Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Oct 2004 17:58:13 GMT
From:      Aleksey Pesternikov <apesternikov@yahoo.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/72234: kqueue + EVFILT_TIMER = kernel panic 
Message-ID:  <200410011758.i91HwDiG023342@www.freebsd.org>
Resent-Message-ID: <200410011800.i91I0jOA093243@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         72234
>Category:       kern
>Synopsis:       kqueue + EVFILT_TIMER = kernel panic
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Oct 01 18:00:45 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Aleksey Pesternikov
>Release:        5.3-BETA6
>Organization:
>Environment:
FreeBSD x2.reveredata.com 5.3-BETA6 FreeBSD 5.3-BETA6 #8: Thu Sep 30 16:22:11 PDT 2004     root@x2.reveredata.com:/usr/src/sys/i386/compile/X2  i386

kernel configuration:
include GENERIC
ident           X2
options         VFS_AIO
options         HZ=1000
options         SHMMAXPGS=65536
options         SEMMNI=40
options         SEMMNS=240
options         SEMUME=40
options         SEMMNU=120


FreeBSD loki.reveredata.com 5.3-BETA6 FreeBSD 5.3-BETA6 #3: Mon Sep 27 19:33:45 EDT 2004     root@loki.reveredata.com:/usr/obj/usr/src/sys/LOKI  i386

kernel configuration:
include GENERIC
ident           LOKI
options         HZ=1000
options         NMBCLUSTERS=65535


>Description:
After executing attached program (several times?) both systems crashes:

kernel trap 12 with interrupts disabled



Fatal trap 12: page fault while in kernel mode
cpuid=0; apic id = 00
fault virtual address          = 0x108
fault code                     = supervisor read, page not present
instruction pointer            = 0x8:0xc0649b14
stack pointer                  = 0x10:0xe4de6c5c
frame pointer                  = 0x10:0xe4de6c74
code segment                   = base 0x0, limit 0xfffff, type 0x1b
                               = DPL 0, pres 1, def32 1, gran 1
processor eflags               = resume, IOPL = 0
current process                = 36 (swi5: clock sio)
trap number                    = 12
panic: page fault
cpuid = 0
Uptime: 16h12m13s

Looks like a kernel does not clear (timer related?) kqueue structures related to process after the process exits or has been killed.

The bug appeared sometimes after 5.2.1

>How-To-Repeat:
The problem is 100% reproduceable:

#include <sys/types.h>
#include <sys/event.h>
#include <sys/time.h>
#include <assert.h>

int main(int argc, char* argv[])
{
int kq;
struct kevent ke;

  assert((kq=kqueue())!=-1);
  EV_SET(&ke, 12345, EVFILT_TIMER, EV_ADD/*|EV_ONESHOT*/,0, 1000/*msec*/, 0);
  assert(kevent(kq, &ke, 1, NULL, 0, NULL)==0);
  return 0;
}

>Fix:
      
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410011758.i91HwDiG023342>