Can you print *tp in frame 23, and then print tp->t_pgrp->pg_members? The
code above should avoid the case of t_pgrp being NULL, but I wonder if
there is a race or if pg_members can end up uninitialized somewhere.
On Sun, 8 May 2005, Kris Kennaway wrote:
> Grr, truncation.
>
> Script started on Sun May 8 23:18:33 2005
> pointyhat# kgdb �vmco�[16C�[Kkernel.debug.1 vmcore.1
> [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for details.
> This GDB was configured as "i386-marcel-freebsd".
> #0 doadump () at pcpu.h:165
> 165 pcpu.h: No such file or directory.
> in pcpu.h
> (kgdb) bt full
> #0 doadump () at pcpu.h:165
> No locals.
> #1 0xc045b605 in db_fncall (dummy1=1016, dummy2=0, dummy3=11, dummy4=0xee3e38d4 "\f")
> at ../../../ddb/db_command.c:531
> fn_addr = -1068399536
> args = {0 <repeats 11 times>}
> nargs = 11
> retval = 0
> func = (fcn_10args_t *) 0xc0518450 <doadump>
> t = 0
> #2 0xc045b392 in db_command (last_cmdp=0xc0753584, cmd_table=0x0, aux_cmd_tablep=0xc071f13c,
> aux_cmd_tablep_end=0xc071f140) at ../../../ddb/db_command.c:349
> cmd = (struct command *) 0xc0724600
> t = 0
> modif = "\f\000\000\000ø\003\000\000ð8>îfòhÀø\003\000\000ø\003\000\000\r\000\000\000\0349>î¥ôhÀ\0049>îø\003\000\000\200%\000\000\f\000\017\003\v\222UÀx\000\000\000\200>uÀ\f\000\000\00049>î1ÚEÀ}èoÀ°ÖEÀ\000\000\000\000\020\000\000\000\f\000\000\000\200>uÀÆÌEÀ\200>uÀ86uÀx\000\000\000\2309>î"
> addr = 1016
> count = 11
> have_addr = 0
> result = 0
> #3 0xc045b4a5 in db_command_loop () at ../../../ddb/db_command.c:455
> No locals.
> #4 0xc045d5e5 in db_trap (type=12, code=0) at ../../../ddb/db_main.c:221
> jb = {{_jb = {-297911912, -297911940, -297911860, 1, 12, -1069165178, 1, 12, -297911860,
> -1068242440, -297911860, -1068273856}}}
> prev_jb = (void *) 0x0
> bkpt = 0
> #5 0xc0536fee in kdb_trap (type=0, code=0, tf=0xee3e3ab0) at ../../../kern/subr_kdb.c:421
> did_stop_cpus = 1
> handled = -297911632
> #6 0xc06bbf06 in trap_fatal (frame=0xee3e3ab0, eva=0) at ../../../i386/i386/trap.c:801
> code = 40
> ---Type <return> to continue, or q <return> to quit---
> type = 12
> ss = 40
> esp = 0
> softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1,
> ssd_xx = 11, ssd_xx1 = 1, ssd_def32 = 1, ssd_gran = 1}
> #7 0xc06bbbc2 in trap_pfault (frame=0xee3e3ab0, usermode=0, eva=8) at ../../../i386/i386/trap.c:724
> va = 0
> vm = (struct vmspace *) 0x0
> map = 0x1
> rv = 1
> ftype = 1 '\001'
> td = (struct thread *) 0xc3a5ad80
> p = (struct proc *) 0xc3a593f8
> #8 0xc06bb78e in trap (frame=
> {tf_fs = 8, tf_es = -1066074072, tf_ds = -1066074072, tf_edi = -1017107456, tf_esi = -1017107456, tf_ebp = -297911476, tf_isp = -297911588, tf_ebx = 20, tf_edx = 4, tf_ecx = 1, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1068146714, tf_cs = 32, tf_eflags = 66178, tf_esp = -1066031968, tf_ss = -1066384328}) at ../../../i386/i386/trap.c:414
> td = (struct thread *) 0xc3a5ad80
> p = (struct proc *) 0xc3a593f8
> sticks = 3228935364
> i = 0
> ucode = 0
> type = 12
> code = 0
> eva = 8
> #9 0xc06a683a in calltrap () at ../../../i386/i386/exception.s:139
> No locals.
