misc/124153: Fatal trap 12: page fault while in kernel mode

barbara barbara.xxx1975 at libero.it
Fri May 30 23:30:01 UTC 2008 

>Number:         124153
>Category:       misc
>Synopsis:       Fatal trap 12: page fault while in kernel mode
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 30 23:30:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     barbara
>Release:        RELENG_7
>Organization:
>Environment:
FreeBSD satanasso.local.net 7.0-STABLE FreeBSD 7.0-STABLE #0: Fri May 20 08:45:04 CEST 2008     root at satanasso.local.net:/usr/obj/usr/src/sys/SATANASSO  i386
>Description:
#  kgdb kernel.debug /var/crash/vmcore.0
..
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x4
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc07ad3aa
stack pointer           = 0x28:0xe7e1494c
frame pointer           = 0x28:0xe7e14960
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 28365 (ruby18)
trap number             = 12
panic: page fault
cpuid = 0
Uptime: 1h9m28s
Physical memory: 2031 MB
Dumping 185 MB: 170 (CTRL-C to abort)  154 (CTRL-C to abort)  138 122 106 90 74 (CTRL-C to abort)  58 42 26 10
..
#0  doadump () at pcpu.h:195
195             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt
#0  doadump () at pcpu.h:195
#1  0xc0586417 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
#2  0xc05866dc in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:572
#3  0xc07b3a0c in trap_fatal (frame=0xe7e1490c, eva=4) at /usr/src/sys/i386/i386/trap.c:899
#4  0xc07b3c70 in trap_pfault (frame=0xe7e1490c, usermode=0, eva=4) at /usr/src/sys/i386/i386/trap.c:812
#5  0xc07b4639 in trap (frame=0xe7e1490c) at /usr/src/sys/i386/i386/trap.c:490
#6  0xc079b10b in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc07ad3aa in pmap_remove_entry (pmap=0xc67dce24, m=0xc38feec8, va=671391744) at /usr/src/sys/i386/i386/pmap.c:1927
#8  0xc07ad7e1 in pmap_remove_pte (pmap=0xc67dce24, ptq=0xc38feec8, va=671391744, free=0xe7e149a0) at /usr/src/sys/i386/i386/pmap.c:2007
#9  0xc07ad9bf in pmap_remove (pmap=0xc67dce24, sva=671391744, eva=671535104) at /usr/src/sys/i386/i386/pmap.c:2118
#10 0xc07672ec in vm_map_delete (map=0xc67dcd98, start=0, end=3217031168) at /usr/src/sys/vm/vm_map.c:2396
#11 0xc0767525 in vm_map_remove (map=0xc67dcd98, start=0, end=Variable "end" is not available.
) at /usr/src/sys/vm/vm_map.c:2423
#12 0xc055ff10 in exec_new_vmspace (imgp=0xe7e14be4, sv=0xc084da40) at /usr/src/sys/kern/kern_exec.c:916
#13 0xc0549c4b in exec_elf32_imgact (imgp=0xe7e14be4) at /usr/src/sys/kern/imgact_elf.c:680
#14 0xc0560351 in kern_execve (td=0xc5a29000, args=0xe7e14c5c, mac_p=0x0) at /usr/src/sys/kern/kern_exec.c:414
#15 0xc056128c in execve (td=0xc5a29000, uap=0xe7e14cfc) at /usr/src/sys/kern/kern_exec.c:186
#16 0xc07b3fd5 in syscall (frame=0xe7e14d38) at /usr/src/sys/i386/i386/trap.c:1035
#17 0xc079b170 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:196
#18 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) list *0xc07ad3aa
0xc07ad3aa is in pmap_remove_entry (/usr/src/sys/i386/i386/pmap.c:1932).
1927            TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
1928                    if (pmap == PV_PMAP(pv) && va == pv->pv_va)
1929                            break;
1930            }
1931            KASSERT(pv != NULL, ("pmap_remove_entry: pv not found"));
1932            TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
1933            m->md.pv_list_count--;
1934            if (TAILQ_EMPTY(&m->md.pv_list))
1935                    vm_page_flag_clear(m, PG_WRITEABLE);
1936            free_pv_entry(pmap, pv);
(kgdb) print *m
$1 = {pageq = {tqe_next = 0xc38fef10, tqe_prev = 0xc38fee80}, listq = {tqe_next = 0xc38fef10, tqe_prev = 0xc38fee88}, left = 0xc38fee80, right = 0x0, object = 0xc6703554, pindex = 92, phys_addr = 1937055744, md = {pv_list_count = 0, 
    pv_list = {tqh_first = 0x0, tqh_last = 0xc38feef4}}, queue = 1 '\001', segind = 2 '\002', flags = 128, order = 11 '\v', pool = 0 '\0', wire_count = 0, cow = 0, hold_count = 0, oflags = 0, act_count = 0 '\0', busy = 0 '\0', 
  valid = 255 'ÿ', dirty = 0 '\0'}

>How-To-Repeat:
I don't know.

When it happened I was upgrading net/samba3 with portupgrade (current process         = 28365 (ruby18)) and it was updating files in /var/ports/pkg. I don't know if it could be related, but recently I also had some segfaults from ruby18 while running portupgrade.


>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list