Bug 265598 - page fault under fork in kernel
Summary: page fault under fork in kernel
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 12.2-RELEASE
Hardware: amd64 Any
: --- Affects Only Me
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-08-03 14:15 UTC by heas
Modified: 2022-08-05 06:03 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description heas 2022-08-03 14:15:17 UTC 
I experience these periodic page fault crashes on this one machine.  I think this began with 12.2, currently at p15.

I am not aware of a specific trigger and do not currently have a large enough dumpdev to capture a dump.

12.2.p?:
Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 03
fault virtual address   = 0x80c83670
fault code              = supervisor read instruction, page not present
instruction pointer     = 0x20:0x80c83670
stack pointer           = 0x28:0xfffffe0000547ab8
frame pointer           = 0x28:0xfffffe0000547ae0
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (if_io_tqg_3)
trap number             = 12
panic: page fault
cpuid = 3
time = 1626772337
KDB: stack backtrace:
#0 0xffffffff80bb5e35 at kdb_backtrace+0x65
#1 0xffffffff80b6a0eb at vpanic+0x17b
#2 0xffffffff80b69f63 at panic+0x43
#3 0xffffffff8103d941 at trap_fatal+0x391
#4 0xffffffff8103d99f at trap_pfault+0x4f
#5 0xffffffff8103cfe6 at trap+0x286
#6 0xffffffff81015068 at calltrap+0x8
#7 0xffffffff80c81608 at _task_fn_tx+0xa8
#8 0xffffffff80bb4a01 at gtaskqueue_run_locked+0x121
#9 0xffffffff80bb46c6 at gtaskqueue_thread_loop+0xb6
#10 0xffffffff80b2b94e at fork_exit+0x7e
#11 0xffffffff8101609e at fork_trampoline+0xe
Uptime: 1d7h6m15s

12.2p10:
Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 03
fault virtual address   = 0x80c83670
fault code              = supervisor read instruction, page not present
instruction pointer     = 0x20:0x80c83670
stack pointer           = 0x28:0xfffffe0000547ab8
frame pointer           = 0x28:0xfffffe0000547ae0
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (if_io_tqg_3)
trap number             = 12
panic: page fault
cpuid = 3
time = 1638558873
KDB: stack backtrace:
#0 0xffffffff80bb5e35 at kdb_backtrace+0x65
#1 0xffffffff80b6a0eb at vpanic+0x17b
#2 0xffffffff80b69f63 at panic+0x43
#3 0xffffffff8103d941 at trap_fatal+0x391
#4 0xffffffff8103d99f at trap_pfault+0x4f
#5 0xffffffff8103cfe6 at trap+0x286
#6 0xffffffff81015068 at calltrap+0x8
#7 0xffffffff80c81608 at _task_fn_tx+0xa8
#8 0xffffffff80bb4a01 at gtaskqueue_run_locked+0x121
#9 0xffffffff80bb46c6 at gtaskqueue_thread_loop+0xb6
#10 0xffffffff80b2b94e at fork_exit+0x7e
#11 0xffffffff8101609e at fork_trampoline+0xe
Uptime: 61d1h37m40s

12.2.p15:
Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 03
fault virtual address   = 0x80c836c0
fault code              = supervisor read instruction, page not present
instruction pointer     = 0x20:0x80c836c0
stack pointer           = 0x28:0xfffffe0000542ab8
frame pointer           = 0x28:0xfffffe0000542ae0
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (if_io_tqg_3)
trap number             = 12
panic: page fault
cpuid = 3
time = 1659432012
KDB: stack backtrace:
#0 0xffffffff80bb5e85 at kdb_backtrace+0x65
#1 0xffffffff80b6a13b at vpanic+0x17b
#2 0xffffffff80b69fb3 at panic+0x43
#3 0xffffffff8103d8e1 at trap_fatal+0x391
#4 0xffffffff8103d93f at trap_pfault+0x4f
#5 0xffffffff8103cf86 at trap+0x286
#6 0xffffffff81015148 at calltrap+0x8
#7 0xffffffff80c81658 at _task_fn_tx+0xa8
#8 0xffffffff80bb4a51 at gtaskqueue_run_locked+0x121
#9 0xffffffff80bb4716 at gtaskqueue_thread_loop+0xb6
#10 0xffffffff80b2b99e at fork_exit+0x7e
#11 0xffffffff8101617e at fork_trampoline+0xe
Uptime: 30d14h26m51s

I do periodically experience an ECC correctable error that time-wise does not appear to be correlated to these page faults, but perhaps I am wrong.  eg:
MCA: Bank 11, Status 0x8c000050000800c2
MCA: Global Cap 0x0000000007000c16, Status 0x0000000000000000
MCA: Vendor "GenuineIntel", ID 0x306f2, APIC ID 0
MCA: CPU 0 COR (1) MS channel 2 memory error
MCA: Address 0x952ef9e80
MCA: Misc 0x90840100010208c

MCA: Misc 0x90840100010208c
MCA: Bank 9, Status 0x8c00004c000800c0
MCA: Global Cap 0x0000000007000c16, Status 0x0000000000000000
MCA: Vendor "GenuineIntel", ID 0x306f2, APIC ID 27
MCA: CPU 23 COR (1) MS channel 0 memory error
MCA: Address 0x167b065100
MCA: Misc 0x90000020002188c

MCA: Misc 0x90840100010208c
MCA: Bank 11, Status 0x8c000050000800c2
MCA: Global Cap 0x0000000007000c16, Status 0x0000000000000000
MCA: Vendor "GenuineIntel", ID 0x306f2, APIC ID 0
MCA: CPU 0 COR (1) MS channel 2 memory error
MCA: Address 0x952ef9e80
MCA: Misc 0x90840100010208c
Comment 1 Graham Perrin freebsd_committer freebsd_triage 2022-08-05 06:03:33 UTC 
Reproducible with 12.3-RELEASE-p5?

(In reply to heas from comment #0)

> 12.2, currently at p15.

12.2-RELEASE reached end of life a few months ago. 

<https://www.freebsd.org/security/#sup>