Re: HEAD/i386 r320212: three reproducible panics [see also bugzilla 220404 about a type of problem introduced in head -r329722 ]

2017-07-01 Thread Oleg V. Nauman
On Friday 30 June 2017 22:45:39 Mark Millard wrote:
> [Just for the 3rd backtrace example. . .]
> 
> Oleg V. Nauman oleg at theweb.org.ua wrote on
> Fri Jun 23 16:58:07 UTC 2017 :
> 
> .. . .
> 
> > __curthread () at ./machine/pcpu.h:225
> > 225  __asm("movl %%fs:%1,%0" : "=r" (td)
> > (kgdb) #0  __curthread () at ./machine/pcpu.h:225
> > #1  doadump (textdump=-968633856) at ../../../kern/kern_shutdown.c:318
> > #2  0xc06e88c4 in kern_reboot (howto=)
> > 
> > at ../../../kern/kern_shutdown.c:386
> > 
> > #3  0xc06e8c5b in vpanic (fmt=,
> > 
> > ap=0xefd5c73c "\340\334\235\300\310\370\266\306\001")
> > at ../../../kern/kern_shutdown.c:779
> > 
> > #4  0xc06e8b1b in panic (fmt=0xc092e18e "%s")
> > 
> > at ../../../kern/kern_shutdown.c:710
> > 
> > #5  0xc08eed21 in trap_fatal (frame=0xefd5c878, eva=)
> > 
> > at ../../../i386/i386/trap.c:978
> > 
> > #6  0xc08eea38 in trap (frame=)
> > 
> > at ../../../i386/i386/trap.c:704
> > 
> > #7  
> > #8  0xc6bcda1b in ?? ()
> > #9  0xc0770281 in unp_connect2 (so=, so2=,
> > 
> > req=) at ../../../kern/uipc_usrreq.c:1497
> > 
> > #10 0xc076ff17 in unp_connectat (fd=, so=,
> > 
> > nam=, td=)
> > at ../../../kern/uipc_usrreq.c:1446
> > 
> > #11 0xc076d510 in unp_connect (so=0xc71c9400, nam=0xc662d500,
> > 
> > td=) at ../../../kern/uipc_usrreq.c:1310
> > 
> > #12 uipc_connect (so=0xc71c9400, nam=0xc662d500, td=)
> > 
> > at ../../../kern/uipc_usrreq.c:587
> > 
> > #13 0xc076a042 in kern_connectat (td=, dirfd=-100,
> > 
> > fd=, sa=0xc662d500) at
> > ../../../kern/uipc_syscalls.c:505
> > 
> > #14 0xc0769f49 in sys_connect (td=0xc6bcda18, uap=0xc6b6f988)
> > 
> > at ../../../kern/uipc_syscalls.c:470
> > 
> > #15 0xc08ef679 in syscallenter (td=)
> > 
> > at ../../../i386/i386/../../kern/subr_syscall.c:132
> > 
> > #16 syscall (frame=) at ../../../i386/i386/trap.c:1103
> > #17 
> > #18 0x283a4747 in ?? ()
> > Backtrace stopped: Cannot access memory at address 0xbfbfe794
> 
> There are problems with a union having fields
> that interfere with each other. The details of
> the layout and interference likely vary from
> TARGET_ARCH to TARGET_ARCH. This is from
> new material added in head -r319722 and
> involves /head/sys/sys/socketvar.h and
> the new union in struct socket.
> 
> See bugzilla 220404 and its analysis of a
> repeatable crash on 32-bit powerpc for
> head -r320482 (I'd made a large jump from
> well before -r319722):
> 
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220404
> 
> It also involves unp_connect2, unp_connect,
> kern_connectat, sys_connect and is likely
> involved. But different aliasing in the
> union across architectures likely lead to
> varying details for the behavior that results
> from the bad handling of union use.

 Subscribed, thank you.

> 
> ===
> Mark Millard
> markmi at dsl-only.net


___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: HEAD/i386 r320212: three reproducible panics [see also bugzilla 220404 about a type of problem introduced in head -r329722 ]

2017-07-01 Thread Mark Millard
[Just for the 3rd backtrace example. . .]

Oleg V. Nauman oleg at theweb.org.ua wrote on
Fri Jun 23 16:58:07 UTC 2017 :

. . .
> __curthread () at ./machine/pcpu.h:225
> 225  __asm("movl %%fs:%1,%0" : "=r" (td)
> (kgdb) #0  __curthread () at ./machine/pcpu.h:225
> #1  doadump (textdump=-968633856) at ../../../kern/kern_shutdown.c:318
> #2  0xc06e88c4 in kern_reboot (howto=)
> at ../../../kern/kern_shutdown.c:386
> #3  0xc06e8c5b in vpanic (fmt=,
> ap=0xefd5c73c "\340\334\235\300\310\370\266\306\001")
> at ../../../kern/kern_shutdown.c:779
> #4  0xc06e8b1b in panic (fmt=0xc092e18e "%s")
> at ../../../kern/kern_shutdown.c:710
> #5  0xc08eed21 in trap_fatal (frame=0xefd5c878, eva=)
> at ../../../i386/i386/trap.c:978
> #6  0xc08eea38 in trap (frame=)
> at ../../../i386/i386/trap.c:704
> #7  
> #8  0xc6bcda1b in ?? ()
> #9  0xc0770281 in unp_connect2 (so=, so2=,
> req=) at ../../../kern/uipc_usrreq.c:1497
> #10 0xc076ff17 in unp_connectat (fd=, so=,
> nam=, td=)
> at ../../../kern/uipc_usrreq.c:1446
> #11 0xc076d510 in unp_connect (so=0xc71c9400, nam=0xc662d500,
> td=) at ../../../kern/uipc_usrreq.c:1310
> #12 uipc_connect (so=0xc71c9400, nam=0xc662d500, td=)
> at ../../../kern/uipc_usrreq.c:587
> #13 0xc076a042 in kern_connectat (td=, dirfd=-100,
> fd=, sa=0xc662d500) at ../../../kern/uipc_syscalls.c:505
> #14 0xc0769f49 in sys_connect (td=0xc6bcda18, uap=0xc6b6f988)
> at ../../../kern/uipc_syscalls.c:470
> #15 0xc08ef679 in syscallenter (td=)
> at ../../../i386/i386/../../kern/subr_syscall.c:132
> #16 syscall (frame=) at ../../../i386/i386/trap.c:1103
> #17 
> #18 0x283a4747 in ?? ()
> Backtrace stopped: Cannot access memory at address 0xbfbfe794

There are problems with a union having fields
that interfere with each other. The details of
the layout and interference likely vary from
TARGET_ARCH to TARGET_ARCH. This is from
new material added in head -r319722 and
involves /head/sys/sys/socketvar.h and
the new union in struct socket.

See bugzilla 220404 and its analysis of a
repeatable crash on 32-bit powerpc for
head -r320482 (I'd made a large jump from
well before -r319722):

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220404

It also involves unp_connect2, unp_connect,
kern_connectat, sys_connect and is likely
involved. But different aliasing in the
union across architectures likely lead to
varying details for the behavior that results
from the bad handling of union use.

===
Mark Millard
markmi at dsl-only.net

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: HEAD/i386 r320212: three reproducible panics

2017-06-30 Thread Oleg V. Nauman
On Friday 30 June 2017 12:44:37 Hans Petter Selasky wrote:

