From nobody@FreeBSD.org  Tue Oct 18 01:30:42 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DB77A16A41F
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 18 Oct 2005 01:30:42 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A91C843D45
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 18 Oct 2005 01:30:42 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j9I1Ugbv003656
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 18 Oct 2005 01:30:42 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j9I1UgN3003654;
	Tue, 18 Oct 2005 01:30:42 GMT
	(envelope-from nobody)
Message-Id: <200510180130.j9I1UgN3003654@www.freebsd.org>
Date: Tue, 18 Oct 2005 01:30:42 GMT
From: Alex Goncharov <goncharov.alex@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: OS crash on a Firefox link click (FreeBSD 6.0-RC1, kernel with options)
X-Send-Pr-Version: www-2.3

>Number:         87596
>Category:       kern
>Synopsis:       [panic] OS crash on a Firefox link click (FreeBSD 6.0-RC1, kernel with options)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    linimon
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 18 01:40:16 GMT 2005
>Closed-Date:    Mon Jul 23 03:52:22 GMT 2007
>Last-Modified:  Mon Jul 23 03:52:22 GMT 2007
>Originator:     Alex Goncharov
>Release:        FreeBSD 6.0-RC1
>Organization:
Self
>Environment:
FreeBSD fasolt 6.0-RC1 FreeBSD 6.0-RC1 #0: Sat Oct 15 20:17:27 EDT 2005     algo@fasolt:/usr/obj/usr/src/sys/2005-10-15  i386

>Description:
Clicked on a link in Firefox -- the X session 
got frozen.  Tried to switch to the first and 
second virtual consoles -- no effect.

Hit Ctrl-Alt-BS and Ctrl-Alt-Delete.  Ultimately, 
the box went down and rebooted, with a system 
core dump saved.

/var/crash/info.0 contents:

   Dump header from device /dev/ad0s1b
  Architecture: i386
  Architecture Version: 33554432
  Dump Length: 536412160B (511 MB)
  Blocksize: 512
  Dumptime: Mon Oct 17 21:15:20 2005
  Hostname: fasolt
  Magic: FreeBSD Kernel Dump
  Version String: FreeBSD 6.0-RC1 #0: Sat Oct 15 20:17:27 EDT 2005
    algo@fasolt:/usr/obj/usr/src/sys/2005-10-15
  Panic String: page fault
  Dump Parity: 3663723571
  Bounds: 0
  Dump Status: good
 
>How-To-Repeat:
        N/A -- I can send you vmcore.0 etc
>Fix:
              
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: glebius 
State-Changed-When: Tue Oct 18 11:20:29 GMT 2005 
State-Changed-Why:  
Please obtain kernel stack backtrace from your core, like it 
is described here: 

http://www.freebsd.org/doc/en/books/developers-handbook/kerneldebug-gdb.html 

http://www.freebsd.org/cgi/query-pr.cgi?pr=87596 

From: Gleb Smirnoff <glebius@FreeBSD.org>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/87596: [panic] OS crash on a Firefox link click (FreeBSD 6.0-RC1, kernel with options)
Date: Wed, 19 Oct 2005 10:54:47 +0400

   Audit-Trail .= 
 
 ----- Forwarded message from Alex Goncharov <goncharov.alex@gmail.com> -----
 
 kgdb kernel.debug /var/crash/vmcore.0
 [GDB will not be able to debug user-mode threads:
 /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
 GNU gdb 6.1.1 [FreeBSD]
 Copyright 2004 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and you are
 welcome to change it and/or distribute copies of it under certain conditions.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for details.
 This GDB was configured as "i386-marcel-freebsd".
 
 Unread portion of the kernel message buffer:
 
 
 Fatal trap 12: page fault while in kernel mode
 fault virtual address   = 0x1c
 fault code              = supervisor read, page not present
 instruction pointer     = 0x20:0xc063711f
 stack pointer           = 0x28:0xdaa64c1c
 frame pointer           = 0x28:0xdaa64c24
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = 712 (firefox-bin)
 trap number             = 12
 panic: page fault
 Uptime: 10h18m38s
 Dumping 511 MB (2 chunks)
   chunk 0: 1MB (159 pages) ... ok
   chunk 1: 511MB (130800 pages) 495 479 463 447 431 (CTRL-C to abort) 
 (CTRL-C to abort)  (CTRL-C to abort)  415 399 383 367 351 335 319 303
 287 271 255 239 223 207 191 175 159 (CTRL-C to abort)  143 (CTRL-C to
 abort)  (CTRL-C to abort)  (CTRL-C to abort)  (CTRL-C to abort) 
 (CTRL-C to abort)  127 (CTRL-C to abort)  111 95 (CTRL-C to abort) 
 (CTRL-C to abort)  (CTRL-C to abort)  79 63 47 31 15
 
