> Fatal trap 12: page fault while in kernel mode
> fault virtual address = 0x3a
> fault code = supervisor write, page not present
> instruction pointer = 0x8:0xc02c8cfe
> stack pointer = 0x10:0xcd6d1d44
> frame pointer = 0x10:0xcd6d1d5c
> code segment = base 0x0, limit 0xfffff, type 0x1b
> = DPL 0, pres 1, def32 1, gran 1
> processor eflags = interrupt enabled, resume, IOPL = 0
> current process = 595 (netstat)
> panic: from debugger
> panic: from debugger
> Uptime: 2m41s
>
> dumping to dev ad0b, offset 176256
> dump ata0: resetting devices .. done
> 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38
> 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12
> 11 10 9 8 7 6 5 4 3 2 1 0
> ---
>#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:478
> 478 if (dumping++) {
> (kgdb) tr
> trace command requires an argument
> (kgdb) bt
>#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:478
>#1 0xc01e3aff in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:321
>#2 0xc01e3f19 in panic (fmt=0xc031d94e "from debugger")
> at /usr/src/sys/kern/kern_shutdown.c:600
>#3 0xc015b315 in db_panic (addr=-1070822146, have_addr=0, count=-1,
> modif=0xcd6d1bb0 "") at /usr/src/sys/ddb/db_command.c:441
>#4 0xc015b2b3 in db_command (last_cmdp=0xc0363a94, cmd_table=0xc03638f4,
> aux_cmd_tablep=0xc035d2e0, aux_cmd_tablep_end=0xc035d2e4)
> at /usr/src/sys/ddb/db_command.c:341
>#5 0xc015b37f in db_command_loop () at /usr/src/sys/ddb/db_command.c:463
>#6 0xc015d54b in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:72
>#7 0xc02e6d3e in kdb_trap (type=12, code=0, regs=0xcd6d1d04)
> at /usr/src/sys/i386/i386/db_interface.c:167
>#8 0xc02f78a0 in trap_fatal (frame=0xcd6d1d04, eva=58)
> at /usr/src/sys/i386/i386/trap.c:927
>#9 0xc02f7615 in trap_pfault (frame=0xcd6d1d04, usermode=0, eva=58)
> at /usr/src/sys/i386/i386/trap.c:846
>#10 0xc02f6c64 in trap (frame={tf_fs = -1070333928, tf_es = 16,
> tf_ds = -1069809648, tf_edi = -1069775252, tf_esi = 0,
> tf_ebp = -848487076, tf_isp = -848487120, tf_ebx = 1,
> tf_edx = -848739040, tf_ecx = 1, tf_eax = 2, tf_trapno = 12, tf_err =
> 2,
> tf_eip = -1070822146, tf_cs = 8, tf_eflags = 66118,
> tf_esp = -1069680480, tf_ss = 1}) at /usr/src/sys/i386/i386/trap.c:405
>#11 0xc02c8cfe in vm_object_pip_add (object=0x0, i=1)
I've seen this panic many times on my alpha SMP testbox. It seems that the vm
object returned by vm_map_lookup via the fs.first_object variable is actually
NULL, resulting in a NULL pointer deref when calling vm_object_pip_add() (note
object=0x0). I haven't seen this on UP or x86 before, but it seems the bug
wasn't alpha specific now. :(
> ---Type <return> to continue, or q <return> to quit---
> at /usr/src/sys/vm/vm_object.c:237
>#12 0xc02bf94e in vm_fault1 (map=0xc03c866c, vaddr=3226185728,
> fault_type=1 '\001', fault_flags=0) at /usr/src/sys/vm/vm_fault.c:274
>#13 0xc02bf753 in vm_fault (map=0xc03c866c, vaddr=3226185728, fault_type=1,
> fault_flags=0) at /usr/src/sys/vm/vm_fault.c:198
>#14 0xc02f75b9 in trap_pfault (frame=0xcd6d1ea0, usermode=0, eva=3226185798)
> at /usr/src/sys/i386/i386/trap.c:833
>#15 0xc02f6c64 in trap (frame={tf_fs = -848756712, tf_es = -848494576,
> tf_ds = -1070727152, tf_edi = 1, tf_esi = -1063576320,
> tf_ebp = -848486688, tf_isp = -848486708, tf_ebx = -1069076892,
> tf_edx = -1048725504, tf_ecx = -1068781498, tf_eax = -1048725504,
> tf_trapno = 12, tf_err = 0, tf_eip = -1071436904, tf_cs = 8,
> tf_eflags = 66194, tf_esp = -848486660, tf_ss = -1071699782})
> at /usr/src/sys/i386/i386/trap.c:405
>#16 0xc0232b98 in strcmp (s1=0xc17db800 "imp_softc",
> s2=0xc04bb046 <Address 0xc04bb046 out of bounds>)
> at /usr/src/sys/libkern/strcmp.c:50
>#17 0xc01f28ba in link_elf_lookup_symbol (lf=0xc09b1d00,
> name=0xc17db800 "imp_softc", sym=0xcd6d1f30)
> at /usr/src/sys/kern/link_elf.c:1003
>#18 0xc01d7f36 in kldsym (p=0xcd694520, uap=0xcd6d1f80) at linker_if.h:24
>#19 0xc02f823d in syscall (frame={tf_fs = 47, tf_es = 47, tf_ds = 47,
> tf_edi = 134602604, tf_esi = 134602616, tf_ebp = -1077937584,
> tf_isp = -848486444, tf_ebx = 671616116, tf_edx = 0, tf_ecx = 0,
> ---Type <return> to continue, or q <return> to quit---
> tf_eax = 337, tf_trapno = 12, tf_err = 2, tf_eip = 671926476,
> tf_cs = 31, tf_eflags = 663, tf_esp = -1077937644, tf_ss = 47})
> at /usr/src/sys/i386/i386/trap.c:1128
>#20 0xc02e7a2d in syscall_with_err_pushed ()
>#21 0x804f992 in ?? ()
>#22 0x804f54c in ?? ()
>#23 0x8049301 in ?? ()
> (kgdb) mobile# exit
--
John Baldwin <[EMAIL PROTECTED]> -- http://www.FreeBSD.org/~jhb/
PGP Key: http://www.baldwin.cx/~john/pgpkey.asc
"Power Users Use the Power to Serve!" - http://www.FreeBSD.org/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