 Hello Hans,

> On 06/30/17 11:01, Oleg V. Nauman wrote:
> > On Friday 23 June 2017 19:42:55 Oleg V. Nauman wrote:
> >>   a) Panic on shutdown:
> >> Fatal trap 1: privileged instruction fault while in kernel mode
> >> cpuid = 1; apic id = 01
> >> instruction pointer  = 0x20:0xc6be2023
> >> stack pointer  = 0x28:0xe13c39f4
> >> frame pointer  = 0x28:0xe13c3a20
> >> code segment  = base 0x0, limit 0xf, type 0x1b
> >> 
> >>   = DPL 0, pres 1, def32 1, gran 1
> >> 
> >> processor eflags  = interrupt enabled, resume, IOPL = 0
> >> current process  = 11 (swi1: netisr 0)
> >> trap number= 1
> >> panic: privileged instruction fault
> >> cpuid = 1
> >> time = 1498206262
> >> Uptime: 6m19s
> >> 
> >>   The trace is:
> >> __curthread () at ./machine/pcpu.h:225
> >> 225  __asm("movl %%fs:%1,%0" : "=r" (td)
> >> (kgdb) #0  __curthread () at ./machine/pcpu.h:225
> >> #1  doadump (textdump=-968633472) at ../../../kern/kern_shutdown.c:318
> >> #2  0xc06e88c4 in kern_reboot (howto=)
> >> 
> >>  at ../../../kern/kern_shutdown.c:386
> >> 
> >> #3  0xc06e8c5b in vpanic (fmt=,
> >> 
> >>  ap=0xe13c3874 "}\334\235\300H\254 \306\001")
> >>  at ../../../kern/kern_shutdown.c:779
> >> 
> >> #4  0xc06e8b1b in panic (fmt=0xc092e18e "%s")
> >> 
> >>  at ../../../kern/kern_shutdown.c:710
> >> 
> >> #5  0xc08eed21 in trap_fatal (frame=0xe13c39b4, eva=)
> >> 
> >>  at ../../../i386/i386/trap.c:978
> >> 
> >> #6  0xc08eea38 in trap (frame=)
> >> 
> >>  at ../../../i386/i386/trap.c:704
> >> 
> >> #7  
> >> #8  0xc6be2023 in ?? ()
> >> #9  0xc082ed53 in tcp_do_segment (m=, th=,
> >> 
> >>  so=, tp=, drop_hdrlen=,
> >>  tlen=, iptos=,
> >>  ti_locked= >>  0x1>)
> >> 
> >> at ../../../netinet/tcp_input.c:2444
> >> #10 0xc082c181 in tcp_input (mp=, offp=,
> >> 
> >>  proto=) at ../../../netinet/tcp_input.c:1191
> >> 
> >> #11 0xc0820878 in ip_input (m=0x0) at ../../../netinet/ip_input.c:823
> >> #12 0xc07d5d0f in netisr_process_workstream_proto (nwsp=,
> >> 
> >>  proto=) at ../../../net/netisr.c:899
> >> 
> >> #13 swi_net (arg=) at ../../../net/netisr.c:946
> >> #14 0xc06bb3c5 in intr_event_execute_handlers (p=0x109, ie= >> out>)
> >> 
> >>  at ../../../kern/kern_intr.c:1336
> >> 
> >> #15 0xc06bb5f0 in ithread_execute_handlers (ie=,
> >> 
> >>  p=) at ../../../kern/kern_intr.c:1349
> >> 
> >> #16 ithread_loop (arg=0xc60e6d00) at ../../../kern/kern_intr.c:1430
> >> #17 0xc06b8a76 in fork_exit (callout=0xc06bb560 ,
> >> 
> >>  arg=, frame=)
> >>  at ../../../kern/kern_fork.c:1038
> >> 
> >> #18 
> >> (kgdb)
> >> 
> >   Interesting enough that panic triggered by named shutdown ( well, 'rndc
> > 
> > flush' is triggering this panic too )
> > 
> >   rndc calling isc__app_ctxrun function and finally panics the system:
> >  lib/isc/unix/app.c ---
> > 
> >  return (ISC_R_UNEXPECTED);
> >   
> >   }
> > 
> > #ifndef HAVE_UNIXWARE_SIGWAIT
> > 
> >   result = sigwait(, ); <--- panic
> >   if (result == 0) {
> > 
> > 
> > 
> > variables are set to:
> >   sset= {__bits = {16387, 0, 0, 0}}
> >   sig = 134533280
> 
> Here:
> 
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220358

 Subscribed && updated.

