Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 16 Dec 2005 19:03:51 -0500
From:      Anish Mistry <mistry.7@osu.edu>
To:        John Baldwin <jhb@freebsd.org>
Cc:        freebsd-current@freebsd.org
Subject:   Re: Reproducable Panic on CURRENT and 6.0-RELEASE
Message-ID:  <200512161904.04913.mistry.7@osu.edu>
In-Reply-To: <200512161638.58917.jhb@freebsd.org>
References:  <200512161237.15148.mistry.7@osu.edu> <200512161527.34667.mistry.7@osu.edu> <200512161638.58917.jhb@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart2528648.6EAe5K8Tst
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Friday 16 December 2005 04:38 pm, you wrote:
> On Friday 16 December 2005 03:27 pm, Anish Mistry wrote:
> > On Friday 16 December 2005 03:11 pm, you wrote:
> > > On Friday 16 December 2005 12:37 pm, Anish Mistry wrote:
> > > > Here is the offending program/code.  The interesting program
> > > > is avidemux_2.1_branch_anish/avidemux/avidemux2.
> > > > (It is compiled for CURRENT, and I left all the object code
> > > > stuff in so it's a bit large 21MB)
> > > > http://am-productions.biz/docs/avidemux_2.1_branch_anish.tgz
> > > >
> > > > First you'll need to compile spidermonkey to be threadsafe so
> > > > add the following to your lang/spidermonkey/Makefile before
> > > > installing it: LIB_DEPENDS=3D    nspr4.1:${PORTSDIR}/devel/nspr
> > > > MAKE_ARGS+=3D     JS_THREADSAFE=3DYES LDFLAGS=3D"-L${LOCALBASE}/lib
> > > > -lpthread -lm"
> > > > CFLAGS+=3D        -I${LOCALBASE}/include/nspr
> > > >
> > > > Once a threadsafe spidermonkey is installed to kill the
> > > > machine you'll need to:
> > > > cd avidemux_2.1_branch_anish/avidemux
> > > > ./avidemux2 --run new-features-test.js
> > > >
> > > > On CURRENT:
> > > > kernel trap 12 with interrupts disabled
> > > >
> > > > Fatal trap 12: page fault while in kernel mode
> > > > fault virtual address   =3D 0x68
> > > > fault code              =3D supervisor read, page not present
> > > > instruction pointer     =3D 0x20:0xc04e6f36
> > > > stack pointer           =3D 0x28:0xcc9edb3c
> > > > frame pointer           =3D 0x28:0xcc9edbb0
> > > > code segment            =3D base 0x0, limit 0xfffff, type 0x1b
> > > >                         =3D DPL 0, pres 1, def32 1, gran 1
> > > > processor eflags        =3D resume, IOPL =3D 0
> > > > current process         =3D 798 (gdb)
> > > > trap number             =3D 12
> > > > panic: page fault
> > > >
> > > > #0  doadump () at pcpu.h:165
> > > > #1  0xc04bb7eb in boot (howto=3D260)
> > > > at /usr/src/sys/kern/kern_shutdown.c:399
> > > > #2  0xc04bb353 in panic (fmt=3D0xc06069a7 "%s")
> > > >     at /usr/src/sys/kern/kern_shutdown.c:555
> > > > #3  0xc05e91ba in trap_fatal (frame=3D0xcc9edafc, eva=3D104)
> > > >     at /usr/src/sys/i386/i386/trap.c:862
> > > > #4  0xc05e96d9 in trap (frame=3D
> > > >       {tf_fs =3D 8, tf_es =3D 40, tf_ds =3D 40, tf_edi =3D
> > > > -1032878460, tf_esi =3D 1, tf_ebp =3D -862004304, tf_isp =3D
> > > > -862004440, tf_ebx =3D -1033297504, tf_edx =3D -1033987232,
> > > > tf_ecx =3D 4, tf_eax =3D 0, tf_trapno =3D 12, tf_err =3D 0, tf_eip =
=3D
> > > > -1068601546, tf_cs =3D 32, tf_eflags =3D 65687, tf_esp =3D
> > > > -1032878356, tf_ss =3D -1067380424}) at
> > > > /usr/src/sys/i386/i386/trap.c:273
> > > > #5  0xc05db6fa in calltrap ()
> > > > at /usr/src/sys/i386/i386/exception.s:137
> > > > #6  0xc04e6f36 in kern_ptrace (td=3D0xc25e9b60, req=3D10, pid=3D1,
> > > > addr=3D0x0, data=3D17)
> > > >     at /usr/src/sys/kern/sys_process.c:802
> > >
> > > On HEAD this is:
> > > 				p->p_xthread->td_flags &=3D ~TDF_XSIG;
> > >
> > > If two threads called kern_ptrace() with the same PID and this
> > > could happen. Hmm, I have no idea how p_xthread is supposed to
> > > not be racey here in fact. It would be helpful to know what
> > > PTRACE action it it is trying to do and maybe a KTR trace of
> > > the various ptrace events leading up to this condition. I have
> > > no idea what thread you are supposed to act on if p_xthread is
> > > NULL either.
> >
> > How would I do this?  My kdb/ddb skills are prettymuch limited to
> > getting a backtrace.
>
> You could add some new KTR tracepoints to log each request into
> kern_ptrace() and then do a 'show ktr' at the ddb prompt.

I put a KTR_GEN tracepoint in kern_ptrace and only got 1 entry in the=20
log:
=46atal trap 12: page fault while in kernel mode
fault virtual address   =3D 0x68
fault code              =3D supervisor read, page not present
instruction pointer     =3D 0x20:0xc04ed896
stack pointer           =3D 0x28:0xcc9a9b3c
frame pointer           =3D 0x28:0xcc9a9bb0
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, def32 1, gran 1
processor eflags        =3D resume, IOPL =3D 0
current process         =3D 697 (gdb)
[thread pid 697 tid 100073 ]
Stopped at      kern_ptrace+0xef6:      movl    0x68(%eax),%ebx
db> show ktr
0 (0xc2354b60): kern_ptrace: td=3D0xc2354b60 req=3D0xa pid=3D695 addr=3D=3D=
0x0=20
data=3D=3D0x0
=2D-- End of trace buffer ---
db>=20

The full alltrace:
http://am-productions.biz/docs/ktr-trace.txt.gz
=46rom alltrace results for pid 695 is:
db> bt
Tracing pid 697 tid 100073 td 0xc2354b60
kern_ptrace(c2354b60,a,2b7,0,11) at kern_ptrace+0xef6
ptrace(c2354b60,cc9a9d04,4,0,23) at ptrace+0x40
syscall(3b,3b,3b,81e9438,2b7) at syscall+0x19a
Xint0x80_syscall() at Xint0x80_syscall+0x1f
=2D-- syscall (26, FreeBSD ELF32, ptrace), eip =3D 0x282c1a6b, esp =3D=20
0xbfbfe468, ebp =3D 0xbfbfe480 ---
db> alltrace

Tracing command gdb pid 697 tid 100073 td 0xc2354b60
kern_ptrace(c2354b60,a,2b7,0,11) at kern_ptrace+0xef6
ptrace(c2354b60,cc9a9d04,4,0,23) at ptrace+0x40
syscall(3b,3b,3b,81e9438,2b7) at syscall+0x19a
Xint0x80_syscall() at Xint0x80_syscall+0x1f
=2D-- syscall (26, FreeBSD ELF32, ptrace), eip =3D 0x282c1a6b, esp =3D=20
0xbfbfe468, ebp =3D 0xbfbfe480 ---

Tracing command avidemux2 pid 696 tid 100072 td 0xc2354d00
sched_switch(c2354d00,0,1,c8d6d692,17b1f6d8) at sched_switch+0xb5
mi_switch(1,0,c2354d00,c06c5510,cc9aca9c) at mi_switch+0x259
sleepq_switch(c2354d00,c06c5510,cc9acadc,c0496ca8,c06c5510) at=20
sleepq_switch+0xc2
sleepq_timedwait_sig(c06c5510,0,c06c5510,c06c5510,65) at=20
sleepq_timedwait_sig+0xd
cv_timedwait_sig(c06c5510,c06c54f4,65) at cv_timedwait_sig+0x178
kern_select(c2354d00,14,bfbfdd80,0,0) at kern_select+0x55a
select(c2354d00,cc9acd04,5,0,6) at select+0x2c
syscall(3b,3b,3b,94f1000,bfbfdc68) at syscall+0x19a
Xint0x80_syscall() at Xint0x80_syscall+0x1f
=2D-- syscall (93, FreeBSD ELF32, select), eip =3D 0x29085397, esp =3D=20
0xbfbfdc08, ebp =3D 0xbfbfdc38 ---

Tracing command avidemux2 pid 695 tid 100080 td 0xc2635680
sched_switch(c2635680,0,2,2ffd8312,ea5ba7fb) at sched_switch+0xb5
mi_switch(2,0,c2635680,ac,c0619941) at mi_switch+0x259
uio_yield(0,0,47000,0,c25f0074) at uio_yield+0x72
vn_rdwr_inchunks(1,c2642840,89b1000,b37000,47000,0,0,101,c2640c00,0,0,c2635=
680)=20
at vn_rdwr_inchunks+0xb4
elf32_coredump(c2635680,c2642840,ffffffff,7fffffff) at=20
elf32_coredump+0x132
sigexit(c2635680,6,c2634294,8,c0618e65) at sigexit+0x8df
kse_thr_interrupt(c2635680,cca0dd04,3,0,0) at kse_thr_interrupt+0x10c
syscall(3b,3b,3b,20,0) at syscall+0x19a
Xint0x80_syscall() at Xint0x80_syscall+0x1f
=2D-- syscall (382, FreeBSD ELF32, kse_thr_interrupt), eip =3D 0x28fe5603,=
=20
esp =3D 0xbf8fdaec, ebp =3D 0xbf8fdb60 ---

Tracing command avidemux2 pid 695 tid 100078 td 0xc26359c0
sched_switch(c26359c0,c2635820,1,82b08812,3b03415f) at=20
sched_switch+0xb5
mi_switch(1,c2635820,0,c26359c0,cca13ba0) at mi_switch+0x259
sleepq_switch(0,cca13bd0,c04c5896,c263422c,0) at sleepq_switch+0xc2
sleepq_wait_sig(c263422c,0,100,c0618588,31f) at sleepq_wait_sig+0xc
msleep(c263422c,c2634294,15c,c0620da6,0) at msleep+0x356
kern_wait(c26359c0,2b8,cca13c28,0,0) at kern_wait+0x350
wait4(c26359c0,cca13d04,4,0,0) at wait4+0x2d
syscall(3b,3b,3b,94f1000,bfbfde90) at syscall+0x19a
Xint0x80_syscall() at Xint0x80_syscall+0x1f
=2D-- syscall (7, FreeBSD ELF32, wait4), eip =3D 0x2903a067, esp =3D=20
0xbfbfdc04, ebp =3D 0xbfbfdc1c ---

Tracing command avidemux2 pid 695 tid 100077 td 0xc2635b60
sched_switch(c2635b60,0,1,cbf0f192,13141da1) at sched_switch+0xb5
mi_switch(1,0,0,c2635b60,cca16c04) at mi_switch+0x259
sleepq_switch(0,c2635b60,cca16c38,c04c595a,c26342b4) at=20
sleepq_switch+0xc2
sleepq_timedwait_sig(c26342b4) at sleepq_timedwait_sig+0xd
msleep(c26342b4,c2634294,168,c0618e91,bb9) at msleep+0x41a
kse_release(c2635b60,cca16d04,1,0,1) at kse_release+0xb8
syscall(3b,3b,3b,81,97c3200) at syscall+0x19a
Xint0x80_syscall() at Xint0x80_syscall+0x1f
=2D-- syscall (383, FreeBSD ELF32, kse_release), eip =3D 0x28fe55c3, esp =
=3D=20
0xbf9fef78, ebp =3D 0xbf9fefa8 ---


=2D-=20
Anish Mistry

--nextPart2528648.6EAe5K8Tst
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQBDo1X0xqA5ziudZT0RAle0AKDg7koTKpjPbcF26IMkntavMVPbxwCfe7Hx
JJcSDRCP9/r/RpTvqTs8ZBw=
=q3R8
-----END PGP SIGNATURE-----

--nextPart2528648.6EAe5K8Tst--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512161904.04913.mistry.7>