Both crashes stop at different places, but they both refer to Xint0x80_syscall - I don't know if this is relevant or not.
I'm no kernel hacker / C programmer, so I'm not sure how to debug this. It would be great if someone could give me a clue. :)
[EMAIL PROTECTED]:~ > uname -a
FreeBSD vimes.eivind 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Tue Oct 7 11:54:50 CEST 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/VIMES i386
My kernel is GENERIC with just a few small changes (removed special debugging options, added options for IPFILTER):
[EMAIL PROTECTED]:/usr/src/sys/i386/conf > diff GENERIC VIMES 25c25 < ident GENERIC ---
ident VIMES63,66c63,66
< options INVARIANTS #Enable calls of extra sanity checking
< options INVARIANT_SUPPORT #Extra sanity checks of internal structures, required by INVARIANTS
< options WITNESS #Enable checks to detect deadlocks and cycles
< options WITNESS_SKIPSPIN #Don't run witness on spinlocks for speed
---
#options INVARIANTS #Enable calls of extra sanitychecking
#options INVARIANT_SUPPORT #Extra sanity checks of internalstructures, required by INVARIANTS
#options WITNESS #Enable checks to detect deadlocksand cycles
#options WITNESS_SKIPSPIN #Don't run witness on spinlocks for
speed 272a273,279
[EMAIL PROTECTED]:/usr/src/sys/i386/conf >
# These options are a subset of the IPFILTER options. options IPFILTER #ipfilter support options IPFILTER_LOG #ipfilter logging options IPFILTER_DEFAULT_BLOCK #block all packets by default options PFIL_HOOKS
Here is the first crash. This first part is manually written down from the output on the screen, the second part is some output from gdb.
Fatal trap 12: page fault while in kernel mode fault virtual address = 0xc2000000 fault code = supervisor read, page not present instruction pointer = 0x8:0xc0656611 stack pointer = 0x10:0xd0790bdc frame pointer = 0x10:0xd0790bec code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 87468 (make) kernel: type 12 trap, code=0 Stopped at sigtd+0x41: andl 0(%eax,%edi,4),%ecx db> show reg cs 0x8 ds 0x30010 es 0x10 fs 0xf0018 ss 0x10 eax 0xc2000000 ecx 0x80000 edx 0xc2d31d10 ebx 0x80000 esp 0xd0790bdc ebp 0xd0790bec esi 0 edi 0 eip 0xc0656611 sigtd+0x41 efl 0x10286 dr0 0 dr1 0 dr2 0 dr3 0 dr4 0xffff0ff0 dr5 0x400 dr6 0xffff0ff0 dr7 0x400 sigtd+0x41: andl 0(%eax,%edi,4),%ecx db> trace sigtd(c2e4d3c8,14,90,c2ea6b58,d0790cb8) at sigtd+0x41 psignal(c2e4d3c8,14,c2f03e88,0,c2f792a8) at psignal+0x47 exit1(c2ea85f0,0,c2ea6b58,c2ea85f0,bfbffad0) at exit1+0x12e3 sys_exit(c2ea85f0,d0790d10,4,c,1) at sys_exit+0x67 syscall(2f,2f,2f,bfbffad0,0) at syscall+0x2b0 Xint0x80_syscall() at Xint0x80_syscall+0x1d --- syscall (1, FreeBSD ELF32, sys_exit), eip = 0x806424b, esp = 0xbfbffa8c, ebp = 0xbfbffaa8 --- db>
Fatal trap 12: page fault while in kernel mode fault virtual address = 0xc2000000 fault code = supervisor read, page not present instruction pointer = 0x8:0xc0656611 stack pointer = 0x10:0xd0790bdc frame pointer = 0x10:0xd0790bec code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 87468 (make) panic: from debugger
Fatal trap 3: breakpoint instruction fault while in kernel mode
instruction pointer = 0x8:0xc07f47a4
stack pointer = 0x10:0xd0790954
frame pointer = 0x10:0xd0790960
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = IOPL = 0
current process = 87468 (make)
panic: from debugger
Uptime: 14h17m57s
Dumping 191 MB
16 32 48 64 80 96 112 128 144 160 176
---
Reading symbols from /boot/kernel/vinum.ko...done.
Loaded symbols for /boot/kernel/vinum.ko
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
240 dumping++;
(kgdb) bt
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
#1 0xc06529c0 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:372
#2 0xc0652da8 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
#3 0xc0475ae2 in db_panic () at /usr/src/sys/ddb/db_command.c:450
#4 0xc0475a42 in db_command (last_cmdp=0xc0903d80, cmd_table=0x0, aux_cmd_tablep=0xc08881a4,
aux_cmd_tablep_end=0xc08881bc) at /usr/src/sys/ddb/db_command.c:346
#5 0xc0475b85 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472
#6 0xc0478b95 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:73
#7 0xc07f44ec in kdb_trap (type=12, code=0, regs=0xd0790b9c) at /usr/src/sys/i386/i386/db_interface.c:171
#8 0xc0806a06 in trap_fatal (frame=0xd0790b9c, eva=0) at /usr/src/sys/i386/i386/trap.c:814
#9 0xc08066d2 in trap_pfault (frame=0xd0790b9c, usermode=0, eva=3254779904) at /usr/src/sys/i386/i386/trap.c:733
#10 0xc0806205 in trap (frame=
{tf_fs = 983064, tf_es = 16, tf_ds = 196624, tf_edi = 0, tf_esi = 0, tf_ebp = -797373460, tf_isp = -797373496, tf_ebx = 524288, tf_edx = -1026351856, tf_ecx = 524288, tf_eax = -1040187392, tf_trapno = 12, tf_err = 0, tf_eip = -1067096559, tf_cs = 8, tf_eflags = 66182, tf_esp = 0, tf_ss = 20}) at /usr/src/sys/i386/i386/trap.c:418
#11 0xc07f5e98 in calltrap () at {standard input}:102
#12 0xc06566b7 in psignal (p=0x0, sig=524288) at /usr/src/sys/kern/kern_sig.c:1641
#13 0xc06389b3 in exit1 (td=0xc2ea85f0, rv=0) at /usr/src/sys/kern/kern_exit.c:468
#14 0xc06376c7 in sys_exit () at /usr/src/sys/kern/kern_exit.c:102
#15 0xc0806d60 in syscall (frame=
{tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = -1077937456, tf_esi = 0, tf_ebp = -1077937496, tf_isp = -797373068, tf_ebx = -1, tf_edx = 10, tf_ecx = 0, tf_eax = 1, tf_trapno = 0, tf_err = 2, tf_eip = 134627915, tf_cs = 31, tf_eflags = 646, tf_esp = -1077937524, tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1006
#16 0xc07f5eed in Xint0x80_syscall () at {standard input}:144
---Can't read userspace from dump, or kernel process---
(kgdb) l *sigtd+0x41
0xc0656611 is in sigtd (/usr/src/sys/kern/kern_sig.c:1596).
1591 FOREACH_THREAD_IN_PROC(p, td) {
1592 if (td->td_waitset != NULL &&
1593 SIGISMEMBER(*(td->td_waitset), sig))
1594 return (td);
1595 if (!SIGISMEMBER(td->td_sigmask, sig)) {
1596 if (td == curthread)
1597 signal_td = curthread;
1598 else if (signal_td == NULL)
1599 signal_td = td;
1600 }
(kgdb) l *psignal+0x47
0xc06566b7 is in psignal (/usr/src/sys/kern/kern_sig.c:1643).
1638
1639 tdsignal(td, sig, SIGTARGET_P);
1640 }
1641
1642 /*
1643 * MPSAFE
1644 */
1645 void
1646 tdsignal(struct thread *td, int sig, sigtarget_t target)
1647 {
(kgdb) l *exit1+0x12e3
0xc06389b3 is in exit1 (machine/atomic.h:362).
357 machine/atomic.h: No such file or directory.
in machine/atomic.h
(kgdb) l *sys_exit+0x67
0xc06376c7 is at /usr/src/sys/kern/kern_exit.c:102.
97 void
98 sys_exit(struct thread *td, struct sys_exit_args *uap)
99 {
100
101 mtx_lock(&Giant);
102 exit1(td, W_EXITCODE(uap->rval, 0));
103 /* NOTREACHED */
104 }
105
106 /*
(kgdb) l *syscall+0x2b0
0xc0806d60 is in syscall (/usr/src/sys/i386/i386/trap.c:1006).
1001 if (error == 0) {
1002 td->td_retval[0] = 0;
1003 td->td_retval[1] = frame.tf_edx;
1004
1005 STOPEVENT(p, S_SCE, narg);
1006
1007 PTRACESTOP_SC(p, td, S_PT_SCE);
1008
1009 error = (*callp->sy_call)(td, args);
1010 }
(kgdb) l *Xint0x80_syscall+0x1d
0xc07f5eed is at {standard input}:146.
141 {standard input}: No such file or directory.
in {standard input}
(kgdb)Here is the second crash:
TPTE at 0xbfca0f6c IS ZERO @ VA 283db000
panic: bad pte
Debugger("panic")
Stopped at Debugger+0x54: xchgl %ebx,in_Debugger.0
db>
db> show reg cs 0x8 ds 0xc27d0010 es 0xc27d0010 fs 0xc1030018 ss 0x10 eax 0x12 ecx 0x20 edx 0 ebx 0 esp 0xcfea9ba0 ebp 0xcfea9bac esi 0xc0882b1f edi 0x1 eip 0xc07f47a4 Debugger+0x54 efl 0x292 dr0 0 dr1 0 dr2 0 dr3 0 dr4 0xffff0ff0 dr5 0x400 dr6 0xffff0ff0 dr7 0x400 Debugger+0x54: xchgl %ebx,in_Debugger.0 db> trace Debugger(c086cc17,c092c520,c0882b1f,cfea9bec,100) at Debugger+0x54 panic(c0882b1f,bfca0f6c,283db000,1,c2a255ac) at panic+0xd5 pmap_remove_pages(c2ef8b84,0,bfc00000,c2ef8ad4,c2dbb0b4) at pmap_remove_pages+0x9b exit1(c2758be0,0,cfea9cf4,c0679a86,0) at exit1+0x785 sys_exit(c2758be0,cfea9d10,4,c,1) at sys_exit+0x67 syscall(813002f,2f,bfbf002f,0,ffffffff) at syscall+0x2b0 Xint0x80_syscall() at Xint0x80_syscall+0x1d --- syscall (1, FreeBSD ELF32, sys_exit), eip = 0x2839aa2b, esp = 0xbfbff58c, ebp = 0xbfbff5a8 --- db>
[EMAIL PROTECTED]:~/tmp/debug/2003-10-28 > gdb -k kernel.debug vmcore.4
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: bad pte
panic messages:
---
panic: bad pte
panic: from debugger
Uptime: 2h29m34s
Dumping 191 MB
16 32 48 64 80 96 112 128 144 160 176
---
Reading symbols from /boot/kernel/vinum.ko...done.
