kern/72234: kqueue + EVFILT_TIMER = kernel panic
Aleksey Pesternikov
apesternikov at yahoo.com
Fri Oct 1 11:00:45 PDT 2004
>Number: 72234
>Category: kern
>Synopsis: kqueue + EVFILT_TIMER = kernel panic
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Oct 01 18:00:45 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Aleksey Pesternikov
>Release: 5.3-BETA6
>Organization:
>Environment:
FreeBSD x2.reveredata.com 5.3-BETA6 FreeBSD 5.3-BETA6 #8: Thu Sep 30 16:22:11 PDT 2004 root at x2.reveredata.com:/usr/src/sys/i386/compile/X2 i386
kernel configuration:
include GENERIC
ident X2
options VFS_AIO
options HZ=1000
options SHMMAXPGS=65536
options SEMMNI=40
options SEMMNS=240
options SEMUME=40
options SEMMNU=120
FreeBSD loki.reveredata.com 5.3-BETA6 FreeBSD 5.3-BETA6 #3: Mon Sep 27 19:33:45 EDT 2004 root at loki.reveredata.com:/usr/obj/usr/src/sys/LOKI i386
kernel configuration:
include GENERIC
ident LOKI
options HZ=1000
options NMBCLUSTERS=65535
>Description:
After executing attached program (several times?) both systems crashes:
kernel trap 12 with interrupts disabled
Fatal trap 12: page fault while in kernel mode
cpuid=0; apic id = 00
fault virtual address = 0x108
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc0649b14
stack pointer = 0x10:0xe4de6c5c
frame pointer = 0x10:0xe4de6c74
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = resume, IOPL = 0
current process = 36 (swi5: clock sio)
trap number = 12
panic: page fault
cpuid = 0
Uptime: 16h12m13s
Looks like a kernel does not clear (timer related?) kqueue structures related to process after the process exits or has been killed.
The bug appeared sometimes after 5.2.1
>How-To-Repeat:
The problem is 100% reproduceable:
#include <sys/types.h>
#include <sys/event.h>
#include <sys/time.h>
#include <assert.h>
int main(int argc, char* argv[])
{
int kq;
struct kevent ke;
assert((kq=kqueue())!=-1);
EV_SET(&ke, 12345, EVFILT_TIMER, EV_ADD/*|EV_ONESHOT*/,0, 1000/*msec*/, 0);
assert(kevent(kq, &ke, 1, NULL, 0, NULL)==0);
return 0;
}
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list