While investigating an unrelated issue with Vagrant virtual machines, I observed the following panic on 11.0-STABLE r318134 that is triggered by VBoxService in the Project upstream pkg(8) mirrors: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0xd6 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80d5895f stack pointer = 0x28:0xfffffe001da4e3c0 frame pointer = 0x28:0xfffffe001da4e3d0 code segment = base rx0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 5622 (VBoxService) trap number = 12 panic: page fault cpuid = 0 KDB: stack backtrace: #0 0xffffffff80aa8a57 at kdb_backtrace+0x67 #1 0xffffffff80a66bc6 at vpanic+0x186 #2 0xffffffff80a66a33 at panic+0x43 #3 0xffffffff80ed97f2 at trap_fatal+0x322 #4 0xffffffff80ed9849 at trap_pfault+0x49 #5 0xffffffff80ed9086 at trap+0x286 #6 0xffffffff80ebdf41 at calltrap+0x8 #7 0xffffffff80d5bef5 at vm_map_wire+0x35 #8 0xffffffff82234723 at rtR0MemObjNativeLockUser+0x63 #9 0xffffffff8221ebbc at VbglR0HGCMInternalCall+0x2ac #10 0xffffffff8221d385 at vgdrvIoCtl_HGCMCall+0x225 #11 0xffffffff8221b756 at VGDrvCommonIoCtl+0x206 #12 0xffffffff8221e308 at vgdrvFreeBSDIOCtl+0x128 #13 0xffffffff80936398 at devfs_ioctl_f+0x128 #14 0xffffffff80ac43a5 at kern_ioctl+0x255 #15 0xffffffff80ac40df at sys_ioctl+0x16f #16 0xffffffff80eda354 at amd64_syscall+0x6c4 #17 0xffffffff80ebe22b at Xfast_syscall+0xfb Uptime: 28m28s Dumping 140 out of 479 MB:..12%..23%..35%..46%..57%..69%..80%..91% When reverting the local ports tree to virtualbox-ose-additions 5.1.20 as well as 5.1.22 built locally, the system does not panic. The problem appears to be caused by the vboxguest.ko included in the upstream package. Reading symbols from /boot/modules/vboxguest.ko...done. Loaded symbols for /boot/modules/vboxguest.ko #0 doadump (textdump=<value optimized out>) at pcpu.h:222 222 pcpu.h: No such file or directory. in pcpu.h (kgdb) frame 7 #7 0xffffffff80ebdf41 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:236 warning: Source file is more recent than executable. 236 call trap_check Current language: auto; currently asm (kgdb) list 231 #endif 232 .globl calltrap 233 .type calltrap,@function 234 calltrap: 235 movq %rsp,%rdi 236 call trap_check 237 MEXITCOUNT 238 jmp doreti /* Handle any pending ASTs */ 239 240 /* (kgdb) up #8 0xffffffff80d5895f in _vm_map_lock (map=0x1, file=0x0, line=0) at /usr/src/sys/vm/vm_map.c:501 warning: Source file is more recent than executable. 501 { Current language: auto; currently minimal (kgdb) list 496 vmspace_free(oldvm); 497 } 498 499 void 500 _vm_map_lock(vm_map_t map, const char *file, int line) 501 { 502 503 if (map->system_map) 504 mtx_lock_flags_(&map->system_mtx, 0, file, line); 505 else (kgdb) up #9 0xffffffff80d5bef5 in vm_map_wire (map=0x1, start=4546560, end=<value optimized out>, flags=1) at /usr/src/sys/vm/vm_map.c:2545 2545 vm_map_lock(map); (kgdb) list 2540 return (KERN_SUCCESS); 2541 prot = 0; 2542 if (flags & VM_MAP_WIRE_WRITE) 2543 prot |= VM_PROT_WRITE; 2544 user_wire = (flags & VM_MAP_WIRE_USER) ? TRUE : FALSE; 2545 vm_map_lock(map); 2546 VM_MAP_RANGE_CHECK(map, start, end); 2547 if (!vm_map_lookup_entry(map, start, &first_entry)) { 2548 if (flags & VM_MAP_WIRE_HOLESOK) 2549 first_entry = first_entry->next; (kgdb) up #10 0xffffffff82234723 in rtR0MemObjNativeLockUser () from /boot/modules/vboxguest.ko (kgdb) list 2550 else { 2551 vm_map_unlock(map); 2552 return (KERN_INVALID_ADDRESS); 2553 } 2554 } 2555 last_timestamp = map->timestamp; 2556 entry = first_entry; 2557 while (entry != &map->header && entry->start < end) { 2558 if (entry->eflags & MAP_ENTRY_IN_TRANSITION) { 2559 /* (kgdb) up #11 0xffffffff8221ebbc in VbglR0HGCMInternalCall () from /boot/modules/vboxguest.ko (kgdb) list 2560 * We have not yet clipped the entry. 2561 */ 2562 saved_start = (start >= entry->start) ? start : 2563 entry->start; 2564 entry->eflags |= MAP_ENTRY_NEEDS_WAKEUP; 2565 if (vm_map_unlock_and_wait(map, 0)) { 2566 /* 2567 * Allow interruption of user wiring? 2568 */ 2569 } (kgdb) up #12 0xffffffff8221d385 in vgdrvIoCtl_HGCMCall () from /boot/modules/vboxguest.ko (kgdb) list 2570 vm_map_lock(map); 2571 if (last_timestamp + 1 != map->timestamp) { 2572 /* 2573 * Look again for the entry because the map was 2574 * modified while it was unlocked. 2575 * Specifically, the entry may have been 2576 * clipped, merged, or deleted. 2577 */ 2578 if (!vm_map_lookup_entry(map, saved_start, 2579 &tmp_entry)) { (kgdb) up #13 0xffffffff8221b756 in VGDrvCommonIoCtl () from /boot/modules/vboxguest.ko (kgdb) list 2580 if (flags & VM_MAP_WIRE_HOLESOK) 2581 tmp_entry = tmp_entry->next; 2582 else { 2583 if (saved_start == start) { 2584 /* 2585 * first_entry has been deleted. 2586 */ 2587 vm_map_unlock(map); 2588 return (KERN_INVALID_ADDRESS); 2589 } (kgdb) up #14 0xffffffff8221e308 in vgdrvFreeBSDIOCtl () from /boot/modules/vboxguest.ko (kgdb) list 2590 end = saved_start; 2591 rv = KERN_INVALID_ADDRESS; 2592 goto done; 2593 } 2594 } 2595 if (entry == first_entry) 2596 first_entry = tmp_entry; 2597 else 2598 first_entry = NULL; 2599 entry = tmp_entry; (kgdb) up #15 0xffffffff80936398 in devfs_ioctl_f (fp=0x457000, com=4546560, data=0xfffff8000dd66c90, cred=0xfffffff8, td=0xfffff8000e013000) at /usr/src/sys/fs/devfs/devfs_vnops.c:791 warning: Source file is more recent than executable. 791 error = dsw->d_ioctl(dev, com, data, fp->f_flag, td); (kgdb) list 786 error = copyout(p, fgn->buf, i); 787 td->td_fpop = fpop; 788 dev_relthread(dev, ref); 789 return (error); 790 } 791 error = dsw->d_ioctl(dev, com, data, fp->f_flag, td); 792 td->td_fpop = NULL; 793 dev_relthread(dev, ref); 794 if (error == ENOIOCTL) 795 error = ENOTTY; (kgdb) up #16 0xffffffff80ac43a5 in kern_ioctl (td=<value optimized out>, fd=3, com=<value optimized out>, data=<value optimized out>) at file.h:323 warning: Source file is more recent than executable. 323 return ((*fp->f_ops->fo_ioctl)(fp, com, data, active_cred, td)); (kgdb) list 318 static __inline int 319 fo_ioctl(struct file *fp, u_long com, void *data, struct ucred *active_cred, 320 struct thread *td) 321 { 322 323 return ((*fp->f_ops->fo_ioctl)(fp, com, data, active_cred, td)); 324 } 325 326 static __inline int 327 fo_poll(struct file *fp, int events, struct ucred *active_cred, root@:/usr/lib/debug/boot/kernel # file /usr/local/sbin/VBoxService* /usr/local/sbin/VBoxService: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 11.0 (1100122), FreeBSD-style, stripped /usr/local/sbin/VBoxService-5.1.20: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 11.0 (1100512), FreeBSD-style, stripped /usr/local/sbin/VBoxService-5.1.22: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 11.0 (1100512), FreeBSD-style, stripped
Seems to be fixed by r318743.