Page fault in midi/sequencer.c

Hans Petter Selasky hps at selasky.org
Sun Oct 21 09:07:27 UTC 2018 

On 10/20/18 6:56 PM, Peter Holm wrote:
> I can trigger this on 13.0-CURRENT r339445 with a non-root test program:
> 
> Calling uiomove() with the following non-sleepable locks held:
> exclusive sleep mutex seqflq (seqflq) r = 0 (0xfffff80003860c08) locked @ dev/sound/midi/sequencer.c:952
> stack backtrace:
> #0 0xffffffff80bfe263 at witness_debugger+0x73
> #1 0xffffffff80bff1b8 at witness_warn+0x448
> #2 0xffffffff80bf6a91 at uiomove_faultflag+0x71
> #3 0xffffffff809439e6 at mseq_write+0x4c6
> #4 0xffffffff80a4f725 at devfs_write_f+0x185
> #5 0xffffffff80c02a87 at dofilewrite+0x97
> #6 0xffffffff80c0287f at kern_pwritev+0x5f
> #7 0xffffffff80c0277d at sys_pwrite+0x8d
> #8 0xffffffff81070af7 at amd64_syscall+0x2a7
> #9 0xffffffff8104a4ad at fast_syscall_common+0x101
> Kernel page fault with the following non-sleepable locks held:
> exclusive sleep mutex seqflq (seqflq) r = 0 (0xfffff80003860c08) locked @ dev/sound/midi/sequencer.c:952
> stack backtrace:
> #0 0xffffffff80bfe263 at witness_debugger+0x73
> #1 0xffffffff80bff1b8 at witness_warn+0x448
> #2 0xffffffff810700d3 at trap_pfault+0x53
> #3 0xffffffff8106f70a at trap+0x2ba
> #4 0xffffffff81049bc5 at calltrap+0x8
> #5 0xffffffff80bf6b42 at uiomove_faultflag+0x122
> #6 0xffffffff809439e6 at mseq_write+0x4c6
> #7 0xffffffff80a4f725 at devfs_write_f+0x185
> #8 0xffffffff80c02a87 at dofilewrite+0x97
> #9 0xffffffff80c0287f at kern_pwritev+0x5f
> #10 0xffffffff80c0277d at sys_pwrite+0x8d
> #11 0xffffffff81070af7 at amd64_syscall+0x2a7
> #12 0xffffffff8104a4ad at fast_syscall_common+0x101
> 
> 
> Fatal trap 12: page fault while in kernel mode
> cpuid = 4; apic id = 04
> fault virtual address = 0x20ea6b
> fault code  = supervisor read data, page not present
> instruction pointer = 0x20:0xffffffff8106d32d
> stack pointer         = 0x28:0xfffffe00a844a660
> frame pointer         = 0x28:0xfffffe00a844a660
> code segment  = base 0x0, limit 0xfffff, type 0x1b
>     = DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags = interrupt enabled, resume, IOPL = 0
> current process  = 2356 (xxx)
> [ thread pid 2356 tid 100278 ]
> Stopped at      copyin_nosmap_erms+0xdd:        movl    (%rsi),%edx
> db>
> 

Hi,

Can you test the attached patch?

--HPS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: seq.diff
Type: text/x-patch
Size: 1465 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20181021/d6dcc4a1/attachment.bin>

More information about the freebsd-current mailing list