Re: [PANIC] vm? vfs?

From: Brian Fundakowski Feldman <green_at_freebsd.org>
Date: Tue, 12 Apr 2005 12:45:44 -0400
On Tue, Apr 12, 2005 at 08:59:19AM -0700, Doug White wrote:
> On Sun, 10 Apr 2005, David O'Brien wrote:
> 
> > FreeBSD 6.0-CURRENT FreeBSD 6.0-CURRENT #0: Tue Apr  5 12:19:35 PDT 2005
> >
> > GNU gdb 20040810 [GDB v6.x for FreeBSD]
> > Copyright 2004 Free Software Foundation, Inc.
> > GDB is free software, covered by the GNU General Public License, and you are
> > welcome to change it and/or distribute copies of it under certain conditions.
> > Type "show copying" to see the conditions.
> > There is absolutely no warranty for GDB.  Type "show warranty" for details.
> > This GDB was configured as "i386-portbld-freebsd6.0"...
> > panic: page fault
> > panic messages:
> > ---
> > Fatal trap 12: page fault while in kernel mode
> > cpuid = 1; apic id = 01
> > fault virtual address	= 0x0
> > fault code		= supervisor read, page not present
> > instruction pointer	= 0x8:0xc063596a
> > stack pointer	        = 0x10:0xf04e9b64
> > frame pointer	        = 0x10:0xf04e9b90
> > code segment		= base 0x0, limit 0xfffff, type 0x1b
> > 			= DPL 0, pres 1, def32 1, gran 1
> > processor eflags	= interrupt enabled, resume, IOPL = 0
> > current process		= 1062 (xterm-static)
> > trap number		= 12
> > panic: page fault
> > cpuid = 1
> > KDB: stack backtrace:
> > kdb_backtrace(c067f02d,1,c065a072,f04e9a88,c344a730) at 0xc04f910e = kdb_backtrace+0x2e
> > panic(c065a072,c0680005,f04e9b24,1,1) at 0xc04dc508 = panic+0x128
> > trap_fatal(f04e9b24,0,c06801e7,2c3,c344a730) at 0xc0637a84 = trap_fatal+0x304
> > trap_pfault(f04e9b24,0,0,f04e9b1c,0) at 0xc0637758 = trap_pfault+0x1b8
> > trap(18,10,10,f04e9bac,0) at 0xc0637340 = trap+0x350
> > calltrap() at 0xc062408a = calltrap+0x5
> > --- trap 0xc, eip = 0xc063596a, esp = 0xf04e9b64, ebp = 0xf04e9b90 ---
> > generic_bcopy(c37d2038,f04e9bac,64,808cc30,c06b92a0) at 0xc063596a = generic_bcopy+0x1a
> > ptcread(c33f1500,f04e9c80,4,3ae,1000) at 0xc0518d95 = ptcread+0x185
> > devfs_read_f(c380a360,f04e9c80,c3395880,0,c344a730) at 0xc049a806 = devfs_read_f+0xa6
> > dofileread(c344a730,c380a360,4,8085c20,1000) at 0xc0504aa2 = dofileread+0xc2
> > read(c344a730,f04e9d14,c,3ff,3) at 0xc050490b = read+0x6b
> > syscall(2f,2f,2f,8085c20,80a0084) at 0xc0637de2 = syscall+0x2b2
> > Xint0x80_syscall() at 0xc06240df = Xint0x80_syscall+0x1f
> > --- syscall (3, FreeBSD ELF32, read), eip = 0x28382edf, esp = 0xbfbfe66c, ebp = 0xbfbfe698 ---
> > Uptime: 1d8h49m32s
> > Dumping 1536 MB
> > [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort]  16[CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort]  32[CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort]  48[CTRL-C to abort]  64 80[CTRL-C to abort]  96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 928 944 960 976 992 1008 1024 1040 1056 1072 1088 1104 1120 1136 1152 1168 1184 1200 1216 1232 1248 1264 1280 1296 1312 1328 1344 1360 1376 1392 1408 1424 1440 1456 1472 1488 1504 1520
> > ---
> > #0  doadump () at pcpu.h:164
> > 164		__asm __volatile("movl %%fs:0,%0" : "=r" (td));
> > doadump () at pcpu.h:164
> > 164		__asm __volatile("movl %%fs:0,%0" : "=r" (td));
