Date: Tue, 22 Nov 2022 21:50:33 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 267935] panic: page fault in kern_osd.c on shutdown with one running vnet jail Message-ID: <bug-267935-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D267935 Bug ID: 267935 Summary: panic: page fault in kern_osd.c on shutdown with one running vnet jail Product: Base System Version: 13.1-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: nsonack@outlook.com This bug repeatedly occurs on a Thinkpad T440s in the following situation: - Kernel in versions 13.1-RELEASE-p3 and 13.1-RELEASE-p4 - One manually created VNET Jail (with a epair interface attached to it) - In the jail only PostgreSQL 15 is running - Reboot or shut the host machine down - It almost immediately panics and prints a pile of probably unrelated traces (which look like nested faults) a'la: #0 0xffffffff80e5e323 at linux_dump_stack+0x23 #1 0xffffffff83e5d620 at drm_atomic_helper_check_planes+0xb0 #2 0xffffffff83d55e2a at intel_atomic_check+0x124a #3 0xffffffff83e5b360 at drm_atomic_check_only+0x400 #4 0xffffffff83e5b793 at drm_atomic_commit+0x13 #5 0xffffffff83e683b8 at drm_client_modeset_commit_atomic+0x148 #6 0xffffffff83e68119 at drm_client_modeset_commit_force+0x69 #7 0xffffffff83ea80ba at drm_fb_helper_restore_fbdev_mode_unlocked+0x7a #8 0xffffffff83ea2057 at vt_kms_postswitch+0x167 #9 0xffffffff80a70a19 at vt_window_switch+0x2d9 #10 0xffffffff80a6db7f at vtterm_cngrab+0x4f #11 0xffffffff80bb3956 at cngrab+0x26 #12 0xffffffff80c1b654 at kern_reboot+0x354 #13 0xffffffff80c1bbce at vpanic+0x1ee #14 0xffffffff80c1b9d3 at panic+0x43 #15 0xffffffff810afdf5 at trap_fatal+0x385 #16 0xffffffff810afe4f at trap_pfault+0x4f #17 0xffffffff810875b8 at calltrap+0x8 =20 <4>WARN_ON(!mutex_is_locked(&dev->struct_mutex))WARN_ON(!mutex_is_locked(&d= ev->struct_mutex)) - kgdb reveals: (kgdb) #8 0xffffffff841003d0 in ?? () No symbol table info available. #9 0xffffffff80bfc6ea in osd_call (type=3Dtype@entry=3D1, method=3Dmetho= d@entry=3D5, obj=3Dobj@entry=3D0xfffff80019641000, data=3Ddata@entry=3D0x0) at /usr/src/sys/kern/kern_osd.c:401 error =3D 0 i =3D 4 methodfun =3D 0xffffffff841003d0 #10 0xffffffff80be0f22 in prison_deref (pr=3D0xfffff80019641000, flags=3D= 67) at /usr/src/sys/kern/kern_jail.c:2779 freeprison =3D {tqh_first =3D 0x0, tqh_last =3D 0xfffffe000ede7e0= 8} killpr =3D 0x0 ppr =3D <optimized out> p =3D <optimized out> rpr =3D <optimized out> tpr =3D <optimized out> #11 0xffffffff80c7da81 in taskqueue_run_locked (queue=3Dqueue@entry=3D0xfffff800016b5900) at /usr/src/sys/kern/subr_taskqueue.c:477 et =3D {et_link =3D {tqe_next =3D 0xfffffe00105e01e0, tqe_prev =3D 0xffffffff811c863e}, et_td =3D 0x0, et_section =3D {bucket =3D 0}, et_old_p= riority =3D 0 '\000'} tb =3D {tb_running =3D 0xfffff80019641060, tb_seq =3D 322, tb_lin= k =3D {le_next =3D 0x0, le_prev =3D 0xfffff800016b5910}} in_net_epoch =3D false task =3D 0xfffff80019641060 pending =3D 1 #12 0xffffffff80c7ed92 in taskqueue_thread_loop (arg=3D<optimized out>, arg@entry=3D0xffffffff81cf79b8 <taskqueue_thread>) at /usr/src/sys/kern/subr_taskqueue.c:794 tqp =3D <optimized out> tq =3D 0xfffff800016b5900 #13 0xffffffff80bd8a9e in fork_exit (callout=3D0xffffffff80c7ecd0 <taskqueue_thread_loop>, arg=3D0xffffffff81cf79b8 <taskqueue_thread>, frame=3D0xfffffe000ede7f40) at /usr/src/sys/kern/kern_fork.c:1093 td =3D 0xfffffe00105e01e0 p =3D 0xffffffff81c8d768 <proc0> dtd =3D <optimized out> #14 <signal handler called> No locals. #15 mi_startup () at /usr/src/sys/kern/init_main.c:322 sipp =3D 0x8080808080808080 xipp =3D <optimized out> save =3D <optimized out> Backtrace stopped: Cannot access memory at address 0x3000000028 (kgdb) info registers rax 0x6 6 rbx 0x0 0 rcx 0xffffffff841003d0 -2079325232 rdx 0x1d 29 rsi 0x0 0 rdi 0xfffff80019641000 -8795667034112 rbp 0xfffffe000ede7de0 0xfffffe000ede7de0 rsp 0xfffffe000ede7d98 0xfffffe000ede7d98 r8 0xffffffff8190be60 -2121220512 r9 0x0 0 r10 0x7d0 2000 r11 0x801973db 2149151707 r12 0xfffff80019641000 -8795667034112 r13 0x5 5 r14 0xffffffff8190bef8 -2121220360 r15 0x4 4 rip 0xffffffff841003d0 0xffffffff841003d0 eflags 0x10282 [ SF IF RF ] cs 0x20 32 ss 0x28 40 ds <unavailable> es <unavailable> fs <unavailable> gs <unavailable> fs_base <unavailable> gs_base <unavailable> (kgdb) frame 8 #8 0xffffffff841003d0 in ?? () (kgdb) I do not know what is loaded at 0xffffffff841003d0. If you need more information or any of the files in /var/crash, please let me know. Also, I haven't tested whether this bug is reproducib= le on other machines but it is at least the 7th time I saw this looking at t= he contents of /var/crash. Minor note: The crash does not occur when I stop the jail before shutting down the machine. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-267935-227>