Date: Mon, 11 Mar 2013 06:40:52 GMT From: Martin Bishop <martin.bishop@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: amd64/176835: Fatal trap 12: page fault while in kernel mode Message-ID: <201303110640.r2B6eqNA034852@red.freebsd.org> Resent-Message-ID: <201303110650.r2B6o0dG038386@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 176835
>Category: amd64
>Synopsis: Fatal trap 12: page fault while in kernel mode
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-amd64
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Mar 11 06:50:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Martin Bishop
>Release: 9.1
>Organization:
>Environment:
FreeBSD host.domain 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
Periodic panic, though it looks like it's happening in the same place. Stealing some advice from another bug report, there's some gdb output at the bottom..
panic #1
Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 02
fault virtual address = 0xffffffffd398481f
fault code = supervisor write data, page not present
instruction pointer = 0x20:0xffffffff808eb0b3
stack pointer = 0x28:0xffffff80913d4970
frame pointer = 0x28:0xffffff80913d4980
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 91049 (maildrop)
trap number = 12
panic: page fault
cpuid = 2
KDB: stack backtrace:
#0 0xffffffff809208a6 at kdb_backtrace+0x66
#1 0xffffffff808ea8be at panic+0x1ce
#2 0xffffffff80bd8240 at trap_fatal+0x290
#3 0xffffffff80bd857d at trap_pfault+0x1ed
#4 0xffffffff80bd8b9e at trap+0x3ce
#5 0xffffffff80bc315f at calltrap+0x8
#6 0xffffffff808efb14 at tdsendsignal+0x454
#7 0xffffffff808f0b6d at killpg1+0x3bd
#8 0xffffffff808f0de4 at sys_kill+0x1e4
#9 0xffffffff80bd7ae6 at amd64_syscall+0x546
panic #2
Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 02
fault virtual address = 0xffffffffd398481f
fault code = supervisor write data, page not present
instruction pointer = 0x20:0xffffffff808eb0b3
stack pointer = 0x28:0xffffff8091109970
frame pointer = 0x28:0xffffff8091109980
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 57769 (maildrop)
trap number = 12
panic: page fault
cpuid = 2
KDB: stack backtrace:
#0 0xffffffff809208a6 at kdb_backtrace+0x66
#1 0xffffffff808ea8be at panic+0x1ce
#2 0xffffffff80bd8240 at trap_fatal+0x290
#3 0xffffffff80bd857d at trap_pfault+0x1ed
#4 0xffffffff80bd8b9e at trap+0x3ce
#5 0xffffffff80bc315f at calltrap+0x8
#6 0xffffffff808efb14 at tdsendsignal+0x454
#7 0xffffffff808f0b6d at killpg1+0x3bd
#8 0xffffffff808f0de4 at sys_kill+0x1e4
#9 0xffffffff80bd7ae6 at amd64_syscall+0x546
% gdb /boot/kernel/kernel
<snip>
(gdb) l *tdsendsignal+0x454
0xffffffff808efb14 is in tdsendsignal (/usr/src/sys/kern/kern_sig.c:2046).
warning: Source file is more recent than executable.
2041 * IEEE Std 1003.1-2001: return success when killing a zombie.
2042 */
2043 if (p->p_state == PRS_ZOMBIE) {
2044 if (ksi && (ksi->ksi_flags & KSI_INS))
2045 ksiginfo_tryfree(ksi);
2046 return (ret);
2047 }
2048
2049 ps = p->p_sigacts;
2050 KNOTE_LOCKED(&p->p_klist, NOTE_SIGNAL | sig);
(gdb)
I can grab a core if need be, but am hoping that given the consistency of the backtrace the problem will be obvious to the maintainers of the relevant portions of code :)
>How-To-Repeat:
I haven't been triggering it, but given the current process is consistently the same:
- run 9.1 release
- use maildrop to filter mail
- wait for crash
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201303110640.r2B6eqNA034852>