search

FreeBSDDesktop / DEPRECATED-freebsd-base-graphics

Fork of FreeBSD's base repository to work on graphics-stack-related projects
Other
49 stars 13 forks source link

[intel] kernel panic, SNA? #140

Closed kwm81 closed 7 years ago

kwm81 commented 7 years ago

So after running stock HEAD for a while I finaly have time to checkout drm-next again. Then I ran into this gem.

FreeBSD crashalot 12.0-CURRENT FreeBSD 12.0-CURRENT #8 bedc15ffb71(drm-next) This is a Sandybridge Laptop, running a almost stock GNOME 3 desktop. The intel xorg ddx is configured to use SNA. Normal use consisting of gnome-terminal, gedit and epiphany.

Fatal trap 12: page fault while in kernel mode cpuid = 6; apic id = 06 fault virtual address = 0x8 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80ab383f stack pointer = 0x28:0xfffffe033ffa0310 frame pointer = 0x28:0xfffffe033ffa0390 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 1 (init) trap number = 12 vt_kms_postswitch() at vt_kms_postswitch+0x52/frame 0xfffffe033ff9fe70 vt_window_switch() at vt_window_switch+0xdb/frame 0xfffffe033ff9feb0 vtterm_cngrab() at vtterm_cngrab+0x20/frame 0xfffffe033ff9fed0 cngrab() at cngrab+0x42/frame 0xfffffe033ff9fef0 vpanic() at vpanic+0x10a/frame 0xfffffe033ff9ff70 panic() at panic+0x43/frame 0xfffffe033ff9ffd0 trap_fatal() at trap_fatal+0x322/frame 0xfffffe033ffa0020 trap_pfault() at trap_pfault+0x62/frame 0xfffffe033ffa0080 trap() at trap+0x29e/frame 0xfffffe033ffa0240 calltrap() at calltrap+0x8/frame 0xfffffe033ffa0240 --- trap 0xc, rip = 0xffffffff80ab383f, rsp = 0xfffffe033ffa0310, rbp = 0xfffffe033ffa0390 --- witness_checkorder() at witness_checkorder+0x6f/frame 0xfffffe033ffa0390 init:100002 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 init:100002 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 init:100002 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 init:100002 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 init:100002 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 init:100002 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 init:100002 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 init:100002 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 init:100002 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 init:100002 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 init:100002 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 init:100002 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 init:100002 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 init:100002 WARNING !mutex_is_locked(&mode_config->mutex) && !drm_modeset_is_locked(&mode_config->connection_mutex) failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/compat/linuxkpi/common/include/drm/drm_crtc.h:1403 init:100002 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:909 init:100002 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 init:100002 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:909 init:100002 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 init:100002 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 init:100002 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 init:100002 WARNING !mutex_is_locked(&mode_config->mutex) && !drm_modeset_is_locked(&mode_config->connection_mutex) failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/compat/linuxkpi/common/include/drm/drm_crtc.h:1403 init:100002 WARNING !mutex_is_locked(&mode_config->mutex) && !drm_modeset_is_locked(&mode_config->connection_mutex) failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/compat/linuxkpi/common/include/drm/drm_crtc.h:1403 WARN_ON(!mutex_is_locked(&dev->struct_mutex))pipe A vblank wait timed out WARN_ON(!mutex_is_locked(&fbc->lock))WARN_ON(!mutex_is_locked(&fbc->lock))WARN_ON(!mutex_is_locked(&obj->base.dev->struct_mutex))WARN_ON(!mutex_is_locked(&obj->base.dev->struct_mutex)) init:100002 WARNING !mutex_is_locked(&obj->dev->struct_mutex) failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_gem.c:854 panic: page fault cpuid = 6 time = 1492852418 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe033ff9fef0 vpanic() at vpanic+0x19c/frame 0xfffffe033ff9ff70 panic() at panic+0x43/frame 0xfffffe033ff9ffd0 trap_fatal() at trap_fatal+0x322/frame 0xfffffe033ffa0020 trap_pfault() at trap_pfault+0x62/frame 0xfffffe033ffa0080 trap() at trap+0x29e/frame 0xfffffe033ffa0240 calltrap() at calltrap+0x8/frame 0xfffffe033ffa0240 --- trap 0xc, rip = 0xffffffff80ab383f, rsp = 0xfffffe033ffa0310, rbp = 0xfffffe033ffa0390 --- witness_checkorder() at witness_checkorder+0x6f/frame 0xfffffe033ffa0390 _sx_xlock() at _sx_xlock+0x5e/frame 0xfffffe033ffa03d0 linux_cdev_pager_dtor() at linux_cdev_pager_dtor+0xc2/frame 0xfffffe033ffa03f0 dev_pager_dealloc() at dev_pager_dealloc+0x33/frame 0xfffffe033ffa0410 vm_object_terminate() at vm_object_terminate+0x24e/frame 0xfffffe033ffa0450 vm_object_deallocate() at vm_object_deallocate+0x2d9/frame 0xfffffe033ffa04c0 vm_map_process_deferred() at vm_map_process_deferred+0x89/frame 0xfffffe033ffa04f0 vm_map_remove() at vm_map_remove+0xc8/frame 0xfffffe033ffa0520 vmspace_free() at vmspace_free+0x51/frame 0xfffffe033ffa0540 linux_free_current() at linux_free_current+0x5e/frame 0xfffffe033ffa0560 proc_dtor() at proc_dtor+0xf0/frame 0xfffffe033ffa05b0 uma_zfree_arg() at uma_zfree_arg+0x80/frame 0xfffffe033ffa0600 proc_reap() at proc_reap+0x437/frame 0xfffffe033ffa0640 proc_to_reap() at proc_to_reap+0x36c/frame 0xfffffe033ffa0690 kern_wait6() at kern_wait6+0x2cd/frame 0xfffffe033ffa0740 sys_wait4() at sys_wait4+0x78/frame 0xfffffe033ffa0930 amd64_syscall() at amd64_syscall+0x57a/frame 0xfffffe033ffa0ab0 Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe033ffa0ab0 --- syscall (7, FreeBSD ELF64, sys_wait4), rip = 0x41e57a, rsp = 0x7fffffffe818, rbp = 0x7fffffffe880 --- Uptime: 14h53m55s Dumping 2697 out of 8068 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

markjdb commented 7 years ago

Is this reproducible?

The crashing process is init; it was reaping another process and was attempting to free its vmspace. We hit a panic in witness, which is a bit odd: the mm rwsem is flagged NOWITNESS. I'm guessing that the process' mm had already been freed.

markjdb commented 7 years ago

Briefly looking at the code, I think each vm area should take a reference on current->mm in linux_dev_mmap_single() (or perhaps in the cdev object ctor). Right now, the only references are held by threads, but at the point of the crash all of the threads belonging to the process have been destroyed. @hselasky any thoughts?

hselasky commented 7 years ago

Hi @markjdb ,

The current design assumes that the cdev_pager_dtor() is called from on of the threads belonging to the procedure creating the vm_mm . If that is not the case - adding a reference is the right thing to do. I'm not sure where to add the reference. Are we certain that pager_ctor() is called the same amount of times that pager_dtor() is called?

--HPS

kwm81 commented 7 years ago

It is not really triggerable I think. But it seems that it panics when I'm doing something with epiphany (GNOME's webkit based browser). For example I had 3 or so panics yesterday, but no (yet) today.

hselasky commented 7 years ago

Hi @kwm81

I think this might be a sleepable lock after non-sleepable issue.

Could you do:

gdb file /boot/kernel/kernel info line *(witness_checkorder+0x6f)

--HPS

hselasky commented 7 years ago

Hi @markjdb

I see that the init process uses the system map, which basically means vm_map_lock() does a mtx_lock() / mtx_unlock() sequence. This will of course trigger witness, because this lock is held by vm_map_remove() across the linux cdev pager dtor.

--HPS

hselasky commented 7 years ago

Hi @kwm81

Some further analysis reveals that you might have a double panic. I.E. there is a NULL pointer first at address 0x6 and then the panic tries to switch video mode and that fails too causing the second panic.

