FreeBSD/amd64, RELENG_6 as of Nov 7, vmcore.1 Manaully patched with 1. sys/kern/kern_conf.c, rev. 1.199 2. sys/kern/tty.c, rev. 1.264 *** This is bogus :( I messed up with my kernel. *** pid 66646 is portupgrade spawned script in a jail environment. cpuid = 1; apic id = 01 fault virtual address = 0x0 fault code = supervisor read, page not present instruction pointer = 0x8:0x0 stack pointer = 0x10:0xffffffffb410f5a0 frame pointer = 0x10:0xffffffffb410f5f0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 66646 (script) db> bt Tracing pid 61673 tid 100190 td 0xffffff0055332720 MAXCPU() at 0 ttymodem() at ttymodem+0xcd ptcopen() at ptcopen+0x7b giant_open() at giant_open+0x6b devfs_open() at devfs_open+0x229 VOP_OPEN_APV() at VOP_OPEN_APV+0x36 vn_open_cred() at vn_open_cred+0x3c8 kern_open() at kern_open+0x100 open() at open+0x25 syscall() at syscall+0x616 Xfast_syscall() at Xfast_syscall+0xa8 --- syscall (5, FreeBSD ELF64, open), rip = 0x8007fba4c, rsp = 0x7fffffffdf68, rbp = 0x7fffffffe988 --- db> show reg cs 0x8 ss 0x10 rax 0 rcx 0 rdx 0 rbx 0xffffff000087c800 rsp 0xffffffffb3f695a0 rbp 0xffffffffb3f695f0 rsi 0 rdi 0 r8 0xffffffffb3f69790 r9 0xffffff0053f93000 r10 0xffffff0055332720 r11 0x5 r12 0xffffffff804b43e0 termios_disc r13 0xffffff005be5bc00 r14 0xffffff000087c8d0 r15 0 rip 0 rflags 0x10246 dr0 0 dr1 0 dr2 0 dr3 0 dr4 0xffff0ff0 dr5 0x400 dr6 0xffff0ff0 dr7 0x400 0: *** error reading from address 0 *** #0 doadump () at pcpu.h:172 No locals. #1 0xffffffff80160257 in db_fncall (dummy1=0, dummy2=0, dummy3=0, dummy4=0x0) at /home/admin/usr/src/sys/ddb/db_command.c:492 fn_addr = -2145408174 args = {-1275686416, -2145146554, -1275686400, 120, -1275686400, -2145146505, -1275686352, -2146033679, 0, -2143727680} nargs = -2146033679 retval = 0 t = 0 #2 0xffffffff8016067b in db_command_loop () at /home/admin/usr/src/sys/ddb/db_command.c:350 No locals. #3 0xffffffff801623bf in db_trap (type=-1275686096, code=0) at /home/admin/usr/src/sys/ddb/db_main.c:222 jb = {{_jb = {-1275686096, -1275686120, -1275685984, 0, 12, 1, -1098082212064, -2146032714, 12, 1, -1275685984, -2145248580}}} prev_jb = (void *) 0x0 bkpt = 0 #4 0xffffffff802196c6 in kdb_trap (type=12, code=0, tf=0xffffffffb3f694f0) at /home/admin/usr/src/sys/kern/subr_kdb.c:473 did_stop_cpus = 1 handled = -1275685648 #5 0xffffffff8031c4e9 in trap_fatal (frame=0xffffffffb3f694f0, eva=18446742975627339552) at /home/admin/usr/src/sys/amd64/amd64/trap.c:651 code = 1429415712 type = 12 ss = 514 esp = 0 softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_long = 1, ssd_def32 = 0, ssd_gran = 1} msg = 0x0 #6 0xffffffff8031c84c in trap_pfault (frame=0xffffffffb3f694f0, usermode=0) at /home/admin/usr/src/sys/amd64/amd64/trap.c:573 va = 0 vm = (struct vmspace *) 0x0 map = 0xffffff0067cff440 rv = 1 ftype = 1 '\001' p = (struct proc *) 0x0 eva = 0 #7 0xffffffff8031ca84 in trap (frame= {tf_rdi = 0, tf_rsi = 0, tf_rdx = 0, tf_rcx = 0, tf_r8 = -1275684976, tf_r9 = -1098102788096, tf_rax = 0, tf_rbx = -1099502729216, tf_rbp = -1275685392, tf_r10 = -1098082212064, tf_r11 = 5, tf_r12 = -2142551072, tf_r13 = -1097969845248, tf_r14 = -1099502729008, tf_r15 = 0, tf_trapno = 12, tf_addr = 0, tf_flags = 582, tf_err = 16, tf_rip = 0, tf_cs = 8, tf_rflags = 66118, tf_rsp = -1275685448, tf_ss = 16}) at /home/admin/usr/src/sys/amd64/amd64/trap.c:352 p = (struct proc *) 0xffffff004cd2c000 sticks = 0 i = 9 ucode = 0 type = 12 code = 16 #8 0xffffffff803082bb in calltrap () at /home/admin/usr/src/sys/amd64/amd64/exception.S:168 No locals. #9 0x0000000000000000 in ?? () #10 0xffffffff801d7e5f in knote (list=0xffffff000087c8d0, hint=0, islocked=0) at /home/admin/usr/src/sys/kern/kern_event.c:1534 kq = (struct kqueue *) 0xffffffff804b43e0 kn = (struct knote *) 0xffffff000087c800 #11 0xffffffff80234580 in ttymodem (tp=0xffffff000087c800, flag=0) at /home/admin/usr/src/sys/kern/tty.c:1688 No locals. #12 0xffffffff8023b006 in ptcopen (dev=0xffffff005be5bc00, flag=0, devtype=0, td=0xffffff0055332720) at linedisc.h:136 tp = (struct tty *) 0xffffff000087c800 pt = (struct ptsc *) 0x0 #13 0xffffffff801c8d1b in giant_open (dev=0xffffff005be5bc00, oflags=3, devtype=8192, td=0xffffff0055332720) at /home/admin/usr/src/sys/kern/kern_conf.c:260 retval = 1541782528 #14 0xffffffff801afcf9 in devfs_open (ap=0xffffffffb3f69790) at /home/admin/usr/src/sys/fs/devfs/devfs_vnops.c:772 _giantcnt = -1275684416 td = (struct thread *) 0xffffff0055332720 vp = (struct vnode *) 0xffffff0053f93000 dev = (struct cdev *) 0xffffff005be5bc00 fp = (struct file *) 0x0 error = -2142550080 dsw = (struct cdevsw *) 0xffffffff804b47c0 #15 0xffffffff8035890c in VOP_OPEN_APV (vop=0x0, a=0x0) at vnode_if.c:372 rc = 0 #16 0xffffffff802742da in vn_open_cred (ndp=0xffffffffb3f699c0, flagp=0xffffffffb3f6990c, cmode=0, cred=0xffffff004ca91700, fdidx=4) at vnode_if.h:198 vp = (struct vnode *) 0xffffff0053f93000 mp = (struct mount *) 0xffffffff8686c660 td = (struct thread *) 0xffffff0055332720 vat = {va_type = 226417, va_mode = 0, va_nlink = 0, va_uid = 0, va_gid = 0, va_fsid = 3019282496, va_fileid = -2144620763, va_size = 18446744072094962384, va_blocksize = -1099375523512, va_atime = { tv_sec = -1275684800, tv_nsec = -1275684800}, va_mtime = { tv_sec = -2145596821, tv_nsec = 4}, va_ctime = {tv_sec = -1275684736, tv_nsec = -2145592667}, va_birthtime = {tv_sec = -1275684700, tv_nsec = 0}, va_gen = 18446742975486803968, va_flags = 18446742975430852608, va_rdev = 1429415712, va_bytes = 18446744072433867024, va_filerev = 18446744072433866960, va_vaflags = 2149395765, va_spare = 1579946632} vap = (struct vattr *) 0xffffff004ca91700 mode = 1286149888 fmode = 3 error = 0 vfslocked = 0 #17 0xffffffff8026ac81 in kern_open (td=0xffffff0055332720, path=0x7fffffffdfa0
, pathseg=UIO_USERSPACE, flags=3, mode=-1275684416) at /home/admin/usr/src/sys/kern/vfs_syscalls.c:1009 p = (struct proc *) 0x0 fdp = (struct filedesc *) 0xffffff0033494400 fp = (struct file *) 0xffffff00497d0000 vp = (struct vnode *) 0x0 vat = {va_type = 3019283248, va_mode = 65535, va_nlink = -1, va_uid = 2149385115, va_gid = 4294967295, va_fsid = 157, va_fileid = 0, va_size = 18446742975627339552, va_blocksize = -1098128296544, va_atime = { tv_sec = -1097769946048, tv_nsec = -1098131897696}, va_mtime = { tv_sec = 17179869184, tv_nsec = 0}, va_ctime = {tv_sec = -1098082212064, tv_nsec = 0}, va_birthtime = {tv_sec = -1098082212064, tv_nsec = 4}, va_gen = 18446744072433867568, va_flags = 18446744071564321740, va_rdev = 1429415712, va_bytes = 18446742975058363392, va_filerev = 18446742975486803968, va_vaflags = 1429415712, va_spare = 4} mp = (struct mount *) 0xffffffff00000000 nfp = (struct file *) 0xffffff00497d0000 type = 0 indx = 4 error = -1275683904 lf = {l_start = -4294967295, l_len = 0, l_pid = 1579946480, l_type = -256, l_whence = -1} nd = {ni_dirp = 0x7fffffffdfa0
, ni_segflg = UIO_USERSPACE, ni_startdir = 0x0, ni_rootdir = 0xffffff005eab4000, ni_topdir = 0xffffff005eab4000, ni_vp = 0xffffff0053f93000, ni_dvp = 0xffffff005eaa69b0, ni_pathlen = 1, ni_next = 0xffffff00625c940a "", ni_loopcnt = 0, ni_cnd = {cn_nameiop = 0, cn_flags = 69255236, cn_thread = 0xffffff0055332720, cn_cred = 0xffffff004ca91700, cn_lkflags = 2, cn_pnbuf = 0xffffff00625c9400 "/dev/ptyp0", cn_nameptr = 0xffffff00625c9405 "ptyp0", cn_namelen = 5, cn_consume = 0}} vfslocked = -1 #18 0xffffffff8026b481 in open (td=0x0, uap=0xffffffffb3f69bc0) at /home/admin/usr/src/sys/kern/vfs_syscalls.c:973 error = 1288880128 #19 0xffffffff8031d371 in syscall (frame= {tf_rdi = 140737488347040, tf_rsi = 2, tf_rdx = 0, tf_rcx = 34369384512, tf_r8 = 0, tf_r9 = 0, tf_rax = 5, tf_rbx = 5, tf_rbp = 140737488349576, tf_r10 = 0, tf_r11 = 518, tf_r12 = 140737488347040, tf_r13 = 34366270464, tf_r14 = 34366270449, tf_r15 = 4, tf_trapno = 12, tf_addr = 34367978464, tf_flags = 0, tf_err = 2, tf_rip = 34368109132, tf_cs = 43, tf_rflags = 518, tf_rsp = 140737488346984, tf_ss = 35}) at /home/admin/usr/src/sys/amd64/amd64/trap.c:792 params = 0x7fffffffdf70
callp = (struct sysent *) 0xffffffff804a4c38 p = (struct proc *) 0xffffff004cd2c000 orig_tf_rflags = 518 sticks = 0 error = 0 narg = -2142614472 args = {140737488347040, 2, 0, 34369384512, 0, 0, 0, 70} argp = (register_t *) 0x0 code = 5 reg = 1288880128 regcnt = 6 #20 0xffffffff80308458 in Xfast_syscall () at /home/admin/usr/src/sys/amd64/amd64/exception.S:270 No locals. #21 0x00000008007fba4c in ?? () No symbol table info available. (kgdb) up #11 0xffffffff80234580 in ttymodem (tp=0xffffff000087c800, flag=0) at /home/admin/usr/src/sys/kern/tty.c:1688 1688 ttwakeup(tp); (kgdb) out *tp {t_rawq = {c_cc = 0, c_cbcount = 0, c_cbmax = 0, c_cbreserved = 0, c_cf = 