From owner-freebsd-hackers@FreeBSD.ORG  Wed Oct  1 03:22:36 2014
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id D1436438
 for <freebsd-hackers@freebsd.org>; Wed,  1 Oct 2014 03:22:36 +0000 (UTC)
Received: from mailgate.gta.com (mailgate.gta.com [199.120.225.23])
 by mx1.freebsd.org (Postfix) with ESMTP id 906A4EEC
 for <freebsd-hackers@freebsd.org>; Wed,  1 Oct 2014 03:22:36 +0000 (UTC)
Received: (qmail 15878 invoked by uid 1000); 1 Oct 2014 03:15:53 -0000
Date: Tue, 30 Sep 2014 23:15:53 -0400
From: Larry Baird <lab@gta.com>
To: freebsd-hackers@freebsd.org
Subject: Kernel/Compiler bug
Message-ID: <20141001031553.GA14360@gta.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.23 (2014-03-12)
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Oct 2014 03:22:36 -0000

I have run into a compiler optimization bug with clang version 3.4.1 and
"-O0" when compiling a 10.1 i386 kernel. When debugging kernels using kgbd I
like to disable compiler optimization.  I have been fighting a kernel double
fault bug for a while.  I thought is was a modification I had made.  Today I
finally stumbled upon the fact that it is a compiler lack of optimization
bug. (-:

It is easy to duplicate the issue with a GENERIC kernel and 10.1-BETA3.
Edit /sys/conf/kmod.pre.mk changing first _MINUS_O to '-O0'.

--- /sys/conf/kern.pre.mk       2014-09-26 06:33:38.000000000 -0400
+++ kern.pre.mk 2014-09-30 22:59:51.000000000 -0400
@@ -26,7 +26,7 @@
 SIZE?=         size

 .if defined(DEBUG)
-_MINUS_O=      -O
+_MINUS_O=      -O0
 CTFFLAGS+=     -g
 .else
 .if ${MACHINE_CPUARCH} == "powerpc"

Build GENERIC as usual and you will get a double faulting kernel. 
Should this be reported as a FreeBSD kernel bug or as a clang optimization bug?

To get a backtrace I created a kernel conf file called GDB containing:

include GENERIC
options KDB
options KDB_TRACE
options DDB
options GDB
options ALT_BREAK_TO_DEBUGGER # break is CR ~ ^b

This resulted in the following panic:

/boot/kernel/kernel text=0x1890d80 data=0xebdf0+0x163d60 syms=[0x4+0x126190+0x4+0x18bb01]
Booting...
GDB: no debug ports present
KDB: debugger backends: ddb
KDB: current backend: ddb
Copyright (c) 1992-2014 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 10.1-BETA3 #0: Tue Sep 30 22:40:18 EDT 2014
    lab@test2.gta.com:/usr/obj/usr/src/sys/GDB i386
FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
CPU: AMD FX(tm)-8150 Eight-Core Processor            (3573.27-MHz 686-class CPU)
  Origin = "AuthenticAMD"  Id = 0x600f12  Family = 0x15  Model = 0x1  Stepping = 2
  Features=0x1783fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,SSE2,HTT>
  Features2=0x201<SSE3,SSSE3>
  AMD Features=0x2a100800<SYSCALL,NX,FFXSR,RDTSCP,LM>
  AMD Features2=0x13<LAHF,CMP,CR8>
real memory  = 2147418112 (2047 MB)
avail memory = 2072879104 (1976 MB)
Event timer "LAPIC" quality 400
ACPI APIC Table: <VBOX   VBOXAPIC>
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
FreeBSD/SMP: 1 package(s) x 4 core(s)
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP): APIC ID:  1
 cpu2 (AP): APIC ID:  2
 cpu3 (AP): APIC ID:  3
pnpbios: Bad PnP BIOS data checksum
random device not loaded; using insecure entropy
ioapic0 <Version 1.1> irqs 0-23 on motherboard
random: <Software, Yarrow> initialized
kbd1 at kbdmux0
acpi0: <VBOX VBOXXSDT> on motherboard
acpi0: Power Button (fixed)
acpi0: Sleep Button (fixed)
cpu0: <ACPI CPU> on acpi0
cpu1: <ACPI CPU> on acpi0
cpu2: <ACPI CPU> on acpi0
cpu3: <ACPI CPU> on acpi0
attimer0: <AT timer> port 0x40-0x43,0x50-0x53 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <32-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
isab0: <PCI-ISA bridge> at device 1.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel PIIX4 UDMA33 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xd000-0xd00f at device 1.1 on pci0
ata0: <ATA channel> at channel 0 on atapci0
ata1: <ATA channel> at channel 1 on atapci0
vgapci0: <VGA-compatible display> mem 0xe0000000-0xe0ffffff irq 18 at device 2.0 on pci0
vgapci0: Boot video device
em0: <Intel(R) PRO/1000 Legacy Network Connection 1.0.6> port 0xd010-0xd017 mem 0xf0000000-0xf001ffff irq 19 at device 3.0 on pci0
em0: Ethernet address: 08:00:27:32:5e:fe
pcm0: <Intel ICH (82801AA)> port 0xd100-0xd1ff,0xd200-0xd23f irq 21 at device 5.0 on pci0
pcm0: <SigmaTel STAC9700/83/84 AC97 Codec>
ohci0: <OHCI (generic) USB controller> mem 0xf0804000-0xf0804fff irq 22 at device 6.0 on pci0
usbus0 on ohci0
pci0: <bridge> at device 7.0 (no driver attached)
ehci0: <Intel 82801FB (ICH6) USB 2.0 controller> mem 0xf0805000-0xf0805fff irq 19 at device 11.0 on pci0
usbus1: EHCI version 1.0
usbus1 on ehci0
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart0: console (9600,n,8,1)
acpi_acad0: <AC Adapter> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: model IntelliMouse Explorer, device ID 4
pmtimer0 on isa0
orm0: <ISA Option ROMs> at iomem 0xc0000-0xc7fff,0xe2000-0xe2fff pnpid ORM0000 on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x100>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
atrtc0: <AT realtime clock> at port 0x70 irq 8 on isa0
Event timer "RTC" frequency 32768 Hz quality 0
ppc0: parallel port not found.
Timecounters tick every 10.000 msec
pcm0: ac97 link rate calibration timed out after 1998076 us
em0: link state changed to UP
usbus0: 12Mbps Full Speed USB v1.0
usbus1: 480Mbps High Speed USB v2.0
ugen0.1: <Apple> at usbus0
uhub0: <Apple OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
ugen1.1: <Intel> at usbus1
uhub1: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus1
ada0 at ata0 bus 0 scbus0 target 0 lun 0
ada0: <VBOX HARDDISK 1.0> ATA-6
Fatal double fault:
eip = 0xc10dbf34
esp = 0xe27f1000
ebp = 0xe27f1004
cpuid = 0; apic id = 00
panic: double fault
cpuid = 0
KDB: stack backtrace:
db_trace_self_wrapper(c1ad615d,c1e7090c,5,16,0,...) at db_trace_self_wrapper+0x38/frame 0xc1e708d8
kdb_backtrace(c1c81330,0,c1c81eaf,c1e709e4,a,...) at kdb_backtrace+0x49/frame 0xc1e70940
vpanic(c1c81eaf,c1e709e4,c1e709e4,c1c81eaf,c1e70a50,...) at vpanic+0x209/frame 0xc1e709c0
panic(c1c81eaf,0,0,d,b,...) at panic+0x26/frame 0xc1e709d8
dblfault_handler() at dblfault_handler+0x14b/frame 0xc1e709d8
--- trap 0x17, eip = 0xc10dbf34, esp = 0xe27f1000, ebp = 0xe27f1004 ---
critical_enter(0,c76a3c40) at critical_enter+0x4/frame 0xe27f1004
spinlock_enter(0,0,0,0,0,...) at spinlock_enter+0x61/frame 0xe27f1014
sched_setcpu(c782b000,0,0,0,0,...) at sched_setcpu+0x7d/frame 0xe27f1068
sched_add(c782b000,0,0,0,c1e56abc,e5,c782b2e0,c782b000) at sched_add+0x10d/frame 0xe27f10c4
sched_wakeup(c782b000,0,0,0,0,...) at sched_wakeup+0xe6/frame 0xe27f10ec
setrunnable(c782b000,0,0,0,0,...) at setrunnable+0x145/frame 0xe27f111c
sleepq_resume_thread(c757d2c0,c782b000,0,37d,0,...) at sleepq_resume_thread+0x2b4/frame 0xe27f1164
sleepq_timeout(c782b000,4,e6,eeea40f0,e27f126c,...) at sleepq_timeout+0xf3/frame 0xe27f11d0
softclock_call_cc(c782b264,c1eb4700,1,ac,1f,...) at softclock_call_cc+0x3d0/frame 0xe27f1318
callout_process(50170178,3,fffffffc,16a3c40,0,...) at callout_process+0x4d5/frame 0xe27f1430
handleevents(50170178,3,0,0,0,...) at handleevents+0x4fc/frame 0xe27f1558
timercb(c1e75d78,0,0,0,0,...) at timercb+0x70c/frame 0xe27f1630
lapic_handle_timer(e27f1680) at lapic_handle_timer+0x10b/frame 0xe27f1674
Xtimerint() at Xtimerint+0x20/frame 0xe27f1674
--- interrupt, eip = 0xc1936fcf, esp = 0xe27f16c0, ebp = 0xe27f16c4 ---
write_eflags(80246,80246) at write_eflags+0xf/frame 0xe27f16c4
intr_restore(80246,80246,c76a3c40) at intr_restore+0x17/frame 0xe27f16d4
spinlock_exit(c1e377b4,4,c76a3c40,c113f1a0,c248ffc8,...) at spinlock_exit+0x52/frame 0xe27f16e8
cnputs(e27f1754,ffffffff,1,a,e27f1874,...) at cnputs+0x16e/frame 0xe27f1720
_vprintf(ffffffff,5,c19a5b0c,e27f1874,5,...) at _vprintf+0x182/frame 0xe27f181c
vprintf(c19a5b0c,e27f1874,6,e27f1874,c19a5b0c,...) at vprintf+0x45/frame 0xe27f184c
printf(c19a5b0c,e27f18d4,e27f18c4,c19d6aff,6,...) at printf+0x21/frame 0xe27f1868
ata_print_ident(c7ad699c,c19af72b,0,c19d6aac,0,...) at ata_print_ident+0x121/frame 0xe27f1914
xpt_announce_periph(c76a0100,e27f1b1c,c19af9bf,19000,0,...) at xpt_announce_periph+0x13a/frame 0xe27f1990
adaregister(c76a0100,e27f2340,0,0,0,...) at adaregister+0x1212/frame 0xe27f1d14
cam_periph_alloc(c0506b40,c05080d0,c0508190,c0508360,c19af72b,...) at cam_periph_alloc+0x510/frame 0xe27f1dc0
adaasync(0,80,e27f27c0,e27f2340,0,...) at adaasync+0x1d8/frame 0xe27f2308
xptsetasyncfunc(c7ad6800,e27f2a50,c7828800,e27f29e8,c04bea45,...) at xptsetasyncfunc+0x13e/frame 0xe27f27ec
xptdefdevicefunc(c7ad6800,e27f29e0,c76a3c40,0,0,...) at xptdefdevicefunc+0x46/frame 0xe27f2820
xptdevicetraverse(c769fd00,0,c04c7970,e27f29e0,0,...) at xptdevicetraverse+0x2c5/frame 0xe27f28b8
xptdeftargetfunc(c769fd00,e27f29e0,4,c1d7cf08,16a3c40,...) at xptdeftargetfunc+0x7a/frame 0xe27f28ec
xpttargettraverse(c7858700,0,c04c7410,e27f29e0,0,...) at xpttargettraverse+0x222/frame 0xe27f2968
xptdefbusfunc(c7858700,e27f29e0,1,c1c933b8,c7858700,...) at xptdefbusfunc+0x7a/frame 0xe27f299c
xptbustraverse(0,c04c6fe0,e27f29e0,0,2,...) at xptbustraverse+0x99/frame 0xe27f29c8
xpt_for_all_devices(c04c69f0,e27f2a50,4,ffffffff,ffffffff,...) at xpt_for_all_devices+0x5b/frame 0xe27f2a00
xpt_register_async(80,c05041a0,0,0,0,...) at xpt_register_async+0x2b4/frame 0xe27f2af4
adainit(1,2,2,0,2,...) at adainit+0x3d/frame 0xe27f2b48
periphdriver_init(2,c769f2a8,1000000,4,2,...) at periphdriver_init+0x7f/frame 0xe27f2b64
xpt_finishconfig_task(c7837780,1,4,0,0,...) at xpt_finishconfig_task+0x26/frame 0xe27f2b88
taskqueue_run_locked(c769f280,4,c76a3c40,0,0,...) at taskqueue_run_locked+0x1c7/frame 0xe27f2bec
taskqueue_thread_loop(c1eb6928,e27f2d08,0,0,0,...) at taskqueue_thread_loop+0x1cb/frame 0xe27f2c80
fork_exit(c1151cd0,c1eb6928,e27f2d08) at fork_exit+0x179/frame 0xe27f2cf4
fork_trampoline() at fork_trampoline+0x8/frame 0xe27f2cf4
--- trap 0, eip = 0, esp = 0xe27f2d40, ebp = 0 ---
KDB: enter: panic
[ thread pid 0 tid 100025 ]
Stopped at      breakpoint+0x4: popl    %ebp
db>




-- 
------------------------------------------------------------------------
Larry Baird
Global Technology Associates, Inc. 1992-2012 	| http://www.gta.com
Celebrating Twenty Years of Software Innovation | Orlando, FL
Email: lab@gta.com                 		| TEL 407-380-0220