Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 14 Mar 2026 09:28:53 -0400
From:      Michael Butler <imb@protected-networks.net>
To:        Subbsd <subbsd@gmail.com>, freebsd-current Current <freebsd-current@freebsd.org>
Subject:   Re: panic: supervisor write data, protection violation (vn_read/copyout_smap_erms?)
Message-ID:  <d8132248-0e53-4c0d-bb6c-682995d09f02@protected-networks.net>
In-Reply-To: <CAFt_eMree8BYjJCJyr8po9TxkpT0ipQPy5C%2BCm_UCpM%2B5eCNLQ@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail 

To narrow this .. I can reliably start a kernel built at or before 
commit 277830b4d3ae.

On 3/14/26 09:06, Subbsd wrote:
> Hi,
> 
> The latest FreeBSD 16-CURRENT panics during some disk activities
> (e.g.: installing a packages, starting some services, for example
> /etc/rc.d/devd)
> 
> --
> Fatal trap 12: page fault while in kernel mode
> cpuid = 6; apic id = 06
> fault virtual address   = 0x45e4db029e00
> fault code              = supervisor write data, protection violation
> instruction pointer     = 0x20:0xffffffff81127826
> stack pointer           = 0x28:0xfffffe00ff03b930
> frame pointer           = 0x28:0xfffffe00ff03b930
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 1042 (sh)
> rdi: 000045e4db029e00 rsi: fffff80063fed000 rdx: 0000000000000400
> rcx: 0000000000000400  r8: fffff80063fed000  r9: 000000000000261f
> rax: 0000000000000000 rbx: fffff80063fed000 rbp: fffffe00ff03b930
> r10: 0000000000000400 r11: fffff8000fb9ccd0 r12: fffffe00ff03bde8
> r13: 0000000000000400 r14: 0000000000000400 r15: fffffe00ff03bda8
> trap number             = 12
> panic: page fault
> cpuid = 6
> time = 1773492421
> KDB: stack backtrace:
> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00ff03b640
> vpanic() at vpanic+0x136/frame 0xfffffe00ff03b770
> panic() at panic+0x43/frame 0xfffffe00ff03b7d0
> trap_fatal() at trap_fatal+0x68/frame 0xfffffe00ff03b7f0
> trap_pfault() at trap_pfault+0x2ac/frame 0xfffffe00ff03b860
> calltrap() at calltrap+0x8/frame 0xfffffe00ff03b860
> --- trap 0xc, rip = 0xffffffff81127826, rsp = 0xfffffe00ff03b930, rbp
> = 0xfffffe00ff03b930 ---
> copyout_smap_erms() at copyout_smap_erms+0x196/frame 0xfffffe00ff03b930
> uiomove_fromphys() at uiomove_fromphys+0x15f/frame 0xfffffe00ff03b990
> vn_read_from_obj() at vn_read_from_obj+0x13f/frame 0xfffffe00ff03ba70
> VOP_READ_PGCACHE_APV() at VOP_READ_PGCACHE_APV+0x2a/frame 0xfffffe00ff03ba90
> vn_read() at vn_read+0x94/frame 0xfffffe00ff03bb10
> vn_io_fault_doio() at vn_io_fault_doio+0x45/frame 0xfffffe00ff03bb70
> vn_io_fault1() at vn_io_fault1+0x15e/frame 0xfffffe00ff03bcb0
> vn_io_fault() at vn_io_fault+0x19d/frame 0xfffffe00ff03bd40
> dofileread() at dofileread+0x80/frame 0xfffffe00ff03bd90
> sys_read() at sys_read+0x127/frame 0xfffffe00ff03be00
> amd64_syscall() at amd64_syscall+0x169/frame 0xfffffe00ff03bf30
> fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00ff03bf30
> --- syscall (3, FreeBSD ELF64, read), rip = 0x3e8c57b7232a, rsp =
> 0x3e8c53973298, rbp = 0x3e8c539732e0 ---
> KDB: enter: panic
> Uptime: 17s
> --
> 
> Other info + messages in dmesg:
> 
> Kernel: GENERIC
> 
> uname -a:
> 
> FreeBSD host1.my.domain 16.0-CURRENT FreeBSD 16.0-CURRENT #0
> main-f91464171d61: Sat Mar 14 12:35:27 UTC 2026
> root@host1.my.domain:/usr/obj/usr/jails/src/src_16/src/amd64.amd64/sys/GENERIC
> amd64
> 
> Filesystem: UFS2
> 
> dmesg with suspicious entries:
> ```
> lock order reversal: (sleepable after non-sleepable)
> 1st 0xffffffff81da28a8 dev mtx (devd, sleep mutex) @
> /usr/jails/src/src_16/src/sys/kern/kern_devctl.c:572
> 2nd 0xffffffff82300d50 umareclaim (umareclaim, sx) @
> /usr/jails/src/src_16/src/sys/vm/uma_core.c:3428
> lock order devd -> umareclaim attempted at:
> #0 0xffffffff80c43fbf at witness_checkorder+0xcaf
> #1 0xffffffff80bd40f0 at _sx_xlock+0x60
> #2 0xffffffff80f9903d at uma_zdestroy+0x3d
> #3 0xffffffff80b64fce at sysctl_devctl_queue+0x8e
> #4 0xffffffff80bdb3ec at sysctl_root_handler_locked+0x9c
> #5 0xffffffff80bda74f at sysctl_root+0x22f
> #6 0xffffffff80bdae56 at userland_sysctl+0x1b6
> #7 0xffffffff80bdac65 at sys___sysctl+0x65
> #8 0xffffffff8112b719 at amd64_syscall+0x169
> #9 0xffffffff810fa54b at fast_syscall_common+0xf8
> Freed UMA keg (DEVCTL) was not empty (455 items).  Lost 114 pages of memory.
> ```
>
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d8132248-0e53-4c0d-bb6c-682995d09f02>