From owner-freebsd-bugs@freebsd.org Fri Sep 7 05:35:09 2018 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D5494FF11BC for ; Fri, 7 Sep 2018 05:35:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 6E0F97B845 for ; Fri, 7 Sep 2018 05:35:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 331C9FF11BB; Fri, 7 Sep 2018 05:35:08 +0000 (UTC) Delivered-To: bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 114DFFF11BA for ; Fri, 7 Sep 2018 05:35:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A5DFB7B83F for ; Fri, 7 Sep 2018 05:35:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id D590169DC for ; Fri, 7 Sep 2018 05:35:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w875Z6sj058214 for ; Fri, 7 Sep 2018 05:35:06 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w875Z6cI058213 for bugs@FreeBSD.org; Fri, 7 Sep 2018 05:35:06 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 231080] callout struture corruption and panic Date: Fri, 07 Sep 2018 05:35:06 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: lstewart@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Sep 2018 05:35:09 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D231080 --- Comment #8 from Lawrence Stewart --- I believe I may have hit this too the other day on a big iron server at $wo= rk running GENERIC-NODEBUG r338290. % sudo kgdb /boot/kernel/kernel /var/crash/vmcore.0 GNU gdb (GDB) 8.1.1 [GDB v8.1.1 for FreeBSD] Copyright (C) 2018 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-portbld-freebsd12.0". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /boot/kernel/kernel...Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug...done. done. Unread portion of the kernel message buffer: kernel trap 9 with interrupts disabled Fatal trap 9: general protection fault while in kernel mode cpuid =3D 0; apic id =3D 00 instruction pointer =3D 0x20:0xffffffff80bd94cf stack pointer =3D 0x28:0xfffffe0075f5a710 frame pointer =3D 0x28:0xfffffe0075f5a780 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D resume, IOPL =3D 0 current process =3D 11 (idle: cpu0) __curthread () at ./machine/pcpu.h:230 230 __asm("movq %%gs:%1,%0" : "=3Dr" (td) (kgdb) bt #0 __curthread () at ./machine/pcpu.h:230 #1 doadump (textdump=3D1979032256) at /usr/src/sys/kern/kern_shutdown.c:366 #2 0xffffffff8043f76c in db_fncall_generic (addr=3D, rv=3D, nargs=3D, args=3D) at /usr/src/sys/ddb/db_command.c:609 #3 db_fncall (dummy1=3D, dummy2=3D, dummy3=3D, dummy4=3D) at /usr/src/sys/ddb/db_command.c:657 #4 0xffffffff8043f2a9 in db_command (last_cmdp=3D, cmd_table=3D, dopager=3D) at /usr/src/sys/ddb/db_command.c:481 #5 0xffffffff8043f024 in db_command_loop () at /usr/src/sys/ddb/db_command.c:534 #6 0xffffffff804422cf in db_trap (type=3D, code=3D) at /usr/src/sys/ddb/db_main.c:252 #7 0xffffffff80c0c443 in kdb_trap (type=3D9, code=3D0, tf=3D) at /usr/src/sys/kern/subr_kdb.c:693 #8 0xffffffff810a34a1 in trap_fatal (frame=3D0xfffffe0075f5a650, eva=3D0) = at /usr/src/sys/amd64/amd64/trap.c:920 #9 0xffffffff810a299d in trap (frame=3D0xfffffe0075f5a650) at /usr/src/sys/amd64/amd64/trap.c:217 #10 #11 0xffffffff80bd94cf in callout_process (now=3D3049912922371841) at /usr/src/sys/kern/kern_timeout.c:510 #12 0xffffffff811d14e8 in handleevents (now=3D3049912922371841, fake=3D0) at /usr/src/sys/kern/kern_clocksource.c:213 #13 0xffffffff811d1b59 in timercb (et=3D0xffffffff81f72fc8 , arg=3D) at /usr/src/sys/kern/kern_clocksource.c:357 #14 0xffffffff81210766 in lapic_handle_timer (frame=3D0xfffffe0075f5a870) at /usr/src/sys/x86/x86/local_apic.c:1308 #15 #16 0xffffffff8046540b in acpi_cpu_idle (sbt=3D) at /usr/src/sys/dev/acpica/acpi_cpu.c:1194 #17 0xffffffff812071af in cpu_idle_acpi (sbt=3D125307191) at /usr/src/sys/x86/x86/cpu_machdep.c:433 #18 0xffffffff81207267 in cpu_idle (busy=3D0) at /usr/src/sys/x86/x86/cpu_machdep.c:581 #19 0xffffffff80bf4005 in sched_idletd (dummy=3D) at /usr/src/sys/kern/sched_ule.c:2829 #20 0xffffffff80b7eb63 in fork_exit (callout=3D0xffffffff80bf3af0 , arg=3D0x0, frame=3D0xfffffe0075f5aac0) at /usr/src/sys/kern/kern_fork.c:1057 #21 (kgdb) frame 11 #11 0xffffffff80bd94cf in callout_process (now=3D3049912922371841) at /usr/src/sys/kern/kern_timeout.c:510 510 LIST_REMOVE(tmp, c_links.le= ); (kgdb) p cc->cc_callwheel[firstb & callwheelmask].lh_first->c_links $4 =3D {le =3D {le_next =3D 0xb805000100000000, le_prev =3D 0x2}, sle =3D {= sle_next =3D 0xb805000100000000}, tqe =3D {tqe_next =3D 0xb805000100000000, tqe_prev =3D= 0x2}} --=20 You are receiving this mail because: You are the assignee for the bug.=