 #0  doadump () at pcpu.h:165
 165             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
 (kgdb) bt
 #0  doadump () at pcpu.h:165
 #1  0xc0637ffa in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
 #2  0xc0638290 in panic (fmt=0xc084e142 "%s") at
 /usr/src/sys/kern/kern_shutdown.c:555
 #3  0xc08077f0 in trap_fatal (frame=0xdaa64bdc, eva=28) at
 /usr/src/sys/i386/i386/trap.c:831
 #4  0xc080755b in trap_pfault (frame=0xdaa64bdc, usermode=0, eva=28)
 at /usr/src/sys/i386/i386/trap.c:742
 #5  0xc0807199 in trap (frame=
       {tf_fs = -1037959160, tf_es = -626655192, tf_ds = -1067188184,
 tf_edi = -1037895808, tf_esi = 0, tf_ebp = -626635740, tf_isp =
 -626635768, tf_ebx = 0, tf_edx = -1047044096, tf_ecx = -1037895808,
 tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1067224801, tf_cs =
 32, tf_eflags = 66178, tf_esp = -1040612096, tf_ss = 0})
     at /usr/src/sys/i386/i386/trap.c:432
 #6  0xc07f699a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
 #7  0xc063711f in uihold (uip=0x0) at pcpu.h:165
 #8  0xc0634ebd in crcopy (dest=0xc1f98500, src=0xc1f98500) at
 /usr/src/sys/kern/kern_prot.c:1930
 #9  0xc0634efc in crdup (cr=0xc1f98500) at /usr/src/sys/kern/kern_prot.c:1949
 #10 0xc0693c87 in kern_access (td=0xc222f780, path=0x0,
 pathseg=UIO_USERSPACE, flags=0)
     at /usr/src/sys/kern/vfs_syscalls.c:1874
 #11 0xc0693c69 in access (td=0xc222f780, uap=0x0) at
 /usr/src/sys/kern/vfs_syscalls.c:1856
 #12 0xc0807b07 in syscall (frame=
       {tf_fs = 134611003, tf_es = 134676539, tf_ds = -1078001605,
 tf_edi = 142274816, tf_esi = 150592228, tf_ebp = -1077944312, tf_isp =
 -626635420, tf_ebx = 672962600, tf_edx = 142274816, tf_ecx =
 155745584, tf_eax = 33, tf_trapno = 22, tf_err = 2, tf_eip =
 679314647, tf_cs = 51, tf_eflags = 658, tf_esp = -1077944340, tf_ss =
 59})
     at /usr/src/sys/i386/i386/trap.c:976
 #13 0xc07f69ef in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200
 #14 0x00000033 in ?? ()
 Previous frame inner to this frame (corrupt stack?)
 
 ----- End forwarded message -----

From: Alex Goncharov <algo@relicore.com>
To: bug-followup@FreeBSD.org, goncharov.alex@gmail.com
Cc:  
Subject: Re: kern/87596: [panic] OS crash on a Firefox link click (FreeBSD
 6.0-RC1, kernel with options)
Date: Wed, 19 Oct 2005 08:29:10 -0400

 One more system crash this past night, with no user activity on the 
 system.  The backtrace follows:
 
 -------------------------------------------------------------------
 kgdb kernel.debug /var/crash/vmcore.1
 [GDB will not be able to debug user-mode threads: 
 /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
 GNU gdb 6.1.1 [FreeBSD]
 Copyright 2004 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and you are
 welcome to change it and/or distribute copies of it under certain 
 conditions.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for details.
 This GDB was configured as "i386-marcel-freebsd".
 
 Unread portion of the kernel message buffer:
 panic: clist reservation botch
 Uptime: 1d4h8m34s
 Dumping 511 MB (2 chunks)
   chunk 0: 1MB (159 pages) ... ok
   chunk 1: 511MB (130800 pages) 495 479 463 447 431 415 399 383 367 351 
 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 
 31 15
 
 #0  doadump () at pcpu.h:165
 165             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
 (kgdb) bt
 #0  doadump () at pcpu.h:165
 #1  0xc0637ffa in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
 #2  0xc0638290 in panic (fmt=0xc086a79b "clist reservation botch") at 
 /usr/src/sys/kern/kern_shutdown.c:555
 #3  0xc066b900 in cblock_free_cblocks (number=77) at 
 /usr/src/sys/kern/tty_subr.c:104
 #4  0xc066b954 in clist_free_cblocks (clistp=0xc1b12800) at 
 /usr/src/sys/kern/tty_subr.c:209
 #5  0xc0664470 in tty_close (tp=0xc1b12800) at /usr/src/sys/kern/tty.c:327
 #6  0xc066ad07 in ptsclose (dev=0x0, flag=3, mode=8192, td=0xc1f19780) 
 at /usr/src/sys/kern/tty_pty.c:203
 #7  0xc060fb67 in giant_close (dev=0xc2013200, fflag=3, devtype=8192, 
 td=0xc1f19780) at /usr/src/sys/kern/kern_conf.c:267
 #8  0xc05ed897 in devfs_close (ap=0xda9fdab8) at 
 /usr/src/sys/fs/devfs/devfs_vnops.c:287
 #9  0xc0816b10 in VOP_CLOSE_APV (vop=0x0, a=0x0) at vnode_if.c:426
 #10 0xc06990c6 in vn_close (vp=0xc2408880, flags=3, file_cred=0x0, 
 td=0xc1f19780) at vnode_if.h:227
 #11 0xc0699f06 in vn_closefile (fp=0xc1f86a20, td=0xc1f19780) at 
 /usr/src/sys/kern/vfs_vnops.c:864
 #12 0xc05ed8bf in devfs_close_f (fp=0xc1f86a20, td=0xc1f19780) at 
 /usr/src/sys/fs/devfs/devfs_vnops.c:297
 #13 0xc06198a8 in fdrop_locked (fp=0xc1f86a20, td=0xc1f19780) at file.h:289
 #14 0xc06197f9 in fdrop (fp=0xc1f86a20, td=0xc1f19780) at 
 /usr/src/sys/kern/kern_descrip.c:2101
 #15 0xc0617e27 in closef (fp=0xc1f86a20, td=0xc1f19780) at 
 /usr/src/sys/kern/kern_descrip.c:1921
 #16 0xc0616dd3 in fdfree (td=0xc1f19780) at 
 /usr/src/sys/kern/kern_descrip.c:1622
 #17 0xc0620139 in exit1 (td=0xc1f19780, rv=0) at 
 /usr/src/sys/kern/kern_exit.c:237
 #18 0xc061fc64 in sys_exit (td=0xc1f19780, uap=0x0) at 
 /usr/src/sys/kern/kern_exit.c:94
 #19 0xc0807b07 in syscall (frame=
       {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 671507080, tf_esi = 
 -1077940988, tf_ebp = -1077941208, tf_isp = -627057308, tf_ebx = 3, 
 tf_edx = 0, tf_ecx = 0, tf_eax = 1, tf_trapno = 0, tf_err = 2, tf_eip = 
 672257075, tf_cs = 51, tf_eflags = 662, tf_esp = -1077941332, tf_ss = 
 59}) at /usr/src/sys/i386/i386/trap.c:976
 #20 0xc07f69ef in Xint0x80_syscall () at 
 /usr/src/sys/i386/i386/exception.s:200
 #21 0x00000033 in ?? ()
 Previous frame inner to this frame (corrupt stack?)
 (kgdb)
 --------------------------------------------------------------------------
 
 # ls -l /var/crash/vmcore.1
 -rw-------  1 root  wheel  536412160 Oct 19 01:30 /var/crash/vmcore.1
 
Responsible-Changed-From-To: freebsd-bugs->linimon 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Tue Jun 12 05:19:01 UTC 2007 
Responsible-Changed-Why:  
To submitter: this PR is quite old now.  Does the problem still persist? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=87596 
State-Changed-From-To: feedback->closed 
State-Changed-By: linimon 
State-Changed-When: Mon Jul 23 03:52:06 UTC 2007 
State-Changed-Why:  
Feedback timeout (1 month). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=87596 
>Unformatted:
