From owner-freebsd-bugs@freebsd.org Thu May 11 19:11:08 2017 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 209AED69535 for ; Thu, 11 May 2017 19:11:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0423A1B34 for ; Thu, 11 May 2017 19:11:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v4BJB7TM052049 for ; Thu, 11 May 2017 19:11:07 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 219227] [panic] [emulators/virtualbox-ose-additions] VBoxService page fault on 11-STABLE Date: Thu, 11 May 2017 19:11:08 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: gjb@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 May 2017 19:11:08 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219227 Bug ID: 219227 Summary: [panic] [emulators/virtualbox-ose-additions] VBoxService page fault on 11-STABLE Product: Base System Version: 11.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: gjb@FreeBSD.org While investigating an unrelated issue with Vagrant virtual machines, I observed the following panic on 11.0-STABLE r318134 that is triggered by VBoxService in the Project upstream pkg(8) mirrors: Fatal trap 12: page fault while in kernel mode cpuid =3D 0; apic id =3D 00 fault virtual address =3D 0xd6 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff80d5895f stack pointer =3D 0x28:0xfffffe001da4e3c0 frame pointer =3D 0x28:0xfffffe001da4e3d0 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 5622 (VBoxService) trap number =3D 12 panic: page fault cpuid =3D 0 KDB: stack backtrace: #0 0xffffffff80aa8a57 at kdb_backtrace+0x67 #1 0xffffffff80a66bc6 at vpanic+0x186 #2 0xffffffff80a66a33 at panic+0x43 #3 0xffffffff80ed97f2 at trap_fatal+0x322 #4 0xffffffff80ed9849 at trap_pfault+0x49 #5 0xffffffff80ed9086 at trap+0x286 #6 0xffffffff80ebdf41 at calltrap+0x8 #7 0xffffffff80d5bef5 at vm_map_wire+0x35 #8 0xffffffff82234723 at rtR0MemObjNativeLockUser+0x63 #9 0xffffffff8221ebbc at VbglR0HGCMInternalCall+0x2ac #10 0xffffffff8221d385 at vgdrvIoCtl_HGCMCall+0x225 #11 0xffffffff8221b756 at VGDrvCommonIoCtl+0x206 #12 0xffffffff8221e308 at vgdrvFreeBSDIOCtl+0x128 #13 0xffffffff80936398 at devfs_ioctl_f+0x128 #14 0xffffffff80ac43a5 at kern_ioctl+0x255 #15 0xffffffff80ac40df at sys_ioctl+0x16f #16 0xffffffff80eda354 at amd64_syscall+0x6c4 #17 0xffffffff80ebe22b at Xfast_syscall+0xfb Uptime: 28m28s Dumping 140 out of 479 MB:..12%..23%..35%..46%..57%..69%..80%..91% When reverting the local ports tree to virtualbox-ose-additions 5.1.20 as w= ell as 5.1.22 built locally, the system does not panic. The problem appears to= be caused by the vboxguest.ko included in the upstream package. Reading symbols from /boot/modules/vboxguest.ko...done. Loaded symbols for /boot/modules/vboxguest.ko #0 doadump (textdump=3D) at pcpu.h:222 222 pcpu.h: No such file or directory. in pcpu.h (kgdb) frame 7 #7 0xffffffff80ebdf41 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:236 warning: Source file is more recent than executable. 236 call trap_check Current language: auto; currently asm (kgdb) list 231 #endif 232 .globl calltrap 233 .type calltrap,@function 234 calltrap: 235 movq %rsp,%rdi 236 call trap_check 237 MEXITCOUNT 238 jmp doreti /* Handle any pending ASTs = */ 239 240 /* (kgdb) up #8 0xffffffff80d5895f in _vm_map_lock (map=3D0x1, file=3D0x0, line=3D0) at /usr/src/sys/vm/vm_map.c:501 warning: Source file is more recent than executable. 501 { Current language: auto; currently minimal (kgdb) list 496 vmspace_free(oldvm); 497 } 498 499 void 500 _vm_map_lock(vm_map_t map, const char *file, int line) 501 { 502 503 if (map->system_map) 504 mtx_lock_flags_(&map->system_mtx, 0, file, line); 505 else (kgdb) up #9 0xffffffff80d5bef5 in vm_map_wire (map=3D0x1, start=3D4546560, end=3D, flags=3D1) at /usr/src/sys/vm/vm_map.c:2545 2545 vm_map_lock(map); (kgdb) list 2540 return (KERN_SUCCESS); 2541 prot =3D 0; 2542 if (flags & VM_MAP_WIRE_WRITE) 2543 prot |=3D VM_PROT_WRITE; 2544 user_wire =3D (flags & VM_MAP_WIRE_USER) ? TRUE : FALSE; 2545 vm_map_lock(map); 2546 VM_MAP_RANGE_CHECK(map, start, end); 2547 if (!vm_map_lookup_entry(map, start, &first_entry)) { 2548 if (flags & VM_MAP_WIRE_HOLESOK) 2549 first_entry =3D first_entry->next; (kgdb) up #10 0xffffffff82234723 in rtR0MemObjNativeLockUser () from /boot/modules/vboxguest.ko (kgdb) list 2550 else { 2551 vm_map_unlock(map); 2552 return (KERN_INVALID_ADDRESS); 2553 } 2554 } 2555 last_timestamp =3D map->timestamp; 2556 entry =3D first_entry; 2557 while (entry !=3D &map->header && entry->start < end) { 2558 if (entry->eflags & MAP_ENTRY_IN_TRANSITION) { 2559 /* (kgdb) up #11 0xffffffff8221ebbc in VbglR0HGCMInternalCall () from /boot/modules/vboxguest.ko (kgdb) list 2560 * We have not yet clipped the entry. 2561 */ 2562 saved_start =3D (start >=3D entry->start) ?= start : 2563 entry->start; 2564 entry->eflags |=3D MAP_ENTRY_NEEDS_WAKEUP; 2565 if (vm_map_unlock_and_wait(map, 0)) { 2566 /* 2567 * Allow interruption of user wirin= g? 2568 */ 2569 } (kgdb) up #12 0xffffffff8221d385 in vgdrvIoCtl_HGCMCall () from /boot/modules/vboxguest.ko (kgdb) list 2570 vm_map_lock(map); 2571 if (last_timestamp + 1 !=3D map->timestamp)= { 2572 /* 2573 * Look again for the entry because= the map was 2574 * modified while it was unlocked. 2575 * Specifically, the entry may have been 2576 * clipped, merged, or deleted. 2577 */ 2578 if (!vm_map_lookup_entry(map, saved_start, 2579 &tmp_entry)) { (kgdb) up #13 0xffffffff8221b756 in VGDrvCommonIoCtl () from /boot/modules/vboxguest.= ko (kgdb) list 2580 if (flags & VM_MAP_WIRE_HOLESOK) 2581 tmp_entry =3D tmp_entry->next; 2582 else { 2583 if (saved_start =3D= =3D start) { 2584 /* 2585 * first_en= try has been deleted. 2586 */ 2587=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 vm_map_unlock(map); 2588 return (KERN_INVALID_ADDRESS); 2589 } (kgdb) up #14 0xffffffff8221e308 in vgdrvFreeBSDIOCtl () from /boot/modules/vboxguest= .ko (kgdb) list 2590 end =3D saved_start; 2591 rv =3D KERN_INVALID_ADDRESS; 2592 goto done; 2593 } 2594 } 2595 if (entry =3D=3D first_entry) 2596 first_entry =3D tmp_entry; 2597 else 2598 first_entry =3D NULL; 2599 entry =3D tmp_entry; (kgdb) up #15 0xffffffff80936398 in devfs_ioctl_f (fp=3D0x457000, com=3D4546560, data=3D0xfffff8000dd66c90, cred=3D0xfffffff8, td=3D0xfffff8000e013000) at /usr/src/sys/fs/devfs/devfs_vnops.c:791 warning: Source file is more recent than executable. 791 error =3D dsw->d_ioctl(dev, com, data, fp->f_flag, td); (kgdb) list 786 error =3D copyout(p, fgn->buf, i); 787 td->td_fpop =3D fpop; 788 dev_relthread(dev, ref); 789 return (error); 790 } 791 error =3D dsw->d_ioctl(dev, com, data, fp->f_flag, td); 792 td->td_fpop =3D NULL; 793 dev_relthread(dev, ref); 794 if (error =3D=3D ENOIOCTL) 795 error =3D ENOTTY; (kgdb) up #16 0xffffffff80ac43a5 in kern_ioctl (td=3D, fd=3D3, com=3D, data=3D) at file.h:323 warning: Source file is more recent than executable. 323 return ((*fp->f_ops->fo_ioctl)(fp, com, data, active_cred, td)); (kgdb) list 318 static __inline int 319 fo_ioctl(struct file *fp, u_long com, void *data, struct ucred *active_cred, 320 struct thread *td) 321 { 322 323 return ((*fp->f_ops->fo_ioctl)(fp, com, data, active_cred, td)); 324 } 325 326 static __inline int 327 fo_poll(struct file *fp, int events, struct ucred *active_cred, root@:/usr/lib/debug/boot/kernel # file /usr/local/sbin/VBoxService* /usr/local/sbin/VBoxService: ELF 64-bit LSB executable, x86-64, vers= ion 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for Free= BSD 11.0 (1100122), FreeBSD-style, stripped /usr/local/sbin/VBoxService-5.1.20: ELF 64-bit LSB executable, x86-64, vers= ion 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for Free= BSD 11.0 (1100512), FreeBSD-style, stripped /usr/local/sbin/VBoxService-5.1.22: ELF 64-bit LSB executable, x86-64, vers= ion 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for Free= BSD 11.0 (1100512), FreeBSD-style, stripped --=20 You are receiving this mail because: You are the assignee for the bug.=