panic (page fault) in poll (on pipe)
Brian Fundakowski Feldman
green at FreeBSD.org
Mon Feb 9 20:57:02 PST 2004
Please note that the poll(2) call only had one valid file descriptor (the
others were marked POLLNVAL), and that one is a pipe. Locking bug? New
pipe bug? I'd love it if someone had an idea :-/ Only one day of uptime
before I saw this one, on a brand new kernel.
-------------- next part --------------
Script started on Mon Feb 9 23:51:53 2004
{"/home/crash"}# gdb -k /usr/src/sys/i386/compile/GREEN/kernel.debug vmcore.
{"/home/crash"}# le/GREEN/kernel.debug vmcore.0 <��������������������������������
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address = 0xdeadc0e6
fault code = supervisor write, page not present
instruction pointer = 0x8:0xc04cab65
stack pointer = 0x10:0xd8c0fb84
frame pointer = 0x10:0xd8c0fb98
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 33167 (mozilla-bin)
trap number = 12
panic: page fault
at line 819 in file ../../../i386/i386/trap.c
cpuid = 1;
Stack backtrace:
backtrace(c063b6fb,1,333,c064b767,100) at backtrace+0x17
__panic(c064b767,333,c064184c,c064b5a0,1) at __panic+0x14f
trap_fatal(d8c0fb44,deadc0e6,2,0,c32e8a80) at trap_fatal+0x326
trap_pfault(d8c0fb44,0,deadc0e6,c06ace00,deadc0e6) at trap_pfault+0x1b7
trap(18,10,10,c32e8a80,0) at trap+0x30c
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0xc04cab65, esp = 0xd8c0fb84, ebp = 0xd8c0fb98 ---
clear_selinfo_list(c32e8a80,0,c0630474,3ec,18) at clear_selinfo_list+0x35
poll(c32e8a80,d8c0fd14,c,438,3) at poll+0x474
syscall(2f,2f,2f,80c8c00,ffffffff) at syscall+0x272
Xint0x80_syscall() at Xint0x80_syscall+0x1d
--- syscall (209), eip = 0x288e890f, esp = 0xbfaedc94, ebp = 0xbfaedcb0 ---
boot() called on cpu#1
Uptime: 23h48m56s
Dumping 511 MB
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x0
fault code = supervisor read, page not present
instruction pointer = 0x8:0x0
stack pointer = 0x10:0xd523acc0
frame pointer = 0x10:0xd523ace4
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 41 (swi7: task queue)
trap number = 12
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480[CTRL-C to abort] [CTRL-C to abort] 496[CTRL-C to abort]
---
Reading symbols from /boot/kernel/if_dc.ko...done.
Loaded symbols for /boot/kernel/if_dc.ko
Reading symbols from /boot/kernel/miibus.ko...done.
Loaded symbols for /boot/kernel/miibus.ko
Reading symbols from /boot/kernel/if_xl.ko...done.
Loaded symbols for /boot/kernel/if_xl.ko
Reading symbols from /boot/kernel/snd_pcm.ko...done.
Loaded symbols for /boot/kernel/snd_pcm.ko
Reading symbols from /boot/kernel/snd_cmi.ko...done.
Loaded symbols for /boot/kernel/snd_cmi.ko
Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/usb/usb.ko.debug...done.
Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/usb/usb.ko.debug
Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/uhid/uhid.ko.debug...done.
Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/uhid/uhid.ko.debug
Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/ums/ums.ko.debug...done.
Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/ums/ums.ko.debug
Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/umass/umass.ko.debug...done.
Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/umass/umass.ko.debug
Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/cam/cam.ko.debug...done.
Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/cam/cam.ko.debug
Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/agp/agp.ko.debug...done.
Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/agp/agp.ko.debug
Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/random/random.ko.debug...done.
Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/random/random.ko.debug
Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done.
Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/acpi/acpi.ko.debug
Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/procfs/procfs.ko.debug...done.
Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/procfs/procfs.ko.debug
Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/pseudofs/pseudofs.ko.debug...done.
Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/pseudofs/pseudofs.ko.debug
Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/fdescfs/fdescfs.ko.debug...done.
Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/fdescfs/fdescfs.ko.debug
Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/ntfs/ntfs.ko.debug...done.
Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/ntfs/ntfs.ko.debug
Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/linprocfs/linprocfs.ko.debug...done.
Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/linprocfs/linprocfs.ko.debug
Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/linux/linux.ko.debug...done.
Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/linux/linux.ko.debug
Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/nfsclient/nfsclient.ko.debug...done.
Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/nfsclient/nfsclient.ko.debug
Reading symbols from /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/nfsserver/nfsserver.ko.debug...done.
Loaded symbols for /usr/src/sys/i386/compile/GREEN/modules/usr/src/sys/modules/nfsserver/nfsserver.ko.debug
Reading symbols from /boot/kernel/green_saver.ko...done.