Could you also do:

gdb file /boot/kernel/kernel info line *(0xffffffff80ab383f)

--HPS

markjdb commented 7 years ago

Hi Hans,

I don't think init's use of a system map should matter here - we should be locking the zombie's map, not init's, right? I wonder if we should instead drop the vmspace ref from the process_exit eventhandler rather than from the thread_dtor. The eventhandler is called first, so vmspace_exit() will release the last reference and free the vmspace (and thus the cdev objects). I still don't understand the root cause of the panic though.

hselasky commented 7 years ago

I've asked @kwm81 to try to reproduce the issue. So far no luck. Let's see if we can track this down the one way or the other.

kwm81 commented 7 years ago

I think I can reproduce this now 100%, by filing a comment in phabricator from epiphany. That is until someone adds a comment to the review I think.... Please let me know the gdb foo to run to get more info!

Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0x8 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80ab383f stack pointer = 0x0:0xfffffe034def45f0 frame pointer = 0x0:0xfffffe034def4670 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 20930 (WebKitWebProcess) trap number = 12 vt_kms_postswitch() at vt_kms_postswitch+0x52/frame 0xfffffe034def4150 vt_window_switch() at vt_window_switch+0xdb/frame 0xfffffe034def4190 vtterm_cngrab() at vtterm_cngrab+0x20/frame 0xfffffe034def41b0 cngrab() at cngrab+0x42/frame 0xfffffe034def41d0 vpanic() at vpanic+0x10a/frame 0xfffffe034def4250 panic() at panic+0x43/frame 0xfffffe034def42b0 trap_fatal() at trap_fatal+0x322/frame 0xfffffe034def4300 trap_pfault() at trap_pfault+0x62/frame 0xfffffe034def4360 trap() at trap+0x29e/frame 0xfffffe034def4520 calltrap() at calltrap+0x8/frame 0xfffffe034def4520 --- trap 0xc, rip = 0xffffffff80ab383f, rsp = 0xfffffe034def45f0, rbp = 0xfffffe034def4670 --- witness_checkorder() at witness_checkorder+0x6f/frame 0xfffffe034def4670 WebKitWebProcess:100681 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 WebKitWebProcess:100681 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 WebKitWebProcess:100681 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 WebKitWebProcess:100681 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 WebKitWebProcess:100681 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 WebKitWebProcess:100681 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 WebKitWebProcess:100681 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 WebKitWebProcess:100681 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 WebKitWebProcess:100681 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 WebKitWebProcess:100681 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 WebKitWebProcess:100681 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 WebKitWebProcess:100681 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 WebKitWebProcess:100681 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 WebKitWebProcess:100681 WARNING !mutex_is_locked(&mode_config->mutex) && !drm_modeset_is_locked(&mode_config->connection_mutex) failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/compat/linuxkpi/common/include/drm/drm_crtc.h:1403 WebKitWebProcess:100681 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:909 WebKitWebProcess:100681 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 WebKitWebProcess:100681 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:909 WebKitWebProcess:100681 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 WebKitWebProcess:100681 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 WebKitWebProcess:100681 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 WebKitWebProcess:100681 WARNING !mutex_is_locked(&mode_config->mutex) && !drm_modeset_is_locked(&mode_config->connection_mutex) failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/compat/linuxkpi/common/include/drm/drm_crtc.h:1403 WebKitWebProcess:100681 WARNING !mutex_is_locked(&mode_config->mutex) && !drm_modeset_is_locked(&mode_config->connection_mutex) failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/compat/linuxkpi/common/include/drm/drm_crtc.h:1403 WARN_ON(!mutex_is_locked(&dev->struct_mutex))pipe A vblank wait timed out WARN_ON(!mutex_is_locked(&fbc->lock))WARN_ON(!mutex_is_locked(&fbc->lock))WARN_ON(!mutex_is_locked(&obj->base.dev->struct_mutex))WARN_ON(!mutex_is_locked(&obj->base.dev->struct_mutex)) WebKitWebProcess:100681 WARNING !mutex_is_locked(&obj->dev->struct_mutex) failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_gem.c:854 panic: page fault cpuid = 1 time = 1493890929 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe034def41d0 vpanic() at vpanic+0x19c/frame 0xfffffe034def4250 panic() at panic+0x43/frame 0xfffffe034def42b0 trap_fatal() at trap_fatal+0x322/frame 0xfffffe034def4300 trap_pfault() at trap_pfault+0x62/frame 0xfffffe034def4360 trap() at trap+0x29e/frame 0xfffffe034def4520 calltrap() at calltrap+0x8/frame 0xfffffe034def4520 --- trap 0xc, rip = 0xffffffff80ab383f, rsp = 0xfffffe034def45f0, rbp = 0xfffffe034def4670 --- witness_checkorder() at witness_checkorder+0x6f/frame 0xfffffe034def4670 _sx_xlock() at _sx_xlock+0x5e/frame 0xfffffe034def46b0 linux_cdev_pager_populate() at linux_cdev_pager_populate+0x140/frame 0xfffffe034def4720 vm_fault_hold() at vm_fault_hold+0x68b/frame 0xfffffe034def4850 vm_fault() at vm_fault+0x75/frame 0xfffffe034def4890 trap_pfault() at trap_pfault+0xff/frame 0xfffffe034def48f0 trap() at trap+0x348/frame 0xfffffe034def4ab0 calltrap() at calltrap+0x8/frame 0xfffffe034def4ab0 --- trap 0xc, rip = 0x82471002b, rsp = 0x7fffdcbe3160, rbp = 0x7fffdcbe31a0 --- Uptime: 23h38m34s Dumping 2849 out of 8068 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

