From owner-freebsd-bugs  Wed Jul 29 03:03:36 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id DAA23699
          for freebsd-bugs-outgoing; Wed, 29 Jul 1998 03:03:36 -0700 (PDT)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from elvis.vnet.net (elvis.vnet.net [166.82.1.5])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA23694
          for <freebsd-bugs@FreeBSD.ORG>; Wed, 29 Jul 1998 03:03:32 -0700 (PDT)
          (envelope-from rivers@dignus.com)
Received: from dignus.com (ponds.vnet.net [166.82.177.48])
          by elvis.vnet.net (8.8.8/8.8.4) with ESMTP
	  id GAA04107; Wed, 29 Jul 1998 06:02:52 -0400 (EDT)
Received: from lakes.dignus.com (lakes [10.0.0.3])
	by dignus.com (8.8.8/8.8.5) with ESMTP id GAA03418;
	Wed, 29 Jul 1998 06:35:03 -0400 (EDT)
Received: (from rivers@localhost) by lakes.dignus.com (8.8.8/8.6.9) id GAA00345; Wed, 29 Jul 1998 06:06:35 -0400 (EDT)
Date: Wed, 29 Jul 1998 06:06:35 -0400 (EDT)
From: Thomas David Rivers <rivers@dignus.com>
Message-Id: <199807291006.GAA00345@lakes.dignus.com>
To: freebsd-bugs@FreeBSD.ORG, Les.LaCroix@Carleton.edu
Subject: Re: kern/7367
Cc: rivers@lakes.dignus.com
In-Reply-To: <4027246050.901675410@miranda.INFOZOO.com>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


I've redirected this to -bugs, with the existing #7367...

Just to add to Les's comments.  I'm also getting similar panics
in 2.2.6:

#0  boot (howto=256) at ../../kern/kern_shutdown.c:266
#1  0xf0112882 in panic (fmt=0xf01c76ff "page fault")
    at ../../kern/kern_shutdown.c:390
#2  0xf01c82a6 in trap_fatal (frame=0xefbffed8) at ../../i386/i386/trap.c:770
#3  0xf01c7d94 in trap_pfault (frame=0xefbffed8, usermode=0)
    at ../../i386/i386/trap.c:677
#4  0xf01c7a37 in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = 0, 
      tf_esi = -265092476, tf_ebp = -272629980, tf_isp = -272630016, 
      tf_ebx = -265092476, tf_edx = 1073540389, tf_ecx = -272629640, 
      tf_eax = 120, tf_trapno = 12, tf_err = 0, tf_eip = -266576057, 
      tf_cs = 8, tf_eflags = 66070, tf_esp = -255013888, tf_ss = -256907776})
    at ../../i386/i386/trap.c:324
#5  0xf01c5f47 in pmap_remove_pages (pmap=0xf0cccc64, sva=0, eva=4022329344)
    at ../../i386/i386/pmap.c:2603
#6  0xf010c193 in exit1 (p=0xf0afe600, rv=0) at ../../kern/kern_exit.c:186
#7  0xf010c054 in exit (p=0xf0afe600, uap=0xefbfff94, retval=0xefbfff84)
    at ../../kern/kern_exit.c:106
#8  0xf01c853f in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 0, 
      tf_esi = -1, tf_ebp = -272647316, tf_isp = -272629788, 
      tf_ebx = 537665632, tf_edx = 0, tf_ecx = 537605948, tf_eax = 1, 
      tf_trapno = 12, tf_err = 7, tf_eip = 537616045, tf_cs = 31, 
      tf_eflags = 662, tf_esp = -272647336, tf_ss = 39})
    at ../../i386/i386/trap.c:918


Looking up; trap_fatal is being called at line 677 of trap.c;
intr_nesting_level is 0, but curpcb seems to be 'trash'
  
(kgdb) p curpcb
$1 = -193490944


I've got the kernel (built with -g) and vmcore if anyone is interested.