Loaded symbols for /boot/kernel/green_saver.ko
#0 doadump () at ../../../kern/kern_shutdown.c:240
240 dumping++;
(kgdb) p ���[Kbt
#0 doadump () at ../../../kern/kern_shutdown.c:240
#1 0xc049f463 in boot (howto=0x104) at ../../../kern/kern_shutdown.c:374
#2 0xc049f86b in __panic () at ../../../kern/kern_shutdown.c:552
#3 0xc06037a6 in trap_fatal (frame=0xd8c0fb44, eva=0x0) at ../../../i386/i386/trap.c:819
#4 0xc0603457 in trap_pfault (frame=0xd8c0fb44, usermode=0x0, eva=0xdeadc0e6) at ../../../i386/i386/trap.c:733
#5 0xc060304c in trap (frame=
{tf_fs = 0x18, tf_es = 0x10, tf_ds = 0x10, tf_edi = 0xc32e8a80, tf_esi = 0x0, tf_ebp = 0xd8c0fb98, tf_isp = 0xd8c0fb70, tf_ebx = 0xc32e8a80, tf_edx = 0xc32e8a80, tf_ecx = 0x1, tf_eax = 0xdeadc0de, tf_trapno = 0xc, tf_err = 0x2, tf_eip = 0xc04cab65, tf_cs = 0x8, tf_eflags = 0x10286, tf_esp = 0xc06ace00, tf_ss = 0x1}) at ../../../i386/i386/trap.c:420
#6 0xc04cab65 in clear_selinfo_list (td=0xc32e8a80) at ../../../kern/sys_generic.c:1139
#7 0xc04ca904 in poll (td=0xc32e8a80, uap=0xd8c0fd14) at ../../../kern/sys_generic.c:1037
#8 0xc0603ae2 in syscall (frame=
{tf_fs = 0x2f, tf_es = 0x2f, tf_ds = 0x2f, tf_edi = 0x80c8c00, tf_esi = 0xffffffff, tf_ebp = 0xbfaedcb0, tf_isp = 0xd8c0fd74, tf_ebx = 0x2818947c, tf_edx = 0x8d5a5e0, tf_ecx = 0x0, tf_eax = 0xd1, tf_trapno = 0x16, tf_err = 0x2, tf_eip = 0x288e890f, tf_cs = 0x1f, tf_eflags = 0x286, tf_esp = 0xbfaedc94, tf_ss = 0x2f}) at ../../../i386/i386/trap.c:1008
#9 0x288e890f in ?? ()
---Can't read userspace from dump, or kernel process---
(kgdb) frame 7
#7 0xc04ca904 in poll (td=0xc32e8a80, uap=0xd8c0fd14) at ../../../kern/sys_generic.c:1037
1037 clear_selinfo_list(td);
(kgdb) p td->td_proc->p_comm
$1 = "mozilla-bin\0\0\0\0\0\0\0\0"
(kgdb) p td->td_selq
$2 = {tqh_first = 0xc44a4c0c, tqh_last = 0xc44a4c0c}
(kgdb) p td->td_selq.tqh_first
$3 = (struct selinfo *) 0xc44a4c0c
(kgdb) p td->td_selq.tqh_first[0]
$4 = {si_thrlist = {tqe_next = 0xdeadc0de, tqe_prev = 0xc32e8ab0}, si_thread = 0x0, si_note = {
slh_first = 0xdeadc0de}, si_flags = 0xc0de}
(kgdb) p *(struct pipe *)td->r� �td_proc->p_fd->fd_ofiles[6]->f_data
$5 = {pipe_buffer = {cnt = 0x1, in = 0x1, out = 0x0, size = 0x4000, buffer = 0xd3589000 "8888"}, pipe_map = {
kva = 0x0, cnt = 0x0, pos = 0x0, npages = 0x0, ms = {0x0 <repeats 17 times>}}, pipe_sel = {si_thrlist = {
tqe_next = 0xc44a4c0c, tqe_prev = 0xc32e8ab0}, si_thread = 0x0, si_note = {slh_first = 0x0}, si_flags = 0x0},
pipe_atime = {tv_sec = 0x402847c5, tv_nsec = 0x0}, pipe_mtime = {tv_sec = 0x402847c5, tv_nsec = 0x0}, pipe_ctime = {
tv_sec = 0x402845bc, tv_nsec = 0x0}, pipe_sigio = 0x0, pipe_peer = 0xc3c9352c, pipe_pair = 0xc3c93480,
pipe_state = 0x800, pipe_busy = 0x0, pipe_present = 0x1}
(kgdb) p $5.pipe_sel.si_thrlist.tqe_next
$6 = (struct selinfo *) 0xc44a4c0c
(kgdb) p *$5.pipe_peer
$7 = {pipe_buffer = {cnt = 0x0, in = 0x0, out = 0x0, can not access 0xd358d000, invalid address (d358d000)
can not access 0xd358d000, invalid address (d358d000)
can not access 0xd358d000, invalid address (d358d000)
can not access 0xd358d000, invalid address (d358d000)
can not access 0xd358d000, invalid address (d358d000)
can not access 0xd358d000, invalid address (d358d000)
size = 0x4000,
buffer = 0xd358d000 <Address 0xd358d000 out of bounds>}, pipe_map = {kva = 0x0, cnt = 0x0, pos = 0x0,
npages = 0x0, ms = {0x0 <repeats 17 times>}}, pipe_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0},
si_thread = 0x0, si_note = {slh_first = 0x0}, si_flags = 0x0}, pipe_atime = {tv_sec = 0x402845bc, tv_nsec = 0x0},
pipe_mtime = {tv_sec = 0x402845bc, tv_nsec = 0x0}, pipe_ctime = {tv_sec = 0x402845bc, tv_nsec = 0x0},
pipe_sigio = 0x0, pipe_peer = 0xc3c93480, pipe_pair = 0xc3c93480, pipe_state = 0x800, pipe_busy = 0x0,
pipe_present = 0x1}
(kgdb) {"/home/crash"}# ^D
Script done on Mon Feb 9 23:53:48 2004
-------------- next part --------------
--
Brian Fundakowski Feldman \'[ FreeBSD ]''''''''''\
<> green at FreeBSD.org \ The Power to Serve! \
Opinions expressed are my own. \,,,,,,,,,,,,,,,,,,,,,,\
More information about the freebsd-current
mailing list