From owner-freebsd-current@freebsd.org Wed Oct 28 17:32:24 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5A632A1ED25 for ; Wed, 28 Oct 2015 17:32:24 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 01C0317E2; Wed, 28 Oct 2015 17:32:23 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.15.2/8.15.2) with ESMTPS id t9SHWIjT066362 (version=TLSv1 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Wed, 28 Oct 2015 19:32:18 +0200 (EET) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua t9SHWIjT066362 Received: (from kostik@localhost) by tom.home (8.15.2/8.15.2/Submit) id t9SHWIM9066361; Wed, 28 Oct 2015 19:32:18 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Wed, 28 Oct 2015 19:32:18 +0200 From: Konstantin Belousov To: Don Lewis Cc: freebsd-current@FreeBSD.org Subject: Re: 11.0-CURRENT r290039 privileged instruction fault while in kernel mode Message-ID: <20151028173218.GN2257@kib.kiev.ua> References: <20151028095326.GD2257@kib.kiev.ua> <201510281716.t9SHGCdJ021372@gw.catspoiler.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201510281716.t9SHGCdJ021372@gw.catspoiler.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tom.home X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2015 17:32:24 -0000 On Wed, Oct 28, 2015 at 10:16:12AM -0700, Don Lewis wrote: > On 28 Oct, Konstantin Belousov wrote: > > On Tue, Oct 27, 2015 at 04:09:28PM -0700, Don Lewis wrote: > >> I just got this crash while running poudriere on a freshly upgraded > >> 11.0-CURRENT machine. The instruction pointer value looks pretty > >> strange. > >> > >> > >> FreeBSD zipper.catspoiler.org 11.0-CURRENT FreeBSD 11.0-CURRENT #30 r290039: Tue Oct 27 00:08:00 PDT 2015 dl@zipper.catspoiler.org:/usr/obj/usr/src/sys/GENERIC amd64 > >> > >> panic: > >> > >> GNU gdb 6.1.1 [FreeBSD] > >> Copyright 2004 Free Software Foundation, Inc. > >> GDB is free software, covered by the GNU General Public License, and you are > >> welcome to change it and/or distribute copies of it under certain conditions. > >> Type "show copying" to see the conditions. > >> There is absolutely no warranty for GDB. Type "show warranty" for details. > >> This GDB was configured as "amd64-marcel-freebsd"... > >> > >> Unread portion of the kernel message buffer: > >> > >> > >> Fatal trap 1: privileged instruction fault while in kernel mode > >> cpuid = 4; apic id = 14 > >> instruction pointer = 0x20:0xffffffff8240fef5 > > What is the instruction at the reported address ? > > (kgdb) disassemble/r > Dump of assembler code for function cpu_lock: > 0xffffffff8240fef0 <+0>: 25 bb 40 82 ff and $0xff8240bb,%eax > => 0xffffffff8240fef5 <+5>: ff (bad) > 0xffffffff8240fef6 <+6>: ff (bad) > 0xffffffff8240fef7 <+7>: ff 00 incl (%rax) > 0xffffffff8240fef9 <+9>: 00 71 02 add %dh,0x2(%rcx) > 0xffffffff8240fefc <+12>: 00 00 add %al,(%rax) > 0xffffffff8240fefe <+14>: 00 00 add %al,(%rax) > 0xffffffff8240ff00 <+16>: 00 00 add %al,(%rax) > 0xffffffff8240ff02 <+18>: 00 00 add %al,(%rax) > 0xffffffff8240ff04 <+20>: 00 00 add %al,(%rax) > 0xffffffff8240ff06 <+22>: 00 00 add %al,(%rax) > 0xffffffff8240ff08 <+24>: 01 00 add %eax,(%rax) > 0xffffffff8240ff0a <+26>: 00 00 add %al,(%rax) > 0xffffffff8240ff0c <+28>: 00 00 add %al,(%rax) > 0xffffffff8240ff0e <+30>: 00 00 add %al,(%rax) > End of assembler dump. Oh, I see. cpu_lock is mutex, dump above demonstrates is cleanly. Most likely, something overwrote some pointer to a function with the address. You probably have to bisect.