On 10/30/15 17:21, Matthew Seaman wrote:
> On 2015/10/30 10:32, Dag-Erling Smørgrav wrote:
>> Can those of you who are experiencing this bug on 10 please try to build
>> and run a kernel from head@287591 or newer (with your 10 userland) and
>> report back?
>>
>> # svnlite co svn://svn.freebsd.org/base/head@287591 /tmp/head
>> # cd /tmp/head
>> # make buildkernel KERNCONF=GENERIC
>> # make installkernel KERNCONF=GENERIC KODIR=/boot/head
>> # nextboot -k head
>> # shutdown -r now
>>
>> DES
>>
>
> Hi, Dag-Erling,
>
> I'm not able to reboot machines where I've seen this crash right now,
> but I can report:
>
> * Can't reproduce the problem in a VirtualBox VM running
> 10.2-RELEASE-p6 amd64.
>
> * But I can get a back trace after compiling the 10.2-RELEASE-p6
> sources and a core dump from one of the machines where the problem happens:
>
> (gdb) bt full
> #0 mutex_lock_common (m=0x801c33100, abstime=0x0, cvattach=0) at
> atomic.h:143
> No locals.
> #1 0x0000000801263557 in __sfp () at /usr/src/lib/libc/stdio/findfp.c:148
> n = <value optimized out>
> fp = <value optimized out>
> g = <value optimized out>
> #2 0x00000008012470ab in _BIG5_mbrtowc (pwc=<value optimized out>,
> s=<value optimized out>, n=Cannot access memory at address 0x1
> ) at /usr/src/lib/libc/locale/big5.c:113
> wc = <value optimized out>
> #3 0x0000000801211cc0 in serv_unmarshal_func (buffer=0x801c33100 "",
> buffer_size=0, retval=0x8014c6130, ap=0x18b95,
> cache_mdata=<value optimized out>)
> at /usr/src/lib/libc/net/getservent.c:1071
> serv = (struct servent *) 0x0
> orig_buf = 0x802031040 "0aL\001\b"
> orig_buf_size = <value optimized out>
> ret_errno = <value optimized out>
> p = <value optimized out>
> alias = <value optimized out>
> #4 0x0000000801234cff in _nsdispatch (retval=0x7fffdfdfca70,
> disp_tab=0x801498680, database=0x80126de7c "\"%s\", \"%s\")...\n",
> method_name=0x80126de24 ".conf", defaults=0x2)
> at /usr/src/lib/libc/net/nsdispatch.c:541
> ap = {{gp_offset = 48, fp_offset = 48,
> overflow_arg_area = 0x7fffdfdfca38, reg_save_area = 0x7fffdfdfc870}}
> mdata = (void *) 0x80126ddfc
> cache_data = {key = 0x17d0 <Address 0x17d0 out of bounds>,
> key_size = 34369025376, info = 0x7fffdfdfc9e0}
> isthreaded = 1
> serrno = 22
> result = <value optimized out>
> st = <value optimized out>
> fb_method = <value optimized out>
> srclist = <value optimized out>
> srclistsize = <value optimized out>
> cache_flag = <value optimized out>
> method = <value optimized out>
> saved_depth = <value optimized out>
> #5 0x0000000801213121 in nis_setservent (result=0x801c33100,
> mdata=<value optimized out>, ap=0x0)
> at /usr/src/lib/libc/net/getservent.c:812
> st = (struct nis_state *) 0x0
> st = (struct nis_state *) 0x0
> st = (struct nis_state *) 0x0
> st = (struct nis_state *) 0x0
> rv = <value optimized out>
> #6 0x0000000801213029 in files_setservent (retval=0x801c33100,
> mdata=<value optimized out>, ap=<value optimized out>)
> at /usr/src/lib/libc/net/getservent.c:451
> st = (struct files_state *) 0x1
> st = (struct files_state *) 0x1
> st = (struct files_state *) 0x1
> st = (struct files_state *) 0x1
> st = (struct files_state *) 0x1
> st = (struct files_state *) 0x1
> st = (struct files_state *) 0x1
> rv = <value optimized out>
> f = 0
> #7 0x000000080120f373 in _dns_getaddrinfo (rv=<value optimized out>,
> ---Type <return> to continue, or q <return> to quit---
> cb_data=<value optimized out>, ap=<value optimized out>)
> at /usr/src/lib/libc/net/getaddrinfo.c:2266
> sentinel = {ai_flags = 3, ai_family = 0, ai_socktype = 21716848,
> ai_protocol = 8, ai_addrlen = 21795400, ai_canonname = 0x8014c6130 "",
> ai_addr = 0x802031040, ai_next = 0x2}
> q = {next = 0x7fffdfdfc690, name = 0x800b11e08 "E\211.1??P1?\2135yj!",
> qclass = -538982744, qtype = 32767, answer = 0x801c06c00 "\225\213\001",
> anslen = 11616604, n = 8}
> q2 = {next = 0x8014b5f80,
> name = 0x801213590 "D$\020L\211D$\bH\211\f$H\2155}S(", qclass =
> -538982832,
> qtype = 32767, answer = 0x800b12a85 "\203??", anslen = 101269, n = 0}
> cur = (struct addrinfo *) 0x3
> pai = <value optimized out>
> hostname = <value optimized out>
> res = <value optimized out>
> ai = <value optimized out>
> #8 0x000000080120ca61 in strcspn (s=0x801c33100 "",
> charset=<value optimized out>) at /usr/src/lib/libc/string/strcspn.c:59
> tbl = {34393355264, 34389385984, 34389386167, 34389386056}
> bit = <value optimized out>
> s1 = <value optimized out>
> #9 0x0000000000478a86 in blocking_getaddrinfo (c=0x801c66700,
> req=0x801c46300)
> at
> /usr/src/usr.sbin/ntp/libntp/../../../contrib/ntp/libntp/ntp_intres.c:352
> ai_res = (struct addrinfo *) 0x0
> node = 0x7fffdfdfcbe8 "\002"
> service = 0xc <Address 0xc out of bounds>
> worker_ctx = (dnsworker_ctx *) 0x80200e060
> resp_octets = Cannot access memory at address 0x600
> (gdb)
>
> Cheers,
>
> Matthew
>
>Thanks to Andre Albsmeier a work-around seems to be turning off memlock in ntp.conf: > I have just posted my observations to the freebsd-stable list: > > http://lists.freebsd.org/pipermail/freebsd-stable/2015-November/083574.html > > What happens if you add "rlimit memlock -1" to ntp.conf? Cheers, Matthew
signature.asc
Description: OpenPGP digital signature
