Re: Fwd: Re: r365488 page faults on AMD Ryzen 9 3950X

From: Oleg V. Nauman <oleg_at_theweb.org.ua>
Date: Wed, 23 Sep 2020 00:18:12 +0300
On 2020 M09 22, Tue 19:45:25 EEST Rainer Hurling wrote:
> On 22.09.20 07:06, Rainer Hurling wrote:
> > Am 22.09.20 um 00:13 schrieb Konstantin Belousov:
> >> On Mon, Sep 21, 2020 at 08:57:46PM +0200, Rainer Hurling wrote:
> >>> Fatal trap 12: page fault while in kernel mode
> >>> cpuid = 31; apic id = 1f
> >>> fault virtual address   = 0x25407efa
> >> 
> >> This address is very suspicious.
> >> 
> >> I cannot claim it as the fact, but most likely cause for such garbage
> >> pointer value is mismatched ABI between kernel and module.  In other
> >> words, the module was built against headers from different kernel.
> > 
> > Hmm, thanks for the pointer. I will double check this evening and
> > reporting back.
> > 
> > Normally, this module should have been built and installed with the
> > kernel build.
> 
> As I said, the module was rebuild and reinstalled with the kernel build,
> and I double checked, the module was the patched version.
> 
> So the boot messages about the page fault should be created by the
> rebuild, patched module.
> 
> >>> fault code              = supervisor read data, page not present
> >>> instruction pointer     = 0x20:0xffffffff80ec0b63
> >>> stack pointer           = 0x28:0xffffffff826018b0
> >>> frame pointer           = 0x28:0xffffffff82601940
> >>> code segment            = base 0x0, limit 0xfffff, type 0x1b
> >>>                          = DPL 0, pres 1, long 1, def32 0, gran 1
> >>> processor eflags        = interrupt enabled, resume, IOPL = 0
> >>> current process         = 0 (swapper)
> >>> trap number             = 12
> >>> panic: page fault
> >>> cpuid = 31
> >>> time = 1
> >>> KDB: stack backtrace:
> >>> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> >>> 0xffffffff82601560
> >>> vpanic() at vpanic+0x182/frame 0xffffffff826015b0
> >>> panic() at panic+0x43/frame 0xffffffff82601610
> >>> trap_fatal() at trap_fatal+0x387/frame 0xffffffff82601670
> >>> trap_pfault() at trap_pfault+0x97/frame 0xffffffff826016d0
> >>> trap() at trap+0x2ab/frame 0xffffffff826017e0
> >>> calltrap() at calltrap+0x8/frame 0xffffffff826017e0
> >>> --- trap 0xc, rip = 0xffffffff80ec0b63, rsp = 0xffffffff826018b0, rbp =
> >>> 0xffffffff82601940 ---
> >>> vm_map_insert() at vm_map_insert+0x2f3/framw 0xffffffff82601940
> >>> vm_map_find() at vm_map_find+0x4a4/frame 0xffffffff82601a00
> >>> rtR0MemObjFreeBSDAllocHelper() at
> >>> rtR0MemObjFreeBSDAllocHelper+0x96/frame 0xffffffff82601a70
> >>> rtR0MemObjNativeAllocCont() at rtR0MemObjNativeAllocCont+0x50/frame
> >>> 0xffffffff82601ac0
> >>> supdrvGipCreate() at supdrvGipCreate+0x97/frame 0xffffffff82601b60
> >>> supdrvInitDevExt() at supdrvInitDevExt+0x19a/frame 0xffffffff82601bd0
> >>> VBoxDrvFreeBSDModuleEvent() at VBoxDrvFreeBSDModuleEvent+0x46/frame
> >>> 0xffffffff82601bf0
> >>> module_register_init() at module_register_init+0xbd/frame
> >>> 0xffffffff82601c20
> >>> mi_startup() at mi_startup+0xec/frame 0xffffffff82601c70
> >>> btext() at btext+0x2c
> >>> KDB: enter: panic
> >>> [ thread pid 0 tid 100000 ]
> >>> Stopped at      kdb_enter+0x37: movq    $0,0x10b5616(%rip)
> >>> db>
> >>> 
> >>> 
> >>> Perhaps this gives some more insight into the problem? I can't assess,
> >>> sorry.


 I am experiencing the same issue with panic caused by 'kldload vboxdrv'
Below is the stack strace , with both virtualbox-ose and virtualbox-ose-kmod 
patched:

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x1e419ada
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff80731b0d
stack pointer           = 0x28:0xfffffe008223b4d0
frame pointer           = 0x28:0xfffffe008223b550
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 2194 (kldload)
trap number             = 12
panic: page fault
cpuid = 0
time = 1600808943
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe008223b1b0
vpanic() at vpanic+0x182/frame 0xfffffe008223b200
panic() at panic+0x43/frame 0xfffffe008223b260
trap_fatal() at trap_fatal+0x387/frame 0xfffffe008223b2c0
trap_pfault() at trap_pfault+0x49/frame 0xfffffe008223b2f0
trap() at trap+0x259/frame 0xfffffe008223b400
calltrap() at calltrap+0x8/frame 0xfffffe008223b400
--- trap 0xc, rip = 0xffffffff80731b0d, rsp = 0xfffffe008223b4d0, rbp = 
0xfffffe008223b550 ---
vm_map_insert() at vm_map_insert+0x24d/frame 0xfffffe008223b550
vm_map_find() at vm_map_find+0x539/frame 0xfffffe008223b630
rtR0MemObjFreeBSDAllocHelper() at rtR0MemObjFreeBSDAllocHelper+0x96/frame 
0xfffffe008223b6a0
rtR0MemObjNativeAllocCont() at rtR0MemObjNativeAllocCont+0x50/frame 
0xfffffe008223b6f0
supdrvGipCreate() at supdrvGipCreate+0x97/frame 0xfffffe008223b790
supdrvInitDevExt() at supdrvInitDevExt+0x19a/frame 0xfffffe008223b800
VBoxDrvFreeBSDModuleEvent() at VBoxDrvFreeBSDModuleEvent+0x46/frame 
0xfffffe008223b820
module_register_init() at module_register_init+0x94/frame 0xfffffe008223b850
linker_load_module() at linker_load_module+0xb78/frame 0xfffffe008223bb60
kern_kldload() at kern_kldload+0xa3/frame 0xfffffe008223bba0
sys_kldload() at sys_kldload+0x5b/frame 0xfffffe008223bbd0
amd64_syscall() at amd64_syscall+0xff/frame 0xfffffe008223bcf0
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe008223bcf0
--- syscall (304, FreeBSD ELF64, sys_kldload), rip = 0x80037a11a, rsp = 
0x7fffffffe598, rbp = 0x7fffffffeb10 ---
KDB: enter: panic

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct 
pcpu,
(kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:394
#2  0xffffffff8035104a in db_dump (dummy=<optimized out>, 
    dummy2=<optimized out>, dummy3=<unavailable>, dummy4=<unavailable>)
    at /usr/src/sys/ddb/db_command.c:575
#3  0xffffffff80350e10 in db_command (last_cmdp=<optimized out>, 
    cmd_table=<optimized out>, dopager=1) at /usr/src/sys/ddb/db_command.c:482
#4  0xffffffff80350b7d in db_command_loop ()
    at /usr/src/sys/ddb/db_command.c:535
#5  0xffffffff80353df6 in db_trap (type=<optimized out>, code=<optimized out>)
    at /usr/src/sys/ddb/db_main.c:270
#6  0xffffffff805983c3 in kdb_trap (type=3, code=0, tf=<optimized out>)
    at /usr/src/sys/kern/subr_kdb.c:699
#7  0xffffffff807ac26a in trap (frame=0xfffffe008223b0e0)
    at /usr/src/sys/amd64/amd64/trap.c:576
#8  <signal handler called>
#9  kdb_enter (why=0xffffffff80831558 "panic", msg=<optimized out>)
    at /usr/src/sys/kern/subr_kdb.c:486
#10 0xffffffff80552f0e in vpanic (fmt=<optimized out>, ap=<optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:902
#11 0xffffffff80552d63 in panic (
    fmt=0xffffffff80a8e688 <vt_conswindow+16> 
"\275\317\203\200\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:839
#12 0xffffffff807ac6a7 in trap_fatal (frame=0xfffffe008223b410, eva=507615962)
    at /usr/src/sys/amd64/amd64/trap.c:915
#13 0xffffffff807ac6f9 in trap_pfault (frame=0xfffffe008223b410, 
    usermode=<optimized out>, signo=<optimized out>, ucode=<optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:732
#14 0xffffffff807abdd9 in trap (frame=0xfffffe008223b410)
    at /usr/src/sys/amd64/amd64/trap.c:398
#15 <signal handler called>
#16 vm_map_insert (map=<optimized out>, object=<optimized out>, 
    offset=<optimized out>, start=18446741876713496576, 
    end=18446741876713500672, prot=<optimized out>, max=7 '\a', cow=0)
    at /usr/src/sys/vm/vm_map.c:1660
#17 0xffffffff807341e9 in vm_map_find (map=<optimized out>, 
    object=<optimized out>, offset=0, addr=<optimized out>, length=4096, 
    max_addr=0, find_space=1, prot=3 '\003', max=7 '\a', cow=0)
    at /usr/src/sys/vm/vm_map.c:2156
#18 0xffffffff811c9326 in rtR0MemObjFreeBSDAllocHelper ()
   from /boot/modules/vboxdrv.ko
#19 0xffffffff811c94b0 in rtR0MemObjNativeAllocCont ()
   from /boot/modules/vboxdrv.ko
#20 0xffffffff811a6787 in supdrvGipCreate () from /boot/modules/vboxdrv.ko
#21 0xffffffff8119f19a in supdrvInitDevExt () from /boot/modules/vboxdrv.ko
#22 0xffffffff811aeff6 in VBoxDrvFreeBSDModuleEvent ()
   from /boot/modules/vboxdrv.ko
#23 0xffffffff8053a204 in module_register_init (arg=0x0)
    at /usr/src/sys/kern/kern_module.c:123
#24 0xffffffff8052df88 in linker_file_sysinit (lf=<optimized out>)
    at /usr/src/sys/kern/kern_linker.c:235
#25 linker_load_file (filename=<optimized out>, result=<optimized out>)
    at /usr/src/sys/kern/kern_linker.c:460
#26 linker_load_module (kldname=<optimized out>, 
    modname=0xfffff80003525000 "vboxdrv", parent=0x0, 
    verinfo=<optimized out>, lfpp=<optimized out>)
    at /usr/src/sys/kern/kern_linker.c:2129
#27 0xffffffff8052f5c3 in kern_kldload (td=<optimized out>, 
    file=<optimized out>, fileid=0xfffffe008223bbb4)
    at /usr/src/sys/kern/kern_linker.c:1089
#28 0xffffffff8052f69b in sys_kldload (td=0xfffffe0081dd5c00, 
    uap=<optimized out>) at /usr/src/sys/kern/kern_linker.c:1115
#29 0xffffffff807ace1f in syscallenter (td=0xfffffe0081dd5c00)
    at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:162
#30 amd64_syscall (td=0xfffffe0081dd5c00, traced=0)
    at /usr/src/sys/amd64/amd64/trap.c:1156
#31 <signal handler called>
#32 0x000000080037a11a in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffffffe598
(kgdb) 

Thank you
Received on Tue Sep 22 2020 - 19:18:25 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:25 UTC