Date: Mon, 11 Jun 2001 18:56:22 -0700 (PDT) From: bugs@canyoncountry.net To: freebsd-gnats-submit@FreeBSD.org Subject: kern/28087: Fatal trap 12: page fault while in kernel mode Message-ID: <200106120156.f5C1uMM75577@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 28087
>Category: kern
>Synopsis: Fatal trap 12: page fault while in kernel mode
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jun 11 19:00:05 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Gerry Allen
>Release: 4.1
>Organization:
Canyon Country Communications
>Environment:
FreeBSD page3.canyoncountry.net 4.1-RELEASE FreeBSD 4.1-RELEASE #8: Sun Jun 10 00:36:31 MST 2001 root@page3.
canyoncountry.net:/usr/src/sys/compile/PAGE3 i386
>Description:
(508 / 8) [/sys/compile/PAGE3]$: gdb -k kernel.debug /var/crash/vmcore.13
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
IdlePTD 3506176
initial pcb at 2cdec0
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0xc093c000
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc01abf5d
stack pointer = 0x10:0xc02ab4b4
frame pointer = 0x10:0xc02ab4ec
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = Idle
interrupt mask = net tty
trap number = 12
panic: page fault
syncing disks... 7 7
done
Uptime: 1d3h33m21s
dumping to dev #ad/0x20001, offset 786432
dump ata0: resetting devices .. done
128 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 109 108 107 106 105 104 103 102 101
100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64
63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 2
6 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
---
#0 boot (howto=256) at ../../kern/kern_shutdown.c:302
302 dumppcb.pcb_cr3 = rcr3();
(kgdb) where
#0 boot (howto=256) at ../../kern/kern_shutdown.c:302
#1 0xc0144ebc in poweroff_wait (junk=0xc02a346f, howto=0) at ../../kern/kern_shutdown.c:552
#2 0xc026c519 in trap_fatal (frame=0xc02ab474, eva=3230908416) at ../../i386/i386/trap.c:927
#3 0xc026c1f1 in trap_pfault (frame=0xc02ab474, usermode=0, eva=3230908416) at ../../i386/i386/trap.c:820
#4 0xc026bdef in trap (frame={tf_fs = -1050542064, tf_es = 16, tf_ds = -1070989296, tf_edi = -1064058908,
tf_esi = 0, tf_ebp = -1070942996, tf_isp = -1070943072, tf_ebx = 0, tf_edx = -1070942948,
tf_ecx = -1070942952, tf_eax = 905904131, tf_trapno = 12, tf_err = 0, tf_eip = -1071988899, tf_cs = 8,
tf_eflags = 66118, tf_esp = 2461, tf_ss = 3862}) at ../../i386/i386/trap.c:426
#5 0xc01abf5d in fr_makefrip (hlen=20, ip=0xc093bfe4, fin=0xc02ab518) at ../../netinet/fil.c:258
#6 0xc01b1d1c in fr_checkicmpmatchingstate (ip=0xc093bfc8, fin=0xc02ab628) at ../../netinet/ip_state.c:1032
#7 0xc01b20cd in fr_checkstate (ip=0xc093bfc8, fin=0xc02ab628) at ../../netinet/ip_state.c:1194
#8 0xc01acb4c in fr_check (ip=0xc093bfc8, hlen=20, ifp=0xc14f6000, out=1, mp=0xc02ab6e4)
at ../../netinet/fil.c:887
#9 0xc01a0c00 in ip_output (m0=0xc093bf00, opt=0x0, ro=0xc02ab724, flags=0, imo=0x0)
at ../../netinet/ip_output.c:437
#10 0xc019edc2 in icmp_send (m=0xc093bf00, opts=0x0) at ../../netinet/ip_icmp.c:748
#11 0xc019ed43 in icmp_reflect (m=0xc093bf00) at ../../netinet/ip_icmp.c:710
#12 0xc019e66c in icmp_error (n=0xc0931a00, type=11, code=0, dest=0, destifp=0x0)
at ../../netinet/ip_icmp.c:220
#13 0xc01a0429 in ip_forward (m=0xc0931a00, srcrt=0) at ../../netinet/ip_input.c:1508
#14 0xc019f566 in ip_input (m=0xc0931a00) at ../../netinet/ip_input.c:570
#15 0xc0199a46 in transmit_event (pipe=0xc1586e00) at ../../netinet/ip_dummynet.c:399
#16 0xc0199c37 in ready_event (q=0xc16b6500) at ../../netinet/ip_dummynet.c:525
---Type <return> to continue, or q <return> to quit---
#17 0xc019a96b in dummynet_io (pipe_nr=5, dir=2, m=0xc0931a00, ifp=0x0, ro=0x0, dst=0x0, rule=0xc14f98e0,
flags=0) at ../../netinet/ip_dummynet.c:1062
#18 0xc019f361 in ip_input (m=0xc0931a00) at ../../netinet/ip_input.c:413
#19 0xc019f8cf in ipintr () at ../../netinet/ip_input.c:766
#20 0xc0262255 in swi_net_next ()
(kgdb) up 4
#4 0xc026bdef in trap (frame={tf_fs = -1050542064, tf_es = 16, tf_ds = -1070989296, tf_edi = -1064058908,
tf_esi = 0, tf_ebp = -1070942996, tf_isp = -1070943072, tf_ebx = 0, tf_edx = -1070942948,
tf_ecx = -1070942952, tf_eax = 905904131, tf_trapno = 12, tf_err = 0, tf_eip = -1071988899, tf_cs = 8,
tf_eflags = 66118, tf_esp = 2461, tf_ss = 3862}) at ../../i386/i386/trap.c:426
426 (void) trap_pfault(&frame, FALSE, eva);
(kgdb) list
421 kernel_trap:
422 /* kernel trap */
423
424 switch (type) {
425 case T_PAGEFLT: /* page fault */
426 (void) trap_pfault(&frame, FALSE, eva);
427 return;
428
429 case T_DNA:
430 #if NNPX > 0
(kgdb) up
#5 0xc01abf5d in fr_makefrip (hlen=20, ip=0xc093bfe4, fin=0xc02ab518) at ../../netinet/fil.c:258
258 fi->fi_dst.in6 = ip6->ip6_dst;
(kgdb) list
253 p = ip6->ip6_nxt;
254 fi->fi_p = p;
255 fi->fi_ttl = ip6->ip6_hlim;
256 tcp = (tcphdr_t *)(ip6 + 1);
257 fi->fi_src.in6 = ip6->ip6_src;
258 fi->fi_dst.in6 = ip6->ip6_dst;
259 fin->fin_id = (u_short)(ip6->ip6_flow & 0xffff);
260 fi->fi_tos = 0;
261 fi->fi_fl = 0;
262 plen = ntohs(ip6->ip6_plen);
(kgdb) up
#6 0xc01b1d1c in fr_checkicmpmatchingstate (ip=0xc093bfc8, fin=0xc02ab628) at ../../netinet/ip_state.c:1032
1032 fr_makefrip(oip->ip_hl << 2, oip, &ofin);
(kgdb) list
1027 hv += icmp->icmp_id;
1028 hv += icmp->icmp_seq;
1029 hv %= fr_statesize;
1030
1031 oip->ip_len = ntohs(oip->ip_len);
1032 fr_makefrip(oip->ip_hl << 2, oip, &ofin);
1033 oip->ip_len = htons(oip->ip_len);
1034 ofin.fin_ifp = fin->fin_ifp;
1035 ofin.fin_out = !fin->fin_out;
1036 ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
(kgdb) up
#7 0xc01b20cd in fr_checkstate (ip=0xc093bfc8, fin=0xc02ab628) at ../../netinet/ip_state.c:1194
