Hi, The following crash has been observed using FreeBSD 9-stable amd64: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x20 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff81765bb6 stack pointer = 0x28:0xffffff81225cb9a0 frame pointer = 0x28:0xffffff81225cba30 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 2458 (XXXXXXXX) trap number = 12 panic: page fault cpuid = 0 KDB: stack backtrace: #0 0xffffffff809553b6 at kdb_backtrace+0x66 #1 0xffffffff8091c72e at panic+0x1ce #2 0xffffffff80cabb40 at trap_fatal+0x290 #3 0xffffffff80cabea1 at trap_pfault+0x211 #4 0xffffffff80cac454 at trap+0x344 #5 0xffffffff80c957e3 at calltrap+0x8 #6 0xffffffff808e68ab at exit1+0x1bb #7 0xffffffff81773dcf at linux_exit_group+0xaf #8 0xffffffff80d2728e at ia32_syscall+0x57e #9 0xffffffff80c95db1 at Xint0x80_syscall+0x91 Uptime: 40m36s #7 0xffffffff81765bb6 in linux_proc_exit (arg=<value optimized out>, p=<value optimized out>) at /usr/img/freebsd.9/sys/modules/linux/../../compat/linux/linux_emul.c:326 #8 0xffffffff808e68ab in exit1 (td=0xfffffe0130cce490, rv=<value optimized out>) at /usr/img/freebsd.9/sys/kern/kern_exit.c:261 #9 0xffffffff81773dcf in linux_exit_group (td=0xfffffe0130cce490, args=0xffffff81225cbb70) at /usr/img/freebsd.9/sys/modules/linux/../../compat/linux/linux_misc.c:1686 #10 0xffffffff80d2728e in ia32_syscall (frame=0xffffff81225cbc00) at subr_syscall.c:135 #11 0xffffffff80c95db1 in Xint0x80_syscall () at ia32_exception.S:73 #12 0x00000000080f2047 in ?? () Previous frame inner to this frame (corrupt stack?) /* Are we a task leader? */ if (p == p->p_leader) { 364: 4d 8b a6 18 04 00 00 mov 0x418(%r14),%r12 36b: 4d 39 f4 cmp %r14,%r12 36e: 0f 84 c2 0d 00 00 je 1136 <exit1+0xf36> /* * Check if any loadable modules need anything done at process exit. * E.g. SYSV IPC stuff * XXX what if one of these generates an error? */ EVENTHANDLER_INVOKE(process_exit, p); 374: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 377: R_X86_64_32S .rodata.str1.1+0xf 37b: e8 00 00 00 00 callq 380 <exit1+0x180> 37c: R_X86_64_PC32 eventhandler_find_list+0xfffffffffffffffc 380: 48 85 c0 test %rax,%rax 383: 49 89 c4 mov %rax,%r12 386: 0f 84 e3 00 00 00 je 46f <exit1+0x26f> 38c: 8b 40 0c mov 0xc(%rax),%eax 38f: 4d 8b 6c 24 40 mov 0x40(%r12),%r13 394: 83 c0 01 add $0x1,%eax 397: 4d 85 ed test %r13,%r13 39a: 41 89 44 24 0c mov %eax,0xc(%r12) 39f: 0f 84 97 00 00 00 je 43c <exit1+0x23c> 3a5: 4d 8d 7c 24 10 lea 0x10(%r12),%r15 3aa: eb 40 jmp 3ec <exit1+0x1ec> 3ac: 0f 1f 40 00 nopl 0x0(%rax) 3b0: 4c 89 f6 mov %r14,%rsi 3b3: 49 8b 7d 18 mov 0x18(%r13),%rdi 3b7: 41 ff 55 20 callq *0x20(%r13) ^^^ NULL pointer 3bb: 65 48 8b 34 25 00 00 mov %gs:0x0,%rsi 3c2: 00 00 3c4: 48 89 d8 mov %rbx,%rax 3c7: f0 49 0f b1 74 24 28 lock cmpxchg %rsi,0x28(%r12) 3ce: 0f 94 c0 sete %al 3d1: 84 c0 test %al,%al 3d3: 74 4a je 41f <exit1+0x21f> 3d5: 8b 3d 00 00 00 00 mov 0x0(%rip),%edi # 3db <exit1+0x1db> The issue seems to be reproducable and possibly also exists in -current. Any clues? --HPSReceived on Sat Jun 22 2013 - 20:26:21 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:38 UTC