Subject: kern/5789: kernel fault in gdb/ptrace
To: None <gnats-bugs@gnats.netbsd.org>
From: Ken Raeburn <raeburn@raeburn.org>
List: netbsd-bugs
Date: 07/18/1998 04:42:39
>Number: 5789
>Category: kern
>Synopsis: kernel fault in gdb/ptrace
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people (Kernel Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Jul 18 01:50:01 1998
>Last-Modified:
>Originator: Ken Raeburn
>Organization:
>Release: 1998-07-01
>Environment:
System: NetBSD kr-pc.cygnus.com 1.3F NetBSD 1.3F (RAEBURN) #0: Thu Jul 9 16:33:34 EDT 1998 root@kr-pc.cygnus.com:/dos/sys.980701/arch/i386/compile/RAEBURN i386
>Description:
I've recently rebuilt my entire system using a 980701 "sup" snapshot
of the sources. User-land code I rebuilt twice.
Possibly related problem: Since I installed the new kernel, I've been
seeing random signal-6 and signal-11 crashes in cc1; restarting a
build usually succeeds. Possibly a hardware problem, possibly not
noticed before due to changed memory-use pattens or something, but the
newly installed kernel is suspect as well. My kernel config is based
on GENERIC, modified for my device list and including ddb.
I was trying to debug a newly built mozilla-export binary to see why
the "back" button appeared to cause it to hang. Because I had trouble
getting gdb to attach the process (I'll file a separate PR on that), I
started running the program under gdb, and while trying to do some
debugging, got a panic:
#0 0xf0969a00 in ?? ()
#1 0x999000 in ?? ()
#2 0xf01eabdf in cpu_reboot (howto=256, bootstr=0x0)
at ../../../../arch/i386/i386/machdep.c:1304
#3 0xf0132b3d in panic (fmt=0xf01ed928 "ptdi %x")
at ../../../../kern/subr_prf.c:184
#4 0xf01ed985 in pmap_enter (pmap=0xf0969a00, va=4898816, pa=38051840,
prot=7, wired=0) at ../../../../arch/i386/i386/pmap.c:1251
#5 0xf01dcec6 in vm_fault (map=0xf0907d00, vaddr=4898816, fault_type=2,
change_wiring=0) at ../../../../vm/vm_fault.c:827
#6 0xf015385a in procfs_rwmem (p=0xf09c8a00, uio=0xf49d4f20)
at ../../../../miscfs/procfs/procfs_mem.c:167
#7 0xf015397d in procfs_domem (curp=0xf09a8600, p=0xf09c8a00, pfs=0x0,
uio=0xf49d4f20) at ../../../../miscfs/procfs/procfs_mem.c:242
#8 0xf01358a8 in sys_ptrace (p=0xf09a8600, v=0xf49d4f88, retval=0xf49d4f80)
at ../../../../kern/sys_process.c:234
#9 0xf01ef630 in syscall (frame={tf_es = 31, tf_ds = 31, tf_edi = 1,
tf_esi = 4898836, tf_ebp = -272640116, tf_ebx = 0, tf_edx = 778760,
tf_ecx = 0, tf_eax = 26, tf_trapno = 3, tf_err = 2, tf_eip = 1074789459,
tf_cs = 23, tf_eflags = 534, tf_esp = -272640156, tf_ss = 31,
tf_vm86_es = 0, tf_vm86_ds = 0, tf_vm86_fs = 0, tf_vm86_gs = 0})
at ../../../../arch/i386/i386/trap.c:727
In frame 8, the ptrace argument is:
$9 = {req = {datum = 5, pad = 5}, pid = {datum = 600, pad = 600}, addr = {
can not access 0x4ac014, invalid translation (invalid PDE)
can not access 0x4ac014, invalid translation (invalid PDE)
can not access 0x4ac014, invalid translation (invalid PDE)
can not access 0x4ac014, invalid translation (invalid PDE)
datum = 0x4ac014 <Address 0x4ac014 out of bounds>, pad = 4898836}, data = {
datum = 1, pad = 1}}
In frame 4:
(gdb) fr 4
#4 0xf01ed985 in pmap_enter (pmap=0xf0969a00, va=4898816, pa=38051840,
prot=7, wired=0) at ../../../../arch/i386/i386/pmap.c:1251
1251 panic("ptdi %x", pmap->pm_pdir[PTDPTDI]);
(gdb) list
1246 /*
1247 * Page Directory table entry not valid, we need a new PT page
1248 */
1249 pte = pmap_pte(pmap, va);
1250 if (!pte)
1251 panic("ptdi %x", pmap->pm_pdir[PTDPTDI]);
1252
1253 #ifdef DEBUG
1254 if (pmapdebug & PDB_ENTER)
1255 printf("enter: pte %p, *pte %x ", pte, *pte);
(gdb) p/x va
$10 = 0x4ac000
(gdb)
>How-To-Repeat:
Not sure. Maybe debugging a really large program like mozilla-export?
>Fix:
>Audit-Trail:
>Unformatted: