From: Jan H. <bu...@uc...> - 2002-12-18 22:53:47
|
On Sat, Dec 14, 2002 at 11:21:08PM -0500, Jeff Dike wrote: > bu...@uc... said: > > The crash seems reliably reproducible. Just take umlinux with skas > > mode, NFSv3 client support and run rpc.lockd. > > (I am willing to provide additional stack traces and other debugging > > info) I traced it down to fork called from request_module("nfsd"). One thing, that might be important here is, that I don't have /sbin/modprobe available in umlinux. I just single-stepped the code from request_module to crash and it looks like this. Unfortunately I don't understand it much so I don't know where to get backtraces, prints, step in functions etc. Breakpoint 4, request_module (module_name=0xa016fe24 "nfsd") at kmod.c:192 192 if ( ! current->fs->root ) { (gdb) n 182 { (gdb) 192 if ( ! current->fs->root ) { (gdb) 207 i = max_threads/2; (gdb) 208 if (i > MAX_KMOD_CONCURRENT) (gdb) 209 i = MAX_KMOD_CONCURRENT; (gdb) 107 __asm__ __volatile__( (gdb) 211 if (atomic_read(&kmod_concurrent) > i) { (gdb) 219 pid = kernel_thread(exec_modprobe, (void*) module_name, 0); (gdb) new_thread (stack=0xa1ede000, switch_buf_ptr=0x1, fork_buf_ptr=0x1, handler=0xa00a582c <new_thread_handler>) at process.c:181 181 remove_sigstack(); (gdb) 182 } (gdb) copy_thread_skas (nr=0, clone_flags=256, sp=0, stack_top=0, p=0xa1edc000, regs=0x0) at process_kern.c:133 133 } (gdb) 0xa0099bde in copy_thread (nr=0, clone_flags=256, sp=0, stack_top=0, p=0xa1edc000, regs=0x0) at process_kern.c:168 168 } (gdb) 168 } (gdb) do_fork (clone_flags=256, stack_start=0, regs=0x0, stack_size=0) at fork.c:694 694 if (retval) (gdb) 693 retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs); (gdb) 694 if (retval) (gdb) 701 p->parent_exec_id = p->self_exec_id; (gdb) 704 p->swappable = 1; (gdb) 696 p->semundo = NULL; (gdb) 701 p->parent_exec_id = p->self_exec_id; (gdb) 705 p->exit_signal = clone_flags & CSIGNAL; (gdb) 714 p->counter = (current->counter + 1) >> 1; (gdb) 715 current->counter >>= 1; (gdb) 716 if (!current->counter) (gdb) 706 p->pdeath_signal = 0; (gdb) 716 if (!current->counter) (gdb) 725 retval = p->pid; (gdb) 727 INIT_LIST_HEAD(&p->thread_group); (gdb) 726 p->tgid = retval; (gdb) 727 INIT_LIST_HEAD(&p->thread_group); (gdb) 730 write_lock_irq(&tasklist_lock); (gdb) 733 p->p_opptr = current->p_opptr; (gdb) 734 p->p_pptr = current->p_pptr; (gdb) 735 if (!(clone_flags & CLONE_PARENT)) { (gdb) 736 p->p_opptr = current; (gdb) 737 if (!(p->ptrace & PT_PTRACED)) (gdb) 736 p->p_opptr = current; (gdb) 737 if (!(p->ptrace & PT_PTRACED)) (gdb) 738 p->p_pptr = current; (gdb) 741 if (clone_flags & CLONE_THREAD) { (gdb) 746 SET_LINKS(p); (gdb) 539 struct task_struct **htable = &pidhash[pid_hashfn(p->pid)]; (gdb) 746 SET_LINKS(p); (gdb) 539 struct task_struct **htable = &pidhash[pid_hashfn(p->pid)]; (gdb) 541 if((p->pidhash_next = *htable) != NULL) (gdb) 539 struct task_struct **htable = &pidhash[pid_hashfn(p->pid)]; (gdb) 541 if((p->pidhash_next = *htable) != NULL) (gdb) 543 *htable = p; (gdb) 544 p->pidhash_pprev = htable; (gdb) 748 nr_threads++; (gdb) 749 write_unlock_irq(&tasklist_lock); (gdb) 751 if (p->ptrace & PT_PTRACED) (gdb) 754 wake_up_process(p); /* do this last */ (gdb) 755 ++total_forks; (gdb) 756 if (clone_flags & CLONE_VFORK) (gdb) 760 return retval; (gdb) 782 } (gdb) kernel_thread (fn=0x1d, arg=0x1d, flags=2716809652) at process_kern.c:111 111 if(pid < 0) panic("do_fork failed in kernel_thread"); (gdb) bt #0 kernel_thread (fn=0x1d, arg=0x1d, flags=2716809652) at process_kern.c:111 #1 0xa0028bb0 in request_module (module_name=0xa016fe24 "nfsd") at kmod.c:219 #2 0xa0059940 in sys_nfsservctl (cmd=65536, argp=0xbffff598, resp=0x0) at filesystems.c:27 #3 0xa00a5d25 in execute_syscall_skas (r=0xa1ef3c3c) at syscall_kern.c:28 #4 0xa00a5d94 in handle_syscall (regs=0xa1ef0274) at syscall_user.c:26 #5 0xa00a4f4c in handle_trap (pid=1971, regs=0xa1ef0274) at process.c:71 #6 0xa00a5218 in userspace (regs=0xa1ef0274) at process.c:143 #7 0xa00a59c2 in fork_handler (sig=10) at process_kern.c:100 (gdb) n 113 } (gdb) request_module (module_name=0xa016fe24 "nfsd") at kmod.c:220 220 if (pid < 0) { (gdb) 219 pid = kernel_thread(exec_modprobe, (void*) module_name, 0); (gdb) 220 if (pid < 0) { (gdb) 227 spin_lock_irq(¤t->sigmask_lock); (gdb) 228 tmpsig = current->blocked; (gdb) Line number 229 out of range; /usr/home/bulb/umlinux/include/linux/signal.h has 225 lines. (gdb) 228 tmpsig = current->blocked; (gdb) Line number 229 out of range; /usr/home/bulb/umlinux/include/linux/signal.h has 225 lines. (gdb) 230 unsigned long def_flags; (gdb) 228 tmpsig = current->blocked; (gdb) 230 unsigned long def_flags; (gdb) 202 set->sig[0] = ~mask; (gdb) 207 case 2: set->sig[1] = -1; (gdb) 669 case 2: ready = signal->sig[1] &~ blocked->sig[1]; (gdb) 670 ready |= signal->sig[0] &~ blocked->sig[0]; (gdb) 669 case 2: ready = signal->sig[1] &~ blocked->sig[1]; (gdb) 670 ready |= signal->sig[0] &~ blocked->sig[0]; (gdb) 669 case 2: ready = signal->sig[1] &~ blocked->sig[1]; (gdb) 674 } (gdb) 653 { (gdb) 231 spin_unlock_irq(¤t->sigmask_lock); (gdb) 61 KERNEL_CALL(pid_t, sys_wait4, pid, status, options, NULL) (gdb) thread_wait (sw=0xa00a52d6, fb=0xa1ef3564) at process.c:192 192 } (gdb) new_thread_handler (sig=10) at process_kern.c:63 63 if(current->thread.prev_sched != NULL) (gdb) 64 schedule_tail(current->thread.prev_sched); (gdb) 65 current->thread.prev_sched = NULL; (gdb) 67 n = run_kernel_thread(fn, arg, ¤t->thread.exec_buf); (gdb) 68 if(n == 1) (gdb) 70 else if(n == 2) (gdb) 72 } (gdb) 0xa011b551 in kill () (gdb) Single stepping until exit from function kill, which has no line number information. os_usr1_process (pid=1968) at process.c:91 91 } (gdb) 0xa00a52aa in new_thread (stack=Cannot access memory at address 0x8 ) at process.c:179 179 new_thread_proc(stack, handler); (gdb) 181 remove_sigstack(); (gdb) 182 } (gdb) Program terminated with signal SIGSEGV, Segmentation fault. The program no longer exists. (gdb) ------------------------------------------------------------------------------- Jan 'Bulb' Hudec <bu...@uc...> |