Date: Wed, 22 Mar 2000 21:15:27 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Jim Mercer <jim@reptiles.org> Cc: hackers@FreeBSD.ORG Subject: Re: possible bug in kernel/if_ether.c Message-ID: <200003230515.VAA96507@apollo.backplane.com> References: <20000322225639.T983@reptiles.org>
next in thread | previous in thread | raw e-mail | index | archive | help
:SMP 2 cpus
:IdlePTD 3100672
:initial pcb at 281960
:panicstr: page fault
:panic messages:
:---
:Fatal trap 12: page fault while in kernel mode
:mp_lock = 00000002; cpuid = 0; lapic.id = 00000000
:fault virtual address = 0x8
:fault code = supervisor read, page not present
:instruction pointer = 0x8:0xc01997c8
:stack pointer = 0x10:0xff806fa4
:frame pointer = 0x10:0xff806fac
:code segment = base 0x0, limit 0xfffff, type 0x1b
: = DPL 0, pres 1, def32 1, gran 1
:processor eflags = interrupt enabled, resume, IOPL = 0
:current process = Idle
:interrupt mask = <- SMP: XXX
:trap number = 12
:panic: page fault
:mp_lock = 00000002; cpuid = 0; lapic.id = 00000000
:boot() called on cpu#0
:
:syncing disks... 11 11
:...
:#0 boot (howto=256) at ../../kern/kern_shutdown.c:304
:304 dumppcb.pcb_cr3 = rcr3();
:(kgdb) bt
:#0 boot (howto=256) at ../../kern/kern_shutdown.c:304
:#1 0xc01549fc in poweroff_wait (junk=0xc0259c2f, howto=0)
: at ../../kern/kern_shutdown.c:554
:#2 0xc022983b in trap_fatal (frame=0xff806f64, eva=8)
: at ../../i386/i386/trap.c:924
:#3 0xc02294d1 in trap_pfault (frame=0xff806f64, usermode=0, eva=8)
: at ../../i386/i386/trap.c:817
:#4 0xc02290a3 in trap (frame={tf_fs = 1107296280, tf_es = 16,
: tf_ds = -1056178160, tf_edi = -1, tf_esi = 0, tf_ebp = -8360020,
: tf_isp = -8360048, tf_ebx = 0, tf_edx = -1071016096, tf_ecx = 1,
: tf_eax = -1056143360, tf_trapno = 12, tf_err = 0, tf_eip = -1072064568,
: tf_cs = 8, tf_eflags = 66118, tf_esp = 0, tf_ss = 0})
: at ../../i386/i386/trap.c:423
:#5 0xc01997c8 in arpintr () at ../../netinet/if_ether.c:447
:
:
:--2oS5YaxWCcQjTEyO
:Content-Type: text/plain; charset=us-ascii
:Content-Description: kgdb crash1
:Content-Disposition: attachment; filename=snuffy2
:
:
:SMP 2 cpus
Very, very weird. Can you disassemble the 'arpintr' function from your
kernel binary?
gdb -k /kernel (or kernel.debug if you have it)
disassemble arpintr
:Fatal trap 12: page fault while in kernel mode
:mp_lock = 01000002; cpuid = 1; lapic.id = 01000000
:fault virtual address = 0x8
:fault code = supervisor read, page not present
:instruction pointer = 0x8:0xc01997c8
:stack pointer = 0x10:0xff80dfa4
I can't pinpoint the fault point since my kernel is compiled up
differently, but I suspect it's at the line I've indicated below.
Unfortunately, it makes no sense whatsoever because %ebx would have to
be NULL and that case already checked. I suspect the actual fault
address is somewhere else if you do the dissassembly it should help.
splx(s);
if (m == 0 || (m->m_flags & M_PKTHDR) == 0)
panic("arpintr");
if (m->m_len < sizeof(struct arphdr) &&
(m = m_pullup(m, sizeof(struct arphdr)) == NULL)) {
log(LOG_ERR, "arp: runt packet -- m_pullup failed.");
continue;
0xc01aa6b5 <arpintr+81>: testl %ebx,%ebx
---Type <return> to continue, or q <return> to quit---
0xc01aa6b7 <arpintr+83>: je 0xc01aa6bf <arpintr+91>
0xc01aa6b9 <arpintr+85>: testb $0x2,0x12(%ebx)
0xc01aa6bd <arpintr+89>: jne 0xc01aa6cc <arpintr+104>
0xc01aa6bf <arpintr+91>: pushl $0xc0281c0e
0xc01aa6c4 <arpintr+96>: call 0xc015f700 <panic>
0xc01aa6c9 <arpintr+101>: leal 0x0(%esi),%esi
0xc01aa6cc <arpintr+104>: cmpl $0x7,0xc(%ebx)
0xc01aa6d0 <arpintr+108>: jbe 0xc01aa71c <arpintr+184>
0xc01aa6d2 <arpintr+110>: movl 0x8(%ebx),%ecx <----
0xc01aa6d5 <arpintr+113>: testl %ecx,%ecx ????
0xc01aa6d7 <arpintr+115>: je 0xc01aa71c <arpintr+184>
0xc01aa6d9 <arpintr+117>: movzwl (%ecx),%eax
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003230515.VAA96507>