> 
> Try to turn off hyperthreading to get a more sensible panic.

 Done.

> 
> Migh-t look like an issue with 32-bit systems and iflib.

 I do not know if this related to iflib ; iflib functions were not mentioned 
in backtraces.

> 
> --HPS

-- 
Науман Олег

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: HEAD/i386 r320212: three reproducible panics

2017-06-30 Thread Hans Petter Selasky

On 06/30/17 11:01, Oleg V. Nauman wrote:

On Friday 23 June 2017 19:42:55 Oleg V. Nauman wrote:

  a) Panic on shutdown:


Fatal trap 1: privileged instruction fault while in kernel mode
cpuid = 1; apic id = 01
instruction pointer  = 0x20:0xc6be2023
stack pointer  = 0x28:0xe13c39f4
frame pointer  = 0x28:0xe13c3a20
code segment  = base 0x0, limit 0xf, type 0x1b
  = DPL 0, pres 1, def32 1, gran 1
processor eflags  = interrupt enabled, resume, IOPL = 0
current process  = 11 (swi1: netisr 0)
trap number= 1
panic: privileged instruction fault
cpuid = 1
time = 1498206262
Uptime: 6m19s

  The trace is:

__curthread () at ./machine/pcpu.h:225
225  __asm("movl %%fs:%1,%0" : "=r" (td)
(kgdb) #0  __curthread () at ./machine/pcpu.h:225
#1  doadump (textdump=-968633472) at ../../../kern/kern_shutdown.c:318
#2  0xc06e88c4 in kern_reboot (howto=)
 at ../../../kern/kern_shutdown.c:386
#3  0xc06e8c5b in vpanic (fmt=,
 ap=0xe13c3874 "}\334\235\300H\254 \306\001")
 at ../../../kern/kern_shutdown.c:779
#4  0xc06e8b1b in panic (fmt=0xc092e18e "%s")
 at ../../../kern/kern_shutdown.c:710
#5  0xc08eed21 in trap_fatal (frame=0xe13c39b4, eva=)
 at ../../../i386/i386/trap.c:978
#6  0xc08eea38 in trap (frame=)
 at ../../../i386/i386/trap.c:704
#7  
#8  0xc6be2023 in ?? ()
#9  0xc082ed53 in tcp_do_segment (m=, th=,
 so=, tp=, drop_hdrlen=,
 tlen=, iptos=,
 ti_locked=)
at ../../../netinet/tcp_input.c:2444
#10 0xc082c181 in tcp_input (mp=, offp=,
 proto=) at ../../../netinet/tcp_input.c:1191
#11 0xc0820878 in ip_input (m=0x0) at ../../../netinet/ip_input.c:823
#12 0xc07d5d0f in netisr_process_workstream_proto (nwsp=,
 proto=) at ../../../net/netisr.c:899
#13 swi_net (arg=) at ../../../net/netisr.c:946
#14 0xc06bb3c5 in intr_event_execute_handlers (p=0x109, ie=)
 at ../../../kern/kern_intr.c:1336
#15 0xc06bb5f0 in ithread_execute_handlers (ie=,
 p=) at ../../../kern/kern_intr.c:1349
#16 ithread_loop (arg=0xc60e6d00) at ../../../kern/kern_intr.c:1430
#17 0xc06b8a76 in fork_exit (callout=0xc06bb560 ,
 arg=, frame=)
 at ../../../kern/kern_fork.c:1038
#18 
(kgdb)


  Interesting enough that panic triggered by named shutdown ( well, 'rndc
flush' is triggering this panic too )

  rndc calling isc__app_ctxrun function and finally panics the system:

 lib/isc/unix/app.c ---
 return (ISC_R_UNEXPECTED);
  }

#ifndef HAVE_UNIXWARE_SIGWAIT
  result = sigwait(, ); <--- panic
  if (result == 0) {


variables are set to:
  sset= {__bits = {16387, 0, 0, 0}}
  sig = 134533280


Here:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220358

Try to turn off hyperthreading to get a more sensible panic.

