On 10/30/15 17:21, Matthew Seaman wrote: > On 2015/10/30 10:32, Dag-Erling Smørgrav wrote: >> Can those of you who are experiencing this bug on 10 please try to build >> and run a kernel from head@287591 or newer (with your 10 userland) and >> report back? >> >> # svnlite co svn://svn.freebsd.org/base/head@287591 /tmp/head >> # cd /tmp/head >> # make buildkernel KERNCONF=GENERIC >> # make installkernel KERNCONF=GENERIC KODIR=/boot/head >> # nextboot -k head >> # shutdown -r now >> >> DES >> > > Hi, Dag-Erling, > > I'm not able to reboot machines where I've seen this crash right now, > but I can report: > > * Can't reproduce the problem in a VirtualBox VM running > 10.2-RELEASE-p6 amd64. > > * But I can get a back trace after compiling the 10.2-RELEASE-p6 > sources and a core dump from one of the machines where the problem happens: > > (gdb) bt full > #0 mutex_lock_common (m=0x801c33100, abstime=0x0, cvattach=0) at > atomic.h:143 > No locals. > #1 0x0000000801263557 in __sfp () at /usr/src/lib/libc/stdio/findfp.c:148 > n = <value optimized out> > fp = <value optimized out> > g = <value optimized out> > #2 0x00000008012470ab in _BIG5_mbrtowc (pwc=<value optimized out>, > s=<value optimized out>, n=Cannot access memory at address 0x1 > ) at /usr/src/lib/libc/locale/big5.c:113 > wc = <value optimized out> > #3 0x0000000801211cc0 in serv_unmarshal_func (buffer=0x801c33100 "", > buffer_size=0, retval=0x8014c6130, ap=0x18b95, > cache_mdata=<value optimized out>) > at /usr/src/lib/libc/net/getservent.c:1071 > serv = (struct servent *) 0x0 > orig_buf = 0x802031040 "0aL\001\b" > orig_buf_size = <value optimized out> > ret_errno = <value optimized out> > p = <value optimized out> > alias = <value optimized out> > #4 0x0000000801234cff in _nsdispatch (retval=0x7fffdfdfca70, > disp_tab=0x801498680, database=0x80126de7c "\"%s\", \"%s\")...\n", > method_name=0x80126de24 ".conf", defaults=0x2) > at /usr/src/lib/libc/net/nsdispatch.c:541 > ap = {{gp_offset = 48, fp_offset = 48, > overflow_arg_area = 0x7fffdfdfca38, reg_save_area = 0x7fffdfdfc870}} > mdata = (void *) 0x80126ddfc > cache_data = {key = 0x17d0 <Address 0x17d0 out of bounds>, > key_size = 34369025376, info = 0x7fffdfdfc9e0} > isthreaded = 1 > serrno = 22 > result = <value optimized out> > st = <value optimized out> > fb_method = <value optimized out> > srclist = <value optimized out> > srclistsize = <value optimized out> > cache_flag = <value optimized out> > method = <value optimized out> > saved_depth = <value optimized out> > #5 0x0000000801213121 in nis_setservent (result=0x801c33100, > mdata=<value optimized out>, ap=0x0) > at /usr/src/lib/libc/net/getservent.c:812 > st = (struct nis_state *) 0x0 > st = (struct nis_state *) 0x0 > st = (struct nis_state *) 0x0 > st = (struct nis_state *) 0x0 > rv = <value optimized out> > #6 0x0000000801213029 in files_setservent (retval=0x801c33100, > mdata=<value optimized out>, ap=<value optimized out>) > at /usr/src/lib/libc/net/getservent.c:451 > st = (struct files_state *) 0x1 > st = (struct files_state *) 0x1 > st = (struct files_state *) 0x1 > st = (struct files_state *) 0x1 > st = (struct files_state *) 0x1 > st = (struct files_state *) 0x1 > st = (struct files_state *) 0x1 > rv = <value optimized out> > f = 0 > #7 0x000000080120f373 in _dns_getaddrinfo (rv=<value optimized out>, > ---Type <return> to continue, or q <return> to quit--- > cb_data=<value optimized out>, ap=<value optimized out>) > at /usr/src/lib/libc/net/getaddrinfo.c:2266 > sentinel = {ai_flags = 3, ai_family = 0, ai_socktype = 21716848, > ai_protocol = 8, ai_addrlen = 21795400, ai_canonname = 0x8014c6130 "", > ai_addr = 0x802031040, ai_next = 0x2} > q = {next = 0x7fffdfdfc690, name = 0x800b11e08 "E\211.1??P1?\2135yj!", > qclass = -538982744, qtype = 32767, answer = 0x801c06c00 "\225\213\001", > anslen = 11616604, n = 8} > q2 = {next = 0x8014b5f80, > name = 0x801213590 "D$\020L\211D$\bH\211\f$H\2155}S(", qclass = > -538982832, > qtype = 32767, answer = 0x800b12a85 "\203??", anslen = 101269, n = 0} > cur = (struct addrinfo *) 0x3 > pai = <value optimized out> > hostname = <value optimized out> > res = <value optimized out> > ai = <value optimized out> > #8 0x000000080120ca61 in strcspn (s=0x801c33100 "", > charset=<value optimized out>) at /usr/src/lib/libc/string/strcspn.c:59 > tbl = {34393355264, 34389385984, 34389386167, 34389386056} > bit = <value optimized out> > s1 = <value optimized out> > #9 0x0000000000478a86 in blocking_getaddrinfo (c=0x801c66700, > req=0x801c46300) > at > /usr/src/usr.sbin/ntp/libntp/../../../contrib/ntp/libntp/ntp_intres.c:352 > ai_res = (struct addrinfo *) 0x0 > node = 0x7fffdfdfcbe8 "\002" > service = 0xc <Address 0xc out of bounds> > worker_ctx = (dnsworker_ctx *) 0x80200e060 > resp_octets = Cannot access memory at address 0x600 > (gdb) > > Cheers, > > Matthew > >
Thanks to Andre Albsmeier a work-around seems to be turning off memlock in ntp.conf: > I have just posted my observations to the freebsd-stable list: > > http://lists.freebsd.org/pipermail/freebsd-stable/2015-November/083574.html > > What happens if you add "rlimit memlock -1" to ntp.conf? Cheers, Matthew
signature.asc
Description: OpenPGP digital signature