Bug 200474 - Fatal trap 12 in counter_u64_zero_one_cpu
Summary: Fatal trap 12 in counter_u64_zero_one_cpu
Status: Closed Overcome By Events
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 10.1-STABLE
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-05-26 20:02 UTC by Jimmy Olgeni
Modified: 2016-02-14 20:19 UTC (History)
2 users (show)

See Also:

Attachments
full dmesg buffer (34.72 KB, text/plain)
2015-05-26 20:02 UTC, Jimmy Olgeni 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jimmy Olgeni freebsd_committer freebsd_triage 2015-05-26 20:02:23 UTC 
Created attachment 157177 [details]
full dmesg buffer

I got this panic on 10.1-STABLE FreeBSD 10.1-STABLE #3 r283361.

There's not much context here: lots of starting/stopping a single bhyve VM while testing, and at some point a script tried to create lots of tap interface, which were then removed. Not sure if it could be related.

Firefox got a signal 10 while browsing, its window disappeared and immediately after I got the panic.

kernel trap 12 with interrupts disabled
Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 03
fault virtual address	= 0xc00
fault code		= supervisor write data, page not present
instruction pointer	= 0x20:0xffffffff80997b8a
stack pointer	        = 0x28:0xfffffe046a6f4570
frame pointer	        = 0x28:0xfffffe046a6f4590
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= resume, IOPL = 0
current process		= 15284 (firefox)
trap number		= 12
panic: page fault
cpuid = 3
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe046a6f4030
kdb_backtrace() at kdb_backtrace+0x39/frame 0xfffffe046a6f40e0
panic() at panic+0x1c1/frame 0xfffffe046a6f41a0
trap_fatal() at trap_fatal+0x38f/frame 0xfffffe046a6f4200
trap_pfault() at trap_pfault+0x2ed/frame 0xfffffe046a6f42a0
trap() at trap+0x47a/frame 0xfffffe046a6f44b0
calltrap() at calltrap+0x8/frame 0xfffffe046a6f44b0
--- trap 0xc, rip = 0xffffffff80997b8a, rsp = 0xfffffe046a6f4570, rbp = 0xfffffe046a6f4590 ---
counter_u64_zero_one_cpu() at counter_u64_zero_one_cpu+0x1a/frame 0xfffffe046a6f4590
smp_rendezvous_action() at smp_rendezvous_action+0xbc/frame 0xfffffe046a6f45c0
Xrendezvous() at Xrendezvous+0x89/frame 0xfffffe046a6f45c0
--- interrupt, rip = 0xffffffff80d7c965, rsp = 0xfffffe046a6f4680, rbp = 0xfffffe046a6f4760 ---
pmap_remove_pages() at pmap_remove_pages+0x285/frame 0xfffffe046a6f4760
vmspace_exit() at vmspace_exit+0x9c/frame 0xfffffe046a6f47a0
exit1() at exit1+0x63f/frame 0xfffffe046a6f4830
sigexit() at sigexit+0x925/frame 0xfffffe046a6f4af0
postsig() at postsig+0x286/frame 0xfffffe046a6f4bb0
ast() at ast+0x427/frame 0xfffffe046a6f4bf0
doreti_ast() at doreti_ast+0x1f/frame 0x801dd1780
Uptime: 1d23h6m2s

Checking if I can reproduce it somehow...
Comment 1 Jimmy Olgeni freebsd_committer freebsd_triage 2015-05-27 08:56:42 UTC 
Found another traceback, this time I have a core file.

(kgdb) bt
#0  doadump (textdump=1) at pcpu.h:219
#1  0xffffffff8095e3c7 in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:452
#2  0xffffffff8095e810 in panic (fmt=<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:759
#3  0xffffffff80d84b5f in trap_fatal (frame=<value optimized out>, eva=<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:857
#4  0xffffffff80d84e5d in trap_pfault (frame=0xfffffe046a6f44c0, usermode=<value optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:674
#5  0xffffffff80d844da in trap (frame=0xfffffe046a6f44c0) at /usr/src/sys/amd64/amd64/trap.c:440
#6  0xffffffff80d69ce2 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:236
#7  0xffffffff80997b8a in counter_u64_zero_one_cpu (arg=0x0) at counter.h:65
#8  0xffffffff809a86fc in smp_rendezvous_action () at /usr/src/sys/kern/subr_smp.c:439
#9  0xffffffff80d6b0f9 in Xrendezvous () at apic_vector.S:295
#10 0xffffffff80d7c965 in pmap_remove_pages (pmap=0xfffff803866f3cd8) at /usr/src/sys/amd64/amd64/pmap.c:5355
#11 0xffffffff80c0c32c in vmspace_exit (td=0xfffff80159723000) at /usr/src/sys/vm/vm_map.c:408
#12 0xffffffff8092182f in exit1 (td=0xfffff80159723000, rv=<value optimized out>) at /usr/src/sys/kern/kern_exit.c:385
#13 0xffffffff80961ca5 in sigexit (td=0xfffff80159723000, sig=10) at /usr/src/sys/kern/kern_sig.c:2969
#14 0xffffffff80962546 in postsig (sig=<value optimized out>) at /usr/src/sys/kern/kern_sig.c:2872
#15 0xffffffff809acbf7 in ast (framep=<value optimized out>) at /usr/src/sys/kern/subr_trap.c:271
#16 0xffffffff80d6b139 in doreti_ast () at /usr/src/sys/amd64/amd64/exception.S:682
#17 0x000000081c1c1928 in ?? ()
#18 0x0000000818f0bd60 in ?? ()
#19 0x000000081e429450 in ?? ()
#20 0x0000000000000528 in ?? ()
#21 0xfffffffffd279e98 in ?? ()
#22 0x0000000821b23110 in ?? ()
#23 0x5a5a5a5a5a5a5a5a in ?? ()
#24 0x0000000000000008 in ?? ()
#25 0x0000000801dd1780 in ?? ()
#26 0x0000000000000000 in ?? ()
Current language:  auto; currently minimal
Comment 2 Jimmy Olgeni freebsd_committer freebsd_triage 2016-02-14 20:19:07 UTC 
I never saw this again.

I'll open a new PR if anything new happens on more recent versions.