Might look like an issue with 32-bit systems and iflib.

--HPS
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: HEAD/i386 r320212: three reproducible panics

2017-06-30 Thread Oleg V. Nauman
On Friday 23 June 2017 19:42:55 Oleg V. Nauman wrote:
>  a) Panic on shutdown:
> 
> 
> Fatal trap 1: privileged instruction fault while in kernel mode
> cpuid = 1; apic id = 01
> instruction pointer  = 0x20:0xc6be2023
> stack pointer  = 0x28:0xe13c39f4
> frame pointer  = 0x28:0xe13c3a20
> code segment  = base 0x0, limit 0xf, type 0x1b
>  = DPL 0, pres 1, def32 1, gran 1
> processor eflags  = interrupt enabled, resume, IOPL = 0
> current process  = 11 (swi1: netisr 0)
> trap number= 1
> panic: privileged instruction fault
> cpuid = 1
> time = 1498206262
> Uptime: 6m19s
> 
>  The trace is:
> 
> __curthread () at ./machine/pcpu.h:225
> 225  __asm("movl %%fs:%1,%0" : "=r" (td)
> (kgdb) #0  __curthread () at ./machine/pcpu.h:225
> #1  doadump (textdump=-968633472) at ../../../kern/kern_shutdown.c:318
> #2  0xc06e88c4 in kern_reboot (howto=)
> at ../../../kern/kern_shutdown.c:386
> #3  0xc06e8c5b in vpanic (fmt=,
> ap=0xe13c3874 "}\334\235\300H\254 \306\001")
> at ../../../kern/kern_shutdown.c:779
> #4  0xc06e8b1b in panic (fmt=0xc092e18e "%s")
> at ../../../kern/kern_shutdown.c:710
> #5  0xc08eed21 in trap_fatal (frame=0xe13c39b4, eva=)
> at ../../../i386/i386/trap.c:978
> #6  0xc08eea38 in trap (frame=)
> at ../../../i386/i386/trap.c:704
> #7  
> #8  0xc6be2023 in ?? ()
> #9  0xc082ed53 in tcp_do_segment (m=, th=,
> so=, tp=, drop_hdrlen=,
> tlen=, iptos=,
> ti_locked=)
> at ../../../netinet/tcp_input.c:2444
> #10 0xc082c181 in tcp_input (mp=, offp=,
> proto=) at ../../../netinet/tcp_input.c:1191
> #11 0xc0820878 in ip_input (m=0x0) at ../../../netinet/ip_input.c:823
> #12 0xc07d5d0f in netisr_process_workstream_proto (nwsp=,
> proto=) at ../../../net/netisr.c:899
> #13 swi_net (arg=) at ../../../net/netisr.c:946
> #14 0xc06bb3c5 in intr_event_execute_handlers (p=0x109, ie=)
> at ../../../kern/kern_intr.c:1336
> #15 0xc06bb5f0 in ithread_execute_handlers (ie=,
> p=) at ../../../kern/kern_intr.c:1349
> #16 ithread_loop (arg=0xc60e6d00) at ../../../kern/kern_intr.c:1430
> #17 0xc06b8a76 in fork_exit (callout=0xc06bb560 ,
> arg=, frame=)
> at ../../../kern/kern_fork.c:1038
> #18 
> (kgdb)

 Interesting enough that panic triggered by named shutdown ( well, 'rndc 
flush' is triggering this panic too )

 rndc calling isc__app_ctxrun function and finally panics the system:

 lib/isc/unix/app.c ---
return (ISC_R_UNEXPECTED);
 }

#ifndef HAVE_UNIXWARE_SIGWAIT
 result = sigwait(, ); <--- panic
 if (result == 0) {


variables are set to:
 sset= {__bits = {16387, 0, 0, 0}}
 sig = 134533280


___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: HEAD/i386 r320212: three reproducible panics

2017-06-23 Thread Michael Butler

On 06/23/17 12:42, Oleg V. Nauman wrote:

  a) Panic on shutdown:


