Date: Fri, 11 Sep 2015 16:21:54 -0700 From: hiren panchasara <hiren@strugglingcoder.info> To: Hans Petter Selasky <hps@selasky.org> Cc: freebsd-current@FreeBSD.org, jch@FreeBSD.org Subject: Re: Panic on kldload/kldunload in/near callout Message-ID: <20150911232154.GS64965@strugglingcoder.info> In-Reply-To: <55F27D68.6080501@selasky.org> References: <20150910192351.GF64965@strugglingcoder.info> <55F27D68.6080501@selasky.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--BfbbJsf3thGkpLcA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 09/11/15 at 09:06P, Hans Petter Selasky wrote: > On 09/10/15 21:23, hiren panchasara wrote: > > I am on 11.0-CURRENT FreeBSD 11.0-CURRENT #4 r286760M: Thu Sep 10 > > 08:15:43 MST 2015 > > > > I get random (1 out of 10 tries) panics when I do: > > # kldunload dummynet ; kldunload ipfw ;kldload ipfw ; kldload dummynet > > > > I used to get panics on a couple months old -head also. > > > > kernel trap 12 with interrupts disabled > > > > Fatal trap 12: page fault while in kernel mode > > cpuid =3D 0; apic id =3D 00 > > fault virtual address =3D 0xffffffff8225cf58 > > fault code =3D supervisor read data, page not present > > instruction pointer =3D 0x20:0xffffffff80aad500 > > stack pointer =3D 0x28:0xfffffe1f9d588700 > > frame pointer =3D 0x28:0xfffffe1f9d588790 > > code segment =3D base 0x0, limit 0xfffff, type 0x1b > > =3D DPL 0, pres 1, long 1, def32 0, gran 1 > > > > Following https://www.freebsd.org/doc/faq/advanced.html, I did: > > # nm -n /boot/kernel/kernel | grep ffffffff80aad500 > > # nm -n /boot/kernel/kernel | grep ffffffff80aad50 > > # nm -n /boot/kernel/kernel | grep ffffffff80aad5 > > # nm -n /boot/kernel/kernel | grep ffffffff80aad > > ffffffff80aad030 t itimers_event_hook_exec > > ffffffff80aad040 t realtimer_expire > > ffffffff80aad360 T callout_process > > ffffffff80aad6b0 t softclock_call_cc > > ffffffff80aadc10 T softclock > > ffffffff80aadd20 T timeout > > ffffffff80aade90 T callout_reset_sbt_on > > > > So I guess " ffffffff80aad360 T callout_process" is the closest match? > > > > I'll try to get real dump to get more information but that may take a > > while. > > > > ccing jch and hans who've been playing in this area. >=20 > Hi, >=20 > Possibly it means some timer was not drained before the module was=20 > unloaded. It is not enough to only stop timers before freeing its=20 > memory. Or maybe a timer was restarted after drain. >=20 > Can you get the full backtrace and put debugging symbols into the kernel? I'll try to get it. Meanwhile I am getting another panic on idle box: http://pastebin.com/9qJTFMik This "looks" similar to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D156026 which got fixed via https://svnweb.freebsd.org/base?view=3Drevision&revision=3Dr214675 "Don't leak the LLE lock if the arptimer callout is pending or inactive."=20 Is what I am seeing similar to this? I'll try and get more info. Cheers, Hiren --BfbbJsf3thGkpLcA Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQF8BAABCgBmBQJV82IPXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBNEUyMEZBMUQ4Nzg4RjNGMTdFNjZGMDI4 QjkyNTBFMTU2M0VERkU1AAoJEIuSUOFWPt/lcpsH/R83be415drvfEBqMDev3h0o +PRvE4ZaV+CFCCdYOc9QpHx0Y6LLeTp5Bd5HPM+n6KMqM60LKmveKklJg2eX2TVm ezEQhh3A1xv2wrQYL7wWcd9XAWyfDdTD3Tko8BTIFy3XBjbzIBAxT0Qxd7+dYfl4 2yAEfIGC3t9+Vr51/V86mUMbs1ZtLiDtVPiuL66yv78QEWqEIArylTYLrMrloX9P CVymnD0DhCOjQ1shM8cDiKg3J66ZTSIlmYcBQTj0rE/fiKvegtflHiSbb1i6kZql evOfSTeVt6qW+3JWroqCDxip79NQedbDxMz7tXxySOWFJfX4PUKpcFerzTnuhyA= =Aznt -----END PGP SIGNATURE----- --BfbbJsf3thGkpLcA--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150911232154.GS64965>