On Wed, 6 Apr 2005, Kirill Ponomarew wrote:
> Fatal trap 12: page fault while in kernel mode
> fault virtual address = 0x20202020
Hm, something ran into a bunch of ASCII spaces..
Can you jump to frame #6 and print *kbp? It appears the kernel malloc
bucket list is corrupted, so I'm curious just how badly that struct is
spammed.
> fault code = supervisor read, page not present
> instruction pointer = 0x8:0xc0193533
> stack pointer = 0x10:0xef9fbc88
> frame pointer = 0x10:0xef9fbca4
> code segment = base 0x0, limit 0xfffff, type 0x1b
> = DPL 0, pres 1, def32 1, gran 1
> processor eflags = interrupt enabled, resume, IOPL = 0
> current process = 6866 (man)
> interrupt mask = net tty bio cam
> trap number = 12
> panic: page fault
> #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
> 487 if (dumping++) {
> (kgdb) bt full
> #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
> error = 0
> #1 0xc0197d4b in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:316
> howto = 256
> #2 0xc0198189 in panic (fmt=0xc02ec46c "%s") at
> /usr/src/sys/kern/kern_shutdown.c:595
> fmt = 0xc02ec46c "%s"
> bootopt = 256
> buf = "page fault", '\000' <repeats 245 times>
> #3 0xc02a1203 in trap_fatal (frame=0xef9fbc48, eva=538976288) at
> /usr/src/sys/i386/i386/trap.c:974
> frame = (struct trapframe *) 0xef9fbc48
> code = 16
> type = 12
> ss = 16
> esp = 0
> softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl =
> 0, ssd_p = 1, ssd_xx = 14, ssd_xx1 = 0,
> ssd_def32 = 1, ssd_gran = 1}
> #4 0xc02a0eb1 in trap_pfault (frame=0xef9fbc48, usermode=0, eva=538976288)
> at /usr/src/sys/i386/i386/trap.c:867
> va = 538976256
> vm = (struct vmspace *) 0x0
> map = 0xebdf3480
> rv = 0
> ftype = 1 '\001'
> p = (struct proc *) 0xef940f20
> #5 0xc02a0a2b in trap (frame={tf_fs = -274792432, tf_es = -947388400, tf_ds
> = -274792432, tf_edi = -1070540928,
> tf_esi = -1070485596, tf_ebp = -274744156, tf_isp = -274744204, tf_ebx
> = -1070540928, tf_edx = 9, tf_ecx = 9,
> tf_eax = 538976288, tf_trapno = 12, tf_err = 0, tf_eip = -1072089805,
> tf_cs = 8, tf_eflags = 66050, tf_esp = 0,
> tf_ss = -874502912}) at /usr/src/sys/i386/i386/trap.c:466
> p = (struct proc *) 0xef940f20
> sticks = 3553920824
> i = 0
> ucode = 0
> type = 12
> code = 0
> eva = 538976288
> #6 0xc0193533 in malloc (size=324, type=0xc030d780, flags=9) at
> /usr/src/sys/kern/kern_malloc.c:243
> type = (struct malloc_type *) 0xc030d780
> kbp = (struct kmembuckets *) 0xc031afa4
> kup = (struct kmemusage *) 0x0
> freep = (struct freelist *) 0x0
> indx = 9
> npg = 0
> allocsize = -1070540928
> s = 0
> va = 0x20202020 <Address 0x20202020 out of bounds>
> cp = 0x0
> savedlist = 0x0
> ksp = (struct malloc_type *) 0xffffffff
> #7 0xc0262dee in ufsdirhash_build (ip=0xcbe02500) at
> /usr/src/sys/ufs/ufs/ufs_dirhash.c:169
> dh = (struct dirhash *) 0xcbe02500
> bp = (struct buf *) 0x0
> ep = (struct direct *) 0x700
> vp = (struct vnode *) 0xeefdd380
> bmask = 16777280
> pos = -874502912
> dirblocks = 28
