From owner-freebsd-amd64@FreeBSD.ORG Mon Mar 11 06:50:00 2013 Return-Path: Delivered-To: freebsd-amd64@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id C0836441 for ; Mon, 11 Mar 2013 06:50:00 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id A480191E for ; Mon, 11 Mar 2013 06:50:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r2B6o0Hb038387 for ; Mon, 11 Mar 2013 06:50:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r2B6o0dG038386; Mon, 11 Mar 2013 06:50:00 GMT (envelope-from gnats) Resent-Date: Mon, 11 Mar 2013 06:50:00 GMT Resent-Message-Id: <201303110650.r2B6o0dG038386@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-amd64@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Martin Bishop Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id D486A323 for ; Mon, 11 Mar 2013 06:40:52 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id BC8298F2 for ; Mon, 11 Mar 2013 06:40:52 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.5/8.14.5) with ESMTP id r2B6eqcl034853 for ; Mon, 11 Mar 2013 06:40:52 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.5/8.14.5/Submit) id r2B6eqNA034852; Mon, 11 Mar 2013 06:40:52 GMT (envelope-from nobody) Message-Id: <201303110640.r2B6eqNA034852@red.freebsd.org> Date: Mon, 11 Mar 2013 06:40:52 GMT From: Martin Bishop To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: amd64/176835: Fatal trap 12: page fault while in kernel mode X-Mailman-Approved-At: Mon, 11 Mar 2013 11:25:44 +0000 X-BeenThere: freebsd-amd64@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Porting FreeBSD to the AMD64 platform List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2013 06:50:00 -0000 >Number: 176835 >Category: amd64 >Synopsis: Fatal trap 12: page fault while in kernel mode >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-amd64 >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Mar 11 06:50:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Martin Bishop >Release: 9.1 >Organization: >Environment: FreeBSD host.domain 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 >Description: Periodic panic, though it looks like it's happening in the same place. Stealing some advice from another bug report, there's some gdb output at the bottom.. panic #1 Fatal trap 12: page fault while in kernel mode cpuid = 2; apic id = 02 fault virtual address = 0xffffffffd398481f fault code = supervisor write data, page not present instruction pointer = 0x20:0xffffffff808eb0b3 stack pointer = 0x28:0xffffff80913d4970 frame pointer = 0x28:0xffffff80913d4980 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 91049 (maildrop) trap number = 12 panic: page fault cpuid = 2 KDB: stack backtrace: #0 0xffffffff809208a6 at kdb_backtrace+0x66 #1 0xffffffff808ea8be at panic+0x1ce #2 0xffffffff80bd8240 at trap_fatal+0x290 #3 0xffffffff80bd857d at trap_pfault+0x1ed #4 0xffffffff80bd8b9e at trap+0x3ce #5 0xffffffff80bc315f at calltrap+0x8 #6 0xffffffff808efb14 at tdsendsignal+0x454 #7 0xffffffff808f0b6d at killpg1+0x3bd #8 0xffffffff808f0de4 at sys_kill+0x1e4 #9 0xffffffff80bd7ae6 at amd64_syscall+0x546 panic #2 Fatal trap 12: page fault while in kernel mode cpuid = 2; apic id = 02 fault virtual address = 0xffffffffd398481f fault code = supervisor write data, page not present instruction pointer = 0x20:0xffffffff808eb0b3 stack pointer = 0x28:0xffffff8091109970 frame pointer = 0x28:0xffffff8091109980 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 57769 (maildrop) trap number = 12 panic: page fault cpuid = 2 KDB: stack backtrace: #0 0xffffffff809208a6 at kdb_backtrace+0x66 #1 0xffffffff808ea8be at panic+0x1ce #2 0xffffffff80bd8240 at trap_fatal+0x290 #3 0xffffffff80bd857d at trap_pfault+0x1ed #4 0xffffffff80bd8b9e at trap+0x3ce #5 0xffffffff80bc315f at calltrap+0x8 #6 0xffffffff808efb14 at tdsendsignal+0x454 #7 0xffffffff808f0b6d at killpg1+0x3bd #8 0xffffffff808f0de4 at sys_kill+0x1e4 #9 0xffffffff80bd7ae6 at amd64_syscall+0x546 % gdb /boot/kernel/kernel (gdb) l *tdsendsignal+0x454 0xffffffff808efb14 is in tdsendsignal (/usr/src/sys/kern/kern_sig.c:2046). warning: Source file is more recent than executable. 2041 * IEEE Std 1003.1-2001: return success when killing a zombie. 2042 */ 2043 if (p->p_state == PRS_ZOMBIE) { 2044 if (ksi && (ksi->ksi_flags & KSI_INS)) 2045 ksiginfo_tryfree(ksi); 2046 return (ret); 2047 } 2048 2049 ps = p->p_sigacts; 2050 KNOTE_LOCKED(&p->p_klist, NOTE_SIGNAL | sig); (gdb) I can grab a core if need be, but am hoping that given the consistency of the backtrace the problem will be obvious to the maintainers of the relevant portions of code :) >How-To-Repeat: I haven't been triggering it, but given the current process is consistently the same: - run 9.1 release - use maildrop to filter mail - wait for crash >Fix: >Release-Note: >Audit-Trail: >Unformatted: