Re: Reproducable Panic on CURRENT and 6.0-RELEASE

From: John Baldwin <jhb_at_freebsd.org>
Date: Fri, 16 Dec 2005 15:11:09 -0500
On Friday 16 December 2005 12:37 pm, Anish Mistry wrote:
> Here is the offending program/code.  The interesting program is
> avidemux_2.1_branch_anish/avidemux/avidemux2.
> (It is compiled for CURRENT, and I left all the object code stuff in
> so it's a bit large 21MB)
> http://am-productions.biz/docs/avidemux_2.1_branch_anish.tgz
>
> First you'll need to compile spidermonkey to be threadsafe so add the
> following to your lang/spidermonkey/Makefile before installing it:
> LIB_DEPENDS=    nspr4.1:${PORTSDIR}/devel/nspr
> MAKE_ARGS+=     JS_THREADSAFE=YES LDFLAGS="-L${LOCALBASE}/lib
> -lpthread -lm"
> CFLAGS+=        -I${LOCALBASE}/include/nspr
>
> Once a threadsafe spidermonkey is installed to kill the machine you'll
> need to:
> cd avidemux_2.1_branch_anish/avidemux
> ./avidemux2 --run new-features-test.js
>
> On CURRENT:
> kernel trap 12 with interrupts disabled
>
> Fatal trap 12: page fault while in kernel mode
> fault virtual address   = 0x68
> fault code              = supervisor read, page not present
> instruction pointer     = 0x20:0xc04e6f36
> stack pointer           = 0x28:0xcc9edb3c
> frame pointer           = 0x28:0xcc9edbb0
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = resume, IOPL = 0
> current process         = 798 (gdb)
> trap number             = 12
> panic: page fault
>
> #0  doadump () at pcpu.h:165
> #1  0xc04bb7eb in boot (howto=260)
> at /usr/src/sys/kern/kern_shutdown.c:399
> #2  0xc04bb353 in panic (fmt=0xc06069a7 "%s")
>     at /usr/src/sys/kern/kern_shutdown.c:555
> #3  0xc05e91ba in trap_fatal (frame=0xcc9edafc, eva=104)
>     at /usr/src/sys/i386/i386/trap.c:862
> #4  0xc05e96d9 in trap (frame=
>       {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -1032878460, tf_esi
> = 1, tf_ebp = -862004304, tf_isp = -862004440, tf_ebx = -1033297504,
> tf_edx = -1033987232, tf_ecx = 4, tf_eax = 0, tf_trapno = 12, tf_err
> = 0, tf_eip = -1068601546, tf_cs = 32, tf_eflags = 65687, tf_esp =
> -1032878356, tf_ss = -1067380424})
>     at /usr/src/sys/i386/i386/trap.c:273
> #5  0xc05db6fa in calltrap ()
> at /usr/src/sys/i386/i386/exception.s:137
> #6  0xc04e6f36 in kern_ptrace (td=0xc25e9b60, req=10, pid=1, addr=0x0,
> data=17)
>     at /usr/src/sys/kern/sys_process.c:802

On HEAD this is:
				p->p_xthread->td_flags &= ~TDF_XSIG;

If two threads called kern_ptrace() with the same PID and this could happen.  
Hmm, I have no idea how p_xthread is supposed to not be racey here in fact.  
It would be helpful to know what PTRACE action it it is trying to do and 
maybe a KTR trace of the various ptrace events leading up to this condition.  
I have no idea what thread you are supposed to act on if p_xthread is NULL 
either.

> #7  0xc04e71f0 in ptrace (td=0xc25e9b60, uap=0xcc9edd04)
>     at /usr/src/sys/kern/sys_process.c:433
> #8  0xc05e9ca6 in syscall (frame=
>       {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 136221752, tf_esi
> = 796, tf_ebp = -1077943184, tf_isp = -862003868, tf_ebx = 796,
> tf_edx = 674587084, tf_ecx = 674505768, tf_eax = 26, tf_trapno = 12,
> tf_err = 2, tf_eip = 673978987, tf_cs = 51, tf_eflags = 518, tf_esp =
> -1077943208, tf_ss = 59})
>     at /usr/src/sys/i386/i386/trap.c:1008
> ---Type <return> to continue, or q <return> to quit---
> #9  0xc05db74f in Xint0x80_syscall ()
> at /usr/src/sys/i386/i386/exception.s:190
> #10 0x00000033 in ?? ()
>
>
> http://am-productions.biz/docs/littleguy-dmesg.gz
> http://am-productions.biz/docs/littleguy-pciconf.gz
>
>
>
> From my previous email to questions with the info on 6.0-RELEASE:
> I'm getting the following panic, which I can reproduce easily.  Let me
> know what other information I should provide.  The backtrace seems
> really short for some reason.  I get the panic when running a
> multi-threaded application I'm developing/modifying.
>
> kernel trap 12 with interrupts disabled
>
> Fatal trap 12: page fault while in kernel mode
> fault virtual address   = 0x48
> fault code              = supervisor write, page not present
> instruction pointer     = 0x20:0xc0510cb3
> stack pointer           = 0x28:0xe9aebb74
> frame pointer           = 0x28:0xe9aebbf8
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = resume, IOPL = 0
> current process         = 7848 (gdb)
> [thread pid 7848 tid 100184 ]
> Stopped at      kern_ptrace+0x11e3:     andl    $0xfffbffff,0x48(%eax)
> db> bt
> Tracing pid 7848 tid 100184 td 0xc4302180
> kern_ptrace(c4302180,a,1ea6,0,11) at kern_ptrace+0x11e3
> ptrace(c4302180,e9aebd04,10,418,4) at ptrace+0x56
> syscall(3b,3b,3b,bfbfe580,1ea6) at syscall+0x13d
> Xint0x80_syscall() at Xint0x80_syscall+0x1f
> --- syscall (26, FreeBSD ELF32, ptrace), eip = 0x283360e7, esp =
> 0xbfbfe3bc, ebp
>  = 0xbfbfe3d8 ---
>
>
>
> Full panic and backtrace, and alltrace:
> http://am-productions.biz/docs/bigguy-panic.gz
> http://am-productions.biz/docs/bigguy-dmesg.gz
> http://am-productions.biz/docs/bigguy-pciconf.gz
> Kernel config:
> http://am-productions.biz/docs/BIGGUY.gz
>
>
> I have firewire console access to the CURRENT system, and serial
> console access for the 6.0-RELEASE.
>
> Thanks,

-- 
John Baldwin <jhb_at_FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve"  =  http://www.FreeBSD.org
Received on Fri Dec 16 2005 - 19:10:51 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:49 UTC