> i = 0
> j = 0
> memreqd = 7562
> nblocks = 42
> narrays = 7
> nslots = 1792
> slot = 0
> #8 0xc025d9f6 in ufs_lookup (ap=0xef9fbdac) at
> /usr/src/sys/ufs/ufs/ufs_lookup.c:196
> vdp = (struct vnode *) 0xeefdd380
> dp = (struct inode *) 0xcbe02500
> bp = (struct buf *) 0x0
> ep = (struct direct *) 0x0
> entryoffsetinblock = -275509472
> slotstatus = FOUND
> slotoffset = -1
> slotsize = 0
> slotfreespace = 0
> slotneeded = 0
> numdirpasses = -274743976
> endsearch = 0
> prevoff = -1071890945
> pdp = (struct vnode *) 0x1000040
> tdp = (struct vnode *) 0x1ad2
> enduseful = -874473472
> bmask = 16383
> lockparent = 0
> wantparent = 0
> namlen = 0
> error = 0
> vpp = (struct vnode **) 0xef9fbe94
> cnp = (struct componentname *) 0xef9fbea8
> cred = (struct ucred *) 0xc8fc9d00
> flags = 49348
> nameiop = 0
> p = (struct proc *) 0xef940f20
> #9 0xc0262c0d in ufs_vnoperate (ap=0xef9fbdac) at
> /usr/src/sys/ufs/ufs/ufs_vnops.c:2376
> ap = (struct vop_generic_args *) 0x0
> #10 0xc01c1fda in vfs_cache_lookup (ap=0xef9fbe04) at vnode_if.h:77
> rc = 0
> a = {a_desc = 0xc02f3cc0, a_dvp = 0xeefdd380, a_vpp = 0xef9fbe94, a_cnp
> = 0xef9fbea8}
> dvp = (struct vnode *) 0xeefdd380
> vpp = (struct vnode **) 0xef9fbe94
> cnp = (struct componentname *) 0xef9fbea8
> ap = (struct vop_lookup_args *) 0x0
> dvp = (struct vnode *) 0xeefdd380
> vp = (struct vnode *) 0xef9fbdc0
> lockparent = 0
> error = 0
> vpp = (struct vnode **) 0xef9fbe94
> cnp = (struct componentname *) 0xef9fbea8
> cred = (struct ucred *) 0x0
> flags = 49348
> p = (struct proc *) 0xef940f20
> vpid = 4009594880
> #11 0xc0262c0d in ufs_vnoperate (ap=0xef9fbe04) at
> /usr/src/sys/ufs/ufs/ufs_vnops.c:2376
> ap = (struct vop_generic_args *) 0x0
> #12 0xc01c4f45 in lookup (ndp=0xef9fbe80) at vnode_if.h:52
> a = {a_desc = 0xc02f3c80, a_dvp = 0xeefdd380, a_vpp = 0xef9fbe94, a_cnp
> = 0xef9fbea8}
> dvp = (struct vnode *) 0xeefdd380
> cnp = (struct componentname *) 0xef9fbea8
> cp = 0xebc0f42e ""
> dp = (struct vnode *) 0xeefdd380
> tdp = (struct vnode *) 0xebc76dc0
> mp = (struct mount *) 0xebc0f42e
> docache = 32
> wantparent = 0
> rdonly = 0
> trailing_slash = 0
> error = 0
> dpunlocked = 0
> cnp = (struct componentname *) 0xef9fbea8
> p = (struct proc *) 0xef940f20
> #13 0xc01c4a40 in namei (ndp=0xef9fbe80) at /usr/src/sys/kern/vfs_lookup.c:153
> fdp = (struct filedesc *) 0xebc0f400
> cp = 0xebc0f400 "/usr/local/sw/clients/i386_fbsd4/man/man1/i386"
> dp = (struct vnode *) 0xe986fe00
> aiov = {iov_base = 0xebc0f40d "/clients/i386_fbsd4/man/man1/i386",
> iov_len = 1011}
> auio = {uio_iov = 0xef9fbe30, uio_iovcnt = 1, uio_offset = 13,
> uio_resid = 1011, uio_segflg = UIO_SYSSPACE,
> uio_rw = UIO_READ, uio_procp = 0x0}
> error = -377029120
> linklen = -377029120
> cnp = (struct componentname *) 0xef9fbea8
> p = (struct proc *) 0xef940f20
> #14 0xc01ca779 in stat (p=0xef940f20, uap=0xef9fbf80) at
> /usr/src/sys/kern/vfs_syscalls.c:1794
> p = (struct proc *) 0xef940f20
> uap = (struct stat_args *) 0xef9fbf80
