From nobody Tue Nov 22 21:50:33 2022
X-Original-To: bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NGyc96RRjz4hhcK
	for <bugs@mlmmj.nyi.freebsd.org>; Tue, 22 Nov 2022 21:50:33 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NGyc94x9Rz4FVQ
	for <bugs@FreeBSD.org>; Tue, 22 Nov 2022 21:50:33 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1669153833;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=VGGx0jpS1L9hMUlhe4GyAW2d4tC2UDCs85YeP3FrK5M=;
	b=ZywhNcNtFF0aZxQNV4J4dB0t8wmZIXdIug8Ao8P1lAcxidiy3cRkE4Z1EvxJvsrcZbKHW5
	nnbbWQHO95SA4tzgaqlXjtT8NsL55gaA3W1xQq+wKyri+A7sAexUyFBuSf22tHXSlARF1c
	13aTtilHiV+hdVmztITHmnxFDn9iQSLgiG5LkOFTdeceSGlq+Gxixmg88TdQlB53yJaUxj
	Er70f7j/IMWNwXVu2MEpACi6MORJ/gKIWJVolE8jVT+ulCMHVC0olZupoKr5YUY7AT+E0n
	BHjteFV1ATNwP61KDxQTEKSCnxb7U8LGLomSUuocFqHJZR3JChJ87pTUVP32uQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1669153833; a=rsa-sha256; cv=none;
	b=b4srEWFVHEhlWsnd8hvIQTrC+vW/anwPaaNloEYYgLHas3ssMfrnPWI3uJ0IkKUNXmZ00s
	WjTvTtFVpZYlnb80bPR2ukGTldRyyBCBrQraO7wmqLsaF1zyRivhxtYBw0yDRysBT9t98A
	wf2IiCHJfnE0lEF0EhWdPpknQv89DFWzUjkG/pIRhNWTfXZKp1uUOpU3nuKU1I4TxqsC7c
	81r2/Ed+aYNwTv/+U1HPFg34IiT1Zpa6nfut17CFcsuPHoQ5hszKXAeXglKNl96bsPWCkt
	IypD2VT13UPabB2pdzs39jhAzwohuI1Z1EwBlP0dzvPpYDgbz6ObOwY2E+uneQ==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NGyc941dpzy1C
	for <bugs@FreeBSD.org>; Tue, 22 Nov 2022 21:50:33 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 2AMLoXZW077521
	for <bugs@FreeBSD.org>; Tue, 22 Nov 2022 21:50:33 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 2AMLoXbP077520
	for bugs@FreeBSD.org; Tue, 22 Nov 2022 21:50:33 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 267935] panic: page fault in kern_osd.c on shutdown with one
 running vnet jail
Date: Tue, 22 Nov 2022 21:50:33 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 13.1-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: nsonack@outlook.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-267935-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-bugs
List-Help: <mailto:freebsd-bugs+help@freebsd.org>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Subscribe: <mailto:freebsd-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-bugs@freebsd.org
MIME-Version: 1.0
X-ThisMailContainsUnwantedMimeParts: N

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D267935

            Bug ID: 267935
           Summary: panic: page fault in kern_osd.c on shutdown with one
                    running vnet jail
           Product: Base System
           Version: 13.1-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: nsonack@outlook.com

This bug repeatedly occurs on a Thinkpad T440s in the following situation:

- Kernel in versions 13.1-RELEASE-p3 and 13.1-RELEASE-p4
- One manually created VNET Jail (with a epair interface attached to it)
- In the jail only PostgreSQL 15 is running
- Reboot or shut the host machine down
- It almost immediately panics and prints a pile of probably unrelated
  traces (which look like nested faults) a'la:

  #0 0xffffffff80e5e323 at linux_dump_stack+0x23
  #1 0xffffffff83e5d620 at drm_atomic_helper_check_planes+0xb0
  #2 0xffffffff83d55e2a at intel_atomic_check+0x124a
  #3 0xffffffff83e5b360 at drm_atomic_check_only+0x400
  #4 0xffffffff83e5b793 at drm_atomic_commit+0x13
  #5 0xffffffff83e683b8 at drm_client_modeset_commit_atomic+0x148
  #6 0xffffffff83e68119 at drm_client_modeset_commit_force+0x69
  #7 0xffffffff83ea80ba at drm_fb_helper_restore_fbdev_mode_unlocked+0x7a
  #8 0xffffffff83ea2057 at vt_kms_postswitch+0x167
  #9 0xffffffff80a70a19 at vt_window_switch+0x2d9
  #10 0xffffffff80a6db7f at vtterm_cngrab+0x4f
  #11 0xffffffff80bb3956 at cngrab+0x26
  #12 0xffffffff80c1b654 at kern_reboot+0x354
  #13 0xffffffff80c1bbce at vpanic+0x1ee
  #14 0xffffffff80c1b9d3 at panic+0x43
  #15 0xffffffff810afdf5 at trap_fatal+0x385
  #16 0xffffffff810afe4f at trap_pfault+0x4f
  #17 0xffffffff810875b8 at calltrap+0x8
=20
<4>WARN_ON(!mutex_is_locked(&dev->struct_mutex))WARN_ON(!mutex_is_locked(&d=
ev->struct_mutex))

- kgdb reveals:

  (kgdb)
  #8  0xffffffff841003d0 in ?? ()
  No symbol table info available.
  #9  0xffffffff80bfc6ea in osd_call (type=3Dtype@entry=3D1, method=3Dmetho=
d@entry=3D5,
obj=3Dobj@entry=3D0xfffff80019641000, data=3Ddata@entry=3D0x0)
      at /usr/src/sys/kern/kern_osd.c:401
          error =3D 0
          i =3D 4
          methodfun =3D 0xffffffff841003d0
  #10 0xffffffff80be0f22 in prison_deref (pr=3D0xfffff80019641000, flags=3D=
67) at
/usr/src/sys/kern/kern_jail.c:2779
          freeprison =3D {tqh_first =3D 0x0, tqh_last =3D 0xfffffe000ede7e0=
8}
          killpr =3D 0x0
          ppr =3D <optimized out>
          p =3D <optimized out>
          rpr =3D <optimized out>
          tpr =3D <optimized out>
  #11 0xffffffff80c7da81 in taskqueue_run_locked
(queue=3Dqueue@entry=3D0xfffff800016b5900) at
/usr/src/sys/kern/subr_taskqueue.c:477
          et =3D {et_link =3D {tqe_next =3D 0xfffffe00105e01e0, tqe_prev =3D
0xffffffff811c863e}, et_td =3D 0x0, et_section =3D {bucket =3D 0}, et_old_p=
riority =3D
0 '\000'}
          tb =3D {tb_running =3D 0xfffff80019641060, tb_seq =3D 322, tb_lin=
k =3D
{le_next =3D 0x0, le_prev =3D 0xfffff800016b5910}}
          in_net_epoch =3D false
          task =3D 0xfffff80019641060
          pending =3D 1
  #12 0xffffffff80c7ed92 in taskqueue_thread_loop (arg=3D<optimized out>,
arg@entry=3D0xffffffff81cf79b8 <taskqueue_thread>)
      at /usr/src/sys/kern/subr_taskqueue.c:794
          tqp =3D <optimized out>
          tq =3D 0xfffff800016b5900
  #13 0xffffffff80bd8a9e in fork_exit (callout=3D0xffffffff80c7ecd0
<taskqueue_thread_loop>, arg=3D0xffffffff81cf79b8 <taskqueue_thread>,
frame=3D0xfffffe000ede7f40)
      at /usr/src/sys/kern/kern_fork.c:1093
          td =3D 0xfffffe00105e01e0
          p =3D 0xffffffff81c8d768 <proc0>
          dtd =3D <optimized out>
  #14 <signal handler called>
  No locals.
  #15 mi_startup () at /usr/src/sys/kern/init_main.c:322
          sipp =3D 0x8080808080808080
          xipp =3D <optimized out>
          save =3D <optimized out>
  Backtrace stopped: Cannot access memory at address 0x3000000028
  (kgdb) info registers
  rax            0x6                 6
  rbx            0x0                 0
  rcx            0xffffffff841003d0  -2079325232
  rdx            0x1d                29
  rsi            0x0                 0
  rdi            0xfffff80019641000  -8795667034112
  rbp            0xfffffe000ede7de0  0xfffffe000ede7de0
  rsp            0xfffffe000ede7d98  0xfffffe000ede7d98
  r8             0xffffffff8190be60  -2121220512
  r9             0x0                 0
  r10            0x7d0               2000
  r11            0x801973db          2149151707
  r12            0xfffff80019641000  -8795667034112
  r13            0x5                 5
  r14            0xffffffff8190bef8  -2121220360
  r15            0x4                 4
  rip            0xffffffff841003d0  0xffffffff841003d0
  eflags         0x10282             [ SF IF RF ]
  cs             0x20                32
  ss             0x28                40
  ds             <unavailable>
  es             <unavailable>
  fs             <unavailable>
  gs             <unavailable>
  fs_base        <unavailable>
  gs_base        <unavailable>
  (kgdb) frame 8
  #8  0xffffffff841003d0 in ?? ()
  (kgdb)

  I do not know what is loaded at 0xffffffff841003d0.

  If you need more information or any of the files in /var/crash,
  please let me know. Also, I haven't tested whether this bug is reproducib=
le
  on other machines but it is at least the 7th time I saw this looking at t=
he
  contents of /var/crash.

  Minor note: The crash does not occur when I stop the jail before shutting
  down the machine.

--=20
You are receiving this mail because:
You are the assignee for the bug.=