On Fri, Jan 05, 2007 at 01:34:04PM +0000, Robert Watson wrote: > > On Fri, 5 Jan 2007, Ceri Davies wrote: > > >>Much as I would love to trust the contents of ub there, I suspect they > >>can't be trusted. Could you print the contents of *fp in kern_fstat() in > >>both of those stacks? I'd particularly like to know the value of > >>fp->f_type, and then depending on the type, possibly the contents of > >>*(struct vnode *)fp->f_vnode for DTYPE_VNODE/TYPE_FIFO or *(struct socket > >>*)fp->f_data in the case of DTYPE_SOCKET. > > > >Can you tell me how to get at *fp given that the stack trace shows fstat() > >and not kern_fstat()? Sorry if I'm being dumb but I don't know how to > >step into the kern_fstat() call from fstat(). > > It could be that the stack is hosed losing the frame, or maybe it's inlined > (more likely the former I think, as kern_fstat() is a symbol used elsewhere > in the kernel). The best bet may be to use the file descriptor number > (uap->fd) to pull the struct file reference out of the process. Something > on the order of (td->td_proc->p_fd->fd_ofiles[fd]) should return the right > struct file *.
OK, got it. They're both sockets, data in the attachments.
> How reproduceable is this?
So far it's happened this morning and yesterday morning. I haven't seen
it before that. I don't know the cause so I can't reproduce it at will,
but the logs don't give any indication. Chances are that it will happen
again tomorrow, but we'll see.
Thanks,
Ceri
--
That must be wonderful! I don't understand it at all.
-- Moliere
[EMAIL PROTECTED] # kgdb /usr/obj/usr/src/sys/SHRIKE/kernel.debug
/var/crash/vmcore.29
kgdb: kvm_nlist(_stopped_cpus):
kgdb: kvm_nlist(_stoppcbs):
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so:
Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x53892047
fault code = supervisor write, page not present
instruction pointer = 0x20:0xc05cda7c
stack pointer = 0x28:0xd610dc48
frame pointer = 0x28:0xd610dc60
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 65381 (imapd)
trap number = 12
panic: page fault
Uptime: 5d19h44m40s
Dumping 503 MB (2 chunks)
chunk 0: 1MB (160 pages) ... ok
chunk 1: 503MB (128752 pages) 487 471 455 439 423 407 391 375 359 343 327 311
295 279 263 247 231 215 199 183 167 151 135 119 103 87 71 55 39 23 7
#0 doadump () at pcpu.h:165
165 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) up 8
#8 0xc04c470d in fstat (td=0xc2eeb180, uap=0xd610dc74) at
/usr/src/sys/kern/kern_descrip.c:1075
1075 error = kern_fstat(td, uap->fd, &ub);
(kgdb) p *td->td_proc->p_fd->fd_ofiles
$1 = (struct file *) 0xc32f73f0
(kgdb) p*$1
$2 = {f_list = {le_next = 0xc32ddd38, le_prev = 0xc4062048}, f_type = 2, f_data
= 0xc38f62c8,
f_flag = 3, f_mtxp = 0xc2a67154, f_ops = 0xc06b1040, f_cred = 0xc2e4a580,
f_count = 3,
f_vnode = 0x0, f_offset = 0, f_vnread_flags = 0, f_gcflag = 0, f_msgcount =
0, f_seqcount = 0,
f_nextoff = 0, f_label = 0x0}
(kgdb) p $2->f_data
$3 = (void *) 0xc38f62c8
(kgdb) p *(struct socket *)$2->f_data
$4 = {so_count = 1, so_type = 1, so_options = 4, so_linger = 0, so_state = 2,
so_qstate = 0,
so_pcb = 0xc38eaec4, so_proto = 0xc06b8148, so_head = 0x0, so_incomp =
{tqh_first = 0x0,
tqh_last = 0x0}, so_comp = {tqh_first = 0x0, tqh_last = 0x0}, so_list =
{tqe_next = 0x0,
tqe_prev = 0xc2e5087c}, so_qlen = 0, so_incqlen = 0, so_qlimit = 0,
so_timeo = 0,
so_error = 0, so_sigio = 0x0, so_oobmark = 0, so_aiojobq = {tqh_first = 0x0,
tqh_last = 0xc38f6310}, so_rcv = {sb_sel = {si_thrlist = {tqe_next = 0x0,
tqe_prev = 0xc2eeb1b0}, si_thread = 0x0, si_note = {kl_list =
{slh_first = 0x0},
kl_lock = 0xc04cd13c <knlist_mtx_lock>, kl_unlock = 0xc04cd170
<knlist_mtx_unlock>,
kl_locked = 0xc04cd1ac <knlist_mtx_locked>, kl_lockarg = 0xc38f633c},
si_flags = 0},
sb_mtx = {mtx_object = {lo_class = 0xc06ad4c4, lo_name = 0xc068133e
"so_rcv",
lo_type = 0xc068133e "so_rcv", lo_flags = 196608, lo_list = {tqe_next =
0x0,
tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0},
sb_state = 0,
sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0, sb_hiwat =
66608, sb_mbcnt = 0,
sb_mbmax = 262144, sb_ctl = 0, sb_lowat = 1, sb_timeo = 0, sb_flags = 0},
so_snd = {sb_sel = {
si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0, si_note =