Fatal trap 12: page fault while in kernel mode cpuid = 7; apic id = 07 fault virtual address = 0x8 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80ab383f stack pointer = 0x0:0xfffffe034d5cd5f0 frame pointer = 0x0:0xfffffe034d5cd670 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 1464 (WebKitWebProcess) trap number = 12 vt_kms_postswitch() at vt_kms_postswitch+0x52/frame 0xfffffe034d5cd150 vt_window_switch() at vt_window_switch+0xdb/frame 0xfffffe034d5cd190 vtterm_cngrab() at vtterm_cngrab+0x20/frame 0xfffffe034d5cd1b0 cngrab() at cngrab+0x42/frame 0xfffffe034d5cd1d0 vpanic() at vpanic+0x10a/frame 0xfffffe034d5cd250 panic() at panic+0x43/frame 0xfffffe034d5cd2b0 trap_fatal() at trap_fatal+0x322/frame 0xfffffe034d5cd300 trap_pfault() at trap_pfault+0x62/frame 0xfffffe034d5cd360 trap() at trap+0x29e/frame 0xfffffe034d5cd520 calltrap() at calltrap+0x8/frame 0xfffffe034d5cd520 --- trap 0xc, rip = 0xffffffff80ab383f, rsp = 0xfffffe034d5cd5f0, rbp = 0xfffffe034d5cd670 --- witness_checkorder() at witness_checkorder+0x6f/frame 0xfffffe034d5cd670 WebKitWebProcess:102390 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 WebKitWebProcess:102390 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 WebKitWebProcess:102390 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 WebKitWebProcess:102390 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 WebKitWebProcess:102390 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 WebKitWebProcess:102390 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 WebKitWebProcess:102390 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 WebKitWebProcess:102390 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 WebKitWebProcess:102390 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 WebKitWebProcess:102390 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 WebKitWebProcess:102390 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 WebKitWebProcess:102390 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 WebKitWebProcess:102390 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 WebKitWebProcess:102390 WARNING !mutex_is_locked(&mode_config->mutex) && !drm_modeset_is_locked(&mode_config->connection_mutex) failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/compat/linuxkpi/common/include/drm/drm_crtc.h:1403 WebKitWebProcess:102390 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:909 WebKitWebProcess:102390 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 WebKitWebProcess:102390 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:909 WebKitWebProcess:102390 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 WebKitWebProcess:102390 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:270 WebKitWebProcess:102390 WARNING !state->acquire_ctx failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_atomic.c:634 WebKitWebProcess:102390 WARNING !mutex_is_locked(&mode_config->mutex) && !drm_modeset_is_locked(&mode_config->connection_mutex) failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/compat/linuxkpi/common/include/drm/drm_crtc.h:1403 WebKitWebProcess:102390 WARNING !mutex_is_locked(&mode_config->mutex) && !drm_modeset_is_locked(&mode_config->connection_mutex) failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/compat/linuxkpi/common/include/drm/drm_crtc.h:1403 WARN_ON(!mutex_is_locked(&dev->struct_mutex))pipe A vblank wait timed out WARN_ON(!mutex_is_locked(&fbc->lock))WARN_ON(!mutex_is_locked(&fbc->lock))WARN_ON(!mutex_is_locked(&obj->base.dev->struct_mutex))WARN_ON(!mutex_is_locked(&obj->base.dev->struct_mutex)) WebKitWebProcess:102390 WARNING !mutex_is_locked(&obj->dev->struct_mutex) failed at /home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/dev/drm/drm_gem.c:854 panic: page fault cpuid = 7 time = 1493891643 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe034d5cd1d0 vpanic() at vpanic+0x19c/frame 0xfffffe034d5cd250 panic() at panic+0x43/frame 0xfffffe034d5cd2b0 trap_fatal() at trap_fatal+0x322/frame 0xfffffe034d5cd300 trap_pfault() at trap_pfault+0x62/frame 0xfffffe034d5cd360 trap() at trap+0x29e/frame 0xfffffe034d5cd520 calltrap() at calltrap+0x8/frame 0xfffffe034d5cd520 --- trap 0xc, rip = 0xffffffff80ab383f, rsp = 0xfffffe034d5cd5f0, rbp = 0xfffffe034d5cd670 --- witness_checkorder() at witness_checkorder+0x6f/frame 0xfffffe034d5cd670 _sx_xlock() at _sx_xlock+0x5e/frame 0xfffffe034d5cd6b0 linux_cdev_pager_populate() at linux_cdev_pager_populate+0x140/frame 0xfffffe034d5cd720 vm_fault_hold() at vm_fault_hold+0x68b/frame 0xfffffe034d5cd850 vm_fault() at vm_fault+0x75/frame 0xfffffe034d5cd890 trap_pfault() at trap_pfault+0xff/frame 0xfffffe034d5cd8f0 trap() at trap+0x348/frame 0xfffffe034d5cdab0 calltrap() at calltrap+0x8/frame 0xfffffe034d5cdab0 --- trap 0xc, rip = 0x821d1002b, rsp = 0x7fffdc9e21b0, rbp = 0x7fffdc9e21f0 --- Uptime: 10m16s Dumping 1057 out of 8068 MB:..2%..11%..22%..31%..41%..52%..61%..72%..81%..91%

