From owner-freebsd-current@freebsd.org  Fri Sep 11 23:21:55 2015
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B58D8A02038
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Fri, 11 Sep 2015 23:21:55 +0000 (UTC)
 (envelope-from hiren@strugglingcoder.info)
Received: from mail.strugglingcoder.info (strugglingcoder.info [65.19.130.35])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (Client CN "mail.strugglingcoder.info",
 Issuer "mail.strugglingcoder.info" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 9262D1A87;
 Fri, 11 Sep 2015 23:21:55 +0000 (UTC)
 (envelope-from hiren@strugglingcoder.info)
Received: from localhost (unknown [10.1.1.3])
 (Authenticated sender: hiren@strugglingcoder.info)
 by mail.strugglingcoder.info (Postfix) with ESMTPA id 97F85C0FB5;
 Fri, 11 Sep 2015 16:21:54 -0700 (PDT)
Date: Fri, 11 Sep 2015 16:21:54 -0700
From: hiren panchasara <hiren@strugglingcoder.info>
To: Hans Petter Selasky <hps@selasky.org>
Cc: freebsd-current@FreeBSD.org, jch@FreeBSD.org
Subject: Re: Panic on kldload/kldunload in/near callout
Message-ID: <20150911232154.GS64965@strugglingcoder.info>
References: <20150910192351.GF64965@strugglingcoder.info>
 <55F27D68.6080501@selasky.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="BfbbJsf3thGkpLcA"
Content-Disposition: inline
In-Reply-To: <55F27D68.6080501@selasky.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Sep 2015 23:21:55 -0000


--BfbbJsf3thGkpLcA
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 09/11/15 at 09:06P, Hans Petter Selasky wrote:
> On 09/10/15 21:23, hiren panchasara wrote:
> > I am on 11.0-CURRENT FreeBSD 11.0-CURRENT #4 r286760M: Thu Sep 10
> > 08:15:43 MST 2015
> >
> > I get random (1 out of 10 tries) panics when I do:
> > # kldunload dummynet ; kldunload ipfw ;kldload ipfw ; kldload dummynet
> >
> > I used to get panics on a couple months old -head also.
> >
> > kernel trap 12 with interrupts disabled
> >
> > Fatal trap 12: page fault while in kernel mode
> > cpuid =3D 0; apic id =3D 00
> > fault virtual address   =3D 0xffffffff8225cf58
> > fault code              =3D supervisor read data, page not present
> > instruction pointer     =3D 0x20:0xffffffff80aad500
> > stack pointer           =3D 0x28:0xfffffe1f9d588700
> > frame pointer           =3D 0x28:0xfffffe1f9d588790
> > code segment            =3D base 0x0, limit 0xfffff, type 0x1b
> >                          =3D DPL 0, pres 1, long 1, def32 0, gran 1
> >
> > Following https://www.freebsd.org/doc/faq/advanced.html, I did:
> > # nm -n /boot/kernel/kernel | grep ffffffff80aad500
> > # nm -n /boot/kernel/kernel | grep ffffffff80aad50
> > # nm -n /boot/kernel/kernel | grep ffffffff80aad5
> > # nm -n /boot/kernel/kernel | grep ffffffff80aad
> > ffffffff80aad030 t itimers_event_hook_exec
> > ffffffff80aad040 t realtimer_expire
> > ffffffff80aad360 T callout_process
> > ffffffff80aad6b0 t softclock_call_cc
> > ffffffff80aadc10 T softclock
> > ffffffff80aadd20 T timeout
> > ffffffff80aade90 T callout_reset_sbt_on
> >
> > So I guess " ffffffff80aad360 T callout_process" is the closest match?
> >
> > I'll try to get real dump to get more information but that may take a
> > while.
> >
> > ccing jch and hans who've been playing in this area.
>=20
> Hi,
>=20
> Possibly it means some timer was not drained before the module was=20
> unloaded. It is not enough to only stop timers before freeing its=20
> memory. Or maybe a timer was restarted after drain.
>=20
> Can you get the full backtrace and put debugging symbols into the kernel?

I'll try to get it. Meanwhile I am getting another panic on idle box:
http://pastebin.com/9qJTFMik

This "looks" similar to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D156026 which got fixed
via https://svnweb.freebsd.org/base?view=3Drevision&revision=3Dr214675
"Don't leak the LLE lock if the arptimer callout is pending or
inactive."=20

Is what I am seeing similar to this?

I'll try and get more info.

Cheers,
Hiren

--BfbbJsf3thGkpLcA
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQF8BAABCgBmBQJV82IPXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBNEUyMEZBMUQ4Nzg4RjNGMTdFNjZGMDI4
QjkyNTBFMTU2M0VERkU1AAoJEIuSUOFWPt/lcpsH/R83be415drvfEBqMDev3h0o
+PRvE4ZaV+CFCCdYOc9QpHx0Y6LLeTp5Bd5HPM+n6KMqM60LKmveKklJg2eX2TVm
ezEQhh3A1xv2wrQYL7wWcd9XAWyfDdTD3Tko8BTIFy3XBjbzIBAxT0Qxd7+dYfl4
2yAEfIGC3t9+Vr51/V86mUMbs1ZtLiDtVPiuL66yv78QEWqEIArylTYLrMrloX9P
CVymnD0DhCOjQ1shM8cDiKg3J66ZTSIlmYcBQTj0rE/fiKvegtflHiSbb1i6kZql
evOfSTeVt6qW+3JWroqCDxip79NQedbDxMz7tXxySOWFJfX4PUKpcFerzTnuhyA=
=Aznt
-----END PGP SIGNATURE-----

--BfbbJsf3thGkpLcA--