From owner-freebsd-current@freebsd.org Mon Sep 5 21:49:49 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1DDD3AC4F38 for ; Mon, 5 Sep 2016 21:49:49 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-pf0-x22d.google.com (mail-pf0-x22d.google.com [IPv6:2607:f8b0:400e:c00::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E237A2AD for ; Mon, 5 Sep 2016 21:49:48 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: by mail-pf0-x22d.google.com with SMTP id w87so9354997pfk.2 for ; Mon, 05 Sep 2016 14:49:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=utQzyrq3JrEOU1IIJvQakicviA4FIIioEz2RqyNssAI=; b=083iN8vqwkyCTxOg+h4vg0K54lIKMRQ2321fN2ThdsBog5NlkXfAGWRoIZcLIoCgWl E9by0omMJKx7glKkrHuRDd5CWU3sg0mgEEUnY2nUgMKYkJ2N4Hika8oQQZMyPA+3Gzk3 z36BAI4s37vtcrldnJ2PDT4HcVEGA0z7vzWFsLmHkUZp2q38T0WSnEdEy9Nae+kg7mjR SaYEbr9mEENOx96YwqhXgF4DZyrsfUAprTS6sYyRJ6AM7TnwPWyVyi5qH6A1cVyW/eD9 DopzWMxzUEb3hIksUOxXu0D7k8TwIMvxp63v5yw7+DfQxZ4oGSv6IkfE4Uf6ka9eWXvR Eiqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=utQzyrq3JrEOU1IIJvQakicviA4FIIioEz2RqyNssAI=; b=hFNRJAbgPv8VeGMMVDEn8xC6vfmWLY1gRnZ9xBMOeYc9bwooWOFqWIE/AKsDCZjYOG lt4TP7rLbk4Y4I/4e6McKEiMkvleJagF4fzIlvtwvQv/lDn4nriYy7hBaVU+/bA0wu2m ItQwdqHX7inytu2ovCC7vKjWp68g2m1XkCg7FHz8bxx9MCSBqoodUkepZswF2nHVz1p7 0+QDuKYPv/ywnKfA/chDGO3mFyZbGMQV0C1IPaqpitVCWd2yBBN0PVPOa6PsmW40/UbE gXFggCGlB1VOMRhHFyBpH8lXU+3ItDowpvE9YQ5GOlG0dWII6RBKO5JRN/Rh3LMwoKiD MAUg== X-Gm-Message-State: AE9vXwN4jfF8jb1H3y8cDpCa0BtJBGQ3Jwo1CcsKihuh4AUApOi8TyTEhJEGsWhUysKyMQ== X-Received: by 10.98.86.154 with SMTP id h26mr67251233pfj.22.1473112188501; Mon, 05 Sep 2016 14:49:48 -0700 (PDT) Received: from wkstn-mjohnston.west.isilon.com (c-76-104-201-218.hsd1.wa.comcast.net. [76.104.201.218]) by smtp.gmail.com with ESMTPSA id hs7sm4516327pad.24.2016.09.05.14.49.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 Sep 2016 14:49:47 -0700 (PDT) Sender: Mark Johnston Date: Mon, 5 Sep 2016 14:54:54 -0700 From: Mark Johnston To: Shawn Webb Cc: freebsd-current@freebsd.org, mmacy@nextbsd.org Subject: Re: taskqgroup_adjust kernel panic Message-ID: <20160905215454.GE70066@wkstn-mjohnston.west.isilon.com> References: <20160905175538.GA81799@mutt-hardenedbsd> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160905175538.GA81799@mutt-hardenedbsd> User-Agent: Mutt/1.6.1 (2016-04-27) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Sep 2016 21:49:49 -0000 On Mon, Sep 05, 2016 at 01:55:38PM -0400, Shawn Webb wrote: > Hey all, > > I'm at revision 3872750 of the hardened/current/drm-next-4.7 branch in > the HardenedBSD/hardenedBSD-playground repo. I've gotten this kernel > panic a couple times when booting. I'm using full-disk encryption with > ZFS and encrypted swap. The hardware is a Purism 15 2K laptop. > > The panic doesn't happen often nor is there a way I can reproduce it > 100%. > > Here's my `uname -a` output: > > FreeBSD hbsd-dev-laptop 12.0-CURRENT-HBSD FreeBSD 12.0-CURRENT-HBSD #0 3872750(hardened/current/drm-next-4.7): Tue Aug 30 17:41:53 EDT 2016 shawn@hbsd-dev-laptop:/usr/obj/usr/src/sys/LATT-SEC amd64 > > Here's a couple pictures of the panic I took: > > https://goo.gl/photos/P5kiwabPYjwQX7Kr8 > https://goo.gl/photos/BWtvBnq7QLnwgRP28 Based on the faulting instruction, the panic probably happened because qid is uninitialized in the loop that starts with while ((gtask = LIST_FIRST(>ask_head))) { I don't know this code very well, so I'm not sure how that can happen. I suspect iflib_irq_alloc_generic() is buggy: it calls taskqgroup_attach_cpu(... CPU_FFS(&cpus) ...); and CPU_FFS returns 1-indexed IDs, but taskqgroup_attach_cpu() pretty clearly expects 0-indexed CPU IDs. There's a similar bug in find_nth() in iflib.c.