Site Navigation

Date:      Mon, 16 Jul 2001 13:03:34 -0700 (PDT)
From:      John Baldwin <jhb@FreeBSD.org>
To:        Alexander Langer <alex@big.endian.de>
Cc:        current@FreeBSD.org
Subject:   RE: netstat kernel panic
Message-ID:  <XFMail.010716130334.jhb@FreeBSD.org>
In-Reply-To: <20010715120317.A99869@fump.kawo2.rwth-aachen.de>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

> Fatal trap 12: page fault while in kernel mode
> fault virtual address = 0x3a
> fault code            = supervisor write, page not present
> instruction pointer   = 0x8:0xc02c8cfe
> stack pointer         = 0x10:0xcd6d1d44
> frame pointer         = 0x10:0xcd6d1d5c
> code segment          = base 0x0, limit 0xfffff, type 0x1b
>                       = DPL 0, pres 1, def32 1, gran 1
> processor eflags      = interrupt enabled, resume, IOPL = 0
> current process               = 595 (netstat)
> panic: from debugger
> panic: from debugger
> Uptime: 2m41s
> 
> dumping to dev ad0b, offset 176256
> dump ata0: resetting devices .. done
> 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38
> 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12
> 11 10 9 8 7 6 5 4 3 2 1 0 
> ---
>#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:478
> 478           if (dumping++) {
> (kgdb) tr
> trace command requires an argument
> (kgdb) bt
>#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:478
>#1  0xc01e3aff in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:321
>#2  0xc01e3f19 in panic (fmt=0xc031d94e "from debugger")
>     at /usr/src/sys/kern/kern_shutdown.c:600
>#3  0xc015b315 in db_panic (addr=-1070822146, have_addr=0, count=-1, 
>     modif=0xcd6d1bb0 "") at /usr/src/sys/ddb/db_command.c:441
>#4  0xc015b2b3 in db_command (last_cmdp=0xc0363a94, cmd_table=0xc03638f4, 
>     aux_cmd_tablep=0xc035d2e0, aux_cmd_tablep_end=0xc035d2e4)
>     at /usr/src/sys/ddb/db_command.c:341
>#5  0xc015b37f in db_command_loop () at /usr/src/sys/ddb/db_command.c:463
>#6  0xc015d54b in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:72
>#7  0xc02e6d3e in kdb_trap (type=12, code=0, regs=0xcd6d1d04)
>     at /usr/src/sys/i386/i386/db_interface.c:167
>#8  0xc02f78a0 in trap_fatal (frame=0xcd6d1d04, eva=58)
>     at /usr/src/sys/i386/i386/trap.c:927
>#9  0xc02f7615 in trap_pfault (frame=0xcd6d1d04, usermode=0, eva=58)
>     at /usr/src/sys/i386/i386/trap.c:846
>#10 0xc02f6c64 in trap (frame={tf_fs = -1070333928, tf_es = 16, 
>       tf_ds = -1069809648, tf_edi = -1069775252, tf_esi = 0, 
>       tf_ebp = -848487076, tf_isp = -848487120, tf_ebx = 1, 
>       tf_edx = -848739040, tf_ecx = 1, tf_eax = 2, tf_trapno = 12, tf_err =
> 2, 
>       tf_eip = -1070822146, tf_cs = 8, tf_eflags = 66118, 
>       tf_esp = -1069680480, tf_ss = 1}) at /usr/src/sys/i386/i386/trap.c:405
>#11 0xc02c8cfe in vm_object_pip_add (object=0x0, i=1)

I've seen this panic many times on my alpha SMP testbox.  It seems that the vm
object returned by vm_map_lookup via the fs.first_object variable is actually
NULL, resulting in a NULL pointer deref when calling vm_object_pip_add() (note
object=0x0).  I haven't seen this on UP or x86 before, but it seems the bug
wasn't alpha specific now. :(

> ---Type <return> to continue, or q <return> to quit---
>     at /usr/src/sys/vm/vm_object.c:237
>#12 0xc02bf94e in vm_fault1 (map=0xc03c866c, vaddr=3226185728, 
>     fault_type=1 '\001', fault_flags=0) at /usr/src/sys/vm/vm_fault.c:274
>#13 0xc02bf753 in vm_fault (map=0xc03c866c, vaddr=3226185728, fault_type=1, 
>     fault_flags=0) at /usr/src/sys/vm/vm_fault.c:198
>#14 0xc02f75b9 in trap_pfault (frame=0xcd6d1ea0, usermode=0, eva=3226185798)
>     at /usr/src/sys/i386/i386/trap.c:833
>#15 0xc02f6c64 in trap (frame={tf_fs = -848756712, tf_es = -848494576, 
>       tf_ds = -1070727152, tf_edi = 1, tf_esi = -1063576320, 
>       tf_ebp = -848486688, tf_isp = -848486708, tf_ebx = -1069076892, 
>       tf_edx = -1048725504, tf_ecx = -1068781498, tf_eax = -1048725504, 
>       tf_trapno = 12, tf_err = 0, tf_eip = -1071436904, tf_cs = 8, 
>       tf_eflags = 66194, tf_esp = -848486660, tf_ss = -1071699782})
>     at /usr/src/sys/i386/i386/trap.c:405
>#16 0xc0232b98 in strcmp (s1=0xc17db800 "imp_softc", 
>     s2=0xc04bb046 <Address 0xc04bb046 out of bounds>)
>     at /usr/src/sys/libkern/strcmp.c:50
>#17 0xc01f28ba in link_elf_lookup_symbol (lf=0xc09b1d00, 
>     name=0xc17db800 "imp_softc", sym=0xcd6d1f30)
>     at /usr/src/sys/kern/link_elf.c:1003
>#18 0xc01d7f36 in kldsym (p=0xcd694520, uap=0xcd6d1f80) at linker_if.h:24
>#19 0xc02f823d in syscall (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, 
>       tf_edi = 134602604, tf_esi = 134602616, tf_ebp = -1077937584, 
>       tf_isp = -848486444, tf_ebx = 671616116, tf_edx = 0, tf_ecx = 0, 
> ---Type <return> to continue, or q <return> to quit---
>       tf_eax = 337, tf_trapno = 12, tf_err = 2, tf_eip = 671926476, 
>       tf_cs = 31, tf_eflags = 663, tf_esp = -1077937644, tf_ss = 47})
>     at /usr/src/sys/i386/i386/trap.c:1128
>#20 0xc02e7a2d in syscall_with_err_pushed ()
>#21 0x804f992 in ?? ()
>#22 0x804f54c in ?? ()
>#23 0x8049301 in ?? ()
> (kgdb) mobile#        exit

-- 

John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/
PGP Key: http://www.baldwin.cx/~john/pgpkey.asc
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.010716130334.jhb>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact