Re: HEAD/i386 r320212: three reproducible panics

From: Hans Petter Selasky <hps_at_selasky.org>
Date: Fri, 30 Jun 2017 12:44:37 +0200
On 06/30/17 11:01, Oleg V. Nauman wrote:
> On Friday 23 June 2017 19:42:55 Oleg V. Nauman wrote:
>>   a) Panic on shutdown:
>>
>>
>> Fatal trap 1: privileged instruction fault while in kernel mode
>> cpuid = 1; apic id = 01
>> instruction pointer  = 0x20:0xc6be2023
>> stack pointer          = 0x28:0xe13c39f4
>> frame pointer          = 0x28:0xe13c3a20
>> code segment      = base 0x0, limit 0xfffff, type 0x1b
>>           = DPL 0, pres 1, def32 1, gran 1
>> processor eflags  = interrupt enabled, resume, IOPL = 0
>> current process      = 11 (swi1: netisr 0)
>> trap number    = 1
>> panic: privileged instruction fault
>> cpuid = 1
>> time = 1498206262
>> Uptime: 6m19s
>>
>>   The trace is:
>>
>> __curthread () at ./machine/pcpu.h:225
>> 225      __asm("movl %%fs:%1,%0" : "=r" (td)
>> (kgdb) #0  __curthread () at ./machine/pcpu.h:225
>> #1  doadump (textdump=-968633472) at ../../../kern/kern_shutdown.c:318
>> #2  0xc06e88c4 in kern_reboot (howto=<optimized out>)
>>      at ../../../kern/kern_shutdown.c:386
>> #3  0xc06e8c5b in vpanic (fmt=<optimized out>,
>>      ap=0xe13c3874 "}\334\235\300H\254 \306\001")
>>      at ../../../kern/kern_shutdown.c:779
>> #4  0xc06e8b1b in panic (fmt=0xc092e18e "%s")
>>      at ../../../kern/kern_shutdown.c:710
>> #5  0xc08eed21 in trap_fatal (frame=0xe13c39b4, eva=<optimized out>)
>>      at ../../../i386/i386/trap.c:978
>> #6  0xc08eea38 in trap (frame=<optimized out>)
>>      at ../../../i386/i386/trap.c:704
>> #7  <signal handler called>
>> #8  0xc6be2023 in ?? ()
>> #9  0xc082ed53 in tcp_do_segment (m=<optimized out>, th=<optimized out>,
>>      so=<optimized out>, tp=<optimized out>, drop_hdrlen=<optimized out>,
>>      tlen=<optimized out>, iptos=<optimized out>,
>>      ti_locked=<error reading variable: Cannot access memory at address 0x1>)
>> at ../../../netinet/tcp_input.c:2444
>> #10 0xc082c181 in tcp_input (mp=<optimized out>, offp=<optimized out>,
>>      proto=<optimized out>) at ../../../netinet/tcp_input.c:1191
>> #11 0xc0820878 in ip_input (m=0x0) at ../../../netinet/ip_input.c:823
>> #12 0xc07d5d0f in netisr_process_workstream_proto (nwsp=<optimized out>,
>>      proto=<optimized out>) at ../../../net/netisr.c:899
>> #13 swi_net (arg=<optimized out>) at ../../../net/netisr.c:946
>> #14 0xc06bb3c5 in intr_event_execute_handlers (p=0x109, ie=<optimized out>)
>>      at ../../../kern/kern_intr.c:1336
>> #15 0xc06bb5f0 in ithread_execute_handlers (ie=<optimized out>,
>>      p=<optimized out>) at ../../../kern/kern_intr.c:1349
>> #16 ithread_loop (arg=0xc60e6d00) at ../../../kern/kern_intr.c:1430
>> #17 0xc06b8a76 in fork_exit (callout=0xc06bb560 <ithread_loop>,
>>      arg=<optimized out>, frame=<optimized out>)
>>      at ../../../kern/kern_fork.c:1038
>> #18 <signal handler called>
>> (kgdb)
> 
>   Interesting enough that panic triggered by named shutdown ( well, 'rndc
> flush' is triggering this panic too )
> 
>   rndc calling isc__app_ctxrun function and finally panics the system:
> 
> ---- lib/isc/unix/app.c ---
>              return (ISC_R_UNEXPECTED);
>           }
> 
> #ifndef HAVE_UNIXWARE_SIGWAIT
>           result = sigwait(&sset, &sig); <--- panic
>           if (result == 0) {
> 
> ----------------------------
> variables are set to:
>   sset= {__bits = {16387, 0, 0, 0}}
>   sig = 134533280

Here:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220358

Try to turn off hyperthreading to get a more sensible panic.

Might look like an issue with 32-bit systems and iflib.

--HPS
Received on Fri Jun 30 2017 - 08:46:48 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:12 UTC