From owner-freebsd-stable@FreeBSD.ORG Sun Jan 7 14:03:43 2007 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3493B16A407; Sun, 7 Jan 2007 14:03:43 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.freebsd.org (Postfix) with ESMTP id B7D0C13C4A5; Sun, 7 Jan 2007 14:03:42 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id C2B314BA8B; Sun, 7 Jan 2007 09:03:41 -0500 (EST) Date: Sun, 7 Jan 2007 14:03:41 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: "Marc G. Fournier" In-Reply-To: <8FF1D577DF1087259D6F71E0@ganymede.hub.org> Message-ID: <20070107140119.M46119@fledge.watson.org> References: <8FF1D577DF1087259D6F71E0@ganymede.hub.org> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-910365012-1168178621=:46119" Cc: freebsd-stable@freebsd.org, jhb@FreeBSD.org Subject: Re: Fatal trap 12: page fault while in kernel mode X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jan 2007 14:03:43 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-910365012-1168178621=:46119 Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE On Sat, 6 Jan 2007, Marc G. Fournier wrote: > Just had the following happen on a FreeBSD 6.2-PRERELEASE #7: Sun Dec 17= =20 > 01:28:52 AST 2006 system ... amd64, HP Proliant, 6G of RAM ... have core = if=20 > there is information that I can provide out of it ... > > Fatal trap 12: page fault while in kernel mode > cpuid =3D 0; apic id =3D 00 > fault virtual address =3D 0x18c > fault code =3D supervisor read, page not present > instruction pointer =3D 0x8:0xffffffff801f9053 > stack pointer =3D 0x10:0xffffffffb5c78b30 > frame pointer =3D 0x10:0xffffffffb5c78b60 > code segment =3D base 0x0, limit 0xfffff, type 0x1b > =3D DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags =3D resume, IOPL =3D 0 > current process =3D 5 (thread taskq) > trap number =3D 12 > panic: page fault > cpuid =3D 0 > Uptime: 8d22h25m40s > > (kgdb) where > #0 doadump () at pcpu.h:172 > #1 0xffffffff80203955 in boot (howto=3D260) at > /usr/src/sys/kern/kern_shutdown.c:409 > #2 0xffffffff80204065 in panic (fmt=3D0xffffff019b667720 > "X\223f\233\001=FF=FF=FF\020=B5c\233\001=FF=FF=FF") at > /usr/src/sys/kern/kern_shutdown.c:565 > #3 0xffffffff803287a6 in trap_fatal (frame=3D0xc, eva=3D1844674298110007= 4784) at > /usr/src/sys/amd64/amd64/trap.c:660 > #4 0xffffffff80328cd8 in trap (frame=3D > {tf_rdi =3D 112, tf_rsi =3D -1092609476832, tf_rdx =3D 6, tf_rcx =3D= 3221225730, > tf_r8 =3D -1245213424, tf_r9 =3D -1092609476832, tf_rax =3D 1, tf_rbx =3D > - -1096874331952, tf_rbp =3D -1245213856, tf_r10 =3D -2142258536, tf_r11 = =3D 0, tf_r12 > =3D 4, tf_r13 =3D -1092609476832, tf_r14 =3D 4, tf_r15 =3D 1, tf_trapno = =3D 12, tf_addr =3D > 396, tf_flags =3D -2145197496, tf_err =3D 0, tf_rip =3D -2145415085, tf_c= s =3D 8, > tf_rflags =3D 65538, tf_rsp =3D -1245213888, tf_ss =3D 16}) at > /usr/src/sys/amd64/amd64/trap.c:238 > #5 0xffffffff80313c6b in calltrap () at > /usr/src/sys/amd64/amd64/exception.S:168 > #6 0xffffffff801f9053 in _mtx_lock_sleep (m=3D0xffffff009d31f0d0, > tid=3D18446742981100074784, opts=3D6, file=3D0xc0000102
bounds>, line=3D-1245213424) at /usr/src/sys/kern/kern_mutex.c:546 > #7 0xffffffff8025b1ac in unp_gc (arg=3D0x70, pending=3D-1687783648) at > /usr/src/sys/kern/uipc_usrreq.c:1714 > #8 0xffffffff8022c314 in taskqueue_run (queue=3D0xffffff0000844800) at > /usr/src/sys/kern/subr_taskqueue.c:257 > #9 0xffffffff8022d0e7 in taskqueue_thread_loop (arg=3D0x70) at > /usr/src/sys/kern/subr_taskqueue.c:376 > #10 0xffffffff801e7b76 in fork_exit (callout=3D0xffffffff8022d060 > , arg=3D0xffffffff805030d0, frame=3D0xffffffffb5c7= 8c50) at > /usr/src/sys/kern/kern_fork.c:821 > #11 0xffffffff80313fce in fork_trampoline () at > /usr/src/sys/amd64/amd64/exception.S:394 This is a NULL pointer dereference in the UNIX domain socket code. John=20 Baldwin recently committed a fix for a bug with these symptoms to 7-CURRENT= ,=20 with an MFC planned in the near future. The fix won't make 6.2-RELEASE, bu= t=20 assuming it tests out well over the next few weeks, we will cut an errata= =20 patch/announcement for it. I believe you can pull down his 6-STABLE versio= n=20 at: http://people.FreeBSD.org/~jhb/patches/unp_gc.patch This same patch is currently in texting on mx1.FreeBSD.org. (John CC'd) Robert N M Watson Computer Laboratory University of Cambridge --0-910365012-1168178621=:46119--