[Bug 231080] callout struture corruption and panic

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Fri Sep 7 05:35:09 UTC 2018 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=231080

--- Comment #8 from Lawrence Stewart <lstewart at FreeBSD.org> ---
I believe I may have hit this too the other day on a big iron server at $work
running GENERIC-NODEBUG r338290.


% sudo kgdb /boot/kernel/kernel /var/crash/vmcore.0
GNU gdb (GDB) 8.1.1 [GDB v8.1.1 for FreeBSD]
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd12.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /boot/kernel/kernel...Reading symbols from
/usr/lib/debug//boot/kernel/kernel.debug...done.
done.

Unread portion of the kernel message buffer:
kernel trap 9 with interrupts disabled


Fatal trap 9: general protection fault while in kernel mode
cpuid = 0; apic id = 00
instruction pointer     = 0x20:0xffffffff80bd94cf
stack pointer           = 0x28:0xfffffe0075f5a710
frame pointer           = 0x28:0xfffffe0075f5a780
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = resume, IOPL = 0
current process         = 11 (idle: cpu0)

__curthread () at ./machine/pcpu.h:230
230             __asm("movq %%gs:%1,%0" : "=r" (td)


(kgdb) bt
#0  __curthread () at ./machine/pcpu.h:230
#1  doadump (textdump=1979032256) at /usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff8043f76c in db_fncall_generic (addr=<optimized out>,
rv=<optimized out>, nargs=<optimized out>, args=<optimized out>) at
/usr/src/sys/ddb/db_command.c:609
#3  db_fncall (dummy1=<optimized out>, dummy2=<optimized out>,
dummy3=<optimized out>, dummy4=<optimized out>) at
/usr/src/sys/ddb/db_command.c:657
#4  0xffffffff8043f2a9 in db_command (last_cmdp=<optimized out>,
cmd_table=<optimized out>, dopager=<optimized out>) at
/usr/src/sys/ddb/db_command.c:481
#5  0xffffffff8043f024 in db_command_loop () at
/usr/src/sys/ddb/db_command.c:534
#6  0xffffffff804422cf in db_trap (type=<optimized out>, code=<optimized out>)
at /usr/src/sys/ddb/db_main.c:252
#7  0xffffffff80c0c443 in kdb_trap (type=9, code=0, tf=<optimized out>) at
/usr/src/sys/kern/subr_kdb.c:693
#8  0xffffffff810a34a1 in trap_fatal (frame=0xfffffe0075f5a650, eva=0) at
/usr/src/sys/amd64/amd64/trap.c:920
#9  0xffffffff810a299d in trap (frame=0xfffffe0075f5a650) at
/usr/src/sys/amd64/amd64/trap.c:217
#10 <signal handler called>
#11 0xffffffff80bd94cf in callout_process (now=3049912922371841) at
/usr/src/sys/kern/kern_timeout.c:510
#12 0xffffffff811d14e8 in handleevents (now=3049912922371841, fake=0) at
/usr/src/sys/kern/kern_clocksource.c:213
#13 0xffffffff811d1b59 in timercb (et=0xffffffff81f72fc8 <lapic_et>,
arg=<optimized out>) at /usr/src/sys/kern/kern_clocksource.c:357
#14 0xffffffff81210766 in lapic_handle_timer (frame=0xfffffe0075f5a870) at
/usr/src/sys/x86/x86/local_apic.c:1308
#15 <signal handler called>
#16 0xffffffff8046540b in acpi_cpu_idle (sbt=<optimized out>) at
/usr/src/sys/dev/acpica/acpi_cpu.c:1194
#17 0xffffffff812071af in cpu_idle_acpi (sbt=125307191) at
/usr/src/sys/x86/x86/cpu_machdep.c:433
#18 0xffffffff81207267 in cpu_idle (busy=0) at
/usr/src/sys/x86/x86/cpu_machdep.c:581
#19 0xffffffff80bf4005 in sched_idletd (dummy=<optimized out>) at
/usr/src/sys/kern/sched_ule.c:2829
#20 0xffffffff80b7eb63 in fork_exit (callout=0xffffffff80bf3af0 <sched_idletd>,
arg=0x0, frame=0xfffffe0075f5aac0) at /usr/src/sys/kern/kern_fork.c:1057
#21 <signal handler called>


(kgdb) frame 11
#11 0xffffffff80bd94cf in callout_process (now=3049912922371841) at
/usr/src/sys/kern/kern_timeout.c:510
510                                             LIST_REMOVE(tmp, c_links.le);


(kgdb) p cc->cc_callwheel[firstb & callwheelmask].lh_first->c_links
$4 = {le = {le_next = 0xb805000100000000, le_prev = 0x2}, sle = {sle_next =
0xb805000100000000}, tqe = {tqe_next = 0xb805000100000000, tqe_prev = 0x2}}

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list