Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 13 Sep 2002 14:52:42 +0200 (CEST)
From:      Martin Blapp <mb@imp.ch>
To:        <current@freebsd.org>
Cc:        <julian@freebsd.org>
Subject:   kernel trap 12, pagefault (KSE problems ?)
Message-ID:  <20020913141742.I3162-100000@levais.imp.ch>
next in thread | raw e-mail | index | archive | help 

Julian,

Just got anotherone. It happened when I pressed CTRL Z ...

This is CURRENT of today. The pagefault always happens at the same place.

I really don't know how I can debug this ... :-( In any case,
tf_ebp looks bugus here.

#27 0xc03ace38 in syscall (frame=
      {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 134590208, tf_esi =
134590288, tf_ebp = -1077937400, tf_isp = -376455820, tf_ebx = 672195836, tf_edx
= 134558656, tf_ecx = 0, tf_eax = 190, tf_trapno = 12, tf_err = 2, tf_eip =
671795807, tf_cs = 31, tf_eflags = 662, tf_esp = -1077937556, tf_ss = 47}) at
/usr/src/sys/i386/i386/trap.c:1050
#28 0xc039b34d in Xint0x80_syscall () at /var/tmp/cciyCklS.s:140

(kgdb) list
1045                    td->td_retval[0] = 0;
1046                    td->td_retval[1] = frame.tf_edx;
1047
1048                    STOPEVENT(p, S_SCE, narg);
1049
1050                    error = (*callp->sy_call)(td, args);
1051            }
1052
1053            switch (error) {
1054            case 0:

(kgdb) p td
$6 = (struct thread *) 0xcd49a600
(kgdb) p *td
$7 = {td_proc = 0xcd566a90, td_ksegrp = 0xcd566ac8, td_plist = {tqe_next = 0x0,
tqe_prev = 0xcd566aa0}, td_kglist = {
    tqe_next = 0x0, tqe_prev = 0xcd566ae4}, td_slpq = {tqe_next = 0x0, tqe_prev
= 0xcc019198}, td_blkq = {tqe_next = 0x0,
    tqe_prev = 0xc05d488c}, td_runq = {tqe_next = 0x0, tqe_prev = 0x0}, td_selq
= {tqh_first = 0x0, tqh_last = 0xcd49a630},
  td_flags = 2, td_inhibitors = 0, td_last_kse = 0x0, td_kse = 0xcd566b20,
td_dupfd = 0, td_wchan = 0x0,
  td_wmesg = 0xc03eb136 "biord", td_lastcpu = 0 '\0', td_inktr = 0 '\0',
td_inktrace = 0 '\0', td_locks = 0, td_blocked = 0x0,
  td_ithd = 0x0, td_mtxname = 0x0, td_contested = {lh_first = 0xc04375e0},
td_sleeplocks = 0x0, td_intr_nesting_level = 0,
  td_mailbox = 0x0, td_ucred = 0xce005180, td_switchin = 0, td_critnest = 1,
td_md = <incomplete type>, td_base_pri = 160 ' ',
  td_priority = 16 '\020', td_pcb = 0xe98fbda0, td_state = TDS_RUNNING,
td_retval = {0, 134558656}, td_slpcallout = {c_links = {
      sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, tqe_prev = 0x0}}, c_time =
0, c_arg = 0x0, c_func = 0, c_flags = 8},
  td_frame = 0xe98fbd48, td_kstack_obj = 0xcd4915dc, td_kstack = 3918503936}

(kgdb) frame 28

(kgdb) disass
Dump of assembler code for function Xint0x80_syscall:
0xc039b330 <Xint0x80_syscall>:  push   $0x2
0xc039b332 <Xint0x80_syscall+2>:        sub    $0x4,%esp
0xc039b335 <Xint0x80_syscall+5>:        pusha
0xc039b336 <Xint0x80_syscall+6>:        push   %ds
0xc039b337 <Xint0x80_syscall+7>:        push   %es
0xc039b338 <Xint0x80_syscall+8>:        push   %fs
0xc039b33a <Xint0x80_syscall+10>:       mov    $0x10,%ax
0xc039b33e <Xint0x80_syscall+14>:       mov    %eax,%ds
0xc039b340 <Xint0x80_syscall+16>:       mov    %eax,%es
0xc039b342 <Xint0x80_syscall+18>:       mov    $0x18,%ax
0xc039b346 <Xint0x80_syscall+22>:       mov    %eax,%fs
0xc039b348 <Xint0x80_syscall+24>:       call   0xc03acb0c <syscall>
0xc039b34d <Xint0x80_syscall+29>:       jmp    0xc039cab0 <doreti_next>
0xc039b352 <Xint0x80_syscall+34>:       mov    %esi,%esi
End of assembler dump.

(kgdb) disass 0xc039cab0
Dump of assembler code for function doreti_next:
0xc039cab0 <doreti_next>:       testl  $0x20000,0x3c(%esp,1)
0xc039cab8 <doreti_next+8>:     je     0xc039cac5 <doreti_notvm86>
0xc039caba <doreti_next+10>:    cmpl   $0x1,0xc0452340
0xc039cac1 <doreti_next+17>:    jne    0xc039cacc <doreti_ast>
0xc039cac3 <doreti_next+19>:    jmp    0xc039caeb <doreti_popl_fs>
End of assembler dump.

(kgdb) disass 0xc039cacc
Dump of assembler code for function doreti_ast:
0xc039cacc <doreti_ast>:        cli
0xc039cacd <doreti_ast+1>:      mov    %fs:0x0,%eax
0xc039cad3 <doreti_ast+7>:      mov    0x44(%eax),%eax
0xc039cad6 <doreti_ast+10>:     testl  $0xc00,0x20(%eax)
0xc039cadd <doreti_ast+17>:     je     0xc039caeb <doreti_popl_fs>
0xc039cadf <doreti_ast+19>:     sti
0xc039cae0 <doreti_ast+20>:     push   %esp
0xc039cae1 <doreti_ast+21>:     call   0xc0251650 <ast>
0xc039cae6 <doreti_ast+26>:     add    $0x4,%esp
0xc039cae9 <doreti_ast+29>:     jmp    0xc039cacc <doreti_ast>

(kgdb) disass 0xc03acb0c
Dump of assembler code for function syscall:
0xc03acb0c <syscall>:   push   %ebp
0xc03acb0d <syscall+1>: mov    %esp,%ebp
0xc03acb0f <syscall+3>: push   %ebx
0xc03acb10 <syscall+4>: sub    $0x58,%esp
0xc03acb13 <syscall+7>: mov    %fs:0x0,%eax
0xc03acb19 <syscall+13>:        mov    %eax,0xffffffe4(%ebp)
0xc03acb1c <syscall+16>:        mov    0xffffffe4(%ebp),%eax
0xc03acb1f <syscall+19>:        mov    %eax,0xffffffec(%ebp)
0xc03acb22 <syscall+22>:        mov    0xffffffec(%ebp),%eax
0xc03acb25 <syscall+25>:        mov    %eax,0xfffffff0(%ebp)
0xc03acb28 <syscall+28>:        mov    0xfffffff0(%ebp),%eax
0xc03acb2b <syscall+31>:        mov    (%eax),%eax
0xc03acb2d <syscall+33>:        mov    %eax,0xffffffe0(%ebp)
0xc03acb30 <syscall+36>:        mov    %fs:0x34,%eax
0xc03acb36 <syscall+42>:        add    $0xc8,%eax
0xc03acb3b <syscall+47>:        mov    %eax,0xffffffb0(%ebp)
0xc03acb3e <syscall+50>:        mov    0xffffffb0(%ebp),%eax
0xc03acb41 <syscall+53>:        incl   (%eax)
0xc03acb43 <syscall+55>:        mov    0xfffffff0(%ebp),%eax
0xc03acb46 <syscall+58>:        mov    0x44(%eax),%eax
0xc03acb49 <syscall+61>:        mov    0x54(%eax),%eax
0xc03acb4c <syscall+64>:        mov    %eax,0xffffffec(%ebp)
0xc03acb4f <syscall+67>:        mov    0xfffffff0(%ebp),%eax
0xc03acb52 <syscall+70>:        lea    0x8(%ebp),%edx
0xc03acb55 <syscall+73>:        mov    %edx,0xb0(%eax)
0xc03acb5b <syscall+79>:        mov    0xfffffff0(%ebp),%eax
0xc03acb5e <syscall+82>:        mov    0xffffffe0(%ebp),%edx
0xc03acb61 <syscall+85>:        mov    0x78(%eax),%eax
0xc03acb64 <syscall+88>:        cmp    0x20(%edx),%eax
0xc03acb67 <syscall+91>:        je     0xc03acb74 <syscall+104>
0xc03acb69 <syscall+93>:        pushl  0xfffffff0(%ebp)
0xc03acb6c <syscall+96>:        call   0xc0228434 <cred_update_thread>
0xc03acb6c <syscall+96>:        call   0xc0228434 <cred_update_thread>
0xc03acb71 <syscall+101>:       add    $0x4,%esp
0xc03acb74 <syscall+104>:       mov    0xffffffe0(%ebp),%eax
0xc03acb77 <syscall+107>:       mov    $0xffff8000,%edx
0xc03acb7c <syscall+112>:       and    0x124(%eax),%dx
0xc03acb83 <syscall+119>:       mov    %edx,%eax
0xc03acb85 <syscall+121>:       test   %ax,%ax
0xc03acb88 <syscall+124>:       je     0xc03acbe3 <syscall+215>
0xc03acb8a <syscall+126>:       mov    0xfffffff0(%ebp),%ebx
0xc03acb8d <syscall+129>:       mov    0xfffffff0(%ebp),%eax
0xc03acb90 <syscall+132>:       mov    0x44(%eax),%eax
0xc03acb93 <syscall+135>:       mov    0x6c(%eax),%eax
0xc03acb96 <syscall+138>:       add    $0xc,%eax
0xc03acb99 <syscall+141>:       push   %eax
0xc03acb9a <syscall+142>:       call   0xc03aa7d0 <fuword

Martin

Martin Blapp, <mb@imp.ch> <mbr@FreeBSD.org>
------------------------------------------------------------------
ImproWare AG, UNIXSP & ISP, Zurlindenstrasse 29, 4133 Pratteln, CH
Phone: +41 061 826 93 00: +41 61 826 93 01
PGP: <finger -l mbr@freebsd.org>
PGP Fingerprint: B434 53FC C87C FE7B 0A18 B84C 8686 EF22 D300 551E
------------------------------------------------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020913141742.I3162-100000>