273581 – Panic (general protection fault) after keying Control-Q to quit www/chromium Chromium

Bug 273581 - Panic (general protection fault) after keying Control-Q to quit www/chromium Chromium

Summary: Panic (general protection fault) after keying Control-Q to quit www/chromium ...

Status:	Open

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:	https://www.freshports.org/www/chromium/
Keywords:	crash

Depends on:
Blocks:

Reported:	2023-09-05 15:41 UTC by Graham Perrin
Modified:	2023-12-05 06:40 UTC (History)
CC List:	1 user (show)

See Also:	268848

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Graham Perrin 2023-09-05 15:41:01 UTC

Dump header from device: /dev/ada0p2
  Architecture: amd64
  Architecture Version: 2
  Dump Length: 2269585408
  Blocksize: 512
  Compression: none
  Dumptime: 2023-09-05 13:09:49 +0100
  Hostname: mowa219-gjp4-8570p-freebsd
  Magic: FreeBSD Kernel Dump
  Version String: FreeBSD 15.0-CURRENT amd64 1500000 #10 main-n265135-07bc20e4740d-dirty: Sat Sep  2 17:36:59 BST 2023
    grahamperrin@mowa219-gjp4-8570p-freebsd:/usr/obj/usr/src/amd64.amd64/sys/GENERIC
  Panic String: general protection fault
  Dump Parity: 3731071829
  Bounds: 0
  Dump Status: good

----

If I recall correctly: at the moment of the panic I was moving the pointer, or typing, in Remmina (an RDP connection to Windows) or Firefox. 

I might have also keyed Alt-Tab to switch applications after the Control-Q. 

I assumed that quit of Chromium was complete, however PID 50768 (chrome) is shown, below, as the current process. 

I'll send panicmail with reference to this bug report.

---

Unread portion of the kernel message buffer:


Fatal trap 9: general protection fault while in kernel mode
cpuid = 0; apic id = 00
instruction pointer	= 0x20:0xffffffff80d280b0
stack pointer	        = 0x28:0xfffffe01030ccb20
frame pointer	        = 0x28:0xfffffe01030ccb40
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 50768 (chrome)
rdi: deadc0dedeadc0de rsi: 0000000000000001 rdx: 0000000000000000
rcx: fffff8028bc4c560  r8: fffff800018cf040  r9: fffffe01030cd000
rax: fffff8028bc4c500 rbx: fffff802b285b500 rbp: fffffe01030ccb40
r10: 0000000000001388 r11: 00000000000027a7 r12: fffff8028bc4c500
r13: fffff801efef5640 r14: fffff802b285b500 r15: fffff801efef5660
trap number		= 9
panic: general protection fault
cpuid = 3
time = 1693915789
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe01030cc860
vpanic() at vpanic+0x132/frame 0xfffffe01030cc990
panic() at panic+0x43/frame 0xfffffe01030cc9f0
trap_fatal() at trap_fatal+0x40c/frame 0xfffffe01030cca50
calltrap() at calltrap+0x8/frame 0xfffffe01030cca50
--- trap 0x9, rip = 0xffffffff80d280b0, rsp = 0xfffffe01030ccb20, rbp = 0xfffffe01030ccb40 ---
ip_mfilter_free() at ip_mfilter_free+0x1a0/frame 0xfffffe01030ccb40
inp_freemoptions() at inp_freemoptions+0x85/frame 0xfffffe01030ccb80
sorele_locked() at sorele_locked+0xf7/frame 0xfffffe01030ccbb0
soclose() at soclose+0x17d/frame 0xfffffe01030ccc10
_fdrop() at _fdrop+0x1b/frame 0xfffffe01030ccc30
closef() at closef+0x1e3/frame 0xfffffe01030cccc0
fdescfree() at fdescfree+0x41a/frame 0xfffffe01030ccd80
exit1() at exit1+0x4b1/frame 0xfffffe01030ccdf0
sys_exit() at sys_exit+0xd/frame 0xfffffe01030cce00
amd64_syscall() at amd64_syscall+0x138/frame 0xfffffe01030ccf30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe01030ccf30
--- syscall (1, FreeBSD ELF64, exit), rip = 0x2f6f91df251a, rsp = 0x2f6f6517bd28, rbp = 0x2f6f6517bd40 ---
KDB: enter: panic
Uptime: 1d2h13m47s
Dumping 2164 out of 16244 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
57		__asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct pcpu,
(kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
#1  doadump (textdump=textdump@entry=1)
    at /usr/src/sys/kern/kern_shutdown.c:405
#2  0xffffffff80b57f60 in kern_reboot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:526
#3  0xffffffff80b5845f in vpanic (fmt=0xffffffff811a0789 "%s", 
    ap=ap@entry=0xfffffe01030cc9d0) at /usr/src/sys/kern/kern_shutdown.c:970
#4  0xffffffff80b58203 in panic (fmt=<unavailable>)
    at /usr/src/sys/kern/kern_shutdown.c:894
#5  0xffffffff8105dd7c in trap_fatal (frame=0xfffffe01030cca60, eva=0)
    at /usr/src/sys/amd64/amd64/trap.c:952
#6  <signal handler called>
#7  mbufq_drain (mq=<optimized out>) at /usr/src/sys/sys/mbuf.h:1593
#8  imf_purge (imf=imf@entry=0xfffff802b285b500)
    at /usr/src/sys/netinet/in_mcast.c:919
#9  ip_mfilter_free (imf=imf@entry=0xfffff802b285b500)
    at /usr/src/sys/netinet/in_mcast.c:350
#10 0xffffffff80d29455 in inp_freemoptions (imo=0xfffff801efef5640)
    at /usr/src/sys/netinet/in_mcast.c:1610
#11 0xffffffff80c098d7 in sofree (so=0xfffff8040a4643c0)
    at /usr/src/sys/kern/uipc_socket.c:1211
#12 sorele_locked (so=so@entry=0xfffff8040a4643c0)
    at /usr/src/sys/kern/uipc_socket.c:1238
#13 0xffffffff80c0a74d in soclose (so=0xfffff8040a4643c0)
    at /usr/src/sys/kern/uipc_socket.c:1308
#14 0xffffffff80af232b in fo_close (fp=0xfffff803c7dd9d20, td=0x1)
    at /usr/src/sys/sys/file.h:388
#15 _fdrop (fp=fp@entry=0xfffff803c7dd9d20, td=0x1, 
    td@entry=0xfffffe0104a20e40) at /usr/src/sys/kern/kern_descrip.c:3632
#16 0xffffffff80af5b83 in closef (fp=fp@entry=0xfffff803c7dd9d20, 
    td=td@entry=0xfffffe0104a20e40) at /usr/src/sys/kern/kern_descrip.c:2841
#17 0xffffffff80af51ea in fdescfree_fds (td=0xfffffe0104a20e40, 
    fdp=0xfffffe0104d7d920) at /usr/src/sys/kern/kern_descrip.c:2564
#18 fdescfree (td=td@entry=0xfffffe0104a20e40)
    at /usr/src/sys/kern/kern_descrip.c:2607
#19 0xffffffff80b07d81 in exit1 (td=0xfffffe0104a20e40, rval=<optimized out>, 
    signo=signo@entry=0) at /usr/src/sys/kern/kern_exit.c:404
#20 0xffffffff80b078cd in sys_exit (td=0xdeadc0dedeadc0de, 
    uap=<optimized out>) at /usr/src/sys/kern/kern_exit.c:210
#21 0xffffffff8105e748 in syscallenter (td=<optimized out>)
    at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:187
#22 amd64_syscall (td=0xfffffe0104a20e40, traced=0)
    at /usr/src/sys/amd64/amd64/trap.c:1197
#23 <signal handler called>
#24 0x00002f6f91df251a in ?? ()
Backtrace stopped: Cannot access memory at address 0x2f6f6517bd28
(kgdb) 

------------------------------------------------------------------------
ps -axlww
…

Comment 1 Graham Perrin 2023-09-05 15:48:10 UTC

(Editing the subject line, because this report is not yet found via the bug search button at the FreshPorts page.)

Comment 2 Graham Perrin 2023-09-05 15:51:30 UTC

> the bug search button at the FreshPorts page

Sorry, now I see: the preset search criteria include 'Product: Ports & Packages' and 'Component: Individual Port(s)', so a kernel bug should never be found by such searches. 

Need to triage bug 268848, change its product.

Comment 3 Graham Perrin 2023-12-05 06:40:40 UTC

See also: 

<https://codeberg.org/grahamperrin/freebsd-src/issues/2>

> … www/chromium (Chromium): panic: general protection fault with 
> chrome as the current process …

Now, I wonder whether Control-Q (in the summary line here) was truly the key combination that I used on 5th September.