> #10 0x00000008 in ?? ()
> No symbol table info available.
> #11 0xc0750028 in legacy_pcib_methods ()
> No symbol table info available.
> #12 0xc0750028 in legacy_pcib_methods ()
> ---Type <return> to continue, or q <return> to quit---
> No symbol table info available.
> #13 0xc3602c00 in ?? ()
> No symbol table info available.
> #14 0xc3602c00 in ?? ()
> No symbol table info available.
> #15 0xee3e3b4c in ?? ()
> No symbol table info available.
> #16 0xee3e3adc in ?? ()
> No symbol table info available.
> #17 0x00000014 in ?? ()
> No symbol table info available.
> #18 0x00000004 in ?? ()
> No symbol table info available.
> #19 0x00000001 in ?? ()
> No symbol table info available.
> #20 0x00000000 in ?? ()
> No symbol table info available.
> #21 0x0000000c in ?? ()
> No symbol table info available.
> #22 0x00000000 in ?? ()
> No symbol table info available.
> #23 0xc0555fe6 in ttyinfo (tp=0xc3602c00) at ../../../kern/tty.c:2565
> utime = {tv_sec = -1009844964, tv_usec = 1}
> stime = {tv_sec = -1066411237, tv_usec = 299}
> p = (struct proc *) 0x14
> pick = (struct proc *) 0xc050e9fa
> td = (struct thread *) 0x0
> stateprefix = 0xee3e3b4c "\200;>îä(UÀ"
> state = 0xc0704438 "../../../kern/tty.c"
> rss = 623
> load = 0
> pctcpu = -1017107456
> #24 0xc05528e4 in ttyinput (c=20, tp=0xc3602c00) at ../../../kern/tty.c:626
> ---Type <return> to continue, or q <return> to quit---
> iflag = 11010
> lflag = 1483
> cc = (cc_t *) 0xc3602cbc "\004ÿÿ\177\027\025\022\b\003\034\032\031\021\023\026\017\001"
> i = 0
> err = 0
> #25 0xc0559ef0 in ptcwrite (dev=0x0, uio=0xee3e3c70, flag=4) at linedisc.h:122
> tp = (struct tty *) 0xc3602c00
> cp = (u_char *) 0xee3e3ba1 ""
> cc = 1
> locbuf = "\024\000\000\000\027¬oÀÌ;>îúéPÀ\200\210uÀ\001\000\000\000\033ÛoÀ+\001\000\000\000\177sÀ\000í\nÆ\200¥Ãä;>î*²NÀ\200\210uÀ\000\000\000\000\027¬oÀC\000\000\000\004<>î\200£uÀV\005\000\000\003\201oÀ\034<>î:éPÀ\200£uÀ\b\000\000"
> cnt = 0
> error = 0
> #26 0xc04cf504 in devfs_write_f (fp=0xc5874d38, uio=0xee3e3c70, cred=0xc3c30e80, flags=0, td=0x1)
> at ../../../fs/devfs/devfs_vnops.c:1367
> dev = (struct cdev *) 0xc60aed00
> error = 4
> ioflag = 4
> resid = 1
> dsw = (struct cdevsw *) 0xc0737f00
> #27 0xc054594b in dofilewrite (td=0xc3a5ad80, fp=0xc5874d38, fd=0, buf=0x0, nbyte=3228744800, offset=Unhandled dwarf expression opcode 0x93
> )
> at file.h:246
> auio = {uio_iov = 0xee3e3c68, uio_iovcnt = 1, uio_offset = 1506491, uio_resid = 0,
> uio_segflg = UIO_USERSPACE, uio_rw = UIO_WRITE, uio_td = 0xc3a5ad80}
> aiov = {iov_base = 0x80f30e5, iov_len = 0}
> cnt = 1
> error = -1066222496
> ktruio = (struct uio *) 0x0
> #28 0xc0545779 in write (td=0xc3a5ad80, uap=0xee3e3d04) at ../../../kern/sys_generic.c:301
> fp = (struct file *) 0xc5874d38
> error = 0
> #29 0xc06bc280 in syscall (frame=
> ---Type <return> to continue, or q <return> to quit---
