From owner-freebsd-current Mon Jul 16 13: 4:29 2001 Delivered-To: freebsd-current@freebsd.org Received: from meow.osd.bsdi.com (meow.osd.bsdi.com [204.216.28.88]) by hub.freebsd.org (Postfix) with ESMTP id 405E037B401 for ; Mon, 16 Jul 2001 13:04:23 -0700 (PDT) (envelope-from jhb@FreeBSD.org) Received: from laptop.baldwin.cx (john@jhb-laptop.osd.bsdi.com [204.216.28.241]) by meow.osd.bsdi.com (8.11.4/8.11.2) with ESMTP id f6GK3Qv72696; Mon, 16 Jul 2001 13:03:26 -0700 (PDT) (envelope-from jhb@FreeBSD.org) Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <20010715120317.A99869@fump.kawo2.rwth-aachen.de> Date: Mon, 16 Jul 2001 13:03:34 -0700 (PDT) From: John Baldwin To: Alexander Langer Subject: RE: netstat kernel panic Cc: current@FreeBSD.org Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Fatal trap 12: page fault while in kernel mode > fault virtual address = 0x3a > fault code = supervisor write, page not present > instruction pointer = 0x8:0xc02c8cfe > stack pointer = 0x10:0xcd6d1d44 > frame pointer = 0x10:0xcd6d1d5c > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 595 (netstat) > panic: from debugger > panic: from debugger > Uptime: 2m41s > > dumping to dev ad0b, offset 176256 > dump ata0: resetting devices .. done > 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 > 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 > 11 10 9 8 7 6 5 4 3 2 1 0 > --- >#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:478 > 478 if (dumping++) { > (kgdb) tr > trace command requires an argument > (kgdb) bt >#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:478 >#1 0xc01e3aff in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:321 >#2 0xc01e3f19 in panic (fmt=0xc031d94e "from debugger") > at /usr/src/sys/kern/kern_shutdown.c:600 >#3 0xc015b315 in db_panic (addr=-1070822146, have_addr=0, count=-1, > modif=0xcd6d1bb0 "") at /usr/src/sys/ddb/db_command.c:441 >#4 0xc015b2b3 in db_command (last_cmdp=0xc0363a94, cmd_table=0xc03638f4, > aux_cmd_tablep=0xc035d2e0, aux_cmd_tablep_end=0xc035d2e4) > at /usr/src/sys/ddb/db_command.c:341 >#5 0xc015b37f in db_command_loop () at /usr/src/sys/ddb/db_command.c:463 >#6 0xc015d54b in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:72 >#7 0xc02e6d3e in kdb_trap (type=12, code=0, regs=0xcd6d1d04) > at /usr/src/sys/i386/i386/db_interface.c:167 >#8 0xc02f78a0 in trap_fatal (frame=0xcd6d1d04, eva=58) > at /usr/src/sys/i386/i386/trap.c:927 >#9 0xc02f7615 in trap_pfault (frame=0xcd6d1d04, usermode=0, eva=58) > at /usr/src/sys/i386/i386/trap.c:846 >#10 0xc02f6c64 in trap (frame={tf_fs = -1070333928, tf_es = 16, > tf_ds = -1069809648, tf_edi = -1069775252, tf_esi = 0, > tf_ebp = -848487076, tf_isp = -848487120, tf_ebx = 1, > tf_edx = -848739040, tf_ecx = 1, tf_eax = 2, tf_trapno = 12, tf_err = > 2, > tf_eip = -1070822146, tf_cs = 8, tf_eflags = 66118, > tf_esp = -1069680480, tf_ss = 1}) at /usr/src/sys/i386/i386/trap.c:405 >#11 0xc02c8cfe in vm_object_pip_add (object=0x0, i=1) I've seen this panic many times on my alpha SMP testbox. It seems that the vm object returned by vm_map_lookup via the fs.first_object variable is actually NULL, resulting in a NULL pointer deref when calling vm_object_pip_add() (note object=0x0). I haven't seen this on UP or x86 before, but it seems the bug wasn't alpha specific now. :( > ---Type to continue, or q to quit--- > at /usr/src/sys/vm/vm_object.c:237 >#12 0xc02bf94e in vm_fault1 (map=0xc03c866c, vaddr=3226185728, > fault_type=1 '\001', fault_flags=0) at /usr/src/sys/vm/vm_fault.c:274 >#13 0xc02bf753 in vm_fault (map=0xc03c866c, vaddr=3226185728, fault_type=1, > fault_flags=0) at /usr/src/sys/vm/vm_fault.c:198 >#14 0xc02f75b9 in trap_pfault (frame=0xcd6d1ea0, usermode=0, eva=3226185798) > at /usr/src/sys/i386/i386/trap.c:833 >#15 0xc02f6c64 in trap (frame={tf_fs = -848756712, tf_es = -848494576, > tf_ds = -1070727152, tf_edi = 1, tf_esi = -1063576320, > tf_ebp = -848486688, tf_isp = -848486708, tf_ebx = -1069076892, > tf_edx = -1048725504, tf_ecx = -1068781498, tf_eax = -1048725504, > tf_trapno = 12, tf_err = 0, tf_eip = -1071436904, tf_cs = 8, > tf_eflags = 66194, tf_esp = -848486660, tf_ss = -1071699782}) > at /usr/src/sys/i386/i386/trap.c:405 >#16 0xc0232b98 in strcmp (s1=0xc17db800 "imp_softc", > s2=0xc04bb046
) > at /usr/src/sys/libkern/strcmp.c:50 >#17 0xc01f28ba in link_elf_lookup_symbol (lf=0xc09b1d00, > name=0xc17db800 "imp_softc", sym=0xcd6d1f30) > at /usr/src/sys/kern/link_elf.c:1003 >#18 0xc01d7f36 in kldsym (p=0xcd694520, uap=0xcd6d1f80) at linker_if.h:24 >#19 0xc02f823d in syscall (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, > tf_edi = 134602604, tf_esi = 134602616, tf_ebp = -1077937584, > tf_isp = -848486444, tf_ebx = 671616116, tf_edx = 0, tf_ecx = 0, > ---Type to continue, or q to quit--- > tf_eax = 337, tf_trapno = 12, tf_err = 2, tf_eip = 671926476, > tf_cs = 31, tf_eflags = 663, tf_esp = -1077937644, tf_ss = 47}) > at /usr/src/sys/i386/i386/trap.c:1128 >#20 0xc02e7a2d in syscall_with_err_pushed () >#21 0x804f992 in ?? () >#22 0x804f54c in ?? () >#23 0x8049301 in ?? () > (kgdb) mobile# exit -- John Baldwin -- http://www.FreeBSD.org/~jhb/ PGP Key: http://www.baldwin.cx/~john/pgpkey.asc "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message