From owner-freebsd-current@freebsd.org  Fri Jun 30 10:46:48 2017
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 94680D8E221
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Fri, 30 Jun 2017 10:46:48 +0000 (UTC) (envelope-from hps@selasky.org)
Received: from mail.turbocat.net (turbocat.net [88.99.82.50])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4542D642AC
 for <freebsd-current@freebsd.org>; Fri, 30 Jun 2017 10:46:47 +0000 (UTC)
 (envelope-from hps@selasky.org)
Received: from hps2016.home.selasky.org (216-72-41-245.barak.net.il
 [216.72.41.245])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mail.turbocat.net (Postfix) with ESMTPSA id BB849260615;
 Fri, 30 Jun 2017 12:46:44 +0200 (CEST)
Subject: Re: HEAD/i386 r320212: three reproducible panics
To: "Oleg V. Nauman" <oleg@theweb.org.ua>, freebsd-current@freebsd.org
References: <9394534.k5lyWsM15G@asus.theweb.org.ua>
 <6682061.Xu753KpcSl@asus.theweb.org.ua>
From: Hans Petter Selasky <hps@selasky.org>
Message-ID: <8a501e11-6bf8-4b38-c1d1-937c4b2f6745@selasky.org>
Date: Fri, 30 Jun 2017 12:44:37 +0200
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Thunderbird/52.2.0
MIME-Version: 1.0
In-Reply-To: <6682061.Xu753KpcSl@asus.theweb.org.ua>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jun 2017 10:46:48 -0000

On 06/30/17 11:01, Oleg V. Nauman wrote:
> On Friday 23 June 2017 19:42:55 Oleg V. Nauman wrote:
>>   a) Panic on shutdown:
>>
>>
>> Fatal trap 1: privileged instruction fault while in kernel mode
>> cpuid = 1; apic id = 01
>> instruction pointer  = 0x20:0xc6be2023
>> stack pointer          = 0x28:0xe13c39f4
>> frame pointer          = 0x28:0xe13c3a20
>> code segment      = base 0x0, limit 0xfffff, type 0x1b
>>           = DPL 0, pres 1, def32 1, gran 1
>> processor eflags  = interrupt enabled, resume, IOPL = 0
>> current process      = 11 (swi1: netisr 0)
>> trap number    = 1
>> panic: privileged instruction fault
>> cpuid = 1
>> time = 1498206262
>> Uptime: 6m19s
>>
>>   The trace is:
>>
>> __curthread () at ./machine/pcpu.h:225
>> 225      __asm("movl %%fs:%1,%0" : "=r" (td)
>> (kgdb) #0  __curthread () at ./machine/pcpu.h:225
>> #1  doadump (textdump=-968633472) at ../../../kern/kern_shutdown.c:318
>> #2  0xc06e88c4 in kern_reboot (howto=<optimized out>)
>>      at ../../../kern/kern_shutdown.c:386
>> #3  0xc06e8c5b in vpanic (fmt=<optimized out>,
>>      ap=0xe13c3874 "}\334\235\300H\254 \306\001")
>>      at ../../../kern/kern_shutdown.c:779
>> #4  0xc06e8b1b in panic (fmt=0xc092e18e "%s")
>>      at ../../../kern/kern_shutdown.c:710
>> #5  0xc08eed21 in trap_fatal (frame=0xe13c39b4, eva=<optimized out>)
>>      at ../../../i386/i386/trap.c:978
>> #6  0xc08eea38 in trap (frame=<optimized out>)
>>      at ../../../i386/i386/trap.c:704
>> #7  <signal handler called>
>> #8  0xc6be2023 in ?? ()
>> #9  0xc082ed53 in tcp_do_segment (m=<optimized out>, th=<optimized out>,
>>      so=<optimized out>, tp=<optimized out>, drop_hdrlen=<optimized out>,
>>      tlen=<optimized out>, iptos=<optimized out>,
>>      ti_locked=<error reading variable: Cannot access memory at address 0x1>)
>> at ../../../netinet/tcp_input.c:2444
>> #10 0xc082c181 in tcp_input (mp=<optimized out>, offp=<optimized out>,
>>      proto=<optimized out>) at ../../../netinet/tcp_input.c:1191
>> #11 0xc0820878 in ip_input (m=0x0) at ../../../netinet/ip_input.c:823
>> #12 0xc07d5d0f in netisr_process_workstream_proto (nwsp=<optimized out>,
>>      proto=<optimized out>) at ../../../net/netisr.c:899
>> #13 swi_net (arg=<optimized out>) at ../../../net/netisr.c:946
>> #14 0xc06bb3c5 in intr_event_execute_handlers (p=0x109, ie=<optimized out>)
>>      at ../../../kern/kern_intr.c:1336
>> #15 0xc06bb5f0 in ithread_execute_handlers (ie=<optimized out>,
>>      p=<optimized out>) at ../../../kern/kern_intr.c:1349
>> #16 ithread_loop (arg=0xc60e6d00) at ../../../kern/kern_intr.c:1430
>> #17 0xc06b8a76 in fork_exit (callout=0xc06bb560 <ithread_loop>,
>>      arg=<optimized out>, frame=<optimized out>)
>>      at ../../../kern/kern_fork.c:1038
>> #18 <signal handler called>
>> (kgdb)
> 
>   Interesting enough that panic triggered by named shutdown ( well, 'rndc
> flush' is triggering this panic too )
> 
>   rndc calling isc__app_ctxrun function and finally panics the system:
> 
> ---- lib/isc/unix/app.c ---
>              return (ISC_R_UNEXPECTED);
>           }
> 
> #ifndef HAVE_UNIXWARE_SIGWAIT
>           result = sigwait(&sset, &sig); <--- panic
>           if (result == 0) {
> 
> ----------------------------
> variables are set to:
>   sset= {__bits = {16387, 0, 0, 0}}
>   sig = 134533280

Here:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220358

Try to turn off hyperthreading to get a more sensible panic.

Might look like an issue with 32-bit systems and iflib.

--HPS