NetBSD Problem Report #37534
From martin@duskware.de Thu Dec 13 15:39:13 2007
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id 0752063B935
for <gnats-bugs@gnats.netbsd.org>; Thu, 13 Dec 2007 15:39:13 +0000 (UTC)
Message-Id: <20071213145703.BED3D63B8FF@narn.NetBSD.org>
Date: Thu, 13 Dec 2007 14:57:03 +0000 (UTC)
From: sfandino@yahoo.com
Reply-To: sfandino@yahoo.com
To: netbsd-bugs-owner@NetBSD.org
Subject: ktrace firefox -> kernel trap 30: data access expection
X-Send-Pr-Version: www-1.0
>Number: 37534
>Category: kern
>Synopsis: ktrace firefox -> kernel trap 30: data access expection
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: skrll
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Dec 13 15:40:00 +0000 2007
>Closed-Date: Wed Sep 17 07:17:47 +0000 2008
>Last-Modified: Wed Sep 17 07:17:47 +0000 2008
>Originator: Salvador Fandino
>Release: 4.0_RC5
>Organization:
>Environment:
NetBSD boletus.int.qindel.com 4.0_RC5 NetBSD 4.0_RC5 (SUNBLADE100) #3: Mon Dec 10 16:36:36 CET 2007 root@:/usr/src/sys/arch/sparc64/compile/SUNBLADE100 sparc64
>Description:
running
$ ktrace /usr/pkg/lib/firefox/firefox-bin
causes a kernel trap:
cpu0: data fault: pc=127a2ec addr=483fe000
kernel trap 30: data access exception
Stopped in pid 762.1 (firefox-bin) and netbsd:ktrsaupcall+0x8c: ldx [%i4 + %g0], %o0
I have tried both from an X session running locally and from a remote one tunneled over ssh with the same result.
My kernel is GENERIC with the following change (work around for bug 37485):
--- GENERIC 2007-09-25 02:32:53.000000000 +0200
+++ SUNBLADE100 2007-12-13 12:25:29.000000000 +0100
@@ -390,7 +390,9 @@
## Disable UDMA 4 which causes data corruption on the Acer Labs
## chipset on Sun Blade 100 and Netra X1 machines.
-wd* at atabus? drive ? flags 0x0000
+# wd* at atabus? drive ? flags 0x0fac
+# wd* at atabus? drive ? flags 0x0000
+wd* at atabus? drive ? flags 0x0aac
cd* at atapibus? drive ? flags 0x0000 # ATAPI CD-ROM drives
sd* at atapibus? drive ? flags 0x0000 # ATAPI disk drives
BTW, ddb is not usable on my system, it freezes after I type a single character.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
From: Salvador Fandino <sfandino@yahoo.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/37534: ktrace firefox -> kernel trap 30: data access expection
Date: Thu, 13 Dec 2007 08:08:58 -0800 (PST)
> >Category: kern
> >Responsible: kern-bug-people
> >Synopsis: ktrace firefox -> kernel trap 30: data
> access
>
expection
> >Arrival-Date: Thu Dec 13 15:40:00 +0000 2007
I had compiled firefox from source with the following change applied to the package to include debugging information:
[salva@boletus:/usr/pkgsrc]$ cvs diff www/firefox
? www/firefox/work
cvs diff: Diffing www/firefox
Index: www/firefox/Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/www/firefox/Makefile,v
retrieving revision 1.46
diff -r1.46 Makefile
10a11,12
> INSTALL_UNSTRIPPED= yes
>
Index: www/firefox/Makefile.common
===================================================================
RCS file: /cvsroot/pkgsrc/www/firefox/Makefile.common,v
retrieving revision 1.23
diff -r1.23 Makefile.common
148c148
< COPTS?= -O2
---
> COPTS?= -O0 -g
cvs diff: Diffing www/firefox/patches
Cheers,
- Salva
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
From: Martin Husemann <martin@duskware.de>
To: sfandino@yahoo.com
Cc: gnats-bugs@NetBSD.org
Subject: Re: kern/37534: ktrace firefox -> kernel trap 30: data access expection
Date: Fri, 14 Dec 2007 12:45:55 +0100
On Thu, Dec 13, 2007 at 03:40:00PM +0000, sfandino@yahoo.com wrote:
> causes a kernel trap:
>
> cpu0: data fault: pc=127a2ec addr=483fe000
> kernel trap 30: data access exception
> Stopped in pid 762.1 (firefox-bin) and netbsd:ktrsaupcall+0x8c: ldx [%i4 + %g0], %o0
Looks like it dies here:
0x10f824c is in ktrsaupcall (../../../../kern/kern_ktrace.c:764).
