[Bug 219227] [panic] [emulators/virtualbox-ose-additions] VBoxService page fault on 11-STABLE
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu May 11 19:11:08 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219227
Bug ID: 219227
Summary: [panic] [emulators/virtualbox-ose-additions]
VBoxService page fault on 11-STABLE
Product: Base System
Version: 11.0-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: gjb at FreeBSD.org
While investigating an unrelated issue with Vagrant virtual machines, I
observed the following panic on 11.0-STABLE r318134 that is triggered by
VBoxService in the Project upstream pkg(8) mirrors:
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0xd6
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff80d5895f
stack pointer = 0x28:0xfffffe001da4e3c0
frame pointer = 0x28:0xfffffe001da4e3d0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 5622 (VBoxService)
trap number = 12
panic: page fault
cpuid = 0
KDB: stack backtrace:
#0 0xffffffff80aa8a57 at kdb_backtrace+0x67
#1 0xffffffff80a66bc6 at vpanic+0x186
#2 0xffffffff80a66a33 at panic+0x43
#3 0xffffffff80ed97f2 at trap_fatal+0x322
#4 0xffffffff80ed9849 at trap_pfault+0x49
#5 0xffffffff80ed9086 at trap+0x286
#6 0xffffffff80ebdf41 at calltrap+0x8
#7 0xffffffff80d5bef5 at vm_map_wire+0x35
#8 0xffffffff82234723 at rtR0MemObjNativeLockUser+0x63
#9 0xffffffff8221ebbc at VbglR0HGCMInternalCall+0x2ac
#10 0xffffffff8221d385 at vgdrvIoCtl_HGCMCall+0x225
#11 0xffffffff8221b756 at VGDrvCommonIoCtl+0x206
#12 0xffffffff8221e308 at vgdrvFreeBSDIOCtl+0x128
#13 0xffffffff80936398 at devfs_ioctl_f+0x128
#14 0xffffffff80ac43a5 at kern_ioctl+0x255
#15 0xffffffff80ac40df at sys_ioctl+0x16f
#16 0xffffffff80eda354 at amd64_syscall+0x6c4
#17 0xffffffff80ebe22b at Xfast_syscall+0xfb
Uptime: 28m28s
Dumping 140 out of 479 MB:..12%..23%..35%..46%..57%..69%..80%..91%
When reverting the local ports tree to virtualbox-ose-additions 5.1.20 as well
as 5.1.22 built locally, the system does not panic. The problem appears to be
caused by the vboxguest.ko included in the upstream package.
Reading symbols from /boot/modules/vboxguest.ko...done.
Loaded symbols for /boot/modules/vboxguest.ko
#0 doadump (textdump=<value optimized out>) at pcpu.h:222
222 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) frame 7
#7 0xffffffff80ebdf41 in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:236
warning: Source file is more recent than executable.
236 call trap_check
Current language: auto; currently asm
(kgdb) list
231 #endif
232 .globl calltrap
233 .type calltrap, at function
234 calltrap:
235 movq %rsp,%rdi
236 call trap_check
237 MEXITCOUNT
238 jmp doreti /* Handle any pending ASTs */
239
240 /*
(kgdb) up
#8 0xffffffff80d5895f in _vm_map_lock (map=0x1, file=0x0, line=0) at
/usr/src/sys/vm/vm_map.c:501
warning: Source file is more recent than executable.
501 {
Current language: auto; currently minimal
(kgdb) list
496 vmspace_free(oldvm);
497 }
498
499 void
500 _vm_map_lock(vm_map_t map, const char *file, int line)
501 {
502
503 if (map->system_map)
504 mtx_lock_flags_(&map->system_mtx, 0, file, line);
505 else
(kgdb) up
#9 0xffffffff80d5bef5 in vm_map_wire (map=0x1, start=4546560, end=<value
optimized out>, flags=1) at /usr/src/sys/vm/vm_map.c:2545
2545 vm_map_lock(map);
(kgdb) list
2540 return (KERN_SUCCESS);
2541 prot = 0;
2542 if (flags & VM_MAP_WIRE_WRITE)
2543 prot |= VM_PROT_WRITE;
2544 user_wire = (flags & VM_MAP_WIRE_USER) ? TRUE : FALSE;
2545 vm_map_lock(map);
2546 VM_MAP_RANGE_CHECK(map, start, end);
2547 if (!vm_map_lookup_entry(map, start, &first_entry)) {
2548 if (flags & VM_MAP_WIRE_HOLESOK)
2549 first_entry = first_entry->next;
(kgdb) up
#10 0xffffffff82234723 in rtR0MemObjNativeLockUser () from
/boot/modules/vboxguest.ko
(kgdb) list
2550 else {
2551 vm_map_unlock(map);
2552 return (KERN_INVALID_ADDRESS);
2553 }
2554 }
2555 last_timestamp = map->timestamp;
2556 entry = first_entry;
2557 while (entry != &map->header && entry->start < end) {
2558 if (entry->eflags & MAP_ENTRY_IN_TRANSITION) {
2559 /*
(kgdb) up
#11 0xffffffff8221ebbc in VbglR0HGCMInternalCall () from
/boot/modules/vboxguest.ko
(kgdb) list
2560 * We have not yet clipped the entry.
