Bug 24019

Script started on Tue Jan  2 14:58:51 2001
Temujin:/root# gdb -k /usr/obj/usr/src/sys/TEMUJIN/kernel.debug /usr/crash/vmcore.0 
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
IdlePTD 3620864
initial pcb at 2db1c0
panicstr: from debugger
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0x75c01500
fault code		= supervisor read, page not present
instruction pointer	= 0x8:0xc012a040
stack pointer	        = 0x10:0xc0290c48
frame pointer	        = 0x10:0xc0290c70
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= Idle
interrupt mask		= net bio cam 
panic: from debugger
panic: from debugger
Uptime: 4h7m20s

dumping to dev #ad/0x30001, offset 262528
dump ata0: resetting devices .. done
127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 
---
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:469
469		if (dumping++) {
(kgdb) bt
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:469
#1  0xc0150ef8 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:309
#2  0xc0151299 in panic (fmt=0xc0258d34 "from debugger")
    at /usr/src/sys/kern/kern_shutdown.c:556
#3  0xc0126d79 in db_panic (addr=-1072521152, have_addr=0, count=-1, 
    modif=0xc0290ab4 "") at /usr/src/sys/ddb/db_command.c:433
#4  0xc0126d17 in db_command (last_cmdp=0xc029518c, cmd_table=0xc0294fec, 
    aux_cmd_tablep=0xc02d667c) at /usr/src/sys/ddb/db_command.c:333
#5  0xc0126dde in db_command_loop () at /usr/src/sys/ddb/db_command.c:455
#6  0xc0128f7f in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:71
#7  0xc0237938 in kdb_trap (type=12, code=0, regs=0xc0290c08)
    at /usr/src/sys/i386/i386/db_interface.c:158

#8  0xc0243d8c in trap_fatal (frame=0xc0290c08, eva=1975522560)
    at /usr/src/sys/i386/i386/trap.c:946
#9  0xc0243a4d in trap_pfault (frame=0xc0290c08, usermode=0, eva=1975522560)
    at /usr/src/sys/i386/i386/trap.c:844
#10 0xc02435db in trap (frame={tf_fs = -1066139632, tf_es = -1066139632, 
      tf_ds = -1066139632, tf_edi = 1, tf_esi = 1, tf_ebp = -1071051664, 
      tf_isp = -1071051724, tf_ebx = 7225416, tf_edx = 1975522560, 
      tf_ecx = -1052932096, tf_eax = 7225416, tf_trapno = 12, tf_err = 0, 
      tf_eip = -1072521152, tf_cs = 8, tf_eflags = 66054, tf_esp = 8208, 
      tf_ss = -1052932096}) at /usr/src/sys/i386/i386/trap.c:443
#11 0xc012a040 in epread (sc=0xc13d8800) at /usr/src/sys/dev/ep/if_ep.c:690
#12 0xc0129ebb in ep_intr (arg=0xc13d8800) at /usr/src/sys/dev/ep/if_ep.c:572
---Type <return> to continue, or q <return> to quit---
#13 0xc023978a in vec3 ()
#14 0xc0198ce7 in ether_output (ifp=0xc13d8800, m=0xc0745100, dst=0xc0290dfc, 
    rt0=0xc147e100) at /usr/src/sys/net/if_ethersubr.c:354
#15 0xc01af247 in ip_output (m0=0xc0745100, opt=0x0, ro=0xc0290df8, flags=0, 
    imo=0x0) at /usr/src/sys/netinet/ip_output.c:787
#16 0xc01acd9e in icmp_send (m=0xc0745100, opts=0x0)
    at /usr/src/sys/netinet/ip_icmp.c:753
#17 0xc01acd1f in icmp_reflect (m=0xc0745100)
    at /usr/src/sys/netinet/ip_icmp.c:715
#18 0xc01ac631 in icmp_error (n=0xc0751600, type=5, code=1, dest=3733244871, 
    destifp=0x0) at /usr/src/sys/netinet/ip_icmp.c:225
#19 0xc01ae5c7 in ip_forward (m=0xc0758900, srcrt=0)
    at /usr/src/sys/netinet/ip_input.c:1659
#20 0xc01ad49b in ip_input (m=0xc0758900)
    at /usr/src/sys/netinet/ip_input.c:563
#21 0xc01ad807 in ipintr () at /usr/src/sys/netinet/ip_input.c:759
(kgdb) up 11
#11 0xc012a040 in epread (sc=0xc13d8800) at /usr/src/sys/dev/ep/if_ep.c:690
690		goto out;
(kgdb) list
685			sc->rx_overrunf++;
686		    else
687			sc->rx_overrunl++;
688	#endif
689		}
690		goto out;
691	    }
692	    rx_fifo = rx_fifo2 = status & RX_BYTES_MASK;
693	
694	    if (EP_FTST(sc, F_RX_FIRST)) {
(kgdb) up
#12 0xc0129ebb in ep_intr (arg=0xc13d8800) at /usr/src/sys/dev/ep/if_ep.c:572
572		    epread(sc);
(kgdb) list
567	
568		/* first acknowledge all interrupt sources */
569		outw(BASE + EP_COMMAND, ACK_INTR | (status & S_MASK));
570	
571		if (status & (S_RX_COMPLETE | S_RX_EARLY)) {
572		    epread(sc);
573		    continue;
574		}
575		if (status & S_TX_AVAIL) {
576		    /* we need ACK */
(kgdb) up
#13 0xc023978a in vec3 ()
(kgdb) list
577		    ifp->if_timer = 0;
578		    ifp->if_flags &= ~IFF_OACTIVE;
579		    GO_WINDOW(1);
580		    inw(BASE + EP_W1_FREE_TX);
581		    ep_if_start(ifp);
582		}
583		if (status & S_CARD_FAILURE) {
584		    ifp->if_timer = 0;
585	#ifdef EP_LOCAL_STATS
586		    printf("\nep%d:\n\tStatus: %x\n", sc->unit, status);
(kgdb) up
#14 0xc0198ce7 in ether_output (ifp=0xc13d8800, m=0xc0745100, dst=0xc0290dfc, 
    rt0=0xc147e100) at /usr/src/sys/net/if_ethersubr.c:354
354		return ether_output_frame(ifp, m);
(kgdb) list
349			if (m == NULL)
350				return (0);
351		}
352	
353		/* Continue with link-layer output */
354		return ether_output_frame(ifp, m);
355	}
356	
357	/*
358	 * Ethernet link layer output routine to send a raw frame to the device.
(kgdb) quit
Temujin:/root# ^Dexit

Script done on Tue Jan  2 14:59:34 2001

Fix: 

It seems that there's interrupt when interrupts should be disabled.
goto out causes a page fault, which is also weird.. Perhaps the address is
wrong.

I wish I knew.. :(
How-To-Repeat: 
Leave the computer, go to lunch (preferrable Italian cusine), come back and
wonder.