[Bug 276985] Crash in scheduler __curthread

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 11 Feb 2024 15:08:33 UTC 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276985

            Bug ID: 276985
           Summary: Crash in scheduler __curthread
           Product: Base System
           Version: 14.0-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: feh@fehcom.de

Hi,
I'm getting a crash dump occasionally (desktop machine, running Cinnamon,
Firefox, Evolution ...):

uname -a
FreeBSD am06 14.0-RELEASE-p3 FreeBSD 14.0-RELEASE-p3 #0: Mon Dec 11 04:56:01
UTC 2023    
root@amd64-builder.daemonology.net:/usr/obj/usr/src/amd64.amd64/sys/GENERIC
amd64

dmesg:
FreeBSD 14.0-RELEASE-p3 #0: Mon Dec 11 04:56:01 UTC 2023
    root@amd64-builder.daemonology.net:/usr/obj/usr/src/amd64.amd64/sys/GENERIC
amd64
FreeBSD clang version 16.0.6 (https://github.com/llvm/llvm-project.git
llvmorg-16.0.6-0-g7cbf1a259152)
VT(efifb): resolution 800x600
CPU: AMD Ryzen 5 5500U with Radeon Graphics          (2096.12-MHz K8-class CPU)
  Origin="AuthenticAMD"  Id=0x860f81  Family=0x17  Model=0x68  Stepping=1

Crash dumps analyzed with kdbg:

--- vmcore.1 ---

Fatal trap 12: page fault while in kernel mode
cpuid = 8; apic id = 0a
fault virtual address   = 0xfffff80177d84d10
fault code              = supervisor read instruction, protection violation
instruction pointer     = 0x20:0xfffff80177d84d10
stack pointer           = 0x28:0xfffffe00c0721e18
frame pointer           = 0x28:0xfffffe00c0721e40
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (linuxkpi_irq_wq)
rdi: fffff80177d84d10 rsi: fffff8022a176300 rdx: 0000000000000000
rcx: fffffe0097ec7cc0  r8: 000000000000001e  r9: fffffe001aa03598
rax: fffff80177d84d10 rbx: fffffe00c0721e28 rbp: fffffe00c0721e40
r10: fffff8022a176300 r11: fffff8022a176400 r12: fffff80001971a58
r13: 0000000000000000 r14: ffffffff81a10d48 r15: 0000000000000008
trap number             = 12
panic: page fault
cpuid = 8
time = 1707662279
KDB: stack backtrace:
#0 0xffffffff80b9009d at kdb_backtrace+0x5d
#1 0xffffffff80b431a2 at vpanic+0x132
#2 0xffffffff80b43063 at panic+0x43
#3 0xffffffff8100c85c at trap_fatal+0x40c
#4 0xffffffff8100c8af at trap_pfault+0x4f
#5 0xffffffff80fe3a38 at calltrap+0x8
#6 0xffffffff80ba5992 at taskqueue_run_locked+0x182
#7 0xffffffff80ba6c22 at taskqueue_thread_loop+0xc2
#8 0xffffffff80afdb7f at fork_exit+0x7f
#9 0xffffffff80fe4a9e at fork_trampoline+0xe
Uptime: 3h55m5s
Dumping 1095 out of 15734 MB:..2%..11%..21%..31%..41%..52%..62%..71%..81%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
57              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct
pcpu,

---- vmcore.1 ------

Fatal trap 12: page fault while in kernel mode
cpuid = 9; apic id = 0b
fault virtual address   = 0x10
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff830341e0
stack pointer           = 0x28:0xfffffe012c6bd900
frame pointer           = 0x28:0xfffffe012c6bd910
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 3
current process         = 1909 (Xorg:cs0)
rdi: fffffe0129486058 rsi: 0000000000000000 rdx: ffffffff833bae90
rcx: 0000000000000000  r8: 0000000000000010  r9: 0000000000000000
rax: 0000000000000000 rbx: fffffe0129486058 rbp: fffffe012c6bd910
r10: 000000000001ffee r11: 0000000000000003 r12: fffffe0129486058
r13: 0000000000000000 r14: fffffe012c6bd9e0 r15: fffffe012c6bd9a8
trap number             = 12
panic: page fault
cpuid = 9
time = 1707133733
KDB: stack backtrace:
#0 0xffffffff80b9009d at kdb_backtrace+0x5d
#1 0xffffffff80b431a2 at vpanic+0x132
#2 0xffffffff80b43063 at panic+0x43
#3 0xffffffff8100c85c at trap_fatal+0x40c
#4 0xffffffff8100c8af at trap_pfault+0x4f
#5 0xffffffff80fe3a38 at calltrap+0x8
#6 0xffffffff8300bc69 at amdgpu_cs_parser_bos+0x639
#7 0xffffffff8300b4ff at amdgpu_cs_ioctl+0xd8f
#8 0xffffffff8353cbb6 at drm_ioctl_kernel+0xc6
#9 0xffffffff8353cf65 at drm_ioctl+0x2b5
#10 0xffffffff80da7902 at linux_file_ioctl+0x312
#11 0xffffffff80bb15a5 at kern_ioctl+0x255
#12 0xffffffff80bb12e3 at sys_ioctl+0x123
#13 0xffffffff8100d119 at amd64_syscall+0x109
#14 0xffffffff80fe434b at fast_syscall_common+0xf8
Uptime: 2h12m22s
Dumping 1007 out of 15734 MB:..2%..12%..21%..31%..42%..51%..61%..72%..81%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
57              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct
pcpu,


It point to the inline assembler macro.

This happened twice now:

drwxr-x---   2 root wheel         12 11 Feb. 15:38 .
drwxr-xr-x  26 root wheel         26 11 Feb. 15:38 ..
-rw-r--r--   1 root wheel          2 11 Feb. 15:38 bounds
-rw-r--r--   1 root wheel     309974  5 Feb. 12:49 core.txt.0
-rw-r--r--   1 root wheel     259814 11 Feb. 15:38 core.txt.1
-rw-------   1 root wheel        471  5 Feb. 12:49 info.0
-rw-------   1 root wheel        472 11 Feb. 15:38 info.1
lrwxr-xr-x   1 root wheel          6 11 Feb. 15:38 info.last -> info.1
-rw-r--r--   1 root wheel          5 10 Nov. 09:16 minfree
-rw-------   1 root wheel 1056780288  5 Feb. 12:49 vmcore.0
-rw-------   1 root wheel 1148813312 11 Feb. 15:38 vmcore.1
lrwxr-xr-x   1 root wheel          8 11 Feb. 15:38 vmcore.last -> vmcore.1

Any help is appreciated.
--eh.

-- 
You are receiving this mail because:
You are the assignee for the bug.