Bug #1830

kernel panic v2.7.3.863.gaa25c-DEVELOPMENT

Added by peter almost 11 years ago. Updated almost 11 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:


Got a kernel panic tonight on a GENERIC kernel

Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x10
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc0344101
stack pointer = 0x10:0xdbecca00
frame pointer = 0x10:0xdbecca14
code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = Idle
current thread = pri 12

trap number = 12
panic: page fault
Trace beginning at frame 0xdbecc910
panic(ffffffff) at panic+0xe8
panic(c059db29,c05cb9e5,0,0,fffff) at panic+0xe8
trap_fatal(10,0,0,c070cb00,0) at trap_fatal+0x2d7
trap_pfault(0,dfee8f00,0,0,c070cc14) at trap_pfault+0x122
trap(dbecc9b8) at trap+0x40f
calltrap() at calltrap+0xd
--- trap 0, eip = 0, esp = 0xdbecc9fc, ebp = 0 ---
Uptime: 7h18m0s

#0 _get_mycpu (di=0xc06cdfc0) at ./machine/thread.h:83
#1 md_dumpsys (di=0xc06cdfc0) at /usr/src/sys/platform/pc32/i386/dump_machdep.c:263
#2 0xc030f845 in dumpsys () at /usr/src/sys/kern/kern_shutdown.c:880
#3 0xc030fdb4 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:387
#4 0xc030ff34 in panic (fmt=0xc059db29 "%s") at /usr/src/sys/kern/kern_shutdown.c:786
#5 0xc0553580 in trap_fatal (frame=0xdbecc9b8, eva=<value optimized out>) at /usr/src/sys/platform/pc32/i386/trap.c:1117
#6 0xc05536b4 in trap_pfault (frame=0xdbecc9b8, usermode=0, eva=16) at /usr/src/sys/platform/pc32/i386/trap.c:1018
#7 0xc0553b8c in trap (frame=0xdbecc9b8) at /usr/src/sys/platform/pc32/i386/trap.c:699
#8 0xc05430f7 in calltrap () at /usr/src/sys/platform/pc32/i386/exception.s:785
#9 0xc0344101 in m_copym (m=0x0, off0=0, len=1460, wait=4) at /usr/src/sys/kern/uipc_mbuf.c:1100
#10 0xc03d8bf4 in tcp_output (tp=0xe0d2e508) at /usr/src/sys/netinet/tcp_output.c:723
#11 0xc03d7c2a in tcp_input (m=<value optimized out>) at /usr/src/sys/netinet/tcp_input.c:2539
#12 0xc03cf271 in transport_processing_oncpu (m=0x48, hlen=0, ip=<value optimized out>) at /usr/src/sys/netinet/ip_input.c:411
#13 0xc03d0f1a in ip_input (m=0xeb96ec00) at /usr/src/sys/netinet/ip_input.c:951
#14 0xc03d0f4e in ip_input_handler (msg0=0xeb96ec18) at /usr/src/sys/netinet/ip_input.c:434
#15 0xc0392a14 in netisr_run (num=2, m=0xeb96ec00) at /usr/src/sys/net/netisr.c:590
#16 0xc038922f in ether_demux_oncpu (ifp=0xdb311000, m=0xeb96ec00) at /usr/src/sys/net/if_ethersubr.c:1365
#17 0xc03892cf in ether_input_oncpu (ifp=0xdb311000, m=0xeb96ec00) at /usr/src/sys/net/if_ethersubr.c:1424
#18 0xc03893d9 in ether_input_handler (nmsg=0xeb96ec18) at /usr/src/sys/net/if_ethersubr.c:1532
#19 0xc0392719 in netmsg_service (msg=0xeb96bc00, mpsafe_mode=1, mplocked=0) at /usr/src/sys/net/netisr.c:303
#20 0xc03dad27 in tcpmsg_service_loop (dummy=0x0) at /usr/src/sys/netinet/tcp_subr.c:412
#21 0xc0317d47 in lwkt_deschedule_self (td=Cannot access memory at address 0x8
) at /usr/src/sys/kern/lwkt_thread.c:278
Backtrace stopped: previous frame inner to this frame (corrupt stack?)



Updated by dillon almost 11 years ago

I think what we may have here is a data overflow somewhere
interfering with adjacent mbufs in memory. I will commit
some additional asserts to try to catch it earlier.

I have gotten similar crashes.

Updated by pavalos almost 11 years ago

I'm going to call this fixed.

Also available in: Atom PDF