6.0-BETA1 LOR vm_fault: fault on nofault entry
Evgueni V. Gavrilov
aquatique at rusunix.org
Mon Aug 1 03:54:14 GMT 2005
kgdb -c /usr/crash/vmcore.25 kernel.debug
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) where full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc0541228 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:397
first_buf_printf = 1
#2 0xc0541586 in panic (
fmt=0xc0723a06 "vm_fault: fault on nofault entry, addr: %lx")
at /usr/src/sys/kern/kern_shutdown.c:553
td = (struct thread *) 0xc47c7300
bootopt = 260
newpanic = 0
ap = 0xeb0a8834 ""
buf = "vm_fault: fault on nofault entry, addr: deadc000", '\0' <repeats 207 times>
#3 0xc066d299 in vm_fault (map=0xc1060000, vaddr=3735928832,
fault_type=1 '\001', fault_flags=0) at /usr/src/sys/vm/vm_fault.c:277
queue = -559038464
prot = 7 '\a'
is_first_object_locked = 2
result = -559038464
growstack = 1
wired = 0
map_generation = 1
next_object = 0xdeadc000
marray = {0xc056b650, 0xc078e918, 0xc078edf0, 0x4e, 0x4e8904,
0xc07aed60, 0x2, 0x0, 0xeb0a8914, 0xc056b5e7, 0xc078ee18, 0xc078edf0,
0xc056b5e7, 0x1120, 0xc07aef00, 0x2}
hardfault = 0
faultcount = -991025104
fs = {m = 0x0, object = 0x0, pindex = 13859465361936255180,
first_m = 0xc078ea30, first_object = 0x0, first_pindex = 736,
map = 0xc1042180, entry = 0xc105fe14, lookup_still_valid = 0,
vp = 0xeb0a88f0}
#4 0xc06cb4e7 in trap_pfault (frame=0xeb0a898c, usermode=0, eva=3735929054)
at /usr/src/sys/i386/i386/trap.c:741
va = 3735928832
vm = (struct vmspace *) 0x0
map = 0xc1060000
rv = 1
ftype = 1 '\001'
td = (struct thread *) 0xc47c7300
p = (struct proc *) 0xc4ee2830
#5 0xc06cb177 in trap (frame=
{tf_fs = -1068302328, tf_es = -1065877464, tf_ds = 40, tf_edi = -1056695968, tf_esi = -1014770176, tf_ebp = -351630884, tf_isp = -351630920, tf_ebx = -559038242, tf_edx = 0, tf_ecx = -998579968, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1067957036, tf_cs = 32, tf_eflags = 66182, tf_esp = -351630868, tf_ss = -1068062756}) at /usr/src/sys/i386/i386/trap.c:442
td = (struct thread *) 0xc47c7300
p = (struct proc *) 0xc4ee2830
sticks = 3228637104
i = 0
ucode = 0
type = 12
code = 0
eva = 3735929054
#6 0xc06b767a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
No locals.
#7 0xc0530008 in ktrace (td=0xc383d600, uap=0xc383d600)
at /usr/src/sys/kern/kern_ktrace.c:530
vp = (struct vnode *) 0x0
p = (struct proc *) 0xc383d600
pg = (struct pgrp *) 0xdeadc0de
facs = -559038242
ops = -1056695968
descend = -351630980
nfound = -559038242
ret = 0
flags = 0
error = -351630964
nd = {
ni_dirp = 0xc1041960 "\017fqюхC\004аюC\004а \035\004аЬC\004а<:╞ц",
ni_segflg = 3943336412, ni_startdir = 0xc06b767a, ni_rootdir = 0xc0530008,
ni_topdir = 0xc0780028, ni_vp = 0x28, ni_dvp = 0xc1041960,
ni_pathlen = 3280197120, ni_next = 0xeb0a89dc "Т\211\nК\003gSю",
ni_loopcnt = 3943336376, ni_cnd = {cn_nameiop = 3735929054, cn_flags = 0,
cn_thread = 0xc47ae100, cn_cred = 0x0, cn_lkflags = 12, cn_pnbuf = 0x0,
cn_nameptr = 0xc05844d4 "\213\003\205юt\022\211D$\004\2114$ХaЪЪЪ\213\003\205юuН\211\\$\004\2114$ХOЪЪЪ\203д\b[^]цU\211ЕVS\203Л\b\213u\b\213F,\205юt\033\213\030Ж@\005\b>u\f\211D$\004\2114$Х!ЪЪЪ\211ь\205шuЕ\203д\b[^]цU\211ЕS\203Л\004\213U\b\213M\f\213]\020\213E\024\205р>u\fг\004$ЭeqюХ╧нШЪ\205ю>u\t\213R,К\006\211пК \213\020\205рt\0259J\b>u\t\017╥B\0049ь.tГ\213\022\205рuК╦", cn_namelen = 32,
cn_consume = 66182}}
cred = (struct ucred *) 0xdeadc0de
#8 0xc0536703 in mb_dtor_mbuf (mem=0xc056a7dc, size=0, arg=0x0)
at /usr/src/sys/kern/kern_mbuf.c:244
No locals.
#9 0xc0669e37 in uma_zfree_arg (zone=0xeb0a8a94, item=0xc383d600, udata=0x0)
at /usr/src/sys/vm/uma_core.c:2279
keg = 0xc10443c0
cache = 0xc383d600
bucket = 0xdeadc0de
bflags = 0
cpu = 0
#10 0xc0582177 in m_freem (mb=0x0) at uma.h:303
No locals.