Fatal trap 1: privileged instruction fault while in kernel mode
cpuid = 1; apic id = 01
instruction pointer  = 0x20:0xc6be2023
stack pointer  = 0x28:0xe13c39f4
frame pointer  = 0x28:0xe13c3a20
code segment  = base 0x0, limit 0xf, type 0x1b
  = DPL 0, pres 1, def32 1, gran 1
processor eflags  = interrupt enabled, resume, IOPL = 0
current process  = 11 (swi1: netisr 0)
trap number= 1
panic: privileged instruction fault
cpuid = 1
time = 1498206262
Uptime: 6m19s


I can't get my last remaining i386 to either finish booting or stay up 
long enough for the VPN to allow access (it's remote :-(). I'm stuck at 
SVN r319640.


Crash dumps list a "double fault", "general protection fault" or "page 
fault" in kernel mode.


Fortunately, it does get far enough to remove /boot/nextboot.conf so it 
does fall back to a working kernel ..


imb

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


HEAD/i386 r320212: three reproducible panics

2017-06-23 Thread Oleg V. Nauman
 a) Panic on shutdown:


Fatal trap 1: privileged instruction fault while in kernel mode
cpuid = 1; apic id = 01
instruction pointer  = 0x20:0xc6be2023
stack pointer  = 0x28:0xe13c39f4
frame pointer  = 0x28:0xe13c3a20
code segment  = base 0x0, limit 0xf, type 0x1b
 = DPL 0, pres 1, def32 1, gran 1
processor eflags  = interrupt enabled, resume, IOPL = 0
current process  = 11 (swi1: netisr 0)
trap number= 1
panic: privileged instruction fault
cpuid = 1
time = 1498206262
Uptime: 6m19s

 The trace is:

__curthread () at ./machine/pcpu.h:225
225  __asm("movl %%fs:%1,%0" : "=r" (td)
(kgdb) #0  __curthread () at ./machine/pcpu.h:225
#1  doadump (textdump=-968633472) at ../../../kern/kern_shutdown.c:318
#2  0xc06e88c4 in kern_reboot (howto=)
at ../../../kern/kern_shutdown.c:386
#3  0xc06e8c5b in vpanic (fmt=,
ap=0xe13c3874 "}\334\235\300H\254 \306\001")
at ../../../kern/kern_shutdown.c:779
#4  0xc06e8b1b in panic (fmt=0xc092e18e "%s")
at ../../../kern/kern_shutdown.c:710
#5  0xc08eed21 in trap_fatal (frame=0xe13c39b4, eva=)
at ../../../i386/i386/trap.c:978
#6  0xc08eea38 in trap (frame=)
at ../../../i386/i386/trap.c:704
#7  
#8  0xc6be2023 in ?? ()
#9  0xc082ed53 in tcp_do_segment (m=, th=,
so=, tp=, drop_hdrlen=,
tlen=, iptos=,
ti_locked=)
at ../../../netinet/tcp_input.c:2444
#10 0xc082c181 in tcp_input (mp=, offp=,
proto=) at ../../../netinet/tcp_input.c:1191
#11 0xc0820878 in ip_input (m=0x0) at ../../../netinet/ip_input.c:823
#12 0xc07d5d0f in netisr_process_workstream_proto (nwsp=,
proto=) at ../../../net/netisr.c:899
#13 swi_net (arg=) at ../../../net/netisr.c:946
#14 0xc06bb3c5 in intr_event_execute_handlers (p=0x109, ie=)
at ../../../kern/kern_intr.c:1336
#15 0xc06bb5f0 in ithread_execute_handlers (ie=,
p=) at ../../../kern/kern_intr.c:1349
#16 ithread_loop (arg=0xc60e6d00) at ../../../kern/kern_intr.c:1430
#17 0xc06b8a76 in fork_exit (callout=0xc06bb560 ,
arg=, frame=)
at ../../../kern/kern_fork.c:1038
#18 
(kgdb)

b) Panic on accepting incoming SSH connection:

