231067 – Random kernel panic after r338257

Bug 231067 - Random kernel panic after r338257

Summary: Random kernel panic after r338257

Status:	Closed DUPLICATE of bug 230950

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Bjoern A. Zeeb

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-09-01 07:00 UTC by fuyuhiko.maruyama
Modified:	2019-06-26 18:42 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description fuyuhiko.maruyama 2018-09-01 07:00:15 UTC

After r338257, kernel panic happen in ramdom timing.
This may be triggered by named, in my case dns/bind911.

With kernel after r338257, make buildworld at /usr/src cannot be completed because of kernel panics.  Typically kernel goes panics in a few minutes after beginning of make buildworld.

I found the origin of this panics by binary searching of svn-head and determined
that r338256(with r338260's small fixes for building) is the last stable kernel
that can complete buildworld/buildkernel, and r338257(with r338260's small fixes) is the first revision that causes current problems. 


One instance of panic message is like below(with r338257 kernel), typed by hand:
Fatal trap 12: page fault while in kernel mode
cpuid = 1: apic id = 01
fault virtual address   = 0x98
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff80988c6f
stack pointer           = 0x28:0xfffffe00a274d370
frame pointer           = 0x28:0xfffffe00a274d5d0
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflag         = interrupt enabled,  resume, IOPL = 0
current process         = 766 (isc-worker0000)
[ thread pic 766 tid 100985 ]
Stopped at     ip6_output+0xeaf:       movl    ll+0x77(%rdi),%eax
db> bt
Tracing pid 766 tid 100993 td 0xfffff80024446000
ip6_output() at ip6_output+0xeaf/frame 0xfffffe00a274d5d0
udp6_send() at udp6_send+0x86a/frame 0xfffffe00a274d790
sosend_dgram() at sosend_dgram+0x33b/frame 0xfffffe00a274d800
sosend() at sosend+0x50/frame 0xfffffe00a274d830
kern_sendit() at kern_sendit+0x237/frame 0xfffffe00a274d8d0
sendit() at sendit+0x19e/frame 0xfffffe00a274d920
sys_sendmsg() at sys_sendmsg+0x61/frame 0xfffffe00a274d980
amd64_syscall() at amd64_syscall+0x369/frame 0xfffffe00a274dab0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe00a274dab0
--- syscall (28, FreeBSD ELF64, sys_sendmsg), rip = 0x800fe0a9a, rsp = 0x7fffdfffb528, rbp = 0x7fffdfffb560 ---


Another example here(with r338406 kernel):
Fatal trap 12: page fault while in kernel mode
cpuid = 2: apic id = 02
fault virtual address   = 0x110
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff80763428
stack pointer           = 0x28:0xfffffe00a21242c0
frame pointer           = 0x28:0xfffffe00a2124360
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflag         = interrupt enabled,  resume, IOPL = 0
current process         = 766 (isc-worker0000)
[ thread pic 766 tid 100985 ]
Stopped at     __rw_wlock_hard+0x1d8:  movq    (%rbx),%r14
db>

Comment 1 Kristof Provost freebsd_committer

2018-09-01 10:04:18 UTC

cc Bjoern

Comment 2 Bjoern A. Zeeb freebsd_committer

2018-09-02 16:43:02 UTC

Tracking this in 230950 already.

*** This bug has been marked as a duplicate of bug 230950 ***