From owner-freebsd-amd64@FreeBSD.ORG  Mon Jan 17 09:40:21 2005
Return-Path: <owner-freebsd-amd64@FreeBSD.ORG>
Delivered-To: freebsd-amd64@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5BCC916A4CE
	for <freebsd-amd64@hub.freebsd.org>;
	Mon, 17 Jan 2005 09:40:21 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1575C43D45
	for <freebsd-amd64@hub.freebsd.org>;
	Mon, 17 Jan 2005 09:40:21 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j0H9eKaS075346
	for <freebsd-amd64@freefall.freebsd.org>;
	Mon, 17 Jan 2005 09:40:20 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j0H9eKl9075345;
	Mon, 17 Jan 2005 09:40:20 GMT
	(envelope-from gnats)
Resent-Date: Mon, 17 Jan 2005 09:40:20 GMT
Resent-Message-Id: <200501170940.j0H9eKl9075345@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-amd64@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Matthew Sullivan <matthew@sorbs.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9ECF816A4CE
	for <freebsd-gnats-submit@FreeBSD.org>;
	Mon, 17 Jan 2005 09:39:16 +0000 (GMT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7470E43D41
	for <freebsd-gnats-submit@FreeBSD.org>;
	Mon, 17 Jan 2005 09:39:16 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j0H9dG2F098174
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 17 Jan 2005 09:39:16 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j0H9dGwO098135;
	Mon, 17 Jan 2005 09:39:16 GMT
	(envelope-from nobody)
Message-Id: <200501170939.j0H9dGwO098135@www.freebsd.org>
Date: Mon, 17 Jan 2005 09:39:16 GMT
From: Matthew Sullivan <matthew@sorbs.net>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-2.3
Subject: amd64/76336: racoon/setkey -D cases instant "Fatal Trap 12: Page
	fault while in kernel mode" on 5.3-RELEASE-P4
X-BeenThere: freebsd-amd64@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Porting FreeBSD to the AMD64 platform <freebsd-amd64.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-amd64>,
	<mailto:freebsd-amd64-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-amd64>
List-Post: <mailto:freebsd-amd64@freebsd.org>
List-Help: <mailto:freebsd-amd64-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-amd64>,
	<mailto:freebsd-amd64-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jan 2005 09:40:21 -0000


>Number:         76336
>Category:       amd64
>Synopsis:       racoon/setkey -D cases instant "Fatal Trap 12: Page fault while in kernel mode" on 5.3-RELEASE-P4
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-amd64
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 17 09:40:20 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Matthew Sullivan
>Release:        5.3-RELEASE-P4
>Organization:
SORBS
>Environment:
FreeBSD desperado.sorbs.net 5.3-RELEASE-p4 FreeBSD 5.3-RELEASE-p4 #2: Wed Jan 12 15:07:54 EST 2005     root@desperado.sorbs.net:/usr/obj/usr/src/sys/DESPERADO  amd64
>Description:
Starting racoon or using 'setkey -D' will cause an immediate Page Fault as follows:

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x39
fault code              = supervisor write, page not present
instruction pointer     = 0x8:0xffffffff80307a70
stack pointer           = 0x10:0xffffffff93cc0860
frame pointer           = 0x10:0xffffffff93cc0960
code segment            = base 0x0, limit 0xfffff, type 0x1b
                       = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 480 (racoon)
[thread 100068]
Stopped at      keydb_newsecasvar+0x100:        decl    %ecx
db> where
keydb_newsecasvar() at keydb_newsecasvar+0x100
raw_usend() at raw_usend+0x60
key_send() at key_send+0xa
sosend() at sosend+0x626
kern_sendit() at kern_sendit+0x113
sendit() at sendit+0x5f
sendto() at sendto+0x4d
syscall() at syscall+0x50c
Xfast_syscall() at Xfast_syscall+0xa8
--- syscall (133, FreeBSD ELF64, sendto), rip = 0x800a63da8, rsp = 0x7fffffffec38, rbp = 0x2 ---
db> call doadump
Dumping 479 MB
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464
Dump complete
0xf 

