From owner-freebsd-current@freebsd.org Wed Nov 11 01:50:59 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0FDC9A2AA88; Wed, 11 Nov 2015 01:50:59 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from bigwig.baldwin.cx (bigwig.baldwin.cx [IPv6:2001:470:1f11:75::1]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DD18913D1; Wed, 11 Nov 2015 01:50:58 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from ralph.baldwin.cx (c-73-231-226-104.hsd1.ca.comcast.net [73.231.226.104]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id 53660B922; Tue, 10 Nov 2015 20:50:57 -0500 (EST) From: John Baldwin To: Andriy Gapon Cc: freebsd-current@freebsd.org, Hans Petter Selasky , FreeBSD Hackers Subject: Re: strange kernel crash Date: Tue, 10 Nov 2015 10:42:17 -0800 Message-ID: <18887451.3zmRk4crln@ralph.baldwin.cx> User-Agent: KMail/4.14.3 (FreeBSD/10.2-STABLE; KDE/4.14.3; amd64; ; ) In-Reply-To: <5641AF48.1000507@FreeBSD.org> References: <563C8CED.3020101@FreeBSD.org> <2278845.gkxYBUMIWE@ralph.baldwin.cx> <5641AF48.1000507@FreeBSD.org> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (bigwig.baldwin.cx); Tue, 10 Nov 2015 20:50:57 -0500 (EST) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Nov 2015 01:50:59 -0000 On Tuesday, November 10, 2015 10:48:08 AM Andriy Gapon wrote: > On 09/11/2015 22:16, John Baldwin wrote: > > On Friday, November 06, 2015 07:02:59 PM Hans Petter Selasky wrote: > >> On 11/06/15 12:20, Andriy Gapon wrote: > >>> Now the strange part: > >>> > >>> 0xffffffff80619a18 <+744>: jne 0xffffffff80619a61 <__mtx_lock_flags+817> > >>> 0xffffffff80619a1a <+746>: mov %rbx,(%rsp) > >>> => 0xffffffff80619a1e <+750>: movq $0x0,0x18(%rsp) > >>> 0xffffffff80619a27 <+759>: movq $0x0,0x10(%rsp) > >>> 0xffffffff80619a30 <+768>: movq $0x0,0x8(%rsp) > >> > >> Were these instructions dumped from RAM or from the kernel ELF file? > > > > Probably not from RAM. You can use 'info files' in gdb to see what is > > handling the address range in question (core vs executable). x/i in ddb > > would have been the "real" truth. > > Yes, according to the output of files it looks like gdb would read that data > from the text section of the kernel file. > > How about libkvm? Would kvm_read read data from the core file? kvm_read should only access the vmcore, yes. > I've written the following small program (cut down dmesg.c, actually): > https://people.freebsd.org/~avg/vmcore_read.c > > (kgdb) disassemble /r > => 0xffffffff80619a1e <+750>: 48 c7 44 24 18 00 00 00 00 movq > $0x0,0x18(%rsp) > > $ vmcore_read -N /boot/kernel.29/kernel -M /var/crash/vmcore.29 0xffffffff80619a1e 9 > 48 c7 44 24 18 00 00 00 00 > > Seems like the code is intact. > > P.S. > 1. To correct something I said earlier, the fault is #UD, not #GP. > 2. The only "suspicious" activity at the time of the crash was the execution of > a bhyve VM. Was the crash in the guest or the host? UD# seems even more bizarre. -- John Baldwin