0x0, c_cl = 0x0}, t_rawcc = 1532, t_canq = {c_cc = 0, c_cbcount = 0, c_cbmax = 0, c_cbreserved = 0, c_cf = 0x0, c_cl = 0x0}, t_cancc = 42, t_outq = {c_cc = 0, c_cbcount = 0, c_cbmax = 0, c_cbreserved = 0, c_cf = 0x0, c_cl = 0x0}, t_outcc = 816795, t_line = 0, t_dev = 0xffffff005be5ba00, t_mdev = 0x0, t_devunit = 0, t_state = 131080, t_flags = 0, t_timeout = -1, t_pgrp = 0x0, t_session = 0x0, t_sigio = 0x0, t_rsel = {si_thrlist = {tqe_next = 0xffffff005bc9d7c0, tqe_prev = 0xffffff0056511060}, si_thread = 0x0, si_note = {kl_list = { slh_first = 0x0}, kl_lock = 0, kl_unlock = 0, kl_locked = 0xffffffff801d8183 , kl_lockarg = 0x0}, si_flags = 0}, t_wsel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0xffffff004dfb5a08}, si_thread = 0x0, si_note = {kl_list = { slh_first = 0x0}, kl_lock = 0, kl_unlock = 0, kl_locked = 0xffffffff801d8183 , kl_lockarg = 0x0}, si_flags = 0}, t_termios = {c_iflag = 11010, c_oflag = 3, c_cflag = 19200, c_lflag = 1487, c_cc = "\004▒▒\b\027\025\022\b\003\034\032\031\021\023\026\017\001\000\000▒", c_ispeed = 38400, c_ospeed = 38400}, t_init_in = {c_iflag = 11010, c_oflag = 3, c_cflag = 19200, c_lflag = 1483, c_cc = "\004▒▒\177\027\025\022\b\003\034\032\031\021\023\026\017\001\000\024▒", c_ispeed = 9600, c_ospeed = 9600}, t_init_out = {c_iflag = 11010, c_oflag = 3, c_cflag = 19200, c_lflag = 1483, c_cc = "\004▒▒\177\027\025\022\b\003\034\032\031\021\023\026\017\001\000\024▒", c_ispeed = 9600, c_ospeed = 9600}, t_lock_in = {c_iflag = 0, c_oflag = 0, c_cflag = 0, c_lflag = 0, c_cc = '\0' , c_ispeed = 0, c_ospeed = 0}, t_lock_out = {c_iflag = 0, c_oflag = 0, c_cflag = 0, c_lflag = 0, c_cc = '\0' , c_ispeed = 0, c_ospeed = 0}, t_winsize = {ws_row = 29, ws_col = 80, ws_xpixel = 960, ws_ypixel = 720}, t_sc = 0xffffff005ba76100, t_lsc = 0x0, t_column = 0, t_rocount = 0, t_rocol = 0, t_ififosize = 512, t_ihiwat = 7680, t_ilowat = 6720, t_ispeedwat = 0, t_ohiwat = 2080, t_olowat = 256, t_ospeedwat = 0, t_gen = 3, t_list = {tqe_next = 0xffffff005ca14400, tqe_prev = 0xffffff00008e5e70}, t_actout = 0, t_wopeners = 0, t_mtx = { mtx_object = {lo_class = 0xffffffff804ac540, lo_name = 0xffffffff8036e802 "tty", lo_type = 0xffffffff8036e802 "tty", lo_flags = 131072, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 6, mtx_recurse = 0}, t_refcnt = 0, t_hotchar = 0, t_dtr_wait = 3000, t_do_timestamp = 0, t_timestamp = { tv_sec = 0, tv_usec = 0}, t_pps = 0x0, t_oproc = 0xffffffff8023af4d , t_stop = 0xffffffff8023b37f , t_param = 0, t_modem = 0, t_break = 0, t_ioctl = 0, t_open = 0, t_purge = 0, t_close = 0, t_cioctl = 0} (kgdb) down #10 0xffffffff801d7e5f in knote (list=0xffffff000087c8d0, hint=0, islocked=0) at /home/admin/usr/src/sys/kern/kern_event.c:1534 1534 list->kl_lock(list->kl_lockarg); (kgdb) out *list {kl_list = {slh_first = 0x0}, kl_lock = 0, kl_unlock = 0, kl_locked = 0xffffffff801d8183 , kl_lockarg = 0x0} (kgdb)