#11 0xc05c7058 in arpresolve (ifp=0xc368d000, rt0=0xc4c5f108, m=0xc3af7700,
dst=0xeb0a8af4, desten=0xeb0a8a94 "ю\212\nК\n\206]ю")
at /usr/src/sys/netinet/if_ether.c:442
la = (struct llinfo_arp *) 0xc47ae100
sdl = (struct sockaddr_dl *) 0xc469d310
error = -999697648
rt = (struct rtentry *) 0xc4c5f108
#12 0xc05bdc11 in ether_output (ifp=0xc368d000, m=0xc3af7700, dst=0xeb0a8af4,
rt0=0x0) at /usr/src/sys/net/if_ethersubr.c:173
type = -15512
error = 50
hdrcmplt = 0
esrc = "\024\000\000\000K"
edst = "ю\212\nК\n\206"
eh = (struct ether_header *) 0x32
loop_copy = 0
__func__ = "ether_output"
#13 0xc05d8093 in ip_output (m=0xc3af7700, opt=0xc3af77b0, ro=0xeb0a8af0,
flags=0, imo=0x0, inp=0xc3b63870) at /usr/src/sys/netinet/ip_output.c:772
ip = (struct ip *) 0xc3af77b0
ifp = (struct ifnet *) 0xc368d000
m0 = (struct mbuf *) 0xc3af77b0
hlen = 20
len = -1065554452
error = 0
dst = (struct sockaddr_in *) 0xeb0a8af4
ia = (struct in_ifaddr *) 0xc3942300
isbroadcast = 0
sw_csum = 1
iproute = {ro_rt = 0xc4c5f108, ro_dst = {sa_len = 16 '\020',
sa_family = 2 '\002',
sa_data = "\000\000╛\020\000l\000\000\000\000\000\000\000"}}
odst = {s_addr = 1}
__func__ = "ip_output"
#14 0xc05e9bc2 in udp_output (inp=0xc3b63870, m=0xc3af7700, addr=0xc384c6e0,
control=0x0, td=0xc47c7300) at /usr/src/sys/netinet/udp_usrreq.c:874
ui = (struct udpiphdr *) 0xc3af77b0
len = 50
faddr = {s_addr = 1811943596}
laddr = {s_addr = 2130710700}
cm = (struct cmsghdr *) 0xc3af77b0
src = {sin_len = 0 '\0', sin_family = 119 'w', sin_port = 50095,
sin_addr = {s_addr = 0}, sin_zero = "4\214\nК╛\214\nК"}
error = 55
ipflags = 0
fport = 41216
lport = 41701
unlock_udbinfo = 1
__func__ = "udp_output"
#15 0xc05ea368 in udp_send (so=0x0, flags=0, m=0x0, addr=0x0, control=0x0,
td=0x0) at /usr/src/sys/netinet/udp_usrreq.c:1051
inp = (struct inpcb *) 0x0
#16 0xc0585e0e in sosend (so=0xc3b62858, addr=0xc384c6e0, uio=0xeb0a8c34,
top=0xc3af7700, control=0x0, flags=0, td=0xc47c7300)
at /usr/src/sys/kern/uipc_socket.c:829
mp = (struct mbuf **) 0xc3af7700
m = (struct mbuf *) 0xc3af7700
space = 9166
len = 50
resid = 0
clen = -1011910912
error = 0
dontroute = 0
atomic = 1
cow_send = 0
#17 0xc058c08e in kern_sendit (td=0xc47c7300, s=3, mp=0xeb0a8cb4, flags=0,
control=0x0, segflg=UIO_USERSPACE) at /usr/src/sys/kern/uipc_syscalls.c:772
fp = (struct file *) 0xc4c0a3a8
auio = {uio_iov = 0xeb0a8cac, uio_iovcnt = 1, uio_offset = 50,
uio_resid = 0, uio_segflg = UIO_USERSPACE, uio_rw = UIO_WRITE,
uio_td = 0xc47c7300}
iov = (struct iovec *) 0x0
so = (struct socket *) 0xc3b62858
i = 0
len = 50
error = 0
ktruio = (struct uio *) 0x0
#18 0xc058bf33 in sendit (td=0x0, s=0, mp=0xeb0a8cb4, flags=0)
at /usr/src/sys/kern/uipc_syscalls.c:712
control = (struct mbuf *) 0x0
to = (struct sockaddr *) 0xc384c6e0
error = 0
__func__ = "sendit"
#19 0xc058c211 in sendto (td=0x0, uap=0x0)
at /usr/src/sys/kern/uipc_syscalls.c:830
msg = {msg_name = 0xc384c6e0, msg_namelen = 16, msg_iov = 0xeb0a8cac,
msg_iovlen = 1, msg_control = 0x0, msg_controllen = 0, msg_flags = 0}
aiov = {iov_base = 0x813f800, iov_len = 0}
error = 0
#20 0xc06cbb6f in syscall (frame=
{tf_fs = 59, tf_es = 135004219, tf_ds = -1078001605, tf_edi = 134635648, tf_esi = -1, tf_ebp = -1077942664, tf_isp = -351629980, tf_ebx = 672105172, tf_edx = 0, tf_ecx = 0, tf_eax = 133, tf_trapno = 12, tf_err = 2, tf_eip = 673781315, tf_cs = 51, tf_eflags = 642, tf_esp = -1077942740, tf_ss = 59})
at /usr/src/sys/i386/i386/trap.c:986
params = 0xbfbfe630 <Address 0xbfbfe630 out of bounds>
callp = (struct sysent *) 0xc07416fc
td = (struct thread *) 0xc47c7300
p = (struct proc *) 0xc4ee2830
orig_tf_eflags = 642
sticks = 26
error = 0
narg = 6
args = {3, 135526350, 50, 0, 135544208, 16, 26, -991025104}
code = 133
More information about the freebsd-stable
mailing list