	- Dave Rivers -


"Les LaCroix" <Les.LaCroix@Carleton.edu> writes
> 
> I've been fighting a "fatal trap 12: page fault while in kernel mode"
> problem.  Clues are appreciated.  I'm running out of ideas.
> 
> New machine (configuration below).  Crashes in a similar (if not the exactly
> the same) way with GENERIC kernel and a custom kernel with virtually
> everything removed, in both 2.2.6 and 2.2.7.  I've not changed anything in
> the kernel source.
> 
> I don't have the panic screen from other days, but tonight it crashed 3
> times in 5 hours like this:
> 
> Fatal trap 12: page fault while in kernel mode
> fault virtual address       = 0xe011087c
> fault code                  = supervisor read, page not present
> instruction pointer         = 0x8:0xe011087c
> stack pointer               = 0x10:0xf019cfa0
> frame pointer               = 0x10:0xf019cfb8
> code segment                = base 0x0, limit 0xfffff, type 0x1b
>                             = DPL 0, pres 1, def32 1, gran 1
> processor eflags            = interrupt enabled, resume, IOPL = 0
> current process             = Idle
> interrupt mask              =
> panic: page fault
> 
> Each crash was the same: same instruction, stack and frame pointers, same
> everything.  gdb -k on the dumps all look like:
> 
> (kgdb) symbol-file /kernel
> Reading symbols from /kernel...done.
> (kgdb) exec-file /var/crash/kernel.2
> (kgdb) core-file /var/crash/vmcore.2
> IdlePTD 1c1000
> current pcb at 1a8bb0
> panic: page fault
> #0  boot (howto=256) at ../../kern/kern_shutdown.c:266
> 266                                     dumppcb.pcb_cr3 = rcr3();
> (kgdb) where
> #0  boot (howto=256) at ../../kern/kern_shutdown.c:266
> #1  0xf010eb12 in panic (fmt=0xf017693f "page fault")
>     at ../../kern/kern_shutdown.c:400
> #2  0xf017751e in trap_fatal (frame=0xf019cf64) at
> ./../i386/i386/trap.c:772
> #3  0xf0176fe0 in trap_pfault (frame=0xf019cf64, usermode=0)
>     at ../../i386/i386/trap.c:681
> #4  0xf0176c77 in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -1073741824,
>       tf_esi = -535754628, tf_ebp = -266743880, tf_isp = -266743924,
>       tf_ebx = -260199936, tf_edx = -226815792, tf_ecx = 1073741823,
>       tf_eax = -2147483648, tf_trapno = 12, tf_err = 0, tf_eip = -535754628,
>       tf_cs = 8, tf_eflags = 66118, tf_esp = -267363380, tf_ss =
> -260199936})
>     at ../../i386/i386/trap.c:324
> #5  0xe011087c in ?? ()
> 
> I'm not familiar enough (yet) with gdb and kernel debugging to try to figure
> out what's going on.  My current hunch is that something is corrupting the
> stack, changing the return address, and causing the page fault when
> something does a return.
> 
> The machine:
> 
> Epox 100Mhz 51MVP3E-M ATX board with 1MB cache:
>         bus clock       = 100 MHz
>         multiplier      = 3x
>         SDRAM clock     = CPU bus clock
> AMD K6 300 MMX CPU
> 128MB PC100 SDRAM/ECC 8ns 168-pin DIMM w/ EPROM, 100MHz Mbrds
> Seagate 6.4GB 7200 RPM IDE drive (ST36530A)
> Adaptec ISA 1520 SCSI-2 Controller (for an external ZIP, but nothing
> attached yet)
> Intel EtherExpress Pro/100B
> 8MB Millenium II PCI (but not running X or doing anything but dumb console
> work yet)
> Teac 24x, IDE (ATAPI)
> 
> There's nothing interesting running, usually.  I killed sendmail and cron
> (although I left inetd, syslogd, portmap and a couple getty's running).
> 
> Thanks in advance.
> ------
> Les LaCroix, Carleton College
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message