{kl_list = {
slh_first = 0x0}, kl_lock = 0xc04cd13c <knlist_mtx_lock>,
kl_unlock = 0xc04cd170 <knlist_mtx_unlock>, kl_locked = 0xc04cd1ac
<knlist_mtx_locked>,
kl_lockarg = 0xc38f63b4}, si_flags = 0}, sb_mtx = {mtx_object =
{lo_class = 0xc06ad4c4,
lo_name = 0xc0681337 "so_snd", lo_type = 0xc0681337 "so_snd", lo_flags
= 196608,
lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock
= 4,
mtx_recurse = 0}, sb_state = 0, sb_mb = 0x0, sb_mbtail = 0x0,
sb_lastrecord = 0x0,
sb_cc = 0, sb_hiwat = 33304, sb_mbcnt = 0, sb_mbmax = 262144, sb_ctl = 0,
sb_lowat = 2048,
sb_timeo = 0, sb_flags = 0}, so_upcall = 0, so_upcallarg = 0x0, so_cred =
0xc2a7ad00,
so_label = 0x0, so_peerlabel = 0x0, so_gencnt = 92385, so_emuldata = 0x0,
so_accf = 0x0}
(kgdb)
[EMAIL PROTECTED] # kgdb /usr/obj/usr/src/sys/SHRIKE/kernel.debug
/var/crash/vmcore.30
kgdb: kvm_nlist(_stopped_cpus):
kgdb: kvm_nlist(_stoppcbs):
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so:
Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x53892047
fault code = supervisor write, page not present
instruction pointer = 0x20:0xc05cda7c
stack pointer = 0x28:0xd617ec48
frame pointer = 0x28:0xd617ec60
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 9943 (imapd)
trap number = 12
panic: page fault
Uptime: 22h39m3s
Dumping 503 MB (2 chunks)
chunk 0: 1MB (160 pages) ... ok
chunk 1: 503MB (128752 pages) 487 471 455 439 423 407 391 375 359 343 327 311
295 279 263 247 231 215 199 183 167 151 135 119 103 87 71 55 39 23 7
#0 doadump () at pcpu.h:165
165 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) up 8
#8 0xc04c470d in fstat (td=0xc3109300, uap=0xd617ec74) at
/usr/src/sys/kern/kern_descrip.c:1075
1075 error = kern_fstat(td, uap->fd, &ub);
(kgdb) p *td->td_proc->p_fd->fd_ofiles
$1 = (struct file *) 0xc33fd1f8
(kgdb) p *$1
$2 = {f_list = {le_next = 0xc30a6678, le_prev = 0xc3790b88}, f_type = 2, f_data
= 0xc347f590,
f_flag = 3, f_mtxp = 0xc2a67a30, f_ops = 0xc06b1040, f_cred = 0xc3592a80,
f_count = 3,
f_vnode = 0x0, f_offset = 0, f_vnread_flags = 0, f_gcflag = 0, f_msgcount =
0, f_seqcount = 0,
f_nextoff = 0, f_label = 0x0}
(kgdb) p *(struct socket *)$2->f_data
$3 = {so_count = 1, so_type = 1, so_options = 4, so_linger = 0, so_state = 2,
so_qstate = 0,
so_pcb = 0xc317b168, so_proto = 0xc06b8148, so_head = 0x0, so_incomp =
{tqh_first = 0x0,
tqh_last = 0x0}, so_comp = {tqh_first = 0x0, tqh_last = 0x0}, so_list =
{tqe_next = 0x0,
tqe_prev = 0xc2e5ab44}, so_qlen = 0, so_incqlen = 0, so_qlimit = 0,
so_timeo = 0,
so_error = 0, so_sigio = 0x0, so_oobmark = 0, so_aiojobq = {tqh_first = 0x0,
tqh_last = 0xc347f5d8}, so_rcv = {sb_sel = {si_thrlist = {tqe_next = 0x0,
tqe_prev = 0xc3109330}, si_thread = 0x0, si_note = {kl_list =
{slh_first = 0x0},
kl_lock = 0xc04cd13c <knlist_mtx_lock>, kl_unlock = 0xc04cd170
<knlist_mtx_unlock>,
kl_locked = 0xc04cd1ac <knlist_mtx_locked>, kl_lockarg = 0xc347f604},
si_flags = 0},
sb_mtx = {mtx_object = {lo_class = 0xc06ad4c4, lo_name = 0xc068133e
"so_rcv",
lo_type = 0xc068133e "so_rcv", lo_flags = 196608, lo_list = {tqe_next =
0x0,
tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0},
sb_state = 0,
sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0, sb_hiwat =
66608, sb_mbcnt = 0,
sb_mbmax = 262144, sb_ctl = 0, sb_lowat = 1, sb_timeo = 0, sb_flags = 0},
so_snd = {sb_sel = {
si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0, si_note =
{kl_list = {
slh_first = 0x0}, kl_lock = 0xc04cd13c <knlist_mtx_lock>,
kl_unlock = 0xc04cd170 <knlist_mtx_unlock>, kl_locked = 0xc04cd1ac
<knlist_mtx_locked>,
kl_lockarg = 0xc347f67c}, si_flags = 0}, sb_mtx = {mtx_object =
{lo_class = 0xc06ad4c4,
lo_name = 0xc0681337 "so_snd", lo_type = 0xc0681337 "so_snd", lo_flags
= 196608,
lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock
= 4,
mtx_recurse = 0}, sb_state = 0, sb_mb = 0x0, sb_mbtail = 0x0,
sb_lastrecord = 0x0,
sb_cc = 0, sb_hiwat = 33304, sb_mbcnt = 0, sb_mbmax = 262144, sb_ctl = 0,
sb_lowat = 2048,
sb_timeo = 0, sb_flags = 0}, so_upcall = 0, so_upcallarg = 0x0, so_cred =
0xc2a7ad00,
so_label = 0x0, so_peerlabel = 0x0, so_gencnt = 22107, so_emuldata = 0x0,
so_accf = 0x0}
(kgdb)
pgpALzS4bGTpM.pgp
Description: PGP signature
