From owner-freebsd-current@freebsd.org Fri Sep 11 07:04:50 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 173899CCA70 for ; Fri, 11 Sep 2015 07:04:50 +0000 (UTC) (envelope-from hps@selasky.org) Received: from mail.turbocat.net (heidi.turbocat.net [88.198.202.214]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D158112C1; Fri, 11 Sep 2015 07:04:49 +0000 (UTC) (envelope-from hps@selasky.org) Received: from laptop015.home.selasky.org (cm-176.74.213.204.customer.telag.net [176.74.213.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.turbocat.net (Postfix) with ESMTPSA id 36E101FE023; Fri, 11 Sep 2015 09:04:46 +0200 (CEST) Subject: Re: Panic on kldload/kldunload in/near callout To: hiren panchasara , freebsd-current@FreeBSD.org References: <20150910192351.GF64965@strugglingcoder.info> Cc: jch@FreeBSD.org From: Hans Petter Selasky Message-ID: <55F27D68.6080501@selasky.org> Date: Fri, 11 Sep 2015 09:06:16 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <20150910192351.GF64965@strugglingcoder.info> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Sep 2015 07:04:50 -0000 On 09/10/15 21:23, hiren panchasara wrote: > I am on 11.0-CURRENT FreeBSD 11.0-CURRENT #4 r286760M: Thu Sep 10 > 08:15:43 MST 2015 > > I get random (1 out of 10 tries) panics when I do: > # kldunload dummynet ; kldunload ipfw ;kldload ipfw ; kldload dummynet > > I used to get panics on a couple months old -head also. > > kernel trap 12 with interrupts disabled > > Fatal trap 12: page fault while in kernel mode > cpuid = 0; apic id = 00 > fault virtual address = 0xffffffff8225cf58 > fault code = supervisor read data, page not present > instruction pointer = 0x20:0xffffffff80aad500 > stack pointer = 0x28:0xfffffe1f9d588700 > frame pointer = 0x28:0xfffffe1f9d588790 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, long 1, def32 0, gran 1 > > Following https://www.freebsd.org/doc/faq/advanced.html, I did: > # nm -n /boot/kernel/kernel | grep ffffffff80aad500 > # nm -n /boot/kernel/kernel | grep ffffffff80aad50 > # nm -n /boot/kernel/kernel | grep ffffffff80aad5 > # nm -n /boot/kernel/kernel | grep ffffffff80aad > ffffffff80aad030 t itimers_event_hook_exec > ffffffff80aad040 t realtimer_expire > ffffffff80aad360 T callout_process > ffffffff80aad6b0 t softclock_call_cc > ffffffff80aadc10 T softclock > ffffffff80aadd20 T timeout > ffffffff80aade90 T callout_reset_sbt_on > > So I guess " ffffffff80aad360 T callout_process" is the closest match? > > I'll try to get real dump to get more information but that may take a > while. > > ccing jch and hans who've been playing in this area. Hi, Possibly it means some timer was not drained before the module was unloaded. It is not enough to only stop timers before freeing its memory. Or maybe a timer was restarted after drain. Can you get the full backtrace and put debugging symbols into the kernel? --HPS > > Cheers, > Hiren >