From owner-freebsd-bugs@freebsd.org  Sat Aug 12 12:03:27 2017
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 107ACDD1F39
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 12 Aug 2017 12:03:27 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id F22548373A
 for <freebsd-bugs@FreeBSD.org>; Sat, 12 Aug 2017 12:03:26 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v7CC3Omg049942
 for <freebsd-bugs@FreeBSD.org>; Sat, 12 Aug 2017 12:03:26 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 213903] Kernel crashes from turnstile_broadcast
 (/usr/src/sys/kern/subr_turnstile.c:837)
Date: Sat, 12 Aug 2017 12:03:24 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: crash, needs-qa, patch
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: muxx.dev@gmail.com
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: mjg@FreeBSD.org
X-Bugzilla-Flags: mfc-stable10+ mfc-stable11+
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-213903-8-C4KD2aRgxc@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-213903-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-213903-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Aug 2017 12:03:27 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D213903

muxx.dev@gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |muxx.dev@gmail.com

--- Comment #54 from muxx.dev@gmail.com ---
I can confirm the same crash on FreeBSD 11.0-RELEASE-p1 (GENERIC) on the
following hardware:

Aug 12 11:57:04 gw kernel: CPU: Intel(R) Celeron(R) CPU  J1900  @ 1.99GHz
(2000.05-MHz K8-class CPU)
Aug 12 11:57:04 gw kernel: Origin=3D"GenuineIntel"  Id=3D0x30678  Family=3D=
0x6=20
Model=3D0x37  Stepping=3D8
Aug 12 11:57:04 gw kernel:
Features=3D0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,=
MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Aug 12 11:57:04 gw kernel:
Features2=3D0x41d8e3bf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,C=
X16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,TSCDLT,RDRAND>
Aug 12 11:57:04 gw kernel: AMD Features=3D0x28100800<SYSCALL,NX,RDTSCP,LM>
Aug 12 11:57:04 gw kernel: AMD Features2=3D0x101<LAHF,Prefetch>
Aug 12 11:57:04 gw kernel: Structured Extended
Features=3D0x2282<TSCADJ,SMEP,ERMS,NFPUSG>
Aug 12 11:57:04 gw kernel: VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID
Aug 12 11:57:04 gw kernel: TSC: P-state invariant, performance statistics
Aug 12 11:57:04 gw kernel: real memory  =3D 8589934592 (8192 MB)
Aug 12 11:57:04 gw kernel: avail memory =3D 8137785344 (7760 MB)
Aug 12 11:57:04 gw kernel: Event timer "LAPIC" quality 600
Aug 12 11:57:04 gw kernel: ACPI APIC Table: <ALASKA A M I >
Aug 12 11:57:04 gw kernel: WARNING: L1 data cache covers less APIC IDs than=
 a
core
Aug 12 11:57:04 gw kernel: 0 < 1
Aug 12 11:57:04 gw kernel: FreeBSD/SMP: Multiprocessor System Detected: 4 C=
PUs
Aug 12 11:57:04 gw kernel: FreeBSD/SMP: 1 package(s) x 4 core(s)
Aug 12 11:57:04 gw kernel: random: unblocking device.
Aug 12 11:57:04 gw kernel: ACPI BIOS Warning (bug): 32/64X length mismatch =
in
FADT/Gpe0Block: 128/32 (20160527/tbfadt-650)
Aug 12 11:57:04 gw kernel: WARNING: Bogus Interrupt Polarity. Assume CONFOR=
MS

more information from /var/log/messages and kgdb:

Aug 12 11:57:04 gw kernel: Fatal trap 12: page fault while in kernel mode
Aug 12 11:57:04 gw kernel: cpuid =3D 1; apic id =3D 02
Aug 12 11:57:04 gw kernel: fault virtual address        =3D 0x30
Aug 12 11:57:04 gw kernel: fault code           =3D supervisor read data, p=
age
not present
Aug 12 11:57:04 gw kernel: instruction pointer  =3D 0x20:0xffffffff80b3a89c
Aug 12 11:57:04 gw kernel: stack pointer                =3D
0x28:0xfffffe0232609440
Aug 12 11:57:04 gw kernel: frame pointer                =3D
0x28:0xfffffe0232609470
Aug 12 11:57:04 gw kernel: code segment         =3D base 0x0, limit 0xfffff=
, type
0x1b
Aug 12 11:57:04 gw kernel: =3D DPL 0, pres 1, long 1, def32 0, gran 1
Aug 12 11:57:04 gw kernel: processor eflags     =3D resume, IOPL =3D 0
Aug 12 11:57:04 gw kernel: current process              =3D 18204 (telegraf)
Aug 12 11:57:04 gw kernel: trap number          =3D 12
Aug 12 11:57:04 gw kernel: panic: page fault
Aug 12 11:57:04 gw kernel: cpuid =3D 1
Aug 12 11:57:04 gw kernel: KDB: stack backtrace:
Aug 12 11:57:04 gw kernel: #0 0xffffffff80b24077 at kdb_backtrace+0x67
Aug 12 11:57:04 gw kernel: #1 0xffffffff80ad93e2 at vpanic+0x182
Aug 12 11:57:04 gw kernel: #2 0xffffffff80ad9253 at panic+0x43
Aug 12 11:57:04 gw kernel: #3 0xffffffff80fa0d31 at trap_fatal+0x351
Aug 12 11:57:04 gw kernel: #4 0xffffffff80fa0f23 at trap_pfault+0x1e3
Aug 12 11:57:04 gw kernel: #5 0xffffffff80fa04cc at trap+0x26c
Aug 12 11:57:04 gw kernel: #6 0xffffffff80f84141 at calltrap+0x8
Aug 12 11:57:04 gw kernel: #7 0xffffffff80ad48cf at __rw_wunlock_hard+0x8f
Aug 12 11:57:04 gw kernel: #8 0xffffffff80e1a75c at vm_map_delete+0x3dc
Aug 12 11:57:04 gw kernel: #9 0xffffffff80e1c5f7 at vm_map_remove+0x47
Aug 12 11:57:04 gw kernel: #10 0xffffffff80a86c7f at exec_new_vmspace+0x22f
Aug 12 11:57:04 gw kernel: #11 0xffffffff80a5bfe8 at exec_elf64_imgact+0xa58
Aug 12 11:57:04 gw kernel: #12 0xffffffff80a84d4d at kern_execve+0x7dd
Aug 12 11:57:04 gw kernel: #13 0xffffffff80a841dc at sys_execve+0x4c
Aug 12 11:57:04 gw kernel: #14 0xffffffff80fa168e at amd64_syscall+0x4ce
Aug 12 11:57:04 gw kernel: #15 0xffffffff80f8442b at Xfast_syscall+0xfb

