From nobody Fri Dec 10 16:36:49 2021
X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 6F96818DA7EA
	for <freebsd-current@mlmmj.nyi.freebsd.org>; Fri, 10 Dec 2021 16:36:56 +0000 (UTC)
	(envelope-from mavbsd@gmail.com)
Received: from mail-qv1-xf2c.google.com (mail-qv1-xf2c.google.com [IPv6:2607:f8b0:4864:20::f2c])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4J9c4S2TKvz3Klq
	for <freebsd-current@freebsd.org>; Fri, 10 Dec 2021 16:36:56 +0000 (UTC)
	(envelope-from mavbsd@gmail.com)
Received: by mail-qv1-xf2c.google.com with SMTP id m17so8448326qvx.8
        for <freebsd-current@freebsd.org>; Fri, 10 Dec 2021 08:36:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=sender:subject:to:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=UM1Z4lhbxTG5Idy6XMIm7Ty25K85if5+VJZw8iqj0x4=;
        b=EcZZgAyzPJ/jJJm3RhwzzYsxMmSMyVMQ/6gNo0ePlNmFVbtOpNc6Mj9UvlsVlPOYmq
         H9ofnp4dPI78M7bnwxh7e4T8mLmOvrPjDDEu34XZFPnBpRFX7SpxgyI1VAnY6RiBNtrY
         Rb/5N2D80rk/IHU+Rr9ru3t3bq74vyl3ioDNjaztJkEztd9/U2Ih4ra9H2nOoOsqVDkn
         X8W8TwpfdaiGRAX6+N57MP/IXKNRAh/YsMhBmRnCnX3fa/PHJ1WnRPkc5oQ2UCosfBF4
         qIXCsH5jM/nWTG/oKUvAonIWhdZnNxBa72CIXT7hqOG4yZEbItKAQ4QcQHyWf4xfRidm
         R6GA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:sender:subject:to:references:from:message-id
         :date:user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=UM1Z4lhbxTG5Idy6XMIm7Ty25K85if5+VJZw8iqj0x4=;
        b=OU1pOXnm+W4DxtMLQ4fzZaQHQ9paF6toX8JgICuFQ30ekD1Ld12I3FS+RbhhE/F5y+
         cQ/P16ZHOsoBhd+udPOjxczGMFHfKG4jTVFzkkVRR8JMt6s33XCkj+iGpVyHvXZYG1HG
         Whdr5ZFu8HuK61NhLBEnlXHaIGB0GtCAm++hFISi3FviA2r3PaH83trGr0m8rpxhoJP0
         yDcrI9b2FbWEq6f8t0mS6eS2GC2PJLTISosv6t7fBmEVg8D8QKje7GA+UL7mSAZ/Pom1
         /5LWxFsd/WnhtREZXff1Ea4IPaw78O7zeZImlyIDUA0ESWmFx0VKPR5uPyH49xYHZWhe
         cCew==
X-Gm-Message-State: AOAM530MtkokYZgCGmRF1OuD7PpICnnIr9HWnHZMhGzktz4z1PDQ6W8m
	f5G8fOoT4eVQpZQV+1NdlsMeoytxOTQ=
X-Google-Smtp-Source: ABdhPJxc2NsKW3T2lQNWrtpgwNjymoHTVBgYmSdiFtnAv9xGYZGPnd9XgoGYXbmbXOPVZcHQudl5rA==
X-Received: by 2002:ad4:5046:: with SMTP id m6mr26286786qvq.116.1639154210042;
        Fri, 10 Dec 2021 08:36:50 -0800 (PST)
Received: from mavoffice.ixsystems.com ([38.32.73.2])
        by smtp.gmail.com with ESMTPSA id g21sm2338333qtb.62.2021.12.10.08.36.49
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 10 Dec 2021 08:36:49 -0800 (PST)
Subject: Re: Panic: Page Fault in Kernel: Yesterday's CURRENT
To: Larry Rosenman <ler@lerctr.org>,
 Freebsd current <freebsd-current@freebsd.org>
References: <3d1b5249a2c51670de496fad9e8b054c@lerctr.org>
From: Alexander Motin <mav@FreeBSD.org>
Message-ID: <9852ae04-6dd0-1cd4-13fe-e97c68e71b37@FreeBSD.org>
Date: Fri, 10 Dec 2021 11:36:49 -0500
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101
 Thunderbird/78.13.0
List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-current
List-Help: <mailto:freebsd-current+help@freebsd.org>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Subscribe: <mailto:freebsd-current+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@freebsd.org>
Sender: owner-freebsd-current@freebsd.org
MIME-Version: 1.0
In-Reply-To: <3d1b5249a2c51670de496fad9e8b054c@lerctr.org>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 4J9c4S2TKvz3Klq
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [-4.00 / 15.00];
	 REPLY(-4.00)[]
X-ThisMailContainsUnwantedMimeParts: N

Hi Larry,

This looks like some use-after-free or otherwise corrupted callout
structure.  Unfortunately the backtrace does not tell what was the
callout.  When was the previous update to look what could change?

On 10.12.2021 11:24, Larry Rosenman wrote:
> FreeBSD borg.lerctr.org 14.0-CURRENT FreeBSD 14.0-CURRENT #15
> main-n251537-ab639f2398b: Thu Dec  9 19:45:37 CST 2021    
> root@borg.lerctr.org:/usr/obj/usr/src/amd64.amd64/sys/LER-MINIMAL  amd64
> 
> VMCORE *IS* available.
> 
> 
> 
> 
> Unread portion of the kernel message buffer:
> kernel trap 12 with interrupts disabled
> 
> 
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 20
> fault virtual address   = 0x0
> fault code              = supervisor write data, page not present
> instruction pointer     = 0x20:0xffffffff804e0db4
> stack pointer           = 0x0:0xfffffe0434de4e10
> frame pointer           = 0x0:0xfffffe0434de4e70
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags        = resume, IOPL = 0
> current process         = 82990 (c++)
> trap number             = 12
> panic: page fault
> cpuid = 0
> time = 1639111198
> KDB: stack backtrace:
> #0 0xffffffff8050fc95 at kdb_backtrace+0x65
> #1 0xffffffff804c468f at vpanic+0x17f
> #2 0xffffffff804c4503 at panic+0x43
> #3 0xffffffff807a2195 at trap_fatal+0x385
> #4 0xffffffff807a21ef at trap_pfault+0x4f
> #5 0xffffffff80779c78 at calltrap+0x8
> #6 0xffffffff8045ddb8 at handleevents+0x188
> #7 0xffffffff8045ea3e at timercb+0x24e
> #8 0xffffffff807ca9eb at lapic_handle_timer+0x9b
> #9 0xffffffff8077b9b1 at Xtimerint+0xb1
> Uptime: 2h28m57s
> Dumping 12829 out of 131023
> MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%
> 
> __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
> 55              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n"
> (offsetof(struct pcpu,
> (kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
> #1  doadump (textdump=<optimized out>)
>     at /usr/src/sys/kern/kern_shutdown.c:399
> #2  0xffffffff804c428c in kern_reboot (howto=260)
>     at /usr/src/sys/kern/kern_shutdown.c:487
> #3  0xffffffff804c46fe in vpanic (fmt=0xffffffff807e1276 "%s",
>     ap=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:920
> #4  0xffffffff804c4503 in panic (fmt=<unavailable>)
>     at /usr/src/sys/kern/kern_shutdown.c:844
> #5  0xffffffff807a2195 in trap_fatal (frame=0xfffffe0434de4d50, eva=0)
>     at /usr/src/sys/amd64/amd64/trap.c:946
> #6  0xffffffff807a21ef in trap_pfault (frame=0xfffffe0434de4d50,
>     usermode=false, signo=<optimized out>, ucode=<optimized out>)
>     at /usr/src/sys/amd64/amd64/trap.c:765
> #7  <signal handler called>
> #8  0xffffffff804e0db4 in callout_process (now=now@entry=38385536922300)
>     at /usr/src/sys/kern/kern_timeout.c:488
> #9  0xffffffff8045ddb8 in handleevents (now=now@entry=38385536922300,
>     fake=fake@entry=0) at /usr/src/sys/kern/kern_clocksource.c:213
> #10 0xffffffff8045ea3e in timercb (et=0xffffffff80d475e0 <lapic_et>,
>     arg=<optimized out>) at /usr/src/sys/kern/kern_clocksource.c:357
> #11 0xffffffff807ca9eb in lapic_handle_timer (frame=0xfffffe0434de4f40)
>     at /usr/src/sys/x86/x86/local_apic.c:1364
> #12 <signal handler called>
> #13 0x000000080df42bb6 in ?? ()
> Backtrace stopped: Cannot access memory at address 0x7ffffdef2c90
> (kgdb)
> 
> ------------------------------------------------------------------------
> 

-- 
Alexander Motin