svn commit: r349393 - head/sys/vm

Wed Jun 26 03:32:17 UTC 2019

In message <201906252025.x5PKPGml014589 at repo.freebsd.org>, Doug Moore 
writes:
> Author: dougm
> Date: Tue Jun 25 20:25:16 2019
> New Revision: 349393
> URL: https://svnweb.freebsd.org/changeset/base/349393
>
> Log:
>   Eliminate some uses of the prev and next fields of vm_map_entry_t.
>   
>   Since the only caller to vm_map_splay is vm_map_lookup_entry, move the
>   implementation of vm_map_splay into vm_map_lookup_helper, called by
>   vm_map_lookup_entry.
>   
>   vm_map_lookup_entry returns the greatest entry less than or equal to a
>   given address, but in many cases the caller wants the least entry
>   greater than or equal to the address and uses the next pointer to get
>   to it. Provide an alternative interface to lookup,
>   vm_map_lookup_entry_ge, to provide the latter behavior, and let
>   callers use one or the other rather than having them use the next
>   pointer after a lookup miss to get what they really want.
>   
>   In vm_map_growstack, the caller wants an entry that includes a given
>   address, and either the preceding or next entry depending on the value
>   of eflags in the first entry. Incorporate that behavior into
>   vm_map_lookup_helper, the function that implements all of these
>   lookups.
>   
>   Eliminate some temporary variables used with vm_map_lookup_entry, but
>   inessential.
>   
>   Reviewed by: markj (earlier version)
>   Approved by: kib (mentor)
>   Differential Revision: https://reviews.freebsd.org/D20664
>
> Modified:
>   head/sys/vm/vm_map.c
>   head/sys/vm/vm_map.h
>
[...]

Hi Doug,

This commit causes the following panic. The panic occurs during UFS fsck.
Booting into single user and issuing fsck by hand also results in the
panic. Reverting this rev provides relief.

<118>Starting file system checks:

Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address	= 0x52
fault code		= supervisor read data, page not present
instruction pointer	= 0x20:0xffffffff809649b4
stack pointer	        = 0x0:0xfffffe0035853810
frame pointer	        = 0x0:0xfffffe00358538f0
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 62 (fsck_ufs)
trap number		= 12
panic: page fault
cpuid = 1
time = 1561490154
KDB: stack backtrace:
#0 0xffffffff806bff77 at kdb_backtrace+0x67
#1 0xffffffff806744fd at vpanic+0x19d
#2 0xffffffff80674353 at panic+0x43
#3 0xffffffff809adcdc at trap_fatal+0x39c
#4 0xffffffff809add29 at trap_pfault+0x49
#5 0xffffffff809ad31f at trap+0x29f
#6 0xffffffff80989125 at calltrap+0x8
#7 0xffffffff80956702 at vm_fault_hold+0x72
#8 0xffffffff80956640 at vm_fault+0x60
#9 0xffffffff809ade44 at trap_pfault+0x164
#10 0xffffffff809ad4ab at trap+0x42b
#11 0xffffffff80989125 at calltrap+0x8
Uptime: 22s
Dumping 302 out of 4068 MB:..6%..11%..22%..32%..43%..53%..64%..74%..85%.
.96%

__curthread () at /opt/src/svn-current/sys/amd64/include/pcpu.h:246
246		__asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (OFFSETOF_CURTHREAD));
(kgdb) bt
#0  __curthread () at /opt/src/svn-current/sys/amd64/include/pcpu.h:246
#1  doadump (textdump=<optimized out>) at /opt/src/svn-current/sys/kern/
kern_shutdown.c:392
#2  0xffffffff806740b8 in kern_reboot (howto=260) at 
/opt/src/svn-current/sys/kern/kern_shutdown.c:479
#3  0xffffffff80674559 in vpanic (fmt=<optimized out>, ap=<optimized 
out>) at /opt/src/svn-current/sys/kern/kern_shutdown.c:905
#4  0xffffffff80674353 in panic (fmt=<unavailable>) at 
/opt/src/svn-current/sys/kern/kern_shutdown.c:832
#5  0xffffffff809adcdc in trap_fatal (frame=0xfffffe0035853750, eva=82) 
at /opt/src/svn-current/sys/amd64/amd64/trap.c:943
#6  0xffffffff809add29 in trap_pfault (frame=0xfffffe0035853750, 
usermode=0) at /opt/src/svn-current/sys/amd64/amd64/trap.c:767
#7  0xffffffff809ad31f in trap (frame=0xfffffe0035853750) at 
/opt/src/svn-current/sys/amd64/amd64/trap.c:443
#8  <signal handler called>
#9  0xffffffff809649b4 in vm_map_growstack (map=0xfffff80005757000, 
addr=140737487298560, gap_entry=0xfffff8000546a9a0) at 
/opt/src/svn-current/sys/vm/vm_map.c:4226
#10 vm_map_lookup (var_map=0xfffffe00358539e0, vaddr=140737487298560, 
fault_typea=18 '\022', out_entry=0xfffffe00358539e8, 
object=0xfffffe00358539d0, pindex=0xfffffe00358539d8,
    out_prot=0xfffffe0035853a17 "\003", wired=0xfffffe0035853a04) at 
/opt/src/svn-current/sys/vm/vm_map.c:4549
#11 0xffffffff80956702 in vm_fault_hold (map=0xfffff80005757000, 
vaddr=140737487298560, fault_type=2 '\002', fault_flags=0, m_hold=0x0) 
at /opt/src/svn-current/sys/vm/vm_fault.c:589
#12 0xffffffff80956640 in vm_fault (map=0xfffff80005757000, 
vaddr=<optimized out>, fault_type=2 '\002', fault_flags=0) at 
/opt/src/svn-current/sys/vm/vm_fault.c:550
#13 0xffffffff809ade44 in trap_pfault (frame=0xfffffe0035853c00, 
usermode=1) at /opt/src/svn-current/sys/amd64/amd64/trap.c:846
#14 0xffffffff809ad4ab in trap (frame=0xfffffe0035853c00) at 
/opt/src/svn-current/sys/amd64/amd64/trap.c:355
#15 <signal handler called>
#16 0x0000000000215f3e in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffffefe4b0

-- 
Cheers,
Cy Schubert <Cy.Schubert at cschubert.com>
FreeBSD UNIX:  <cy at FreeBSD.org>   Web:  http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.