From dgilbert@trooper.velocet.net Tue Oct 5 08:45:28 1999 Return-Path: Received: from trooper.velocet.net (trooper.velocet.net [216.126.82.226]) by hub.freebsd.org (Postfix) with ESMTP id 106F8150E9 for ; Tue, 5 Oct 1999 08:44:52 -0700 (PDT) (envelope-from dgilbert@trooper.velocet.net) Received: (from dgilbert@localhost) by trooper.velocet.net (8.9.3/8.9.3) id LAA10238; Tue, 5 Oct 1999 11:44:26 -0400 (EDT) (envelope-from dgilbert) Message-Id: <199910051544.LAA10238@trooper.velocet.net> Date: Tue, 5 Oct 1999 11:44:26 -0400 (EDT) From: David Gilbert Sender: dgilbert@trooper.velocet.net Reply-To: dgilbert@velocet.ca To: FreeBSD-gnats-submit@freebsd.org Subject: 3.3-RELEASE crashing hourly. X-Send-Pr-Version: 3.2 >Number: 14141 >Category: kern >Synopsis: 3.3-RELEASE crashing often >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Oct 5 08:50:01 PDT 1999 >Closed-Date: Fri May 25 04:48:44 PDT 2001 >Last-Modified: Fri May 25 04:49:12 PDT 2001 >Originator: David Gilbert >Release: FreeBSD 3.3-RELEASE i386 >Organization: Velocet Communications >Environment: 3.3-RELEASE kernel on a K6-2/400 w/ 256M RAM (also tried 128M RAM) # # GENERIC -- Generic machine with WD/AHx/NCR/BTx family disks # # For more information on this file, please read the handbook section on # Kernel Configuration Files: # # http://www.freebsd.org/handbook/kernelconfig-config.html # # The handbook is also available locally in /usr/share/doc/handbook # if you've installed the doc distribution, otherwise always see the # FreeBSD World Wide Web server (http://www.FreeBSD.ORG/) for the # latest information. # # An exhaustive list of options and more detailed explanations of the # device lines is also present in the ./LINT configuration file. If you are # in doubt as to the purpose or necessity of a line, check first in LINT. # # $FreeBSD: src/sys/i386/conf/GENERIC,v 1.143.2.22 1999/09/14 22:53:30 jkh Exp $ machine "i386" #cpu "I386_CPU" #cpu "I486_CPU" cpu "I586_CPU" #cpu "I686_CPU" ident GENERIC maxusers 64 #options MATH_EMULATE #Support for x87 emulation options INET #InterNETworking options FFS #Berkeley Fast Filesystem options FFS_ROOT #FFS usable as root device [keep this!] options MFS #Memory Filesystem #options MFS_ROOT #MFS usable as root device, "MFS" req'ed #options NFS #Network Filesystem #options NFS_ROOT #NFS usable as root device, "NFS" req'ed #options MSDOSFS #MSDOS Filesystem options "CD9660" #ISO 9660 Filesystem #options "CD9660_ROOT" #CD-ROM usable as root. "CD9660" req'ed options PROCFS #Process filesystem options "COMPAT_43" #Compatible with BSD 4.3 [KEEP THIS!] options SCSI_DELAY=5000 #Be pessimistic about Joe SCSI device options UCONSOLE #Allow users to grab the console options FAILSAFE #Be conservative options USERCONFIG #boot -c editor options VISUAL_USERCONFIG #visual boot -c editor options KTRACE #ktrace(1) syscall trace support options SYSVSHM #SYSV-style shared memory options SYSVMSG #SYSV-style message queues options SYSVSEM #SYSV-style semaphores config kernel root on wd0 # To make an SMP kernel, the next two are needed #options SMP # Symmetric MultiProcessor Kernel #options APIC_IO # Symmetric (APIC) I/O # Optionally these may need tweaked, (defaults shown): #options NCPU=2 # number of CPUs #options NBUS=4 # number of busses #options NAPIC=1 # number of IO APICs #options NINTR=24 # number of INTs controller isa0 #controller pnp0 # PnP support for ISA #controller eisa0 controller pci0 # Floppy drives controller fdc0 at isa? port "IO_FD1" bio irq 6 drq 2 disk fd0 at fdc0 drive 0 disk fd1 at fdc0 drive 1 # IDE controller and disks #options "CMD640" # work around CMD640 chip deficiency #controller wdc0 at isa? port "IO_WD1" bio irq 14 #disk wd0 at wdc0 drive 0 #disk wd1 at wdc0 drive 1 #controller wdc1 at isa? port "IO_WD2" bio irq 15 #disk wd2 at wdc1 drive 0 #disk wd3 at wdc1 drive 1 # ATAPI devices #options ATAPI #Enable ATAPI support for IDE bus #options ATAPI_STATIC #Don't do it as an LKM #device acd0 #IDE CD-ROM #device wfd0 #IDE Floppy (e.g. LS-120) # SCSI Controllers # A single entry for any of these controllers (ncr, ahb, ahc) is # sufficient for any number of installed devices. #controller ncr0 # NCR/Symbios Logic #controller ahb0 # EISA AHA1742 family controller ahc0 # AHA2940 and onboard AIC7xxx devices #controller amd0 # AMD 53C974 (Teckram DC-390(T)) #controller isp0 # Qlogic family #controller dpt0 # DPT Smartcache - See LINT for options! #controller adv0 at isa? port ? cam irq ? #controller adw0 #controller bt0 at isa? port ? cam irq ? #controller aha0 at isa? port ? cam irq ? # SCSI peripherals # Only one of each of these is needed, they are dynamically allocated. controller scbus0 # SCSI bus (required) device da0 # Direct Access (disks) device sa0 # Sequential Access (tape etc) device cd0 # CD device pass0 # Passthrough device (direct SCSI) # Proprietary or custom CD-ROM Interfaces #device wt0 at isa? port 0x300 bio irq 5 drq 1 #device mcd0 at isa? port 0x300 bio irq 10 #device matcd0 at isa? port 0x230 bio #device scd0 at isa? port 0x230 bio # atkbdc0 controls both the keyboard and the PS/2 mouse controller atkbdc0 at isa? port IO_KBD tty device atkbd0 at isa? tty irq 1 #device psm0 at isa? tty irq 12 device vga0 at isa? port ? conflicts # splash screen/screen saver pseudo-device splash # syscons is the default console driver, resembling an SCO console device sc0 at isa? tty # Enable this and PCVT_FREEBSD for pcvt vt220 compatible console driver #device vt0 at isa? tty #options XSERVER # support for X server #options FAT_CURSOR # start with block cursor # If you have a ThinkPAD, uncomment this along with the rest of the PCVT lines #options PCVT_SCANSET=2 # IBM keyboards are non-std # Floating point support - do not disable. device npx0 at isa? port IO_NPX irq 13 # Power management support (see LINT for more options) #device apm0 at isa? disable flags 0x31 # Advanced Power Management # PCCARD (PCMCIA) support #controller card0 #device pcic0 at card? #device pcic1 at card? # Serial (COM) ports device sio0 at isa? port "IO_COM1" flags 0x10 tty irq 4 device sio1 at isa? port "IO_COM2" tty irq 3 device sio2 at isa? disable port "IO_COM3" tty irq 5 device sio3 at isa? disable port "IO_COM4" tty irq 9 # Parallel port device ppc0 at isa? port? flags 0x40 net irq 7 controller ppbus0 # Parallel port