2561 */
2562 saved_start = (start >= entry->start) ? start :
2563 entry->start;
2564 entry->eflags |= MAP_ENTRY_NEEDS_WAKEUP;
2565 if (vm_map_unlock_and_wait(map, 0)) {
2566 /*
2567 * Allow interruption of user wiring?
2568 */
2569 }
(kgdb) up
#12 0xffffffff8221d385 in vgdrvIoCtl_HGCMCall () from
/boot/modules/vboxguest.ko
(kgdb) list
2570 vm_map_lock(map);
2571 if (last_timestamp + 1 != map->timestamp) {
2572 /*
2573 * Look again for the entry because the
map was
2574 * modified while it was unlocked.
2575 * Specifically, the entry may have
been
2576 * clipped, merged, or deleted.
2577 */
2578 if (!vm_map_lookup_entry(map,
saved_start,
2579 &tmp_entry)) {
(kgdb) up
#13 0xffffffff8221b756 in VGDrvCommonIoCtl () from /boot/modules/vboxguest.ko
(kgdb) list
2580 if (flags &
VM_MAP_WIRE_HOLESOK)
2581 tmp_entry =
tmp_entry->next;
2582 else {
2583 if (saved_start ==
start) {
2584 /*
2585 * first_entry
has been deleted.
2586 */
2587
vm_map_unlock(map);
2588 return
(KERN_INVALID_ADDRESS);
2589 }
(kgdb) up
#14 0xffffffff8221e308 in vgdrvFreeBSDIOCtl () from /boot/modules/vboxguest.ko
(kgdb) list
2590 end = saved_start;
2591 rv =
KERN_INVALID_ADDRESS;
2592 goto done;
2593 }
2594 }
2595 if (entry == first_entry)
2596 first_entry = tmp_entry;
2597 else
2598 first_entry = NULL;
2599 entry = tmp_entry;
(kgdb) up
#15 0xffffffff80936398 in devfs_ioctl_f (fp=0x457000, com=4546560,
data=0xfffff8000dd66c90, cred=0xfffffff8, td=0xfffff8000e013000)
at /usr/src/sys/fs/devfs/devfs_vnops.c:791
warning: Source file is more recent than executable.
791 error = dsw->d_ioctl(dev, com, data, fp->f_flag, td);
(kgdb) list
786 error = copyout(p, fgn->buf, i);
787 td->td_fpop = fpop;
788 dev_relthread(dev, ref);
789 return (error);
790 }
791 error = dsw->d_ioctl(dev, com, data, fp->f_flag, td);
792 td->td_fpop = NULL;
793 dev_relthread(dev, ref);
794 if (error == ENOIOCTL)
795 error = ENOTTY;
(kgdb) up
#16 0xffffffff80ac43a5 in kern_ioctl (td=<value optimized out>, fd=3,
com=<value optimized out>, data=<value optimized out>)
at file.h:323
warning: Source file is more recent than executable.
323 return ((*fp->f_ops->fo_ioctl)(fp, com, data, active_cred,
td));
(kgdb) list
318 static __inline int
319 fo_ioctl(struct file *fp, u_long com, void *data, struct ucred
*active_cred,
320 struct thread *td)
321 {
322
323 return ((*fp->f_ops->fo_ioctl)(fp, com, data, active_cred,
td));
324 }
325
326 static __inline int
327 fo_poll(struct file *fp, int events, struct ucred *active_cred,
root@:/usr/lib/debug/boot/kernel # file /usr/local/sbin/VBoxService*
/usr/local/sbin/VBoxService: ELF 64-bit LSB executable, x86-64, version
1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD
11.0 (1100122), FreeBSD-style, stripped
/usr/local/sbin/VBoxService-5.1.20: ELF 64-bit LSB executable, x86-64, version
1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD
11.0 (1100512), FreeBSD-style, stripped
/usr/local/sbin/VBoxService-5.1.22: ELF 64-bit LSB executable, x86-64, version
1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD
11.0 (1100512), FreeBSD-style, stripped
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list