> > (kgdb) where
> > #0  doadump () at pcpu.h:164
> > #1  0xc04dc1d2 in boot (howto=260) at ../../../kern/kern_shutdown.c:398
> > #2  0xc04dc583 in panic (fmt=0xc065a072 "%s")
> >     at ../../../kern/kern_shutdown.c:554
> > #3  0xc0637a84 in trap_fatal (frame=0xf04e9b24, eva=0)
> >     at ../../../i386/i386/trap.c:806
> > #4  0xc0637758 in trap_pfault (frame=0xf04e9b24, usermode=0, eva=0)
> >     at ../../../i386/i386/trap.c:724
> > #5  0xc0637340 in trap (frame=
> >       {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = -263283796, tf_esi = 0, tf_ebp = -263283824, tf_isp = -263283888, tf_ebx = 38, tf_edx = 0, tf_ecx = 9, tf_eax = -263283796, tf_trapno = 12, tf_err = 0, tf_eip = -1067230870, tf_cs = 8, tf_eflags = 66071, tf_esp = -1015209928, tf_ss = 128})
> >     at ../../../i386/i386/trap.c:414
> > #6  0xc062408a in calltrap () at ../../../i386/i386/exception.s:139
> > #7  0x00000018 in ?? ()
> > #8  0x00000010 in ?? ()
> > #9  0x00000010 in ?? ()
> > #10 0xf04e9bac in ?? ()
> > #11 0x00000000 in ?? ()
> > #12 0xf04e9b90 in ?? ()
> > #13 0xf04e9b50 in ?? ()
> > #14 0x00000026 in ?? ()
> > #15 0x00000000 in ?? ()
> > #16 0x00000009 in ?? ()
> > #17 0xf04e9bac in ?? ()
> > #18 0x0000000c in ?? ()
> > #19 0x00000000 in ?? ()
> > #20 0xc063596a in generic_bcopy () at ../../../i386/i386/support.s:489
> > ---Type <return> to continue, or q <return> to quit---
> > #21 0xc37d2038 in ?? ()
> > #22 0x00000080 in ?? ()
> > #23 0xc05199fa in q_to_b (clistp=0xc063596a,
> >     dest=0xf04e9bac "\r\n/FBSD: write failed, filesystem is \025?Ã`£\200Ãð\233Nðê\003KÀ \222kÀ", amount=100) at ../../../kern/tty_subr.c:290
> > #24 0xc0518d95 in ptcread (dev=0x0, uio=0xf04e9c80, flag=4) at libkern.h:56
> > #25 0xc049a806 in devfs_read_f (fp=0xc380a360, uio=0xf04e9c80,
> >     cred=0xc3395880, flags=0, td=0xc344a730)
> >     at ../../../fs/devfs/devfs_vnops.c:943
> > #26 0xc0504aa2 in dofileread (td=0xc344a730, fp=0xc380a360, fd=0, buf=0x0,
> >     nbyte=3228113056, offset=Unhandled dwarf expression opcode 0x93
> > ) at file.h:234
> > #27 0xc050490b in read (td=0xc344a730, uap=0xf04e9d14)
> >     at ../../../kern/sys_generic.c:107
> > #28 0xc0637de2 in syscall (frame=
> >       {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 134765600, tf_esi = 134873220, tf_ebp = -1077942632, tf_isp = -263283340, tf_ebx = 0, tf_edx = 0, tf_ecx = 4, tf_eax = 3, tf_trapno = 0, tf_err = 2, tf_eip = 674770655, tf_cs = 31, tf_eflags = 642, tf_esp = -1077942676, tf_ss = 47})
> >     at ../../../i386/i386/trap.c:951
> > #29 0xc06240df in Xint0x80_syscall () at ../../../i386/i386/exception.s:200
> [...]
> pseudoterminals.  Join the ptcread/write panic club. :-)

I don't see anything that should be corrupting the stack.  The uio
parameter is corrupt all the way up to the dofileread() call (but it
can't possibly be incorrect within dofileread()).

-- 
Brian Fundakowski Feldman                           \'[ FreeBSD ]''''''''''\
  <> green_at_FreeBSD.org                               \  The Power to Serve! \
 Opinions expressed are my own.                       \,,,,,,,,,,,,,,,,,,,,,,\
Received on Tue Apr 12 2005 - 14:45:01 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:32 UTC