> {tf_fs = 59, tf_es = 59, tf_ds = -1078001605, tf_edi = 0, tf_esi = 0, tf_ebp = -1077943160, tf_isp = -297910940, tf_ebx = 135213056, tf_edx = 1, tf_ecx = 13, tf_eax = 4, tf_trapno = 0, tf_err = 2, tf_eip = 672630591, tf_cs = 51, tf_eflags = 514, tf_esp = -1077943188, tf_ss = 59})
> at ../../../i386/i386/trap.c:951
> params = 0xbfbfe470 <Address 0xbfbfe470 out of bounds>
> callp = (struct sysent *) 0xc072ddc0
> td = (struct thread *) 0xc3a5ad80
> p = (struct proc *) 0xc3a593f8
> orig_tf_eflags = 514
> sticks = 61923
> error = 0
> narg = 3
> args = {13, 135213284, 1, 0, 0, -297910996, -1066739755, 135213056}
> code = 4
> #30 0xc06a688f in Xint0x80_syscall () at ../../../i386/i386/exception.s:200
> No locals.
> #31 0x0000003b in ?? ()
> No symbol table info available.
> #32 0x0000003b in ?? ()
> No symbol table info available.
> #33 0xbfbf003b in ?? ()
> No symbol table info available.
> #34 0x00000000 in ?? ()
> No symbol table info available.
> #35 0x00000000 in ?? ()
> No symbol table info available.
> #36 0xbfbfe488 in ?? ()
> No symbol table info available.
> #37 0xee3e3d64 in ?? ()
> No symbol table info available.
> #38 0x080f3000 in ?? ()
> No symbol table info available.
> #39 0x00000001 in ?? ()
> ---Type <return> to continue, or q <return> to quit---
> No symbol table info available.
> #40 0x0000000d in ?? ()
> No symbol table info available.
> #41 0x00000004 in ?? ()
> No symbol table info available.
> #42 0x00000000 in ?? ()
> No symbol table info available.
> #43 0x00000002 in ?? ()
> No symbol table info available.
> #44 0x2817873f in ?? ()
> No symbol table info available.
> #45 0x00000033 in ?? ()
> No symbol table info available.
> #46 0x00000202 in ?? ()
> No symbol table info available.
> #47 0xbfbfe46c in ?? ()
> No symbol table info available.
> #48 0x0000003b in ?? ()
> No symbol table info available.
> #49 0x00000000 in ?? ()
> No symbol table info available.
> #50 0x00000000 in ?? ()
> No symbol table info available.
> #51 0x00000000 in ?? ()
> No symbol table info available.
> #52 0x00000000 in ?? ()
> No symbol table info available.
> #53 0x60abe000 in ?? ()
> No symbol table info available.
> #54 0xc3a593f8 in ?? ()
> No symbol table info available.
> #55 0xc3a5ad80 in ?? ()
> No symbol table info available.
> ---Type <return> to continue, or q <return> to quit---
> #56 0xee3e36d4 in ?? ()
> No symbol table info available.
> #57 0xee3e36b0 in ?? ()
> No symbol table info available.
> #58 0xc34df600 in ?? ()
> No symbol table info available.
> #59 0xc052d050 in sched_switch (td=0x0, newtd=0x80f3000, flags=Cannot access memory at address 0xbfbfe498
> ) at ../../../kern/sched_4bsd.c:971
> kg = (struct ksegrp *) 0x0
> p = (struct proc *) 0x0
> Previous frame inner to this frame (corrupt stack?)
>
--
Doug White | FreeBSD: The Power to Serve
dwhite_at_gumbysoft.com | www.FreeBSD.org
Received on Sun May 08 2005 - 21:32:24 UTC