(kgdb) file /usr/obj/usr/src/sys/DESPERADO/kernel.debug
Reading symbols from /usr/obj/usr/src/sys/DESPERADO/kernel.debug...done.
(kgdb) where
#0  doadump () at pcpu.h:167
#1  0xffffffff80172736 in db_fncall (dummy1=0, dummy2=0, dummy3=0, dummy4=0x0) at /usr/src/sys/ddb/db_command.c:531
#2  0xffffffff80172bc5 in db_command_loop () at /usr/src/sys/ddb/db_command.c:349
#3  0xffffffff80174a53 in db_trap (type=-1815345680, code=0) at /usr/src/sys/ddb/db_main.c:221
#4  0xffffffff8023070b in kdb_trap (type=12, code=0, tf=0xffffffff93cc07b0) at /usr/src/sys/kern/subr_kdb.c:418
#5  0xffffffff80371dae in trap_fatal (frame=0xffffffff93cc07b0, eva=18446742974681318688)
   at /usr/src/sys/amd64/amd64/trap.c:626
#6  0xffffffff80372143 in trap_pfault (frame=0xffffffff93cc07b0, usermode=0) at /usr/src/sys/amd64/amd64/trap.c:554
#7  0xffffffff803723a4 in trap (frame=
     {tf_rdi = -1099028463104, tf_rsi = 640, tf_rdx = -1815344784, tf_rcx = -1815344833, tf_r8 = 160, tf_r9 = -1099028232928
, tf_rax = -1815345008, tf_rbx = -2144306579, tf_rbp = -1815344800, tf_r10 = -2142160512, tf_r11 = -1815344624, tf_r12 = 57,
tf_r13 = 0, tf_r14 = 0, tf_r15 = -1099140303240, tf_trapno = 12, tf_addr = 57, tf_flags = -1099132378656, tf_err = 2, tf_rip
= -2144306576, tf_cs = 8, tf_rflags = 66054, tf_rsp = -1815345040, tf_ss = 16}) at /usr/src/sys/amd64/amd64/trap.c:333
#8  0xffffffff80361bab in calltrap () at /usr/src/sys/amd64/amd64/exception.S:171
#9  0xffffff001ccc8200 in ?? ()
#10 0x0000000000000280 in ?? ()
#11 0xffffffff93cc0970 in ?? ()
#12 0xffffffff93cc093f in ?? ()
#13 0x00000000000000a0 in ?? ()
#14 0xffffff001cd00520 in ?? ()
#15 0xffffffff93cc0890 in ?? ()
#16 0xffffffff80307a6d in keydb_newsecasvar () at /usr/src/sys/netkey/keydb.c:187
#17 0xffffffff8029cfc0 in raw_usend (so=0x0, flags=0, m=0x0, nam=0x0, control=0x0, td=0x0)
   at /usr/src/sys/net/raw_usrreq.c:263
#18 0xffffffff8030845a in key_send (so=0x0, flags=0, m=0x0, nam=0x0, control=0x0, td=0x0)
   at /usr/src/sys/netkey/keysock.c:442
#19 0xffffffff80253bc6 in sosend (so=0xffffff001621f678, addr=0x0, uio=0xffffffff93cc0a80, top=0xffffff001ccc8200,
   control=0x0, flags=0, td=0xffffff001cd00520) at /usr/src/sys/kern/uipc_socket.c:815
#20 0xffffffff8025ba73 in kern_sendit (td=0xffffff001cd00520, s=4, mp=0xffffffff93cc0b50, flags=0, control=0x0)
   at /usr/src/sys/kern/uipc_syscalls.c:738
#21 0xffffffff8025ca5f in sendit (td=0xffffff001cd00520, s=4, mp=0xffffffff93cc0b50, flags=0)
   at /usr/src/sys/kern/uipc_syscalls.c:682
#22 0xffffffff8025cbed in sendto (td=0x0, uap=0x0) at /usr/src/sys/kern/uipc_syscalls.c:795
#23 0xffffffff80372b6c in syscall (frame=
     {tf_rdi = 4, tf_rsi = 5660864, tf_rdx = 16, tf_rcx = 0, tf_r8 = 0, tf_r9 = 0, tf_rax = 133, tf_rbx = 5660880, tf_rbp =
2, tf_r10 = -2141993928, tf_r11 = 514, tf_r12 = 5660864, tf_r13 = 16, tf_r14 = 7, tf_r15 = 4, tf_trapno = 12, tf_addr = 42840
00, tf_flags = 0, tf_err = 2, tf_rip = 34370633128, tf_cs = 43, tf_rflags = 514, tf_rsp = 140737488350264, tf_ss = 35})
   at /usr/src/sys/amd64/amd64/trap.c:763
#24 0xffffffff80361ce8 in Xfast_syscall () at /usr/src/sys/amd64/amd64/exception.S:248
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: