400-0xc4ff mem 0xdf010000-0xdf0100ff irq 11 at device 13.0 on pci0
rl0: Realtek 8139B detected. Warning, this may be unstable in autoselect mode
rl0: Ethernet address: 00:02:44:29:5e:d3
miibus0: <MII bus> on rl0
rlphy0: <RealTek internal media interface> on miibus0
rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
pcm0: <Creative EMU10K1> port 0xc800-0xc81f irq 5 at device 15.0 on pci0
atapci1: <HighPoint HPT370 ATA100 controller> port 0xe000-0xe0ff,0xdc00-0xdc03,0xd800-0xd807,0xd400-0xd403,0xd000-0xd007 irq 11 at device 19.0 on pci0
ata2: at 0xd000 on atapci1
ata3: at 0xd800 on atapci1
orm0: <Option ROM> at iomem 0xc0000-0xcb7ff on isa0
pmtimer0 on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x64,0x60 on isa0
atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
kbd0 at atkbd0
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: model MouseMan+, device ID 0
fdc0: <Enhanced floppy controller (i82077, NE72065 or clone)> at port 0x3f7,0x3f0-0x3f5 irq 6 drq 2 on isa0
fdc0: FIFO enabled, 8 bytes threshold
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
ppc0: Generic chipset (EPP/NIBBLE) in COMPATIBLE mode
plip0: <PLIP network interface> on ppbus0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A
sio1 at port 0x2f8-0x2ff irq 3 on isa0
sio1: type 16550A
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
unknown: <PNP0303> can't assign resources (port)
unknown: <PNP0a03> can't assign resources (port)
unknown: <PNP0f13> can't assign resources (irq)
unknown: <PNP0501> can't assign resources (port)
unknown: <PNP0700> can't assign resources (port)
unknown: <PNP0400> can't assign resources (port)
unknown: <PNP0501> can't assign resources (port)
Timecounters tick every 10.000 msec
ad4: 38166MB <WDC WD400BB-00DEA0> [77545/16/63] at ata2-master UDMA100
ad5: 12949MB <IBM-DJNA-371350> [26310/16/63] at ata2-slave UDMA66
acd0: CD-RW <CR-4802TE> at ata0-master PIO3
acd1: CDROM <TOSHIBA CD-ROM XM-6702B> at ata0-slave PIO4
MBREXT Slice 5 on ad4s4:
0000   00 0f ff ff 83 0f ff ff 3f 00 00 00 91 01 a0 00  |........?.......|
[0] f:00 typ:131 s(CHS):255/15/255 e(CHS):255/15/255 s:63 l:10486161
0000   00 0f ff ff 05 0f ff ff d0 01 a0 00 a0 03 40 01  |.............. at .|
[1] f:00 typ:5 s(CHS):255/15/255 e(CHS):255/15/255 s:10486224 l:20972448
MBREXT Slice 6 on ad4s4:
0000   00 0f ff ff a5 0f ff ff 3f 00 00 00 61 03 40 01  |........?...a. at .|
[0] f:00 typ:165 s(CHS):255/15/255 e(CHS):255/15/255 s:63 l:20972385
0000   00 0f ff ff 05 0f ff ff 70 05 e0 01 90 dd 26 02  |........p.....&.|
[1] f:00 typ:5 s(CHS):255/15/255 e(CHS):255/15/255 s:31458672 l:36101520
MBREXT Slice 7 on ad4s4:
0000   00 0f ff ff 0b 0f ff ff 3f 00 00 00 51 dd 26 02  |........?...Q.&.|
[0] f:00 typ:11 s(CHS):255/15/255 e(CHS):255/15/255 s:63 l:36101457
0000   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |................|
[1] f:00 typ:0 s(CHS):0/0/0 e(CHS):0/0/0 s:0 l:0
Mounting root from ufs:/dev/ad4s3c
lock order reversal
 1st 0xc19d3788 process lock (process lock) @ /usr/src/sys/kern/kern_descrip.c:2112
 2nd 0xc19a6a34 filedesc structure (filedesc structure) @ /usr/src/sys/kern/kern_descrip.c:2119



$ gcc -v
Using built-in specs.
Configured with: FreeBSD/i386 system compiler
Thread model: posix
gcc version 3.2.1 [FreeBSD] 20021119 (release)
$ as -v
GNU assembler version 2.13.2 [FreeBSD] 2002-11-27 (i386-obrien-freebsd5.0) using BFD version 2.13.2 [FreeBSD] 2002-11-27

$ ald -v
Assembly Language Debugger 0.1.0
Copyright (C) 2000-2002 Patrick Alken

ald version:       0.1.0
libDebug version:  0.1.0
libOp version:     0.1.0
libString version: 1.0.0


>Description:
	I used ald to debug simple code:
	[/usr/ports/devel/ald]$ cat pkg-descr 
	This is a port of ALD - the Assembly Language Debugger. It provides
	breakpoint debugging capabilities to those wishing to debug their
	assembly language programs. Currently, x86 platforms are supported.
	
	When stepping through simple assembler program with fork() syscall,
	system drops into DDB
	db> trace
	sw1b(2f,2f,2f,bfbff64c,bfbff654) at sw1b+0xa9
	fork_trampoline() at fork_trampoline
	--- trap 0xa, eip = 0x804849c, esp = 0xbfbff628, ebp = 0xbfbff644 ---
	db> show object
	Object 0xc04ac752: type=131, size=0x10eb000000b0a364, res=-2097741824, ref=24905
	042, flags=0x5a04


	Fatal trap 12: page fault while in kernel mode
	fault virtual address   = 0x270
	fault code              = supervisor read, page not present
	instruction pointer     = 0x8:0xc046e54d
	stack pointer           = 0x10:0xcd175b5c
	frame pointer           = 0x10:0xcd175b84
	code segment            = base 0x0, limit 0xfffff, type 0x1b
	                        = DPL 0, pres 1, def32 1, gran 1
							processor eflags        = resume, IOPL = 0
							current process         = 535 (ald)
							kernel: type 12 trap, code=0
							Stopped at      sw1b+0xa9:      movl    %ecx,%fs:0
							
	On system with all debugging turned off (no DDB,INVARIANTS,INVARIANT_SUPPORT,
	INVARIANTS, or WITNESS) it reboots.

	

>How-To-Repeat:
	install ald:
	# cd /usr/ports/devel/ald
	# make install clean

	As normal user:
	compile a simple code:
	$ cat code.S

	.text
	.global main
	main:
		movb $2, %al
		int $0x80
	$ gcc -o code code.S
	$ ald ./code
	in ald:
	break main
	run
	step
	step
	step
		- at the int $0x80 this should occur.
					
>Fix:

	No idea.

>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list