FreeBSD Mail Archives

Date:      Thu, 23 Nov 2023 20:05:31 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 275286] kqueue(2): kqueue_close: page fault
Message-ID:  <bug-275286-227@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275286

            Bug ID: 275286
           Summary: kqueue(2): kqueue_close: page fault
           Product: Base System
           Version: 13.2-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: andreas.bock@virtual-arts-software.de
 Attachment #246521 text/plain
         mime type:

Created attachment 246521
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D246521&action=
=3Dedit
small test program to trigger a page fault in the kqueue(2) code

While I was experimenting with kqueue(2) and rfork(2), a page fault was
triggered.
When using fork(2) this problem does not occur.

The panic is reproducible with the attached code.
It is also reproducible on FreeBSD 14.0.


The following is from the generated crash info:

13.2-RELEASE-p4 FreeBSD 13.2-RELEASE-p4 releng/13.2-n254638-d20ece445acf
GENERIC  amd64

panic: page fault

GNU gdb (GDB) 13.2 [GDB v13.2 for FreeBSD]
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.htm=
l>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd13.2".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /boot/kernel/kernel...
Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug...

Unread portion of the kernel message buffer:
[112]
[112]
[112] Fatal trap 12: page fault while in kernel mode
[112] cpuid =3D 7; apic id =3D 27
[112] fault virtual address     =3D 0x20
[112] fault code                =3D supervisor read data, page not present
[112] instruction pointer       =3D 0x20:0xffffffff8071161b
[112] stack pointer             =3D 0x28:0xfffffe042eac9b00
[112] frame pointer             =3D 0x28:0xfffffe042eac9b20
[112] code segment              =3D base 0x0, limit 0xfffff, type 0x1b
[112]                   =3D DPL 0, pres 1, long 1, def32 0, gran 1
[112] processor eflags  =3D interrupt enabled, resume, IOPL =3D 0
[112] current process           =3D 99300 (test)
[112] trap number               =3D 12
[112] panic: page fault
[112] cpuid =3D 7
[112] time =3D 1698479858
[112] KDB: stack backtrace:
[112] #0 0xffffffff807ae505 at kdb_backtrace+0x65
[112] #1 0xffffffff80760e81 at vpanic+0x151
[112] #2 0xffffffff80760d23 at panic+0x43
[112] #3 0xffffffff80abffa7 at trap_fatal+0x387
[112] #4 0xffffffff80abffff at trap_pfault+0x4f
[112] #5 0xffffffff80a97108 at calltrap+0x8
[112] #6 0xffffffff80710fe8 at kqueue_drain+0x258
[112] #7 0xffffffff80712462 at kqueue_close+0x42
[112] #8 0xffffffff80702ac1 at _fdrop+0x11
[112] #9 0xffffffff8070607b at closef+0x24b
[112] #10 0xffffffff8070593c at fdescfree_fds+0xdc
[112] #11 0xffffffff807053e5 at fdescfree+0x3b5
[112] #12 0xffffffff807178e7 at exit1+0x4d7
[112] #13 0xffffffff8071740d at sys_sys_exit+0xd
[112] #14 0xffffffff80ac089c at amd64_syscall+0x10c
[112] #15 0xffffffff80a97a1b at fast_syscall_common+0xf8
[112] Uptime: 1m52s
[112] Dumping 8596 out of 262104
MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55              __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru=
ct
pcpu,
(kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=3D<optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:396
#2  0xffffffff80760a4a in kern_reboot (howto=3D260)
    at /usr/src/sys/kern/kern_shutdown.c:484
#3  0xffffffff80760eee in vpanic (fmt=3D<optimized out>,
    ap=3Dap@entry=3D0xfffffe042eac9950) at /usr/src/sys/kern/kern_shutdown.=
c:923
#4  0xffffffff80760d23 in panic (fmt=3D<unavailable>)
    at /usr/src/sys/kern/kern_shutdown.c:847
#5  0xffffffff80abffa7 in trap_fatal (frame=3D0xfffffe042eac9a40, eva=3D32)
    at /usr/src/sys/amd64/amd64/trap.c:942
#6  0xffffffff80abffff in trap_pfault (frame=3D0xfffffe042eac9a40,
    usermode=3Dfalse, signo=3D<optimized out>, ucode=3D<optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:761
#7  <signal handler called>
#8  knlist_remove_kq (knl=3D0x0, kn=3D0xfffff8284882e5a0, knlislocked=3D0,
    kqislocked=3D0) at /usr/src/sys/kern/kern_event.c:2447
#9  0xffffffff80710fe8 in knote_drop (kn=3D0xfffff8284882e5a0,
    td=3D0xfffffe01c6244720) at /usr/src/sys/kern/kern_event.c:2736
#10 kqueue_drain (kq=3Dkq@entry=3D0xfffff828481c5300,
    td=3Dtd@entry=3D0xfffffe01c6244720) at /usr/src/sys/kern/kern_event.c:2=
240
#11 0xffffffff80712462 in kqueue_close (fp=3D0xfffff8284816eaa0,
    td=3D0xfffffe01c6244720) at /usr/src/sys/kern/kern_event.c:2289
#12 0xffffffff80702ac1 in fo_close (fp=3D0x0, fp@entry=3D0xfffff8284816eaa0,
    td=3D0xfffff8284882e5a0, td@entry=3D0xfffffe01c6244720)
    at /usr/src/sys/sys/file.h:384
#13 _fdrop (fp=3D0x0, fp@entry=3D0xfffff8284816eaa0, td=3D0xfffff8284882e5a=
0,
    td@entry=3D0xfffffe01c6244720) at /usr/src/sys/kern/kern_descrip.c:3691
#14 0xffffffff8070607b in closef (fp=3Dfp@entry=3D0xfffff8284816eaa0,
    td=3Dtd@entry=3D0xfffffe01c6244720) at /usr/src/sys/kern/kern_descrip.c=
:2937
#15 0xffffffff8070593c in fdescfree_fds (td=3D0xfffff8284882e5a0,
    td@entry=3D0xfffffe01c6244720, fdp=3Dfdp@entry=3D0xfffffe01cc6b9000,
    needclose=3Dfalse) at /usr/src/sys/kern/kern_descrip.c:2644
#16 0xffffffff807053e5 in fdescfree (td=3Dtd@entry=3D0xfffffe01c6244720)
    at /usr/src/sys/kern/kern_descrip.c:2690
#17 0xffffffff807178e7 in exit1 (td=3D0xfffffe01c6244720, rval=3D<optimized=
 out>,
    signo=3Dsigno@entry=3D0) at /usr/src/sys/kern/kern_exit.c:403
#18 0xffffffff8071740d in sys_sys_exit (td=3D0x0, uap=3D<optimized out>)
    at /usr/src/sys/kern/kern_exit.c:212
#19 0xffffffff80ac089c in syscallenter (td=3D0xfffffe01c6244720)
    at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:190
#20 amd64_syscall (td=3D0xfffffe01c6244720, traced=3D0)
    at /usr/src/sys/amd64/amd64/trap.c:1183
#21 <signal handler called>
#22 0x00000008240e504a in ?? ()
Backtrace stopped: Cannot access memory at address 0x82026a5c8
(kgdb)

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-275286-227>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation