247449 – [panic]: kernel panic in tdsigwakeup() at /usr/src/sys/kern/kern_sig.c:2411

Bug 247449 - [panic]: kernel panic in tdsigwakeup() at /usr/src/sys/kern/kern_sig.c:2411

Summary: [panic]: kernel panic in tdsigwakeup() at /usr/src/sys/kern/kern_sig.c:2411

Status:	Closed Not Accepted

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	12.1-RELEASE
Hardware:	amd64 Any

Importance:	--- Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:	crash

Depends on:
Blocks:

Reported:	2020-06-20 22:14 UTC by Martin Filla
Modified:	2022-10-12 00:50 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Martin Filla 2020-06-20 22:14:07 UTC

Hi,
Firefox browser freezed and i killed his process from htop (key F9).

FreeBSD  12.1-RELEASE-p6 FreeBSD 12.1-RELEASE-p6 GENERIC  amd64

Unread portion of the kernel message buffer:
kernel trap 12 with interrupts disabled


Fatal trap 12: page fault while in kernel mode
cpuid = 5; apic id = 05
fault virtual address	= 0xc
fault code		= supervisor read data, page not present
instruction pointer	= 0x20:0xffffffff80c334f3
stack pointer	        = 0x28:0xfffffe008e167790
frame pointer	        = 0x28:0xfffffe008e1677b0
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= resume, IOPL = 0
current process		= 6694 (htop)
trap number		= 12
panic: page fault
cpuid = 5
time = 1592648714
KDB: stack backtrace:
#0 0xffffffff80c1d307 at kdb_backtrace+0x67
#1 0xffffffff80bd063d at vpanic+0x19d
#2 0xffffffff80bd0493 at panic+0x43
#3 0xffffffff810a7dcc at trap_fatal+0x39c
#4 0xffffffff810a7e19 at trap_pfault+0x49
#5 0xffffffff810a740f at trap+0x29f
#6 0xffffffff81081bfc at calltrap+0x8
#7 0xffffffff80bd7af6 at tdsigwakeup+0x96
#8 0xffffffff80bd7502 at tdsendsignal+0xb52
#9 0xffffffff80bd5b29 at sys_kill+0x179
#10 0xffffffff810a8984 at amd64_syscall+0x364
#11 0xffffffff81082520 at fast_syscall_common+0x101
Uptime: 50m35s
Dumping 1035 out of 12138 MB:..2%..11%..21%..31%..41%..51%..61%..72%..81%..92%

warning: the debug information found in "/usr/lib/debug//boot/kernel/fusefs.ko.debug" does not match "/boot/kernel/fuse.ko" (CRC mismatch).

__curthread () at /usr/src/sys/amd64/include/pcpu.h:234
234		__asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (OFFSETOF_CURTHREAD));
(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu.h:234
#1  doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:371
#2  0xffffffff80bd0238 in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:451
#3  0xffffffff80bd0699 in vpanic (fmt=<optimized out>, ap=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:877
#4  0xffffffff80bd0493 in panic (fmt=<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:804
#5  0xffffffff810a7dcc in trap_fatal (frame=0xfffffe008e1676d0, eva=12) at /usr/src/sys/amd64/amd64/trap.c:943
#6  0xffffffff810a7e19 in trap_pfault (frame=0xfffffe008e1676d0, usermode=0) at /usr/src/sys/amd64/amd64/trap.c:767
#7  0xffffffff810a740f in trap (frame=0xfffffe008e1676d0) at /usr/src/sys/amd64/amd64/trap.c:443
#8  <signal handler called>
#9  propagate_priority (td=0xfffff80220bd4000) at /usr/src/sys/kern/subr_turnstile.c:279
#10 0xffffffff80bd7af6 in tdsigwakeup (td=0xfffff801742535e0, sig=9, action=0x0, intrval=4) at /usr/src/sys/kern/kern_sig.c:2411
#11 0xffffffff80bd7502 in tdsendsignal (p=<optimized out>, td=0xfffff801742535e0, sig=9, ksi=0xfffffe008e1678d8) at /usr/src/sys/kern/kern_sig.c:2375
#12 0xffffffff80bd5b29 in pksignal (p=<optimized out>, sig=1, ksi=0x0) at /usr/src/sys/kern/kern_sig.c:2064
#13 sys_kill (td=0xfffff802d8b7a5e0, uap=0xfffff802d8b7a9a0) at /usr/src/sys/kern/kern_sig.c:1774
#14 0xffffffff810a8984 in syscallenter (td=0xfffff802d8b7a5e0) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
#15 amd64_syscall (td=0xfffff802d8b7a5e0, traced=0) at /usr/src/sys/amd64/amd64/trap.c:1186
#16 <signal handler called>
#17 0x00000008004566ca in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffffffe618
(kgdb) up 9
#9  propagate_priority (td=0xfffff80220bd4000) at /usr/src/sys/kern/subr_turnstile.c:279
279				mtx_unlock_spin(&ts->ts_lock);
(kgdb) list 
274			ts = td->td_blocked;
275			MPASS(ts != NULL);
276			THREAD_LOCKPTR_ASSERT(td, &ts->ts_lock);
277			/* Resort td on the list if needed. */
278			if (!turnstile_adjust_thread(ts, td)) {
279				mtx_unlock_spin(&ts->ts_lock);
280				return;
281			}
282			/* The thread lock is released as ts lock above. */
283		}
(kgdb) up
#10 0xffffffff80bd7af6 in tdsigwakeup (td=0xfffff801742535e0, sig=9, action=0x0, intrval=4) at /usr/src/sys/kern/kern_sig.c:2411
2411			sched_prio(td, PUSER);
(kgdb) list
2406		 * priority of the idle thread, since we still allow to signal
2407		 * kernel processes.
2408		 */
2409		if (action == SIG_DFL && (prop & SIGPROP_KILL) != 0 &&
2410		    td->td_priority > PUSER && !TD_IS_IDLETHREAD(td))
2411			sched_prio(td, PUSER);
2412		if (TD_ON_SLEEPQ(td)) {
2413			/*
2414			 * If thread is sleeping uninterruptibly
2415			 * we can't interrupt the sleep... the signal will
(kgdb)