Subject: port-i386/4281: vm_fault crash on i386
To: None <>
From: Dave Huang <>
List: netbsd-bugs
Date: 10/16/1997 20:04:12
>Number:         4281
>Category:       port-i386
>Synopsis:       vm_fault crash on i386
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    gnats-admin (GNATS administrator)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Oct 16 18:20:03 1997
>Originator:     Dave Huang
Name: Dave Huang     |   Mammal, mammal / their names are called /
INet:   |   they raise a paw / the bat, the cat /
FurryMUCK: Dahan     |   dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 21 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++
>Release:        NetBSD-current as of October 15, 1997
System: NetBSD 1.2G NetBSD 1.2G (SLOTH) #128: Wed Oct 15 20:58:02 CDT 1997 i386

My 386/33 w/8MB RAM crashed with the following messages:

vm_fault(0xf8687600, 0, 1, 0) -> 5
fatal page fault in supervisor mode
trap type 6 code f8250000 eip f819c60b cs f9a50008 eflags 10246 cr2 0 cpl e00044c2
panic: trap
syncing disks... 1 1 done

dumping to dev 1, offset 32641
dump 8 7 6 5 4 3 2 1 succeeded

At the time, I was downloading some stuff through one ppp connection,
and was about to access a web site through another ppp connection (the
386 does NAT and routes for me). It may be a coincidence, but the
panic seems to have happened when my web browser made the connection
to the web site.

The previous kernel I was running, from around Oct 2, had been up for
about 14 days or so.

I have a kernel with debugging symbols and a core dump if anyone wants
to look at them.

(kgdb) list *0xf819c60b
0xf819c60b is in pmap_changebit (../../../../arch/i386/i386/pmap.c:1646).
1641                                    if (va >= pager_sva && va < pager_eva)
1642                                            continue;
1643                            }
1645                            pte = pmap_pte(pv->pv_pmap, va);
1646                            *pte = (*pte & maskbits) | setbits;
1647                    }
1648                    pmap_update();
1649            }
1650            splx(s);

Kernel config:

# SLOTH kernel config
include "arch/i386/conf/std.i386"

options		I386_CPU	# CPU classes; at least one is REQUIRED
options 	MATH_EMULATE	# floating point emulation
#options	VM86		# Virtual 8086 emulation

# Some BIOSes don't get the size of extended memory right.  If you
# have a broken BIOS, uncomment the following and set the value
# properly for your system.
#options	BIOSEXTMEM=...	# size of extended memory

options	DUMMY_NOPS	# speed hack; recommended
#options		INSECURE	# insecure; allow /dev/mem writing for X

maxusers	8		# estimated number of users
options		RTC_OFFSET=0	# hardware clock is this many mins. west of GMT
#options	NTP		# NTP phase/frequency locked loop

#options		DDB		# in-kernel debugger
makeoptions	DEBUG="-g"	# compile full symbol table
options		DIAGNOSTIC	# internal consistency checks
#options 	KGDB
#options 	KGDBDEV=0x801
#options 	KGDBRATE=38400

#options		KTRACE		# system call tracing, a la ktrace(1)

#options		SYSVMSG		# System V-like message queues
#options		SYSVSEM		# System V-like semaphores
#options		SYSVSHM		# System V-like memory sharing
#options	SHMMAXPGS=1024	# 1024 pages is the default

#options 	COMPAT_12	# NetBSD 1.2,
options		COMPAT_43	# and 4.3BSD
#options		TCP_COMPAT_42	# TCP bug compatibility with 4.2BSD

#options		COMPAT_LINUX	# binary compatibility with Linux
#options		COMPAT_FREEBSD	# binary compatibility with FreeBSD

#options		EXEC_ELF32	# 32-bit ELF executables (SVR4, Linux)

