From owner-freebsd-bugs@freebsd.org  Wed Sep 13 12:02:19 2017
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6CC77E1DB34
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 13 Sep 2017 12:02:19 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5AB01194C
 for <freebsd-bugs@FreeBSD.org>; Wed, 13 Sep 2017 12:02:19 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v8DC2I92066499
 for <freebsd-bugs@FreeBSD.org>; Wed, 13 Sep 2017 12:02:19 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 222259] 11.1-R crashing in sendfile syscall, as used by a uwsgi
 process
Date: Wed, 13 Sep 2017 12:02:18 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.1-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: Mark.Martinec@ijs.si
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-222259-8-XW2NKrvzl3@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-222259-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-222259-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2017 12:02:19 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222259

--- Comment #4 from Mark.Martinec@ijs.si ---
> Rebuilding kernel now with  "makeoptions DEBUG=3D-g" ...

Looks like an improvement. Tonight there were four more crashes like this.

# ll /boot/kernel/kernel /var/crash/vmcore.8
-r-xr-xr-x  1 root  wheel    26852240 Sep 13 00:26 /boot/kernel/kernel
-rw-------  1 root  wheel  1039286272 Sep 13 08:00 /var/crash/vmcore.8

# kgdb /boot/kernel/kernel /var/crash/vmcore.8=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
GNU gdb (GDB) 8.0 [GDB v8.0 for FreeBSD]
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.htm=
l>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd11.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /boot/kernel/kernel...Reading symbols from
/usr/lib/debug//boot/kernel/kernel.debug...done.
done.

Unread portion of the kernel message buffer:
[15738]=20
[15738]=20
[15738] Fatal trap 12: page fault while in kernel mode
[15738] cpuid =3D 1; apic id =3D 01
[15738] fault virtual address   =3D 0xe8
[15738] fault code              =3D supervisor write data, page not present
[15738] instruction pointer     =3D 0x20:0xffffffff80afefb2
[15738] stack pointer           =3D 0x28:0xfffffe02391355a0
[15738] frame pointer           =3D 0x28:0xfffffe02391355e0
[15738] code segment            =3D base 0x0, limit 0xfffff, type 0x1b
[15738]                         =3D DPL 0, pres 1, long 1, def32 0, gran 1
[15738] processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
[15738] current process         =3D 90843 (uwsgi)
[15738] trap number             =3D 12
[15738] panic: page fault
[15738] cpuid =3D 1
[15738] KDB: stack backtrace:
[15738] #0 0xffffffff80aada97 at kdb_backtrace+0x67
[15738] #1 0xffffffff80a6bb76 at vpanic+0x186
[15738] #2 0xffffffff80a6b9e3 at panic+0x43
[15738] #3 0xffffffff80edf832 at trap_fatal+0x322
[15738] #4 0xffffffff80edf889 at trap_pfault+0x49
[15738] #5 0xffffffff80edf0c6 at trap+0x286
[15738] #6 0xffffffff80ec3641 at calltrap+0x8
[15738] #7 0xffffffff80a6a2af at sendfile_iodone+0xbf
[15738] #8 0xffffffff80a69eae at vn_sendfile+0x124e
[15738] #9 0xffffffff80a6a4dd at sendfile+0x13d
[15738] #10 0xffffffff80ee0394 at amd64_syscall+0x6c4
[15738] #11 0xffffffff80ec392b at Xfast_syscall+0xfb
[15738] Uptime: 4h22m18s
[15738] Dumping 991 out of 8129
MB:..2%..12%..21%..31%..41%..51%..62%..72%..81%..91%

__curthread () at ./machine/pcpu.h:222
222             __asm("movq %%gs:%1,%0" : "=3Dr" (td)


(kgdb) bt

#0  __curthread () at ./machine/pcpu.h:222
#1  doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown=
.c:298
#2  0xffffffff80a6b6f1 in kern_reboot (howto=3D260) at
/usr/src/sys/kern/kern_shutdown.c:366
#3  0xffffffff80a6bbb0 in vpanic (fmt=3D<optimized out>, ap=3D0xfffffe02391=
35240)
at /usr/src/sys/kern/kern_shutdown.c:759
#4  0xffffffff80a6b9e3 in panic (fmt=3D<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:690
#5  0xffffffff80edf832 in trap_fatal (frame=3D0xfffffe02391354e0, eva=3D232=
) at
/usr/src/sys/amd64/amd64/trap.c:801
#6  0xffffffff80edf889 in trap_pfault (frame=3D0xfffffe02391354e0, usermode=
=3D0) at
/usr/src/sys/amd64/amd64/trap.c:655
#7  0xffffffff80edf0c6 in trap (frame=3D0xfffffe02391354e0) at
/usr/src/sys/amd64/amd64/trap.c:421
#8  <signal handler called>
#9  0xffffffff80afefb2 in atomic_fcmpset_long (dst=3D0xe8, expect=3D<optimi=
zed
out>, src=3D<optimized out>) at ./machine/atomic.h:224
#10 uipc_ready (so=3D<optimized out>, m=3D0xfffff80014fb8800, count=3D4) at
/usr/src/sys/kern/uipc_usrreq.c:1075
#11 0xffffffff80a6a2af in sendfile_iodone (arg=3D0xfffff800344f5c00,
pg=3D<optimized out>, count=3D<optimized out>, error=3D0)
    at /usr/src/sys/kern/kern_sendfile.c:293
#12 0xffffffff80a69eae in vn_sendfile (fp=3D<optimized out>, sockfd=3D<opti=
mized
out>, hdr_uio=3D0x0, trl_uio=3D<optimized out>, offset=3D<optimized out>,
    nbytes=3D<optimized out>, sent=3D<optimized out>, flags=3D<optimized ou=
t>,
td=3D<optimized out>) at /usr/src/sys/kern/kern_sendfile.c:851
#13 0xffffffff80a6a4dd in fo_sendfile (fp=3D0xffffffff81d1d388
<unp_link_rwlock+24>, sockfd=3D88170496, hdr_uio=3D0x1, trl_uio=3D0x1, offs=
et=3D0,
    nbytes=3D18446735281999667200, sent=3D0x1fffffff8, flags=3D4,
td=3D0xfffff80105416000) at /usr/src/sys/sys/file.h:378
#14 sendfile (td=3D0xfffff80105416000, uap=3D0xfffffe0239135a30, compat=3D0=
) at
/usr/src/sys/kern/kern_sendfile.c:977
#15 0xffffffff80ee0394 in syscallenter (td=3D<optimized out>, sa=3D<optimiz=
ed out>)
at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
#16 amd64_syscall (td=3D0xfffff80105416000, traced=3D0) at
/usr/src/sys/amd64/amd64/trap.c:902
#17 <signal handler called>
#18 0x000000080221761a in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffffffc868

--=20
You are receiving this mail because:
You are the assignee for the bug.=