Bug 193399 - Fatal trap 12: page fault while in kernel mode (g_resize_provider_event -> g_slice_orphan -> free)
Summary: Fatal trap 12: page fault while in kernel mode (g_resize_provider_event -> g_...
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 10.0-RELEASE
Hardware: amd64 Any
: --- Affects Only Me
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-09-06 20:31 UTC by Stepan Tezyunichev
Modified: 2014-09-06 20:32 UTC (History)
1 user (show)

See Also:

Attachments
Auto-generated core.txt file (161.87 KB, text/plain)
2014-09-06 20:31 UTC, Stepan Tezyunichev 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stepan Tezyunichev 2014-09-06 20:31:42 UTC 
Created attachment 146970 [details]
Auto-generated core.txt file

I have a FreeBSD based SAN running on vmWare virtual machine.
There are two disk controllers: built-in Intel Patsburg 6 and LSI logic. Both attached to VM using hardware passthrough.
There are three iSCSI targets on ZFS raidz2 published by using ctld.

Recently I got a problem with one of the disks.
After several reboots I executed 'zpool scrub tank'. At that moment system hanged and kernel panic was generated.

Please find attached auto-generage core.txt report. I can upload vmcore if required.

Short backtrace:
Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address	= 0xffff80400814d190
fault code		= supervisor read data, page not present
instruction pointer	= 0x20:0xffffffff80c80b03
stack pointer	        = 0x28:0xfffffe02ec9eb980
frame pointer	        = 0x28:0xfffffe02ec9eb990
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 13 (g_event)
trap number		= 12
panic: page fault
cpuid = 1
KDB: stack backtrace:
#0 0xffffffff808e7dd0 at kdb_backtrace+0x60
#1 0xffffffff808af8b5 at panic+0x155
#2 0xffffffff80c8e692 at trap_fatal+0x3a2
#3 0xffffffff80c8e969 at trap_pfault+0x2c9
#4 0xffffffff80c8e0f6 at trap+0x5e6
#5 0xffffffff80c75392 at calltrap+0x8
#6 0xffffffff80898cf0 at free+0x30
#7 0xffffffff8081d5b6 at g_slice_orphan+0x46
#8 0xffffffff8081eda1 at g_resize_provider_event+0x71
#9 0xffffffff8081ad86 at g_run_events+0x166
#10 0xffffffff8088198a at fork_exit+0x9a
#11 0xffffffff80c758ce at fork_trampoline+0xe