759 * Copy the sa_t's
760 */
761 sapp = (struct sa_t **) sas;
762
763 for (i = nevent + nint; i >= 0; i--) {
764 if (copyin(*sapp, (char *)ktp + len, sizeof(struct sa_t)) == 0)
765 len += sizeof(struct sa_t);
766 sapp++;
767 }
768
*sapp is 0x483fe000 and we can not access that address.
Could you do a "bt" at the db> prompt? That should get us the arguments to
this funcion (which are probably bogus).
Martin
From: Salvador Fandino <sfandino@yahoo.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/37534: ktrace firefox -> kernel trap 30: data access expection
Date: Fri, 14 Dec 2007 07:46:32 -0800 (PST)
> Looks like it dies here:
>
> 0x10f824c is in ktrsaupcall (../../../../kern/kern_ktrace.c:764).
> 759 * Copy the sa_t's
> 760 */
> 761 sapp = (struct sa_t **) sas;
> 762
> 763 for (i = nevent + nint; i >= 0; i--) {
> 764 if (copyin(*sapp, (char *)ktp +
> len,
>
sizeof(struct sa_t)) == 0)
> 765 len += sizeof(struct sa_t);
> 766 sapp++;
> 767 }
> 768
>
> *sapp is 0x483fe000 and we can not access that address.
>
> Could you do a "bt" at the db> prompt? That should get us the
> arguments to this funcion (which are probably bogus).
The kernel debugger doesn't work here. It freezes after I type the "b"
(or any other) character.
My machine uses an USB keyboard, could it be related to that?
Next week, if I have some spare time, I would try to set up gdb kernel
debugging and get the backtrace from there.
Cheers,
- Salva
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
From: Salvador Fandino <sfandino@yahoo.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/37534: ktrace firefox -> kernel trap 30: data access expection
Date: Thu, 20 Dec 2007 09:18:24 -0800 (PST)
> Please try: sysctl -w ddb.commandonenter=bt
> and then make it crash.
cpu0: data fault: pc=12712ec addr=483fe000
kernel trap 30: data access exception
Stopped in pid 1078.1 (firefox-bin) at netbsd:ktrsaupcall+0x8c: ldx [%i4 + %g0], %o0
sa_upcall_userret(cedf880, 1, 483ffcf0, 2e0, cc1e2b0, 2) at netbsd:sa_upcall_userret+0x598
syscall_fancy(cf25ed0, cc1e2b0, 44e3a8e4, cf25dc0, 1e, 44e3a8e4) at netbsd:syscall_fancy+0x3f4
?(fffffffffe00034, ffffffffffff9d48, 18, ffffffffb5ff9e30, 48000160, 481fffd0) at 0x1008c90
- Salva
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc: sfandino@yahoo.com
Subject: Re: kern/37534: ktrace firefox -> kernel trap 30: data access expection
Date: Sat, 29 Dec 2007 01:18:06 +0100
I can reproduce this on 4.0 by ktrace'ing the
regress/lib/libpthread/barrier1 testcase.
Martin
Responsible-Changed-From-To: kern-bug-people->skrll
Responsible-Changed-By: skrll@netbsd.org
Responsible-Changed-When: Sun, 30 Dec 2007 13:21:50 +0000
Responsible-Changed-Why:
My bug
State-Changed-From-To: open->analyzed
State-Changed-By: skrll@netbsd.org
State-Changed-When: Sun, 30 Dec 2007 13:21:50 +0000
State-Changed-Why:
ktrsaupcall attemts to deref a userland address... oops.
From: Nick Hudson <skrll@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: PR/37534 CVS commit: [wrstuden-fixsa] src/sys
Date: Fri, 4 Jan 2008 11:40:46 +0000 (UTC)
Module Name: src
Committed By: skrll
Date: Fri Jan 4 11:40:46 UTC 2008
Modified Files:
src/sys/kern [wrstuden-fixsa]: kern_ktrace.c kern_sa.c
src/sys/sys [wrstuden-fixsa]: ktrace.h
Log Message:
Pass an array pointers in kernel VM space to ktrsaupcall for it to
create the ktrace record instead of trying to access a pointer in
userland.
Fixes PR/37534.
To generate a diff of this commit:
cvs rdiff -r1.112 -r1.112.4.1 src/sys/kern/kern_ktrace.c
cvs rdiff -r1.87.4.8 -r1.87.4.9 src/sys/kern/kern_sa.c
cvs rdiff -r1.45 -r1.45.4.1 src/sys/sys/ktrace.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: analyzed->feedback
State-Changed-By: skrll@netbsd.org
State-Changed-When: Sat, 05 Jan 2008 13:13:00 +0000
State-Changed-Why:
Fix committed.
From: Julian Coleman <jdc@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/37534 CVS commit: [netbsd-4] src/sys
Date: Fri, 11 Apr 2008 06:35:02 +0000 (UTC)
Module Name: src
Committed By: jdc
Date: Fri Apr 11 06:35:02 UTC 2008
Modified Files:
src/sys/kern [netbsd-4]: kern_ktrace.c kern_sa.c
src/sys/sys [netbsd-4]: ktrace.h
Log Message:
Pull up revisions:
src/sys/kern/kern_ktrace.c 1.112.4.1
src/sys/kern/kern_sa.c 1.87.4.9
src/sys/sys/ktrace.h 1.45.4.1
from [wrstuden-fixsa] (requested by skrll in ticket #1121).
Pass an array pointers in kernel VM space to ktrsaupcall for it to
create the ktrace record instead of trying to access a pointer in
userland.
Fixes PR/37534.
To generate a diff of this commit:
cvs rdiff -r1.112 -r1.112.2.1 src/sys/kern/kern_ktrace.c
cvs rdiff -r1.87 -r1.87.2.1 src/sys/kern/kern_sa.c
cvs rdiff -r1.45 -r1.45.2.1 src/sys/sys/ktrace.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Bill Stouder-Studenmund <wrstuden@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/37534 CVS commit: [wrstuden-revivesa] src/sys
Date: Tue, 27 May 2008 00:14:44 +0000 (UTC)
Module Name: src
Committed By: wrstuden
Date: Tue May 27 00:14:44 UTC 2008
Modified Files:
src/sys/kern [wrstuden-revivesa]: kern_ktrace.c
src/sys/sys [wrstuden-revivesa]: ktrace.h
Log Message:
Re-merge ktrace upcall hooks. Still needs changes for PR 37534.
To generate a diff of this commit:
cvs rdiff -r1.144.2.2 -r1.144.2.3 src/sys/kern/kern_ktrace.c
cvs rdiff -r1.53 -r1.53.14.1 src/sys/sys/ktrace.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Bill Stouder-Studenmund <wrstuden@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/37534 CVS commit: [wrstuden-revivesa] src/sys
Date: Tue, 27 May 2008 00:37:20 +0000 (UTC)
Module Name: src
Committed By: wrstuden
Date: Tue May 27 00:37:20 UTC 2008
Modified Files:
src/sys/kern [wrstuden-revivesa]: kern_ktrace.c
src/sys/sys [wrstuden-revivesa]: ktrace.h
Log Message:
Pull in the fix for PR/37534.
To generate a diff of this commit:
cvs rdiff -r1.144.2.3 -r1.144.2.4 src/sys/kern/kern_ktrace.c
cvs rdiff -r1.53.14.1 -r1.53.14.2 src/sys/sys/ktrace.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: feedback->closed
State-Changed-By: skrll@NetBSD.org
State-Changed-When: Wed, 17 Sep 2008 07:17:47 +0000
State-Changed-Why:
Skip pending-pullups and go straight to closed.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.