On Mon, 28 Feb 2005, Dariusz Kulinski wrote: > Hello Doug, > > Monday, February 28, 2005, 9:07:45 PM, you wrote: > > > Could you post the tail end of 'print msgbuf' so we can see what the > > faulting address was? > > ehh... :( > > [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] > GNU gdb 6.1.1 [FreeBSD] > Copyright 2004 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you are > welcome to change it and/or distribute copies of it under certain conditions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for details. > This GDB was configured as "i386-marcel-freebsd". > doadump () at pcpu.h:159 > (kgdb) print msgbuf > No symbol "msgbuf" in current context. oops.. er.. um... > > This is (in RELENG_5_3): > > > 1580 FOREACH_THREAD_IN_PROC(p, td) { > > 1581 if (td->td_waitset != NULL && > > 1582 SIGISMEMBER(*(td->td_waitset), sig)) { > > 1583 mtx_unlock_spin(&sched_lock); > > 1584 return (td); > > > Looks like it ran over a spammed thread, but I'll want to see the fault > > address. Bets on whether its 0xdeadc0de+offset? > > 0xdeadc0de, huh? :) free()d memory regions get filled with 0xdeadc0de to hunt down use-after-free conditions. > Just one more thing, maybe it helps, that's from dmesg (I totally > forgot about that I have it): > > kernel trap 12 with interrupts disabled > > > Fatal trap 12: page fault while in kernel mode > fault virtual address = 0xd12bfc64 > fault code = supervisor read, page not present > instruction pointer = 0x8:0xc04e9d3f > stack pointer = 0x10:0xcbd25c24 > frame pointer = 0x10:0xcbd25c44 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = resume, IOPL = 0 > current process = 27 (swi5: clock sio) > panic: vm_fault: fault on nofault entry, addr: d12bf000 > KDB: stack backtrace: > kdb_backtrace(c06d09c4,c0725520,c06df826,cbd25a70,d12bf000) at kdb_backtrace+0x2e > panic(c06df826,d12bf000,1,cbd25b00,cbd25af0) at panic+0xb7 > vm_fault(c103a000,d12bf000,1,0,cbd25be4) at vm_fault+0x1b9 > trap_pfault(cbd25be4,0,d12bfc64,0,d12bfc64) at trap_pfault+0x1f3 > trap(c1f90018,10,c1d10010,0,0) at trap+0x340 > calltrap() at calltrap+0x5 > --- trap 0xc, eip = 0xc04e9d3f, esp = 0xcbd25c24, ebp = 0xcbd25c44 --- > sigtd(c16948d4,e,81,c16948d4,cbd25c94) at sigtd+0xaf > psignal(c16948d4,e,c14e04b0,c06fb3c0,bbb3c76b) at psignal+0x4b > realitexpire(c16948d4,0,cbd25cb8,210b41,87c25148) at realitexpire+0x60 > softclock(0,0,0,0,0) at softclock+0x26e > ithread_loop(c14dd580,cbd25d48,0,0,0) at ithread_loop+0x1b8 > fork_exit(c04cbd20,c14dd580,cbd25d48) at fork_exit+0x80 > fork_trampoline() at fork_trampoline+0x8 > --- trap 0x1, eip = 0, esp = 0xcbd25d7c, ebp = 0 --- > KDB: enter: panic > Uptime: 25d1h32m49s > Dumping 255 MB > 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 > Dump complete > Automatic reboot in 15 seconds - press a key on the console to abort > Rebooting... > Thats what I want :-) OK, it wasn't deadc0de, so can you load the crashdump up, go down to the sigtd() frame, and "print *td"? It'll be a huge spew. -- Doug White | FreeBSD: The Power to Serve dwhite_at_gumbysoft.com | www.FreeBSD.orgReceived on Tue Mar 01 2005 - 17:50:19 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:29 UTC