kwm81 commented 7 years ago

To be specific the two panics above happen when I press the submit button while adding a comment with a code comment in a phab.f.o review.

hselasky commented 7 years ago

Can you open up the kernel using GDB and type:

info line *(linux_cdev_pager_populate+0x140)

--HPS

kwm81 commented 7 years ago

Probably me doing something wrong but I have no idea why this doesn't work anymore. I suspect that it doesn't load the modules?

root@crashalot:~ # gdb /boot/kernel/kernel Reading symbols from /boot/kernel/kernel...(no debugging symbols found)...done. (gdb) info line *(linux_cdev_pager_populate+0x140) No symbol table is loaded. Use the "file" command.

gdb /usr/lib/debug/boot/kernel/kernel.debug

Reading symbols from /usr/lib/debug/boot/kernel/kernel.debug...done. (gdb) info line *(linux_cdev_pager_populate+0x140) No symbol "linux_cdev_pager_populate" in current context.

hselasky commented 7 years ago

You'll need to load /boot/kernel/linuxkpi.ko aswell.

kwm81 commented 7 years ago

(gdb) add-symbol-file /usr/lib/debug/boot/kernel/linuxkpi.ko.debug 0 add symbol table from file "/usr/lib/debug/boot/kernel/linuxkpi.ko.debug" at .text_addr = 0x0 (y or n) y Reading symbols from /usr/lib/debug/boot/kernel/linuxkpi.ko.debug...done. (gdb) info line *(linux_cdev_pager_populate+0x140) Line 514 of "/home/kwm/sources/freebsd/drm-freebsd-base-graphics/sys/compat/linuxkpi/common/src/linux_compat.c" starts at address 0x3e50 <linux_cdev_pager_populate+320> and ends at 0x3e59 <linux_cdev_pager_populate+329>.

hselasky commented 7 years ago

Can you try this patch: linuxkpi.txt

kwm81 commented 7 years ago

with the patch, submit a comment in phabricator works. And killing epiphany does not panic the box anymore. I will keep testing the patch and report back if there are any more issues, or if a reasonable time has passed, but it looks good sofar.

hselasky commented 7 years ago

Thank you for testing. Patch is now pushed to drm-next.