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0xa4c6f47f
fault code = supervisor read, page not present
instruction pointer  = 0x20:0xc6bd0418
stack pointer  = 0x28:0xea66b6a4
frame pointer  = 0x28:0xea66b6d0
code segment  = base 0x0, limit 0xf, type 0x1b
 = DPL 0, pres 1, def32 1, gran 1
processor eflags  = interrupt enabled, resume, IOPL = 0
current process  = 0 (ath0 taskq)
trap number= 12
panic: page fault
cpuid = 0
time = 1498233591
Uptime: 1m2s

 The trace is:

__curthread () at ./machine/pcpu.h:225
225  __asm("movl %%fs:%1,%0" : "=r" (td)
(kgdb) #0  __curthread () at ./machine/pcpu.h:225
#1  doadump (textdump=-968633856) at ../../../kern/kern_shutdown.c:318
#2  0xc06e88c4 in kern_reboot (howto=)
at ../../../kern/kern_shutdown.c:386
#3  0xc06e8c5b in vpanic (fmt=,
ap=0xea66b504 "\353\334\235\300H)
at ../../../i386/i386/trap.c:978
#6  0xc08eee5d in trap_pfault (frame=0xea66b664, usermode=0,
eva=) at ../../../i386/i386/trap.c:786
#7  0xc08ee48e in trap (frame=)
at ../../../i386/i386/trap.c:512
#8  
#9  0xc6bd0418 in ?? ()
#10 0xc082ed53 in tcp_do_segment (m=, th=,
so=, tp=, drop_hdrlen=,
tlen=, iptos=,
ti_locked=)
at ../../../netinet/tcp_input.c:2444
#11 0xc082c181 in tcp_input (mp=, offp=,
proto=) at ../../../netinet/tcp_input.c:1191
#12 0xc0820878 in ip_input (m=0x0) at ../../../netinet/ip_input.c:823
#13 0xc07d55bb in netisr_dispatch_src (proto=,
source=, m=0xc6bd0418) at ../../../net/netisr.c:1120
#14 0xc07d5880 in netisr_dispatch (proto=1, m=0xc6cc6000)
at ../../../net/netisr.c:1211
#15 0xc07c7292 in ether_demux (ifp=0xc6860800, m=0x0)
at ../../../net/if_ethersubr.c:848
#16 0xc07c7f20 in ether_input_internal (ifp=0xc6860800, m=0xc6bd0418)
at ../../../net/if_ethersubr.c:637
#17 ether_nh_input (m=) at ../../../net/if_ethersubr.c:667
#18 0xc07d55bb in netisr_dispatch_src (proto=,
source=, m=0xc6bd0418) at ../../../net/netisr.c:1120
#19 0xc07d5880 in netisr_dispatch (proto=5, m=0xc6cc6000)
at ../../../net/netisr.c:1211
#20 0xc07c751a in ether_input (ifp=0xc6860800, m=0x0)
at ../../../net/if_ethersubr.c:757
#21 0xc07efc2e in ieee80211_deliver_data (vap=0xc6a97000, ni=,
m=0xc6cc6000) at ../../../net80211/ieee80211_input.c:291
#22 0xc08070e5 in sta_input (ni=, m=0xc6cc6000,
rxs=, rssi=, nf=)
at ../../../net80211/ieee80211_sta.c:891
#23 0xc07ef824 in ieee80211_input_mimo (ni=0x0, m=)
at ../../../net80211/ieee80211_input.c:99
#24 0xc053439a in ath_rx_pkt (sc=, rs=,
status=, tsf=, nf=,
qtype=, bf=, m=)
at ../../../dev/ath/if_ath_rx.c:950
#25 0xc05350f5 in ath_rx_proc (sc=0xc63f9000, resched=1)
at ../../../dev/ath/if_ath_rx.c:1150
#26 0xc07359cc in taskqueue_run_locked (queue=0xc63d3b80)
at ../../../kern/subr_taskqueue.c:454
#27 0xc07368b7 in