From nobody Thu Nov 23 20:05:31 2023
X-Original-To: bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Sbpy40jVdz51jsR
	for <bugs@mlmmj.nyi.freebsd.org>; Thu, 23 Nov 2023 20:05:32 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Sbpy35mXMz4DKn
	for <bugs@FreeBSD.org>; Thu, 23 Nov 2023 20:05:31 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1700769931;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=+K6tKq2tAHCkPrBmRPBRRZro4kIidUfvhGhbRo2JVMA=;
	b=TJO+hGdg1XcbDDrcF3OqSc+sK0WUi2QWjVq1qmN8UgIjoeFG5gqJ9bAmZjUhfRMJbVsoT0
	lvJ4BKQirepgG55I6Zo5l3GtvxJWRZ1/SbppAru3BsS4lKltf8cqRY8d35kjs2HoCT9NV5
	pbI7w2tdK8D/XhEa0I3dw7n4EsKSAO1FvZCnukqFxNG3jNwAVVllMYcUGsdXnvmgle58Xb
	FmPC0KtNg4dnOoznR/vVLtc/54Sp3KKx04+A7lBMGgiFXHXYThTEC9fS+eGW07HeXuwGc3
	kTsKhxafWFXDh3v8mRbJoqefT5qN7aLqSRj9ybTzORu+85mpKPRu06gz9YkUmA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1700769931; a=rsa-sha256; cv=none;
	b=uP3F031yE1MZOkGmUqX0n2iOCzJK/HH/qizhYZhjOQ2YkQcIpAUk0/SNZ+hc34ssUpV+Xr
	PmzP6fjTQ2dheOsg5Bxfx1bq6pzT2gltK4VgBd7Ogn4nJk8fCIOIReN7ITA/R7BKT2xIlp
	85BoRqcbxFoBQd5ShvfgMs3AyhsmESWAieFiygYH+WRV0jycRBJjJ4QN4081a66kFh1HD6
	/IkL22KqlsvH33n8vtkkgZF593b21DKrvyQJmeHU/PkRTXkcGcLbojGAIXQS/mZmLjql+8
	6x092+XOL+63njp0K8QLpm9G5R6obNsLgdQX8XxFSPLnr64j8OLg+0mETzLvuA==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Sbpy34mFZz1jH
	for <bugs@FreeBSD.org>; Thu, 23 Nov 2023 20:05:31 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3ANK5VJS070458
	for <bugs@FreeBSD.org>; Thu, 23 Nov 2023 20:05:31 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3ANK5VaM070457
	for bugs@FreeBSD.org; Thu, 23 Nov 2023 20:05:31 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 275286] kqueue(2): kqueue_close: page fault
Date: Thu, 23 Nov 2023 20:05:31 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 13.2-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: andreas.bock@virtual-arts-software.de
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 attachments.mimetype attachments.created
Message-ID: <bug-275286-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-bugs
List-Help: <mailto:freebsd-bugs+help@freebsd.org>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Subscribe: <mailto:freebsd-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-bugs@freebsd.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275286

            Bug ID: 275286
           Summary: kqueue(2): kqueue_close: page fault
           Product: Base System
           Version: 13.2-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: andreas.bock@virtual-arts-software.de
 Attachment #246521 text/plain
         mime type:

Created attachment 246521
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D246521&action=
=3Dedit
small test program to trigger a page fault in the kqueue(2) code

While I was experimenting with kqueue(2) and rfork(2), a page fault was
triggered.
When using fork(2) this problem does not occur.

The panic is reproducible with the attached code.
It is also reproducible on FreeBSD 14.0.


The following is from the generated crash info:

13.2-RELEASE-p4 FreeBSD 13.2-RELEASE-p4 releng/13.2-n254638-d20ece445acf
GENERIC  amd64

panic: page fault

GNU gdb (GDB) 13.2 [GDB v13.2 for FreeBSD]
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.htm=
l>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd13.2".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /boot/kernel/kernel...
Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug...

Unread portion of the kernel message buffer:
[112]
[112]
[112] Fatal trap 12: page fault while in kernel mode
[112] cpuid =3D 7; apic id =3D 27
[112] fault virtual address     =3D 0x20
[112] fault code                =3D supervisor read data, page not present
[112] instruction pointer       =3D 0x20:0xffffffff8071161b
[112] stack pointer             =3D 0x28:0xfffffe042eac9b00
[112] frame pointer             =3D 0x28:0xfffffe042eac9b20
[112] code segment              =3D base 0x0, limit 0xfffff, type 0x1b
[112]                   =3D DPL 0, pres 1, long 1, def32 0, gran 1
[112] processor eflags  =3D interrupt enabled, resume, IOPL =3D 0
[112] current process           =3D 99300 (test)
[112] trap number               =3D 12
[112] panic: page fault
[112] cpuid =3D 7
[112] time =3D 1698479858
[112] KDB: stack backtrace:
[112] #0 0xffffffff807ae505 at kdb_backtrace+0x65
[112] #1 0xffffffff80760e81 at vpanic+0x151
[112] #2 0xffffffff80760d23 at panic+0x43
[112] #3 0xffffffff80abffa7 at trap_fatal+0x387
[112] #4 0xffffffff80abffff at trap_pfault+0x4f
[112] #5 0xffffffff80a97108 at calltrap+0x8
[112] #6 0xffffffff80710fe8 at kqueue_drain+0x258
[112] #7 0xffffffff80712462 at kqueue_close+0x42
[112] #8 0xffffffff80702ac1 at _fdrop+0x11
[112] #9 0xffffffff8070607b at closef+0x24b
[112] #10 0xffffffff8070593c at fdescfree_fds+0xdc
[112] #11 0xffffffff807053e5 at fdescfree+0x3b5
[112] #12 0xffffffff807178e7 at exit1+0x4d7
[112] #13 0xffffffff8071740d at sys_sys_exit+0xd
[112] #14 0xffffffff80ac089c at amd64_syscall+0x10c
[112] #15 0xffffffff80a97a1b at fast_syscall_common+0xf8
[112] Uptime: 1m52s
[112] Dumping 8596 out of 262104
MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55              __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru=
ct
pcpu,
(kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=3D<optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:396
#2  0xffffffff80760a4a in kern_reboot (howto=3D260)
    at /usr/src/sys/kern/kern_shutdown.c:484
#3  0xffffffff80760eee in vpanic (fmt=3D<optimized out>,
    ap=3Dap@entry=3D0xfffffe042eac9950) at /usr/src/sys/kern/kern_shutdown.=
c:923
#4  0xffffffff80760d23 in panic (fmt=3D<unavailable>)
    at /usr/src/sys/kern/kern_shutdown.c:847
#5  0xffffffff80abffa7 in trap_fatal (frame=3D0xfffffe042eac9a40, eva=3D32)
    at /usr/src/sys/amd64/amd64/trap.c:942
#6  0xffffffff80abffff in trap_pfault (frame=3D0xfffffe042eac9a40,
    usermode=3Dfalse, signo=3D<optimized out>, ucode=3D<optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:761
#7  <signal handler called>
#8  knlist_remove_kq (knl=3D0x0, kn=3D0xfffff8284882e5a0, knlislocked=3D0,
    kqislocked=3D0) at /usr/src/sys/kern/kern_event.c:2447
#9  0xffffffff80710fe8 in knote_drop (kn=3D0xfffff8284882e5a0,
    td=3D0xfffffe01c6244720) at /usr/src/sys/kern/kern_event.c:2736
#10 kqueue_drain (kq=3Dkq@entry=3D0xfffff828481c5300,
    td=3Dtd@entry=3D0xfffffe01c6244720) at /usr/src/sys/kern/kern_event.c:2=
240
#11 0xffffffff80712462 in kqueue_close (fp=3D0xfffff8284816eaa0,
    td=3D0xfffffe01c6244720) at /usr/src/sys/kern/kern_event.c:2289
#12 0xffffffff80702ac1 in fo_close (fp=3D0x0, fp@entry=3D0xfffff8284816eaa0,
    td=3D0xfffff8284882e5a0, td@entry=3D0xfffffe01c6244720)
    at /usr/src/sys/sys/file.h:384
#13 _fdrop (fp=3D0x0, fp@entry=3D0xfffff8284816eaa0, td=3D0xfffff8284882e5a=
0,
    td@entry=3D0xfffffe01c6244720) at /usr/src/sys/kern/kern_descrip.c:3691
#14 0xffffffff8070607b in closef (fp=3Dfp@entry=3D0xfffff8284816eaa0,
    td=3Dtd@entry=3D0xfffffe01c6244720) at /usr/src/sys/kern/kern_descrip.c=
:2937
#15 0xffffffff8070593c in fdescfree_fds (td=3D0xfffff8284882e5a0,
    td@entry=3D0xfffffe01c6244720, fdp=3Dfdp@entry=3D0xfffffe01cc6b9000,
    needclose=3Dfalse) at /usr/src/sys/kern/kern_descrip.c:2644
#16 0xffffffff807053e5 in fdescfree (td=3Dtd@entry=3D0xfffffe01c6244720)
    at /usr/src/sys/kern/kern_descrip.c:2690
#17 0xffffffff807178e7 in exit1 (td=3D0xfffffe01c6244720, rval=3D<optimized=
 out>,
    signo=3Dsigno@entry=3D0) at /usr/src/sys/kern/kern_exit.c:403
#18 0xffffffff8071740d in sys_sys_exit (td=3D0x0, uap=3D<optimized out>)
    at /usr/src/sys/kern/kern_exit.c:212
#19 0xffffffff80ac089c in syscallenter (td=3D0xfffffe01c6244720)
    at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:190
#20 amd64_syscall (td=3D0xfffffe01c6244720, traced=3D0)
    at /usr/src/sys/amd64/amd64/trap.c:1183
#21 <signal handler called>
#22 0x00000008240e504a in ?? ()
Backtrace stopped: Cannot access memory at address 0x82026a5c8
(kgdb)

--=20
You are receiving this mail because:
You are the assignee for the bug.=