...

(kgdb) list *0xffffffff80b3a89c
0xffffffff80b3a89c is in turnstile_broadcast
(/usr/src/sys/kern/subr_turnstile.c:837).
832
833             /*
834              * Transfer the blocked list to the pending list.
835              */
836             mtx_lock_spin(&td_contested_lock);
837             TAILQ_CONCAT(&ts->ts_pending, &ts->ts_blocked[queue],
td_lockq);
838             mtx_unlock_spin(&td_contested_lock);
839
840             /*
841              * Give a turnstile to each thread.  The last thread gets
Current language:  auto; currently minimal
(kgdb) backtrace
#0  doadump (textdump=3D<value optimized out>) at pcpu.h:221
#1  0xffffffff80ad8e69 in kern_reboot (howto=3D260) at
/usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff80ad941b in vpanic (fmt=3D<value optimized out>, ap=3D<value
optimized out>) at /usr/src/sys/kern/kern_shutdown.c:759
#3  0xffffffff80ad9253 in panic (fmt=3D0x0) at
/usr/src/sys/kern/kern_shutdown.c:690
#4  0xffffffff80fa0d31 in trap_fatal (frame=3D0xfffffe0232609390, eva=3D48)=
 at
/usr/src/sys/amd64/amd64/trap.c:841
#5  0xffffffff80fa0f23 in trap_pfault (frame=3D0xfffffe0232609390, usermode=
=3D0) at
/usr/src/sys/amd64/amd64/trap.c:691
#6  0xffffffff80fa04cc in trap (frame=3D0xfffffe0232609390) at
/usr/src/sys/amd64/amd64/trap.c:442
#7  0xffffffff80f84141 in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:236
#8  0xffffffff80b3a89c in turnstile_broadcast (ts=3D0x0, queue=3D1) at
/usr/src/sys/kern/subr_turnstile.c:837
#9  0xffffffff80ad48cf in __rw_wunlock_hard (c=3D0xfffff800437de858, tid=3D=
<value
optimized out>, file=3D<value optimized out>, line=3D<value optimized out>)=
 at
/usr/src/sys/kern/kern_rwlock.c:1027
#10 0xffffffff80e1a75c in vm_map_delete (map=3D<value optimized out>,
start=3D<value optimized out>, end=3D<value optimized out>) at
/usr/src/sys/vm/vm_map.c:2960
#11 0xffffffff80e1c5f7 in vm_map_remove (map=3D0xfffff80032b91000,
start=3D140737488355328, end=3D1) at /usr/src/sys/vm/vm_map.c:3077
#12 0xffffffff80a86c7f in exec_new_vmspace (imgp=3D0xfffffe0232609860,
sv=3D0xffffffff81a02720) at /usr/src/sys/kern/kern_exec.c:1095
#13 0xffffffff80a5bfe8 in exec_elf64_imgact (imgp=3D<value optimized out>) =
at
/usr/src/sys/kern/imgact_elf.c:896
#14 0xffffffff80a84d4d in kern_execve (td=3D<value optimized out>, args=3D<=
value
optimized out>, mac_p=3D0x0) at /usr/src/sys/kern/kern_exec.c:602
#15 0xffffffff80a841dc in sys_execve (td=3D0xfffff801a5da3a00,
uap=3D0xfffffe0232609b80) at /usr/src/sys/kern/kern_exec.c:218
#16 0xffffffff80fa168e in amd64_syscall (td=3D<value optimized out>, traced=
=3D0) at
subr_syscall.c:135
#17 0xffffffff80f8442b in Xfast_syscall () at
/usr/src/sys/amd64/amd64/exception.S:396
#18 0x000000000047da1f in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb)

--=20
You are receiving this mail because:
You are on the CC list for the bug.=