Loaded symbols for /boot/kernel/vinum.ko
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
240 dumping++;
(kgdb) bt
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
#1 0xc06529c0 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:372
#2 0xc0652da8 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
#3 0xc0475ae2 in db_panic () at /usr/src/sys/ddb/db_command.c:450
#4 0xc0475a42 in db_command (last_cmdp=0xc0903d80, cmd_table=0x0, aux_cmd_tablep=0xc08881a4,
aux_cmd_tablep_end=0xc08881bc) at /usr/src/sys/ddb/db_command.c:346
#5 0xc0475b85 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472
#6 0xc0478b95 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_trap.c:73
#7 0xc07f44ec in kdb_trap (type=3, code=0, regs=0xcfea9b60) at /usr/src/sys/i386/i386/db_interface.c:171
#8 0xc0806388 in trap (frame=
{tf_fs = -1056767976, tf_es = -1031995376, tf_ds = -1031995376, tf_edi = 1, tf_esi = -1064817889, tf_ebp = -806708308, tf_isp = -806708340, tf_ebx = 0, tf_edx = 0, tf_ecx = 32, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1065400412, tf_cs = 8, tf_eflags = 658, tf_esp = -1064823724, tf_ss = -1064907753}) at /usr/src/sys/i386/i386/trap.c:578
#9 0xc07f5e98 in calltrap () at {standard input}:102
#10 0xc0652ce5 in panic (fmt=0xc0882b1f "bad pte") at /usr/src/sys/kern/kern_shutdown.c:534
#11 0xc080354b in pmap_remove_pages (pmap=0xc2ef8b84, sva=0, eva=3217031168) at /usr/src/sys/i386/i386/pmap.c:2578
#12 0xc0637e55 in exit1 (td=0xc2758be0, rv=0) at /usr/src/sys/vm/vm_map.h:246
#13 0xc06376c7 in sys_exit () at /usr/src/sys/kern/kern_exit.c:102
#14 0xc0806d60 in syscall (frame=
{tf_fs = 135462959, tf_es = 47, tf_ds = -1078001617, tf_edi = 0, tf_esi = -1, tf_ebp = -1077938776, tf_isp = -806707852, tf_ebx = 675382820, tf_edx = 10, tf_ecx = 675382480, tf_eax = 1, tf_trapno = 12, tf_err = 2, tf_eip = 674867755, tf_cs = 31, tf_eflags = 646, tf_esp = -1077938804, tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1006
#15 0xc07f5eed in Xint0x80_syscall () at {standard input}:144
---Can't read userspace from dump, or kernel process---
(kgdb) l *Debugger+0x54
0xc07f47a4 is in Debugger (machine/atomic.h:260).
255 machine/atomic.h: No such file or directory.
in machine/atomic.h
(kgdb) l *panic+0xd5
0xc0652ce5 is in panic (/usr/src/sys/kern/kern_shutdown.c:534).
529
530 #if defined(DDB)
531 if (newpanic && trace_on_panic)
532 backtrace();
533 if (debugger_on_panic)
534 Debugger ("panic");
535 #ifdef RESTARTABLE_PANICS
536 /* See if the user aborted the panic, in which case we continue. */
537 if (panicstr == NULL) {
538 #ifdef SMP
(kgdb) l *pmap_remove_pages+0x9b
0xc080354b is in pmap_remove_pages (/usr/src/sys/i386/i386/pmap.c:2578).
2573 pte = pmap_pte_quick(pv->pv_pmap, pv->pv_va);
2574 #endif
2575 tpte = *pte;
2576
2577 if (tpte == 0) {
2578 printf("TPTE at %p IS ZERO @ VA %08x\n",
2579 pte, pv->pv_va);
2580 panic("bad pte");
2581 }
2582
(kgdb) l *exit1+0x785
0xc0637e55 is in exit1 (machine/atomic.h:285).
280 machine/atomic.h: No such file or directory.
in machine/atomic.h
(kgdb) l *sys_exit+0x67
0xc06376c7 is at /usr/src/sys/kern/kern_exit.c:102.
97 void
98 sys_exit(struct thread *td, struct sys_exit_args *uap)
99 {
100
101 mtx_lock(&Giant);
102 exit1(td, W_EXITCODE(uap->rval, 0));
103 /* NOTREACHED */
104 }
105
106 /*
(kgdb) l *syscall+0x2b0
0xc0806d60 is in syscall (/usr/src/sys/i386/i386/trap.c:1006).
1001 if (error == 0) {
1002 td->td_retval[0] = 0;
1003 td->td_retval[1] = frame.tf_edx;
1004
1005 STOPEVENT(p, S_SCE, narg);
1006
1007 PTRACESTOP_SC(p, td, S_PT_SCE);
1008
1009 error = (*callp->sy_call)(td, args);
1010 }
(kgdb) l *Xint0x80_syscall+0x1d
0xc07f5eed is at {standard input}:146.
141 {standard input}: No such file or directory.
in {standard input}
(kgdb)
-- Regards / Hilsen Eivind Olsen <[EMAIL PROTECTED]>
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