#options		USER_LDT	# user-settable LDT; used by WINE
options		LKM		# loadable kernel modules

file-system 	FFS		# UFS
file-system 	NFS		# Network File System client
#file-system 	CD9660		# ISO 9660 + Rock Ridge file system
#file-system 	MSDOSFS		# MS-DOS file system
#file-system 	FDESC		# /dev/fd
file-system 	KERNFS		# /kern
file-system 	PROCFS		# /proc
#file-system 	UNION		# union file system

options		NFSSERVER	# Network File System server

options 	GATEWAY		# packet forwarding
options		INET		# IP + ICMP + TCP + UDP
#options 	NETATALK	# AppleTalk
#options 	PPP_BSDCOMP
#options 	PPP_DEFLATE
options 	PPP_FILTER

config		netbsd	root on wd0a type ffs dumps on wd0b
options 	"CONSDEVNAME=\"com\"",CONADDR=0x3f8,CONSPEED=19200

mainbus0 at root

isa*	at mainbus0			# all other ISA

npx0	at isa? port 0xf0 irq 13	# math coprocessor

pc0	at isa? port 0x60 irq 1		# generic PC console device
#vt0	at isa? port 0x60 irq 1

com0	at isa? port 0x3f8 irq 4	# standard PC serial port
com1	at isa? port 0x2f8 irq 3

tcom0	at isa? port 0x100 irq 11	# TCOM 4-port serial cards
com*	at tcom? slave ?

lpt0	at isa? port 0x378 irq 7	# standard PC parallel ports

fdc0	at isa? port 0x3f0 irq 6 drq 2	# standard PC floppy controllers
#fdc1	at isa? port 0x370 irq ? drq ?
fd*	at fdc? drive ?

wdc0	at isa? port 0x1f0 irq 14	# ST506, ESDI, and IDE controllers
#wdc1	at isa? port 0x170 irq ?
wd0	at wdc0 drive 0

ne0	at isa? port 0x300 irq 10	# NE2000 (Olicom 2125)
#ed0	at isa? port 0x250 iomem 0xd8000 irq 5 flags 1	# 3c503 (Etherlink II)

#spkr0	at pckbd? port 0x61

# Joystick driver. Probe is a little strange; add only if you have one.
#joy0	at isa? port 0x201

pseudo-device	loop	1		# network loopback
pseudo-device	bpfilter 8		# packet filter
pseudo-device	sl	2		# CSLIP
pseudo-device	ppp	6		# PPP
pseudo-device	ipfilter		# ip filter

pseudo-device	pty	16		# pseudo-terminals
#pseudo-device	ccd	4		# concatenated disk devices

dmesg output:

Copyright (c) 1982, 1986, 1989, 1991, 1993
    The Regents of the University of California.  All rights reserved.

NetBSD 1.2G (SLOTH) #128: Wed Oct 15 20:58:02 CDT 1997
cpu0: Intel 386DX (386-class)
real mem  = 7995392
avail mem = 6406144
using 123 buffers containing 503808 bytes of memory
mainbus0 (root)
isa0 at mainbus0
ne0 at isa0 port 0x300-0x31f irq 10
ne0: NE2000 Ethernet
ne0: Ethernet address 00:00:24:22:dc:f9
tcom0 at isa0 port 0x100-0x11f irq 11
com2 at tcom0 slave 0: st16650a, working fifo
com3 at tcom0 slave 1: st16650a, working fifo
com4 at tcom0 slave 2: st16650a, working fifo
com5 at tcom0 slave 3: st16650a, working fifo
com0 at isa0 port 0x3f8-0x3ff irq 4: ns16550a, working fifo
com0: console
com1 at isa0 port 0x2f8-0x2ff irq 3: ns16550a, working fifo
lpt0 at isa0 port 0x378-0x37b irq 7
wdc0 at isa0 port 0x1f0-0x1f7 irq 14
wd0 at wdc0 drive 0: <QUANTUM LP120A GM120A01X>
wd0: 116MB, 901 cyl, 5 head, 53 sec, 512 bytes/sec
wd0: using 8-sector 16-bit pio transfers, chs addressing
pc0 at isa0 port 0x60-0x6f irq 1: color
fdc0 at isa0 port 0x3f0-0x3f7 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB, 80 cyl, 2 head, 18 sec
biomask 4040 netmask 4440 ttymask 44c2
boot device: wd0
root on wd0a dumps on wd0b

Don't know, it hasn't happened again.

Don't know that either.