Date: Mon, 16 Feb 2004 21:15:17 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.org> To: current@FreeBSD.org Subject: Panic on pxeboot: kernel trap 12 with interrupts disabled Message-ID: <Pine.NEB.3.96L.1040216210933.63057W-100000@fledge.watson.org>
next in thread | raw e-mail | index | archive | help
I'm not sure when this began, but my pxeboot test box at work seems pretty
unhappy. I'll attempt to extract more debugging information, but here's a
first pass. Looks like map->system_map is NULL.
/boot/kernel/acpi.ko text=0x3fb40 data=0x17a4+0x116c
syms=[0x4+0x6300+0x4+0x80f6]
kernel trap 12 with interrupts disabled
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x91
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc07ba4b9
stack pointer = 0x10:0xc0c21b3c
frame pointer = 0x10:0xc0c21b4c
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 0 ()
kernel: type 12 trap, code=0
Stopped at 0xc07ba4b9: cmpb $0,0x91(%edx)
db> trace
(null)(0,c088c02e,b36,1c2011a,c1013000) at 0xc07ba4b9
(null)(c0c21c14,c1013000,1,c0c21c18,c0c21c08) at 0xc07be108
(null)(0,c1013000,1,0,c092ec80) at 0xc07b4f8f
(null)(c0c21cf0,0,c1013fe9,c0001000,c1013fe9) at 0xc08096d2
(null)(18,10,10,0,c1014000) at 0xc08092f3
(null)(c1013fe5,c1014000,ffffffe5,c0c21d94,c07fe88c) at 0xc07f4e38
(null)(c1014000,1,f,0,8) at 0xc0663668
(null)(c29000) at 0xc07fe88c
(null)() at 0xc043c85d
db>
(kgdb) l *0xc07ba4b9
0xc07ba4b9 is in _vm_map_lock_read (../../../vm/vm_map.c:375).
370 void
371 _vm_map_lock_read(vm_map_t map, const char *file, int line)
372 {
373 int error;
374
375 if (map->system_map)
376 _mtx_lock_flags(&map->system_mtx, 0, file, line);
377 else {
378 error = lockmgr(&map->lock, LK_EXCLUSIVE, NULL, curthread);
379 KASSERT(error == 0, ("%s: failed to get lock", __func__));
(kgdb) l *0xc07be108
0xc07be108 is in vm_map_lookup (../../../vm/vm_map.c:2881).
2876
2877 /*
2878 * If the map has an interesting hint, try it before calling full
2879 * blown lookup routine.
2880 */
2881 entry = map->root;
2882 *out_entry = entry;
2883 if (entry == NULL ||
2884 (vaddr < entry->start) || (vaddr >= entry->end)) {
2885 /*
(kgdb) l *0xc07b4f8f
0xc07b4f8f is in vm_fault (../../../vm/vm_fault.c:232).
227 /*
228 * Find the backing store object and offset into it to begin the
229 * search.
230 */
231 fs.map = map;
232 result = vm_map_lookup(&fs.map, vaddr, fault_type, &fs.entry,
233 &fs.first_object, &fs.first_pindex, &prot, &wired);
234 if (result != KERN_SUCCESS) {
235 if (result != KERN_PROTECTION_FAILURE ||
236 (fault_flags & VM_FAULT_WIRE_MASK) != VM_FAULT_USER_WIRE) {
(kgdb) l *0xc08096d2
0xc08096d2 is in trap_pfault (../../../i386/i386/trap.c:722).
717 } else {
718 /*
719 * Don't have to worry about process locking or stacks in the
720 * kernel.
721 */
722 rv = vm_fault(map, va, ftype, VM_FAULT_NORMAL);
723 }
724 if (rv == KERN_SUCCESS)
725 return (0);
726 nogo:
(kgdb) l *0xc08092f3
0xc08092f3 is in trap (../../../i386/i386/trap.c:421).
416 KASSERT(cold || td->td_ucred != NULL,
417 ("kernel trap doesn't have ucred"));
418 switch (type) {
419 case T_PAGEFLT: /* page fault */
420 (void) trap_pfault(&frame, FALSE, eva);
421 goto out;
422
423 case T_DNA:
424 #ifdef DEV_NPX
425 /*
(kgdb) l *0xc07f4e38
0xc07f4e38 is at {standard input}:100.
95 {standard input}: No such file or directory.
in {standard input}
(kgdb) l *0xc0663668
0xc0663668 is in msgbufinit (../../../kern/subr_prf.c:821).
816
817 size -= sizeof(*msgbufp);
818 cp = (char *)ptr;
819 msgbufp = (struct msgbuf *)(cp + size);
820 msgbuf_reinit(msgbufp, cp, size);
821 if (msgbufmapped && oldp != msgbufp)
822 msgbuf_copy(oldp, msgbufp);
823 msgbufmapped = 1;
824 oldp = msgbufp;
825 }
(kgdb) l *0xc07fe88c
0xc07fe88c is in init386 (../../../i386/i386/machdep.c:2158).
2153 msgbufinit(msgbufp, MSGBUF_SIZE);
2154
2155 /* make a call gate to reenter kernel with */
2156 gdp = &ldt[LSYS5CALLS_SEL].gd;
2157
2158 x = (int) &IDTVEC(lcall_syscall);
2159 gdp->gd_looffset = x;
2160 gdp->gd_selector = GSEL(GCODE_SEL,SEL_KPL);
2161 gdp->gd_stkcpy = 1;
2162 gdp->gd_type = SDT_SYS386CGT;
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org Senior Research Scientist, McAfee Research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040216210933.63057W-100000>