Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 05 Nov 2016 22:07:20 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 213856] Fatal trap12: page fault while in kernel mode; Supervisor read data, page not present
Message-ID:  <bug-213856-8-Cv2tzcUDJE@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-213856-8@https.bugs.freebsd.org/bugzilla/>
References:  <bug-213856-8@https.bugs.freebsd.org/bugzilla/>

next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D213856

--- Comment #13 from Mark Johnston <markj@FreeBSD.org> ---
In both cases, we crashed in bucket_drain() when resetting bucket->ub_cnt t=
o 0:

   0xffffffff80e17d90 <+256>:   movslq %r13d,%r13
   0xffffffff80e17d93 <+259>:   mov    0x18(%rbx,%r13,8),%rdi
   0xffffffff80e17d98 <+264>:   mov    0x10c(%r14),%esi
   0xffffffff80e17d9f <+271>:   callq  *0xe8(%r14)
   0xffffffff80e17da6 <+278>:   inc    %r13d
   0xffffffff80e17da9 <+281>:   movswl 0x10(%rbx),%eax
   0xffffffff80e17dad <+285>:   cmp    %eax,%r13d
   0xffffffff80e17db0 <+288>:   jl     0xffffffff80e17d90
<bucket_cache_drain+256>
   0xffffffff80e17db2 <+290>:   mov    0x100(%r14),%rdi
   0xffffffff80e17db9 <+297>:   movswl %ax,%edx
   0xffffffff80e17dbc <+300>:   mov    %r12,%rsi
   0xffffffff80e17dbf <+303>:   callq  *0xf8(%r14)
   0xffffffff80e17dc6 <+310>:   movw   $0x0,0x10(%rbx) <--

rbx is a callee-saved register that is dereferenced after every call to
uz_fini,
so it seems as though the uz_release function for the zone is somehow
corrupting
its frame. Because this is happening in the context of uma_reclaim(), we kn=
ow
that this can't be a cache zone, so uz_release is zone_release().

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-213856-8-Cv2tzcUDJE>