1194 fr = fr_checkicmpmatchingstate(ip, fin);
(kgdb) list
1189 #ifdef USE_INET6
1190 if (v == 6)
1191 fr = fr_checkicmp6matchingstate((ip6_t *)ip, fin);
1192 else
1193 #endif
1194 fr = fr_checkicmpmatchingstate(ip, fin);
1195 if (fr)
1196 return fr;
1197 break;
1198 case IPPROTO_TCP :
(kgdb) up
#8 0xc01acb4c in fr_check (ip=0xc093bfc8, hlen=20, ifp=0xc14f6000, out=1, mp=0xc02ab6e4)
at ../../netinet/fil.c:887
887 if (apass || (!(fr = ipfr_knownfrag(ip, fin)) &&
(kgdb) list
882 (fr_scanlist(FR_NOMATCH, ip, fin, m) & FR_ACCOUNT)) {
883 ATOMIC_INCL(frstats[0].fr_acct);
884 }
885 }
886
887 if (apass || (!(fr = ipfr_knownfrag(ip, fin)) &&
888 !(fr = fr_checkstate(ip, fin)))) {
889 /*
890 * If a packet is found in the auth table, then skip checking
891 * the access lists for permission but we do need to consider
(kgdb) up
#9 0xc01a0c00 in ip_output (m0=0xc093bf00, opt=0x0, ro=0xc02ab724, flags=0, imo=0x0)
at ../../netinet/ip_output.c:437
437 if ((error = (*fr_checkp)(ip, hlen, ifp, 1, &m1)) || !m1)
(kgdb) list
432 * - Encapsulate: put it in another IP and send out. <unimp.>
433 */
434 if (fr_checkp) {
435 struct mbuf *m1 = m;
436
437 if ((error = (*fr_checkp)(ip, hlen, ifp, 1, &m1)) || !m1)
438 goto done;
439 ip = mtod(m = m1, struct ip *);
440 }
441
(kgdb) up
#10 0xc019edc2 in icmp_send (m=0xc093bf00, opts=0x0) at ../../netinet/ip_icmp.c:748
748 (void) ip_output(m, opts, &ro, 0, NULL);
(kgdb) list
743 printf("icmp_send dst %s src %s\n",
744 buf, inet_ntoa(ip->ip_src));
745 }
746 #endif
747 bzero(&ro, sizeof ro);
748 (void) ip_output(m, opts, &ro, 0, NULL);
749 if (ro.ro_rt)
750 RTFREE(ro.ro_rt);
751 }
752
(kgdb) up
#11 0xc019ed43 in icmp_reflect (m=0xc093bf00) at ../../netinet/ip_icmp.c:710
710 icmp_send(m, opts);
(kgdb) list
705 optlen += sizeof(struct ip);
706 bcopy((caddr_t)ip + optlen, (caddr_t)(ip + 1),
707 (unsigned)(m->m_len - sizeof(struct ip)));
708 }
709 m->m_flags &= ~(M_BCAST|M_MCAST);
710 icmp_send(m, opts);
711 done:
712 if (opts)
713 (void)m_free(opts);
714 }
(kgdb) up
#12 0xc019e66c in icmp_error (n=0xc0931a00, type=11, code=0, dest=0, destifp=0x0)
at ../../netinet/ip_icmp.c:220
220 icmp_reflect(m);
(kgdb) list
215 bcopy((caddr_t)oip, (caddr_t)nip, sizeof(struct ip));
216 nip->ip_len = m->m_len;
217 nip->ip_vhl = IP_VHL_BORING;
218 nip->ip_p = IPPROTO_ICMP;
219 nip->ip_tos = 0;
220 icmp_reflect(m);
221
222 freeit:
223 m_freem(n);
224 }
(kgdb) up
#13 0xc01a0429 in ip_forward (m=0xc0931a00, srcrt=0) at ../../netinet/ip_input.c:1508
1508 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, dest, 0);
(kgdb) list
1503 sin->sin_len = sizeof(*sin);
1504 sin->sin_addr = ip->ip_dst;
1505
1506 rtalloc_ign(&ipforward_rt, RTF_PRCLONING);
1507 if (ipforward_rt.ro_rt == 0) {
1508 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, dest, 0);
1509 return;
1510 }