> sb = {st_dev = 3420456960, st_ino = 3420457020, st_mode = 3872,
> st_nlink = 61332, st_uid = 512, st_gid = 4009605632,
> st_rdev = 1, st_atimespec = {tv_sec = 134713344, tv_nsec = 4096},
> st_mtimespec = {tv_sec = -897953088,
> tv_nsec = -1070644224}, st_ctimespec = {tv_sec = -285361664, tv_nsec =
> 0}, st_size = -1180014721226240224,
> st_blocks = -1180014398828183552, st_blksize = 3222849527, st_flags =
> 3397014208, st_gen = 4019457824,
> st_lspare = -275509472, st_qspare = {-1180014020871061503, 12610158464}}
> error = -275509472
> nd = {ni_dirp = 0xbfbff070 "/client/man/man1/i386", ni_segflg =
> UIO_USERSPACE, ni_startdir = 0x0,
> ni_rootdir = 0xe986fe00, ni_topdir = 0x0, ni_vp = 0x0, ni_dvp = 0xeefdd380,
> ni_pathlen = 1, ni_next = 0xebc0f42e "",
> ni_loopcnt = 2, ni_cnd = {cn_nameiop = 0, cn_flags = 49348, cn_proc =
> 0xef940f20, cn_cred = 0xc8fc9d00,
> cn_pnbuf = 0xebc0f400 "/usr/local/sw/clients/i386_fbsd4/man/man1/i386",
> cn_nameptr = 0xebc0f42a "i386", cn_namelen = 4,
> cn_consume = 0}}
> #15 0xc02a14b9 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi
> = -1077937568, tf_esi = 134533803,
> tf_ebp = -1077940160, tf_isp = -274743340, tf_ebx = -1077940112, tf_edx
> = 21, tf_ecx = -1077940264, tf_eax = 188,
> tf_trapno = 12, tf_err = 2, tf_eip = 671817224, tf_cs = 31, tf_eflags =
> 659, tf_esp = -1077940284, tf_ss = 47})
> at /usr/src/sys/i386/i386/trap.c:1175
> params = 0xbfbfefc8 "pП©©ЮО©©OA\005(╥P\b(\205П©©"
> i = 0
> callp = (struct sysent *) 0xc02fd160
> p = (struct proc *) 0xef940f20
> orig_tf_eflags = 659
> sticks = 0
> error = 0
> narg = 2
> args = {-1077940112, -1077940256, 0, 0, 0, 0, 0, 0}
> have_mplock = 1
> code = 188
> #16 0xc0292115 in Xint0x80_syscall ()
> No symbol table info available.
> #17 0x804b2f1 in ?? ()
> No symbol table info available.
> #18 0x804b996 in ?? ()
> No symbol table info available.
> #19 0x80493f1 in ?? ()
> No symbol table info available.
> #20 0x80491ca in ?? ()
> No symbol table info available.
>
>
> machine i386
> #cpu I386_CPU
> #cpu I486_CPU
> cpu I586_CPU
> cpu I686_CPU
> ident OFFICE
> maxusers 0
>
> makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols
>
> options DDB
> options DDB_UNATTENDED
> options MATH_EMULATE #Support for x87 emulation
> options INET #InterNETworking
> options INET6 #IPv6 communications protocols
> options FFS #Berkeley Fast Filesystem
> options FFS_ROOT #FFS usable as root device [keep this!]
> options SOFTUPDATES #Enable FFS soft updates support
> options UFS_DIRHASH #Improve performance on big directories
> options MFS #Memory Filesystem
> options MD_ROOT #MD is a potential root device
> options NFS #Network Filesystem
> options NFS_ROOT #NFS usable as root device, NFS required
> options MSDOSFS #MSDOS Filesystem
> options CD9660 #ISO 9660 Filesystem
> options CD9660_ROOT #CD-ROM usable as root, CD9660 required
> options PROCFS #Process filesystem
> options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!]
