Bug 48092

Summary: Fatal trap 12: page fault while in kernel mode
Product: Base System Reporter: scrappy
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.7-STABLE   
Hardware: Any   
OS: Any   

Description scrappy 2003-02-08 15:50:00 UTC 
Fatal trap 12: page fault while in kernel mode
mp_lock = 01000002; cpuid = 1; lapic.id = 01000000
fault virtual address   = 0xc
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc01b1f3a
stack pointer           = 0x10:0xf5a9ed8c
frame pointer           = 0x10:0xf5a9eda4
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 44277 (perl)
interrupt mask          = none <- SMP: XXX
trap number             = 12
panic: page fault
mp_lock = 01000002; cpuid = 1; lapic.id = 01000000
boot() called on cpu#1

....

(kgdb) where
#0  0xc959e256 in ?? ()
#1  0xc013fb78 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:223
#2  0xc014029d in panic (fmt=0xc02136d9 "%s") at /usr/src/sys/kern/kern_shutdown.c:595
#3  0xc01e6e9d in trap_fatal (frame=0xf5a9ed4c, eva=12) at /usr/src/sys/i386/i386/trap.c:974
#4  0xc01e6b09 in trap_pfault (frame=0xf5a9ed4c, usermode=0, eva=12) at /usr/src/sys/i386/i386/trap.c:867
#5  0xc01e6663 in trap (frame={tf_fs = -173473768, tf_es = -1072562160, tf_ds = -1072562160, tf_edi = -1071398996, tf_esi = -118494016, tf_ebp = -173412956,
      tf_isp = -173413000, tf_ebx = 0, tf_edx = -454654960, tf_ecx = -119140352, tf_eax = -1071398996, tf_trapno = 12, tf_err = 0, tf_eip = -1071964358,
      tf_cs = 8, tf_eflags = 66067, tf_esp = -118494016, tf_ss = -118494016}) at /usr/src/sys/i386/i386/trap.c:466
#6  0xc01b1f3a in vm_map_simplify_entry (map=0xc023bfac, entry=0xf8efecc0) at /usr/src/sys/vm/vm_map.c:785
#7  0xc01b20e2 in _vm_map_clip_start (map=0xc023bfac, entry=0xf8efecc0, start=4175826944) at /usr/src/sys/vm/vm_map.c:864
#8  0xc01b33fb in vm_map_delete (map=0xc023bfac, start=4175826944, end=4175843328) at /usr/src/sys/vm/vm_map.c:2084
#9  0xc01b35ca in vm_map_remove (map=0xc023bfac, start=4175826944, end=4175843328) at /usr/src/sys/vm/vm_map.c:2198
#10 0xc01b1161 in kmem_free (map=0xc023bfac, addr=4175826944, size=16384) at /usr/src/sys/vm/vm_kern.c:233
#11 0xc01513a8 in pipe_free_kmem (cpipe=0xf4fadd20) at /usr/src/sys/kern/sys_pipe.c:1166
#12 0xc015151e in pipeclose (cpipe=0xf4fadd20) at /usr/src/sys/kern/sys_pipe.c:1222
#13 0xc015136d in pipe_close (fp=0xcf61a680, p=0xf592f1e0) at /usr/src/sys/kern/sys_pipe.c:1153
#14 0xc0135887 in fdrop (fp=0xcf61a680, p=0xf592f1e0) at /usr/src/sys/sys/file.h:218
#15 0xc01357cf in closef (fp=0xcf61a680, p=0xf592f1e0) at /usr/src/sys/kern/kern_descrip.c:1279
#16 0xc0134bd1 in close (p=0xf592f1e0, uap=0xf5a9ef80) at /usr/src/sys/kern/kern_descrip.c:581
#17 0xc01e71d9 in syscall2 (frame={tf_fs = -1071841233, tf_es = 47, tf_ds = 47, tf_edi = 0, tf_esi = 673010328, tf_ebp = -1077937488, tf_isp = -173412396,
      tf_ebx = 672935044, tf_edx = 672131780, tf_ecx = 134911024, tf_eax = 6, tf_trapno = 22, tf_err = 2, tf_eip = 672888400, tf_cs = 31, tf_eflags = 643,
      tf_esp = -1077937532, tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1175
#18 0xc01d451b in Xint0x80_syscall ()
#19 0x281a574b in ?? ()
#20 0x280c0e70 in ?? ()
#21 0x28084820 in ?? ()
#22 0x280847b5 in ?? ()
#23 0x2808846b in ?? ()
#24 0x2807f145 in ?? ()
#25 0x280e8f34 in ?? ()
#26 0x8048e75 in ?? ()
#27 0x8048d61 in ?? ()
(kgdb) up 5
#5  0xc01e6663 in trap (frame={tf_fs = -173473768, tf_es = -1072562160, tf_ds = -1072562160, tf_edi = -1071398996, tf_esi = -118494016, tf_ebp = -173412956,
      tf_isp = -173413000, tf_ebx = 0, tf_edx = -454654960, tf_ecx = -119140352, tf_eax = -1071398996, tf_trapno = 12, tf_err = 0, tf_eip = -1071964358,
      tf_cs = 8, tf_eflags = 66067, tf_esp = -118494016, tf_ss = -118494016}) at /usr/src/sys/i386/i386/trap.c:466
466                             (void) trap_pfault(&frame, FALSE, eva);
(kgdb) frame frame->tf_ebp frame->tf_eip
#0  vm_map_simplify_entry (map=0xc023bfac, entry=0xf8efecc0) at /usr/src/sys/vm/vm_map.c:786
786                     prevsize = prev->end - prev->start;
(kgdb) list
781                     return;
782             }
783
784             prev = entry->prev;
785             if (prev != &map->header) {
786                     prevsize = prev->end - prev->start;
787                     if ( (prev->end == entry->start) &&
788                          (prev->object.vm_object == entry->object.vm_object) &&
789                          (!prev->object.vm_object ||
790                             (prev->offset + prevsize == entry->offset)) &&
Comment 1 Maxim Konovalov 2003-02-08 16:58:17 UTC 
Marc,

What's the module you're using? Do you know 'how-to repeat' receipt?

-- 
Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org
Comment 2 scrappy 2003-02-08 17:06:29 UTC 
If I knew how to repeat, I'd add it in ... "how to repeat" == let it run
for more then a few hours, or a few days, or ...

On Sat, 8 Feb 2003, Maxim Konovalov wrote:

> Marc,
>
> What's the module you're using? Do you know 'how-to repeat' receipt?
>
> --
> Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org
>
Comment 3 Mark Linimon freebsd_committer freebsd_triage 2004-07-15 21:41:35 UTC 
State Changed
From-To: open->closed

This appears to be identical to kern/52745.