1511 rt = ipforward_rt.ro_rt;
1512 }
(kgdb) up
#14 0xc019f566 in ip_input (m=0xc0931a00) at ../../netinet/ip_input.c:570
570 ip_forward(m, 0);
(kgdb) list
565 */
566 if (ipforwarding == 0) {
567 ipstat.ips_cantforward++;
568 m_freem(m);
569 } else
570 ip_forward(m, 0);
571 #ifdef IPFIREWALL_FORWARD
572 ip_fw_fwd_addr = NULL;
573 #endif
574 return;
(kgdb) up
#15 0xc0199a46 in transmit_event (pipe=0xc1586e00) at ../../netinet/ip_dummynet.c:399
399 ip_input((struct mbuf *)pkt) ;
(kgdb) list
394 (void)ip_output((struct mbuf *)pkt, NULL, NULL, 0, NULL);
395 rt_unref (pkt->ro.ro_rt) ;
396 break ;
397
398 case DN_TO_IP_IN :
399 ip_input((struct mbuf *)pkt) ;
400 break ;
401
402 #ifdef BRIDGE
403 case DN_TO_BDG_FWD : {
(kgdb) up
#16 0xc0199c37 in ready_event (q=0xc16b6500) at ../../netinet/ip_dummynet.c:525
525 transmit_event(p);
(kgdb) list
520 /*
521 * If the delay line was empty call transmit_event(p) now.
522 * Otherwise, the scheduler will take care of it.
523 */
524 if (p_was_empty)
525 transmit_event(p);
526 }
527
528 /*
529 * Called when we can transmit packets on WF2Q queues. Take pkts out of
(kgdb) up
#17 0xc019a96b in dummynet_io (pipe_nr=5, dir=2, m=0xc0931a00, ifp=0x0, ro=0x0, dst=0x0, rule=0xc14f98e0,
flags=0) at ../../netinet/ip_dummynet.c:1062
1062 ready_event( q );
(kgdb) list
1057 dn_key t = 0 ;
1058 if (pipe->bandwidth)
1059 t = SET_TICKS(pkt, q, pipe);
1060 q->sched_time = curr_time ;
1061 if (t == 0) /* must process it now */
1062 ready_event( q );
1063 else
1064 heap_insert(&ready_heap, curr_time + t , q );
1065 } else {
1066 /*
(kgdb) up
#18 0xc019f361 in ip_input (m=0xc0931a00) at ../../netinet/ip_input.c:413
413 dummynet_io(i&0xffff,DN_TO_IP_IN,m,NULL,NULL,0, rule,
(kgdb) list
408 if (i == 0 && ip_fw_fwd_addr == NULL) /* common case */
409 goto pass;
410 #ifdef DUMMYNET
411 if ((i & IP_FW_PORT_DYNT_FLAG) != 0) {
412 /* Send packet to the appropriate pipe */
413 dummynet_io(i&0xffff,DN_TO_IP_IN,m,NULL,NULL,0, rule,
414 0);
415 return;
416 }
417 #endif
(kgdb) up
#19 0xc019f8cf in ipintr () at ../../netinet/ip_input.c:766
766 ip_input(m);
(kgdb) list
761 s = splimp();
762 IF_DEQUEUE(&ipintrq, m);
763 splx(s);
764 if (m == 0)
765 return;
766 ip_input(m);
767 }
768 }
769
770 /*
(kgdb) up
#20 0xc0262255 in swi_net_next ()
(kgdb) list
771 * Take incoming datagram fragment and try to reassemble it into
772 * whole datagram. If a chain for reassembly of this datagram already
773 * exists, then it is given as fp; otherwise have to make a chain.
774 *
775 * When IPDIVERT enabled, keep additional state with each packet that
776 * tells us if we need to divert or tee the packet we're building.
777 */
778
779 static struct mbuf *
780 #ifdef IPDIVERT
(kgdb) up
Initial frame selected; you cannot go up.
(kgdb)
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106120156.f5C1uMM75577>