> options SCSI_DELAY=3000 #Delay (in ms) before probing SCSI
> options UCONSOLE #Allow users to grab the console
> options USERCONFIG #boot -c editor
> #options VISUAL_USERCONFIG #visual boot -c editor
> options KTRACE #ktrace(1) support
> options SYSVSHM #SYSV-style shared memory
> options SYSVMSG #SYSV-style message queues
> options SYSVSEM #SYSV-style semaphores
> options SHMALL=16384
> options SHMMAX="(SHMMAXPGS*PAGE_SIZE+1)"
> options SHMMAXPGS=8192
> options SHMMIN=128
> options SHMMNI=128
> options SHMSEG=96
> options P1003_1B #Posix P1003_1B real-time extensions
> options _KPOSIX_PRIORITY_SCHEDULING
> options ICMP_BANDLIM #Rate limit bad replies
> options KBD_INSTALL_CDEV # install a CDEV entry in /dev
>
> # To make an SMP kernel, the next two are needed
> #options SMP # Symmetric MultiProcessor Kernel
> #options APIC_IO # Symmetric (APIC) I/O
>
> device isa
> #device eisa
> device pci
>
> # Floppy drives
> device fdc0 at isa? port IO_FD1 irq 6 drq 2
> device fd0 at fdc0 drive 0
> device fd1 at fdc0 drive 1
> #
> # If you have a Toshiba Libretto with its Y-E Data PCMCIA floppy,
> # don't use the above line for fdc0 but the following one:
> #device fdc0
>
> # ATA and ATAPI devices
> device ata0 at isa? port IO_WD1 irq 14
> device ata1 at isa? port IO_WD2 irq 15
> device ata
> device atadisk # ATA disk drives
> device atapicd # ATAPI CDROM drives
> device atapifd # ATAPI floppy drives
> device atapist # ATAPI tape drives
> options ATA_STATIC_ID #Static device numbering
>
> # SCSI Controllers
> #device ahb # EISA AHA1742 family
> device ahc # AHA2940 and onboard AIC7xxx devices
> #device amd # AMD 53C974 (Tekram DC-390(T))
> #device isp # Qlogic family
> #device ncr # NCR/Symbios Logic
> #device sym # NCR/Symbios Logic (newer chipsets)
> #options SYM_SETUP_LP_PROBE_MAP=0x40
> # # Allow ncr to attach legacy NCR devices when
> # # both sym and ncr are configured
>
> #device adv0 at isa?
> #device adw
> #device bt0 at isa?
> #device aha0 at isa?
> #device aic0 at isa?
>
> #device ncv # NCR 53C500
> #device nsp # Workbit Ninja SCSI-3
> #device stg # TMC 18C30/18C50
>
> # SCSI peripherals
> device scbus # SCSI bus (required)
> device da # Direct Access (disks)
> device sa # Sequential Access (tape etc)
> device cd # CD
> device ch # Tape changer
> device pass # Passthrough device (direct SCSI
> access)
>
> # RAID controllers interfaced to the SCSI subsystem
> device asr # DPT SmartRAID V, VI and Adaptec SCSI
> RAID
> #device dpt # DPT Smartcache - See LINT for options!
> #device mly # Mylex AcceleRAID/eXtremeRAID
>
> # RAID controllers
> #device aac # Adaptec FSA RAID, Dell PERC2/PERC3
> #device ida # Compaq Smart RAID
> #device amr # AMI MegaRAID
> #device mlx # Mylex DAC960 family
> device twe # 3ware Escalade
>
> # atkbdc0 controls both the keyboard and the PS/2 mouse
> device atkbdc0 at isa? port IO_KBD
> device atkbd0 at atkbdc? irq 1 flags 0x0
> device psm0 at atkbdc? irq 12
>
> device vga0 at isa?
>
> # splash screen/screen saver
> pseudo-device splash
>
> # syscons is the default console driver, resembling an SCO console
> device sc0 at isa? flags 0x100
>
> # Enable this and PCVT_FREEBSD for pcvt vt220 compatible console driver
> #device vt0 at isa?
> #options XSERVER # support for X server on a vt console
> #options FAT_CURSOR # start with block cursor
> # If you have a ThinkPAD, uncomment this along with the rest of the PCVT lines
> #options PCVT_SCANSET=2 # IBM keyboards are non-std
>
> # Floating point support - do not disable.
> device npx0 at nexus? port IO_NPX irq 13
>
> # Power management support (see LINT for more options)
> device apm0 at nexus? disable flags 0x20 # Advanced Power
> Management
>
> # PCCARD (PCMCIA) support
> #device card
> #device pcic0 at isa? irq 0 port 0x3e0 iomem 0xd0000
> #device pcic1 at isa? irq 0 port 0x3e2 iomem 0xd4000 disable
>
> # Serial (COM) ports
> device sio0 at isa? port IO_COM1 flags 0x10 irq 4
> device sio1 at isa? port IO_COM2 irq 3
>
> # Parallel port
> device ppc0 at isa? irq 7
> device ppbus # Parallel port bus (required)
> device lpt # Printer
> device plip # TCP/IP over parallel
> device ppi # Parallel port interface device
> #device vpo # Requires scbus and da
>
>
> # PCI Ethernet NICs.
> device em
>
> # PCI Ethernet NICs that use the common MII bus controller code.
> # NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
> device miibus # MII bus support
> #device dc # DEC/Intel 21143 and various workalikes
> device fxp # Intel EtherExpress PRO/100B (82557,
> 82558)
> #device pcn # AMD Am79C97x PCI 10/100 NICs
> #device rl # RealTek 8129/8139
> #device sf # Adaptec AIC-6915 (``Starfire'')
> #device sis # Silicon Integrated Systems SiS
> 900/SiS 7016
> #device ste # Sundance ST201 (D-Link DFE-550TX)
> #device tl # Texas Instruments ThunderLAN
> #device tx # SMC EtherPower II (83c170 ``EPIC'')
> #device vr # VIA Rhine, Rhine II
> #device wb # Winbond W89C840F
> #device wx # Intel Gigabit Ethernet Card
> (``Wiseman'')
> #device xl # 3Com 3c90x (``Boomerang'',
> ``Cyclone'')
> #device bge # Broadcom BCM570x (``Tigon III'')
>
> # ISA Ethernet NICs.
> # 'device ed' requires 'device miibus'
> device ed0 at isa? port 0x280 irq 10 iomem 0xd8000
> #device ex
> #device ep
> #device fe0 at isa? port 0x300
> # Xircom Ethernet
> #device xe
> # PRISM I IEEE 802.11b wireless NIC.
> #device awi
> # WaveLAN/IEEE 802.11 wireless NICs. Note: the WaveLAN/IEEE really
> # exists only as a PCMCIA device, so there is no ISA attachment needed
> # and resources will always be dynamically assigned by the pccard code.
> #device wi
> # Aironet 4500/4800 802.11 wireless NICs. Note: the declaration below will
> # work for PCMCIA and PCI cards, as well as ISA cards set to ISA PnP
> # mode (the factory default). If you set the switches on your ISA
> # card for a manually chosen I/O address and IRQ, you must specify
> # those parameters here.
> #device an
> # The probe order of these is presently determined by i386/isa/isa_compat.c.
> #device ie0 at isa? port 0x300 irq 10 iomem 0xd0000
> #device le0 at isa? port 0x300 irq 5 iomem 0xd0000
> #device lnc0 at isa? port 0x280 irq 10 drq 0
> #device cs0 at isa? port 0x300
> #device sn0 at isa? port 0x300 irq 10
>
> # Pseudo devices - the number indicates how many units to allocate.
> pseudo-device loop # Network loopback
> pseudo-device ether # Ethernet support
> #pseudo-device sl 1 # Kernel SLIP
> #pseudo-device ppp 1 # Kernel PPP
> #pseudo-device tun # Packet tunnel.
> pseudo-device pty 512 # Pseudo-ttys (telnet etc)
> #pseudo-device md # Memory "disks"
> #pseudo-device gif # IPv6 and IPv4 tunneling
> #pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation)
>
> # The `bpf' pseudo-device enables the Berkeley Packet Filter.
> # Be aware of the administrative consequences of enabling this!
> pseudo-device bpf #Berkeley packet filter
>
> -Kirill
> _______________________________________________
> freebsd-stable@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
>
--
Doug White | FreeBSD: The Power to Serve
[EMAIL PROTECTED] | www.FreeBSD.org
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
