Date: Sat, 18 May 1996 20:34:07 +0300 (EET DST) From: Heikki Suonsivu <hsu@clinet.fi> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/1213: kernel page fault Message-ID: <199605181734.UAA01022@katiska.clinet.fi> Resent-Message-ID: <199605181740.KAA10834@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 1213 >Category: kern >Synopsis: kernel page fault >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat May 18 10:40:01 PDT 1996 >Last-Modified: >Originator: Heikki Suonsivu >Organization: Clinet, Espoo, Finland >Release: FreeBSD 2.2-CURRENT i386 >Environment: News server, P90, ASUS, 2940. 15th May 01:56 GMT sup. >Description: The kernel and dump are ftp://ftp.clinet.fi/pub/FreeBSD/crashdumps/*.72.gz kgdb) bt #0 boot (howto=256) at ../../i386/i386/machdep.c:938 #1 0xf01171f6 in panic (fmt=0xf01c83ec "page fault") at ../../kern/subr_prf.c:127 #2 0xf01c8f46 in trap_fatal (frame=0xefbffee0) at ../../i386/i386/trap.c:740 #3 0xf01c8a38 in trap_pfault (frame=0xefbffee0, usermode=0) at ../../i386/i386/trap.c:651 #4 0xf01c871b in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = 0, tf_esi = -211062656, tf_ebp = -272629944, tf_isp = -272630008, tf_ebx = -211111680, tf_edx = 1, tf_ecx = -207698432, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -267176621, tf_cs = 8, tf_eflags = 66118, tf_esp = -266353704, tf_ss = -211111680}) at ../../i386/i386/trap.c:319 #5 0xf01c13d1 in calltrap () #6 0xf01c9251 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 1214276, tf_esi = 1, tf_ebp = -272641856, tf_isp = -272629788, tf_ebx = 7043, tf_edx = 1229324, tf_ecx = 1231300, tf_eax = 95, tf_trapno = 12, tf_err = 7, tf_eip = 135996101, tf_cs = 31, tf_eflags = 646, tf_esp = -272641888, tf_ss = 39}) at ../../i386/i386/trap.c:904 #7 0xf01c1425 in Xsyscall () #8 0x2bd11 in ?? () #9 0x2ab19 in ?? () #10 0xefbfdfdc in ?? () #11 0x416e in ?? () #12 0x2dcc1 in ?? () #13 0x31caf in ?? () #14 0x2cdc1 in ?? () #15 0x6c128 in ?? () #16 0x2c99d in ?? () #17 0x6bd8a in ?? () #18 0x2c937 in ?? () #19 0x2c4d6 in ?? () #20 0x2c5a1 in ?? () #21 0x6da94 in ?? () #22 0x81c3e in ?? () #23 0x6dfcc in ?? () #24 0x6dbda in ?? () #25 0x81c3e in ?? () #26 0x6dfcc in ?? () #27 0x6dbda in ?? () #28 0x81c3e in ?? () #29 0x6ce9a in ?? () #30 0x6b0ce in ?? () #31 0x134f7 in ?? () #32 0x81f43 in ?? () #33 0x6dfcc in ?? () #34 0x6dbda in ?? () #35 0x81c3e in ?? () #36 0x6dfcc in ?? () #37 0x6dbda in ?? () #38 0x6a947 in ?? () #39 0x32e54 in ?? () #40 0x2d392 in ?? () #41 0x6c128 in ?? () #42 0x2c99d in ?? () #43 0x6bd8a in ?? () #44 0x2c968 in ?? () #45 0x2c4d6 in ?? () #46 0x2c5a1 in ?? () #47 0x2b727 in ?? () #48 0x1096 in ?? () (kgdb) list ../../i386/i386/machdep.c:933: No such file or directory. (kgdb) up #1 0xf01171f6 in panic (fmt=0xf01c83ec "page fault") at ../../kern/subr_prf.c:127 ../../kern/subr_prf.c:127: No such file or directory. (kgdb) down #0 boot (howto=256) at ../../i386/i386/machdep.c:938 ../../i386/i386/machdep.c:938: No such file or directory. (kgdb) set radix 16 Input and output radices now set to decimal 16, hex 10, octal 20. (kgdb) directory /usr/src/sys/i386/conf Source directories searched: /usr/src/sys/i386/conf:$cdir:$cwd (kgdb) up #1 0xf01171f6 in panic (fmt=0xf01c83ec "page fault") at ../../kern/subr_prf.c:127 127 boot(bootopt); (kgdb) list 122 123 #if defined(DDB) 124 if (debugger_on_panic) 125 Debugger ("panic"); 126 #endif 127 boot(bootopt); 128 } 129 130 /* 131 * Warn that a system table is full. (kgdb) up #2 0xf01c8f46 in trap_fatal (frame=0xefbffee0) at ../../i386/i386/trap.c:740 740 panic(trap_msg[type]); (kgdb) list 735 #ifdef DDB 736 if (kdb_trap (type, 0, frame)) 737 return; 738 #endif 739 if (type <= MAX_TRAP_MSG) 740 panic(trap_msg[type]); 741 else 742 panic("unknown/reserved trap"); 743 } 744 (kgdb) print type $1 = 0xc (kgdb) up #3 0xf01c8a38 in trap_pfault (frame=0xefbffee0, usermode=0x0) at ../../i386/i386/trap.c:651 651 trap_fatal(frame); (kgdb) list 646 if (!usermode) { 647 if (curpcb && curpcb->pcb_onfault) { 648 frame->tf_eip = (int)curpcb->pcb_onfault; 649 return (0); 650 } 651 trap_fatal(frame); 652 return (-1); 653 } 654 655 /* kludge to pass faulting virtual address to sendsig */ (kgdb) print usermode $2 = 0x0 (kgdb) print curpcb $3 = 0xf75c2000 (kgdb) pprint curpcb->pcb_onfault Undefined command: "pprint". Try "help". (kgdb) print curpcb->pcb_onfault Attempt to extract a component of a value that is not a structure pointer. (kgdb) print frame $4 = (struct trapframe *) 0xefbffee0 (kgdb) print *frame $5 = {tf_es = 0x10, tf_ds = 0x10, tf_edi = 0x0, tf_esi = 0xf36b7080, tf_ebp = 0xefbfff48, tf_isp = 0xefbfff08, tf_ebx = 0xf36ab100, tf_edx = 0x1, tf_ecx = 0xf39ec600, tf_eax = 0x0, tf_trapno = 0xc, tf_err = 0x0, tf_eip = 0xf0133553, tf_cs = 0x8, tf_eflags = 0x10246, tf_esp = 0xf01fc3d8, tf_ss = 0xf36ab100} (kgdb) up #4 0xf01c871b in trap (frame={tf_es = 0x10, tf_ds = 0x10, tf_edi = 0x0, tf_esi = 0xf36b7080, tf_ebp = 0xefbfff48, tf_isp = 0xefbfff08, tf_ebx = 0xf36ab100, tf_edx = 0x1, tf_ecx = 0xf39ec600, tf_eax = 0x0, tf_trapno = 0xc, tf_err = 0x0, tf_eip = 0xf0133553, tf_cs = 0x8, tf_eflags = 0x10246, tf_esp = 0xf01fc3d8, tf_ss = 0xf36ab100}) at ../../i386/i386/trap.c:319 319 (void) trap_pfault(&frame, FALSE); (kgdb) list 314 } else { 315 /* kernel trap */ 316 317 switch (type) { 318 case T_PAGEFLT: /* page fault */ 319 (void) trap_pfault(&frame, FALSE); 320 return; 321 322 case T_PROTFLT: /* general protection fault */ 323 case T_SEGNPFLT: /* segment not present fault */ (kgdb) up #5 0xf01c13d1 in calltrap () (kgdb) list 324 /* 325 * Invalid segment selectors and out of bounds 326 * %eip's and %esp's can be set up in user mode. 327 * This causes a fault in kernel mode when the 328 * kernel tries to return to user mode. We want 329 * to get this fault so that we can fix the 330 * problem here and not have to check all the 331 * selectors and pointers when the user changes 332 * them. 333 */ (kgdb) up #6 0xf01c9251 in syscall (frame={tf_es = 0x27, tf_ds = 0x27, tf_edi = 0x128744, tf_esi = 0x1, tf_ebp = 0xefbfd0c0, tf_isp = 0xefbfffe4, tf_ebx = 0x1b83, tf_edx = 0x12c20c, tf_ecx = 0x12c9c4, tf_eax = 0x5f, tf_trapno = 0xc, tf_err = 0x7, tf_eip = 0x81b22c5, tf_cs = 0x1f, tf_eflags = 0x286, tf_esp = 0xefbfd0a0, tf_ss = 0x27}) at ../../i386/i386/trap.c:904 904 error = (*callp->sy_call)(p, args, rval); (kgdb) list 899 ktrsyscall(p->p_tracep, code, callp->sy_narg, args); 900 #endif 901 rval[0] = 0; 902 rval[1] = frame.tf_edx; 903 904 error = (*callp->sy_call)(p, args, rval); 905 906 switch (error) { 907 908 case 0: (kgdb) print *callp $6 = {sy_narg = 0x1, sy_call = 0xf01334e0 <fsync>} (kgdb) print *p $7 = {p_forw = 0x0, p_back = 0x1, p_list = {le_next = 0x1, le_prev = 0x0}, p_cred = 0x0, p_fd = 0xd9aeb1, p_stats = 0x0, p_limit = 0xf33c6900, p_vmspace = 0x0, p_sigacts = 0xf3430220, p_flag = 0xf34df780, p_stat = 0x28, p_pad1 = "}\201ó", p_pid = 0x0, p_pglist = {le_next = 0x0, le_prev = 0x0}, p_pptr = 0x8, p_sibling = {le_next = 0x0, le_prev = 0x0}, p_children = { lh_first = 0x0}, p_oppid = 0x0, p_dupfd = 0x0, p_estcpu = 0x0, p_cpticks = 0x0, p_pctcpu = 0x1a, p_wchan = 0x0, p_wmesg = 0x0, p_swtime = 0x0, p_slptime = 0x0, p_realtimer = {it_interval = {tv_sec = 0x0, tv_usec = 0x0}, it_value = {tv_sec = 0x0, tv_usec = 0x0}}, p_rtime = { tv_sec = 0x0, tv_usec = 0x0}, p_uticks = 0, p_sticks = 0xd8eaca00000000, p_iticks = 0xf33c6d00f3513000, p_traceflag = 0xf3819480, p_tracep = 0xf3700620, p_siglist = 0xf3594600, p_textvp = 0xf357e4a8, p_lock = 0x0, p_pad2 = "\000\000", p_locks = 0x0, p_simple_locks = 0x0, p_hash = {le_next = 0x0, le_prev = 0x2}, p_sigmask = 0x0, p_sigignore = 0x0, p_sigcatch = 0x0, p_priority = 0x0, p_usrpri = 0x0, p_nice = 0x0, p_comm = '\000' <repeats 13 times>, "\004\000\000", p_pgrp = 0x0, p_sysent = 0x0, p_rtprio = {type = 0x1, prio = 0x0}, p_addr = 0xf38c3300, p_md = {md_flags = 0x0, md_regs = 0x0}, p_xstat = 0x0, p_acflag = 0x0, p_ru = 0x0} (kgdb) print argv No symbol "argv" in current context. (kgdb) print args $8 = {0x1, 0x1, 0x80c0060, 0x813b378, 0x8137cd0, 0xefbfffbc, 0x22, 0x0} (kgdb) print rval $9 = {0x0, 0x12c20c} (kgdb) list 909 /* 910 * Reinitialize proc pointer `p' as it may be different 911 * if this is a child returning from fork syscall. 912 */ 913 p = curproc; 914 frame.tf_eax = rval[0]; 915 frame.tf_edx = rval[1]; 916 frame.tf_eflags &= ~PSL_C; 917 break; 918 (kgdb) up #7 0xf01c1425 in Xsyscall () (kgdb) list 919 case ERESTART: 920 /* 921 * Reconstruct pc, assuming lcall $X,y is 7 bytes, 922 * int 0x80 is 2 bytes. We saved this in tf_err. 923 */ 924 frame.tf_eip -= frame.tf_err; 925 break; 926 927 case EJUSTRETURN: 928 break; (kgdb) list 929 930 default: 931 bad: 932 if (p->p_sysent->sv_errsize) 933 if (error >= p->p_sysent->sv_errsize) 934 error = -1; /* XXX */ 935 else 936 error = p->p_sysent->sv_errtbl[error]; 937 frame.tf_eax = error; 938 frame.tf_eflags |= PSL_C; (kgdb) up #8 0x2bd11 in ?? () (kgdb) list 939 break; 940 } 941 942 if (frame.tf_eflags & PSL_T) { 943 /* Traced syscall. */ 944 frame.tf_eflags &= ~PSL_T; 945 trapsignal(p, SIGTRAP, 0); 946 } 947 948 userret(p, &frame, sticks); (kgdb) >How-To-Repeat: Panics almost daily on something after 15th May sup, this was the first one which generated a dump. I think 15th May something is more broken than before, as crash rate seems to have somewhat increased compared to sups before May. >Fix: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605181734.UAA01022>