bus (required) device lpt0 at ppbus? # Printer device plip0 at ppbus? # TCP/IP over parallel device ppi0 at ppbus? # Parallel port interface device #controller vpo0 at ppbus? # Requires scbus and da0 # PCI Ethernet NICs. #device al0 # ADMtek AL981 (``Comet'') #device ax0 # ASIX AX88140A device de0 # DEC/Intel DC21x4x (``Tulip'') device fxp0 # Intel EtherExpress PRO/100B (82557, 82558) #device mx0 # Macronix 98713/98715/98725 (``PMAC'') #device pn0 # Lite-On 82c168/82c169 (``PNIC'') #device rl0 # RealTek 8129/8139 #device sf0 # Adaptec AIC-6915 DuraLAN (``Starfire'') #device tl0 # Texas Instruments ThunderLAN device tx0 # SMC 9432TX (83c170 ``EPIC'') #device vr0 # VIA Rhine, Rhine II #device vx0 # 3Com 3c590, 3c595 (``Vortex'') #device wb0 # Winbond W89C840F #device xl0 # 3Com 3c90x (``Boomerang'', ``Cyclone'') # ISA Ethernet NICs. # Order is important here due to intrusive probes, do *not* alphabetize # this list of network interfaces until the probes have been fixed. # Right now it appears that the ie0 must be probed before ep0. See # revision 1.20 of this file. #device ed0 at isa? port 0x280 net irq 10 iomem 0xd8000 #device ie0 at isa? port 0x300 net irq 10 iomem 0xd0000 #device ep0 at isa? port 0x300 net irq 10 #device ex0 at isa? port? net irq? #device fe0 at isa? port 0x300 net irq ? #device le0 at isa? port 0x300 net irq 5 iomem 0xd0000 #device lnc0 at isa? port 0x280 net irq 10 drq 0 #device cs0 at isa? port 0x300 net irq ? # requires PCCARD (PCMCIA) support to be activated #device xe0 at isa? port? net irq ? # PCCARD NIC drivers. # ze and zp take over the pcic and cannot coexist with generic pccard # support, nor the ed and ep drivers they replace. #device ze0 at isa? port 0x300 net irq 10 iomem 0xd8000 #device zp0 at isa? port 0x300 net irq 10 iomem 0xd8000 # Pseudo devices - the number indicates how many units to allocated. pseudo-device loop # Network loopback pseudo-device ether # Ethernet support #pseudo-device sl 1 # Kernel SLIP #pseudo-device ppp 1 # Kernel PPP pseudo-device tun 4 # Packet tunnel pseudo-device pty 256 # Pseudo-ttys (telnet etc) pseudo-device gzip # Exec gzipped a.out's # The `bpfilter' pseudo-device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! # The number of devices determines the maximum number of # simultaneous BPF clients programs runnable. pseudo-device bpfilter 4 #Berkeley packet filter #options "PMAP_SHPGPERPROC=400" options INCLUDE_CONFIG_FILE #options DDB #options DDB_UNATTENDED options "MAXMEM=(512*1024)" >Description: The machine is running a busy webserver with many virtual hosts. The virtual size of the httpd process may be an issue --- they average about 90M virtual, but often don't touch all that memory... as then they'd be huge. I'm including several tracebacks. I have kernel droppings for these, if helpful panic: rlist_free: free end overlaps already freed area (kgdb) bt #0 boot (howto=256) at ../../kern/kern_shutdown.c:285 #1 0xc014838c in at_shutdown ( function=0xc01e9737 <__set_sysinit_set_sym_logdev_sys_init+75>, arg=0x7, queue=0) at ../../kern/kern_shutdown.c:446 #2 0xc0151da5 in rlist_free (rlh=0xc0236c58, start=0, end=7) at ../../kern/subr_rlist.c:155 #3 0xc01aa887 in swap_pager_freeswapspace (object=0xc962a6c8, from=0, to=7) at ../../vm/swap_pager.c:422 #4 0xc01aaabd in swap_pager_free_swap (object=0xc962a6c8) at ../../vm/swap_pager.c:518 #5 0xc01aaf56 in swap_pager_dealloc (object=0xc962a6c8) at ../../vm/swap_pager.c:771 #6 0xc01b6cba in vm_pager_deallocate (object=0xc962a6c8) at ../../vm/vm_pager.c:246 #7 0xc01b297a in vm_object_terminate (object=0xc962a6c8) at ../../vm/vm_object.c:467 #8 0xc01b285c in vm_object_deallocate (object=0xc962a6c8) at ../../vm/vm_object.c:386 #9 0xc01afc07 in vm_map_entry_delete (map=0xc9623940, entry=0xc962f6e0) at ../../vm/vm_map.c:1735 #10 0xc01afde8 in vm_map_delete (map=0xc9623940, start=0, end=3217022976) at ../../vm/vm_map.c:1849 #11 0xc01afe6c in vm_map_remove (map=0xc9623940, start=0, end=3217022976) at ../../vm/vm_map.c:1874 #12 0xc014249b in exit1 (p=0xc960bc80, rv=0) at ../../kern/kern_exit.c:218 #13 0xc01422a0 in exit1 (p=0xc960bc80, rv=-916185196) at ../../kern/kern_exit.c:104 #14 0xc01d03e7 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 0, tf_esi = -1, tf_ebp = -1077945368, tf_isp = -916185116, tf_ebx = 671987304, tf_edx = 0, tf_ecx = 134540128, tf_eax = 1, tf_trapno = 0, tf_err = 2, tf_eip = 671732356, tf_cs = 31, tf_eflags = 582, tf_esp = -1077945388, tf_ss = 39}) at ../../i386/i386/trap.c:1100 #15 0xc01c64bc in Xint0x80_syscall () panic: rlist_free: free start overlaps already freed area #0 boot (howto=256) at ../../kern/kern_shutdown.c:285 #1 0xc014838c in at_shutdown ( function=0xc01e9768 <__set_sysinit_set_sym_logdev_sys_init+124>, arg=0x7, queue=0) at ../../kern/kern_shutdown.c:446 #2 0xc0151dbe in rlist_free (rlh=0xc0236c58, start=0, end=7) at ../../kern/subr_rlist.c:159 #3 0xc01aa887 in swap_pager_freeswapspace (object=0xc95b80f8, from=0, to=7) at ../../vm/swap_pager.c:422 #4 0xc01aa968 in swap_pager_freespace (object=0xc95b80f8, start=39, size=19352) at ../../vm/swap_pager.c:445 #5 0xc01afdc9 in vm_map_delete (map=0xc95954c0, start=134832128, end=214097920) at ../../vm/vm_map.c:1833 #6 0xc01afe6c in vm_map_remove (map=0xc95954c0, start=134832128, end=214097920) at ../../vm/vm_map.c:1874 #7 0xc01b7503 in obreak (p=0xc957d020, uap=0xc9615f94) at ../../vm/vm_unix.c:107 #8 0xc01d03e7 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 134832128, tf_esi = 134549824, tf_ebp = -1077946648, tf_isp = -916365340, tf_ebx = 671987304, tf_edx = 671987284, tf_ecx = 671987280, tf_eax = 17, tf_trapno = 0, tf_err = 2, tf_eip = 671951256, tf_cs = 31, tf_eflags = 647, tf_esp = -1077946684, tf_ss = 39}) at ../../i386/i386/trap.c:1100 #9 0xc01c64bc in Xint0x80_syscall () #10 0x280d2402 in ?? () #11 0x804c1a8 in ?? () #12 0x804b087 in ?? () #13 0x804a6c1 in ?? () #14 0x80490f5 in ?? () panic: rlist_free: free end overlaps already freed area (kgdb) bt #0 boot (howto=256) at ../../kern/kern_shutdown.c:285 #1 0xc014838c in at_shutdown ( function=0xc01e9737 <__set_sysinit_set_sym_logdev_sys_init+75>, arg=0x9, queue=2) at ../../kern/kern_shutdown.c:446 #2 0xc0151da5 in rlist_free (rlh=0xc0236c58, start=2, end=9) at ../../kern/subr_rlist.c:155 #3 0xc01aa887 in swap_pager_freeswapspace (object=0xc95cf174, from=2, to=9) at ../../vm/swap_pager.c:422 #4 0xc01aa968 in swap_pager_freespace (object=0xc95cf174, start=37, size=15946) at ../../vm/swap_pager.c:445 #5 0xc01afdc9 in vm_map_delete (map=0xc9476d80, start=134823936, end=200138752) at ../../vm/vm_map.c:1833 #6 0xc01afe6c in vm_map_remove (map=0xc9476d80, start=134823936, end=200138752) at ../../vm/vm_map.c:1874 #7 0xc01b7503 in obreak (p=0xc94691e0, uap=0xc9530f94) at ../../vm/vm_unix.c:107 #8 0xc01d03e7 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 134823936, tf_esi = 134549792, tf_ebp = -1077946648, tf_isp = -917303324, tf_ebx = 671987304, tf_edx = 671987284, tf_ecx = 671987280, tf_eax = 17, tf_trapno = 0, tf_err = 2, tf_eip = 671951256, tf_cs = 31, tf_eflags = 647, tf_esp = -1077946684, tf_ss = 39}) at ../../i386/i386/trap.c:1100 #9 0xc01c64bc in Xint0x80_syscall () #10 0x280d2402 in ?? () #11 0x804c002 in ?? () #12 0x804b087 in ?? () #13 0x804a6c1 in ?? () #14 0x80490f5 in ?? () panic: rlist_free: free start overlaps already freed area (kgdb) bt #0 boot (howto=256) at ../../kern/kern_shutdown.c:285 #1 0xc014838c in at_shutdown ( function=0xc01e9768 <__set_sysinit_set_sym_logdev_sys_init+124>, arg=0x7, queue=0) at ../../kern/kern_shutdown.c:446 #2 0xc0151dbe in rlist_free (rlh=0xc0236c58, start=0, end=7) at ../../kern/subr_rlist.c:159 #3 0xc01aa887 in swap_pager_freeswapspace (object=0xc9630c1c, from=0, to=7) at ../../vm/swap_pager.c:422 #4 0xc01aa968 in swap_pager_freespace (object=0xc9630c1c, start=39, size=18755) at ../../vm/swap_pager.c:445 #5 0xc01afdc9 in vm_map_delete (map=0xc9466180, start=134832128, end=211652608) at ../../vm/vm_map.c:1833 #6 0xc01afe6c in vm_map_remove (map=0xc9466180, start=134832128, end=211652608) at ../../vm/vm_map.c:1874 #7 0xc01b7503 in obreak (p=0xc9470780, uap=0xc9492f94) at ../../vm/vm_unix.c:107 #8 0xc01d03e7 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 134832128, tf_esi = 134549824, tf_ebp = -1077946648, tf_isp = -917950492, tf_ebx = 671987304, tf_edx = 671987284, tf_ecx = 671987280, tf_eax = 17, tf_trapno = 0, tf_err = 2, tf_eip = 671951256, tf_cs = 31, tf_eflags = 647, tf_esp = -1077946684, tf_ss = 39}) at ../../i386/i386/trap.c:1100 #9 0xc01c64bc in Xint0x80_syscall () #10 0x280d2402 in ?? () #11 0x804c002 in ?? () #12 0x804b087 in ?? () #13 0x804a6c1 in ?? () #14 0x80490f5 in ?? () >How-To-Repeat: I can definately reproduce this at will, but I don't have the leaway with the customers to experiment too much to determine the exact conditions. I expect that load is an issue as my other 3.3 machines don't exhibit these symptoms >Fix: So far, (will update this is not true) a 3.2 kernel installed on this machine appears to not crash. >Release-Note: >Audit-Trail: From: David Gilbert To: freebsd-gnats-submit@freebsd.org Cc: Subject: Re: kern/14141: 3.3-RELEASE crashing often Date: Sun, 10 Oct 1999 15:02:32 -0400 (EDT) More news on this one. We moved to new hardware, and now I'm getting multiple crashes with the following signature: The common things here seem to be the vfork() --> fork1() --> fdcopy() Fatal trap 12: page fault while in kernel mode fault virtual address = 0xd fault code = supervisor write, page not present instruction pointer = 0x8:0xc01435d7 stack pointer = 0x10:0xcc348f08 frame pointer = 0x10:0xcc348f2c code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 38090 (httpd_1.3.9) interrupt mask = trap number = 12 panic: page fault (kgdb) bt #0 boot (howto=256) at ../../kern/kern_shutdown.c:285 #1 0xc014aad1 in panic (fmt=0xc02385ba "page fault") at ../../kern/kern_shutdown.c:446 #2 0xc0209712 in trap_fatal (frame=0xcc348ecc, eva=13) at ../../i386/i386/trap.c:942 #3 0xc02093cb in trap_pfault (frame=0xcc348ecc, usermode=0, eva=13) at ../../i386/i386/trap.c:835 #4 0xc0208ffe in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -1044124544, tf_esi = -1037650432, tf_ebp = -868970708, tf_isp = -868970764, tf_ebx = 1769, tf_edx = -1052106376, tf_ecx = 0, tf_eax = 1, tf_trapno = 12, tf_err = 2, tf_eip = -1072417321, tf_cs = 8, tf_eflags = 66050, tf_esp = -1052187648, tf_ss = -1052089344}) at ../../i386/i386/trap.c:437 #5 0xc01435d7 in fdcopy (p=0xcc3079c0) at ../../kern/kern_descrip.c:951 #6 0xc014587b in fork1 (p1=0xcc3079c0, flags=-2147483596) at ../../kern/kern_fork.c:379 #7 0xc014533b in vfork (p=0xcc3079c0, uap=0xcc348f94) at ../../kern/kern_fork.c:109 #8 0xc020995b in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 226087504, tf_esi = 226086800, tf_ebp = -1077949752, tf_isp = -868970524, tf_ebx = 673171048, tf_edx = 226066448, tf_ecx = 672877149, tf_eax = 66, tf_trapno = 7, tf_err = 2, tf_eip = 672936705, tf_cs = 31, tf_eflags = 514, tf_esp = -1077949796, tf_ss = 39}) at ../../i386/i386/trap.c:1100 #9 0xc01feedc in Xint0x80_syscall () From: David Gilbert To: freebsd-gnats-submit@freebsd.org Cc: Subject: Re: kern/14141: 3.3-RELEASE crashing often Date: Sun, 10 Oct 1999 15:15:38 -0400 (EDT) This is very worrysome. What we seem to have here is memory corruption of some sort, I think (but years of sysadm has dulled by gdb usage)... From a simlar, but hour later crash dump: (kgdb) bt #0 boot (howto=256) at ../../kern/kern_shutdown.c:285 #1 0xc014aad1 in panic (fmt=0xc02385ba "page fault") at ../../kern/kern_shutdown.c:446 #2 0xc0209712 in trap_fatal (frame=0xcc332ecc, eva=43) at ../../i386/i386/trap.c:942 #3 0xc02093cb in trap_pfault (frame=0xcc332ecc, usermode=0, eva=43) at ../../i386/i386/trap.c:835 #4 0xc0208ffe in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -1051776000, tf_esi = -1051100288, tf_ebp = -869060820, tf_isp = -869060876, tf_ebx = 1863, tf_edx = -1050021888, tf_ecx = 0, tf_eax = 31, tf_trapno = 12, tf_err = 2, tf_eip = -1072417321, tf_cs = 8, tf_eflags = 66050, tf_esp = -1051614208, tf_ss = -1050004480}) at ../../i386/i386/trap.c:437 #5 0xc01435d7 in fdcopy (p=0xcc304f40) at ../../kern/kern_descrip.c:951 #6 0xc014587b in fork1 (p1=0xcc304f40, flags=-2147483596) at ../../kern/kern_fork.c:379 #7 0xc014533b in vfork (p=0xcc304f40, uap=0xcc332f94) at ../../kern/kern_fork.c:109 #8 0xc020995b in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 226316880, tf_esi = 226066288, tf_ebp = -1077949592, tf_isp = -869060636, tf_ebx = 673171048, tf_edx = 226250768, tf_ecx = 672877149, tf_eax = 66, tf_trapno = 12, tf_err = 2, tf_eip = 672936705, tf_cs = 31, tf_eflags = 518, tf_esp = -1077949636, tf_ss = 39}) at ../../i386/i386/trap.c:1100 #9 0xc01feedc in Xint0x80_syscall () (kgdb) frame 5 #5 0xc01435d7 in fdcopy (p=0xcc304f40) at ../../kern/kern_descrip.c:951 951 (*fpp)->f_count++; (kgdb) p fpp $1 = (struct file **) 0x0 (kgdb) l 946 bcopy(fdp->fd_ofiles, newfdp->fd_ofiles, i * sizeof(struct file **)); 947 bcopy(fdp->fd_ofileflags, newfdp->fd_ofileflags, i * sizeof(char)); 948 fpp = newfdp->fd_ofiles; 949 for (i = newfdp->fd_lastfile; i-- >= 0; fpp++) 950 if (*fpp != NULL) 951 (*fpp)->f_count++; 952 return (newfdp); 953 } 954 955 /* (kgdb) p newfdp $2 = (struct filedesc *) 0xc1597b80 (kgdb) p *newfdp $3 = {fd_ofiles = 0xc169d000, fd_ofileflags = 0xc16a3400 "", fd_cdir = 0xcc3b5bc0, fd_rdir = 0xcc1cfe00, fd_nfiles = 6400, fd_lastfile = 3912, fd_freefile = 6, fd_cmask = 18, fd_refcnt = 1} now... this implies that fpp somehow gets set to NULL, but: (kgdb) p **(newfdp->fd_ofiles) $7 = {f_list = {le_next = 0xc1696fc0, le_prev = 0xc1567b00}, f_flag = 1, f_type = 1, f_count = 41, f_msgcount = 0, f_cred = 0xc0e27200, f_ops = 0xc024a294, f_seqcount = 1, f_nextread = 0, f_offset = 0, f_data = 0xcc1cde80 ""} (kgdb) p **(newfdp->fd_ofiles+1) $8 = {f_list = {le_next = 0xc13958c0, le_prev = 0xc1419f40}, f_flag = 2, f_type = 1, f_count = 41, f_msgcount = 0, f_cred = 0xc0e27200, f_ops = 0xc024a294, f_seqcount = 1, f_nextread = 0, f_offset = 0, f_data = 0xcc1cde80 ""} (kgdb) p **(newfdp->fd_ofiles+2) $9 = {f_list = {le_next = 0xc13c60c0, le_prev = 0xc139b900}, f_flag = 10, f_type = 1, f_count = 82, f_msgcount = 0, f_cred = 0xc0e27200, f_ops = 0xc024a294, f_seqcount = 1, f_nextread = 0, f_offset = 26016907, f_data = 0xcc27b2c0 ""} Then I thought about it... and fpp itself should not become NULL in this case... it's being incremented from some valid pointer value. Ideas? Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://www.velocet.net/~dgilbert | are precisely opposite. | =========================================================GLO================ From: "Joseph A. Mallett" To: , Cc: Subject: Re: kern/14141 3.3-RELEASE crashing often Date: Thu, 24 May 2001 15:12:09 -0400 (EDT) As shown below, the problem has been resolved. Close the bug. -- [ Joseph Mallett ] [ http://srcsys.org ] [ xMach Core Team xMach: Proactively Unbloated Microkernel BSD ] [ FreeBSD, NetBSD, & xMach User; (Obj)C(++) Coder ] [ http://xMach.org ] On Thu, 24 May 2001, David Gilbert wrote: > Oi... I'm sure that the issue got solved somehow ... 'cause that was a > core server (if I'm not mistaken, it's the server that xmach.org is > on). That machine is running some concocktion of 3.4-STABLE (IIRC) > now... not 3.3 as the PR intones. It may have been the whole tl0 > driver debacle... in which our solution was to swap out the card for > dc0 drivers. > > I don't think I can be more helpful because I don't have the resources > to attempt repeating the problem. > > Dave. > State-Changed-From-To: open->closed State-Changed-By: roam State-Changed-When: Fri May 25 04:48:44 PDT 2001 State-Changed-Why: Closed at originator's request. http://www.FreeBSD.org/cgi/query-pr.cgi?pr=14141 >Unformatted: