From owner-freebsd-stable@freebsd.org Wed Aug 10 19:10:09 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BAFC9BB519F for ; Wed, 10 Aug 2016 19:10:09 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 9EFFF18EE for ; Wed, 10 Aug 2016 19:10:09 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id 9A968BB519E; Wed, 10 Aug 2016 19:10:09 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9A349BB519D for ; Wed, 10 Aug 2016 19:10:09 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 83D2718ED; Wed, 10 Aug 2016 19:10:09 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (localhost [IPv6:::1]) by freefall.freebsd.org (Postfix) with ESMTP id 771C71792; Wed, 10 Aug 2016 19:10:09 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (localhost [172.31.3.2]) by mail.xzibition.com (Postfix) with ESMTP id 2547823FB5; Wed, 10 Aug 2016 19:10:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at mail.xzibition.com Received: from mail.xzibition.com ([172.31.3.2]) by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new, port 10026) with LMTP id 6MXWLyMu_6NF; Wed, 10 Aug 2016 19:10:03 +0000 (UTC) Subject: Re: Panic in stable/11 (amd64) @r303903: page fault while in kernel mode DKIM-Filter: OpenDKIM Filter v2.9.2 mail.xzibition.com 3116223FB0 To: stable@freebsd.org, avos@FreeBSD.org References: <20160810165458.GB1112@albert.catwhisker.org> From: Bryan Drewery Organization: FreeBSD Message-ID: <570bda1e-d4d7-42dc-6037-7c321ba9e97d@FreeBSD.org> Date: Wed, 10 Aug 2016 12:10:01 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <20160810165458.GB1112@albert.catwhisker.org> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="BqbRauJcfcvbN44uDIwiDkAhfvpAqWmA8" X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Aug 2016 19:10:09 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --BqbRauJcfcvbN44uDIwiDkAhfvpAqWmA8 Content-Type: multipart/mixed; boundary="GdndliX6ClSn0d0P3nbpO00PlPaJ98R3t" From: Bryan Drewery To: stable@freebsd.org, avos@FreeBSD.org Message-ID: <570bda1e-d4d7-42dc-6037-7c321ba9e97d@FreeBSD.org> Subject: Re: Panic in stable/11 (amd64) @r303903: page fault while in kernel mode References: <20160810165458.GB1112@albert.catwhisker.org> In-Reply-To: <20160810165458.GB1112@albert.catwhisker.org> --GdndliX6ClSn0d0P3nbpO00PlPaJ98R3t Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 8/10/16 9:54 AM, David Wolfskill wrote: > Happened after a few iterations of {"pkill dhclient" followed by > "dhclient wlan0"}. >=20 > Gory details (both "normal" and gzipped, and including the crash > dump and crashinfo) are in > . >=20 > Summary: > Wed Aug 10 15:56:26 UTC 2016 >=20 > FreeBSD 11.0-BETA4 FreeBSD 11.0-BETA4 #69 r303902M/303903:1100120: We= d Aug 10 04:00:09 PDT 2016 root@g1-252.catwhisker.org:/common/S3/obj/= usr/src/sys/CANARY amd64 >=20 > panic: page fault >=20 > GNU gdb 6.1.1 [FreeBSD] > Copyright 2004 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and yo= u are > welcome to change it and/or distribute copies of it under certain condi= tions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for deta= ils. > This GDB was configured as "amd64-marcel-freebsd"... >=20 > Unread portion of the kernel message buffer: >=20 >=20 > Fatal trap 12: page fault while in kernel mode > cpuid =3D 7; apic id =3D 07 > fault virtual address =3D 0x0 > fault code =3D supervisor read data, page not present > instruction pointer =3D 0x20:0xffffffff80bdaaa1 > stack pointer =3D 0x28:0xfffffe060bc956e0 > frame pointer =3D 0x28:0xfffffe060bc957b0 > code segment =3D base 0x0, limit 0xfffff, type 0x1b > =3D DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > current process =3D 20685 (wpa_supplicant) > trap number =3D 12 > panic: page fault > cpuid =3D 7 > KDB: stack backtrace: > #0 0xffffffff80add787 at kdb_backtrace+0x67 > #1 0xffffffff80a950e2 at vpanic+0x182 > #2 0xffffffff80a94f53 at panic+0x43 > #3 0xffffffff80eead51 at trap_fatal+0x351 > #4 0xffffffff80eeaf43 at trap_pfault+0x1e3 > #5 0xffffffff80eea4ec at trap+0x26c > #6 0xffffffff80ece0d1 at calltrap+0x8 > #7 0xffffffff80b9811c at ifioctl+0x133c > #8 0xffffffff80afc914 at kern_ioctl+0x2d4 > #9 0xffffffff80afc5d1 at sys_ioctl+0x171 > #10 0xffffffff80eeb6c9 at amd64_syscall+0x4e9 > #11 0xffffffff80ece3bb at Xfast_syscall+0xfb > Uptime: 3h0m4s > ... > Reading symbols from /boot/kernel/linux64.ko...Reading symbols from /us= r/lib/debug//boot/kernel/linux64.ko.debug...done. > done. > Loaded symbols for /boot/kernel/linux64.ko > #0 doadump (textdump=3D) at pcpu.h:221 > 221 pcpu.h: No such file or directory. > in pcpu.h > (kgdb) #0 doadump (textdump=3D) at pcpu.h:221 > #1 0xffffffff80a94b69 in kern_reboot (howto=3D260) > at /usr/src/sys/kern/kern_shutdown.c:366 > #2 0xffffffff80a9511b in vpanic (fmt=3D,=20 > ap=3D) at /usr/src/sys/kern/kern_shutdown.c:75= 9 > #3 0xffffffff80a94f53 in panic (fmt=3D0x0) > at /usr/src/sys/kern/kern_shutdown.c:690 > #4 0xffffffff80eead51 in trap_fatal (frame=3D0xfffffe060bc95630, eva=3D= 0) > at /usr/src/sys/amd64/amd64/trap.c:841 > #5 0xffffffff80eeaf43 in trap_pfault (frame=3D0xfffffe060bc95630, user= mode=3D0) > at /usr/src/sys/amd64/amd64/trap.c:691 > #6 0xffffffff80eea4ec in trap (frame=3D0xfffffe060bc95630) > at /usr/src/sys/amd64/amd64/trap.c:442 > #7 0xffffffff80ece0d1 in calltrap () > at /usr/src/sys/amd64/amd64/exception.S:236 > #8 0xffffffff80bdaaa1 in ieee80211_ioctl (ifp=3D0xfffff80007991800,=20 > cmd=3D, data=3D) > at /usr/src/sys/net80211/ieee80211_ioctl.c:3398 The code crashing is quite recent: > commit c6321695321bae43c0cd024db564c5207a7e8e31 > Author: avos > Date: Mon May 2 20:46:05 2016 +0000 >=20 > net80211: fix MAC address change via SIOCSIFLLADDR ioctl. >=20 > Recheck MAC address on SIOCSIFFLAGS; as a result, > 'ifconfig wlan0 ether ' can be used after interface startup. >=20 > PR: 208933 >=20 >=20 > git-svn-id: svn+ssh://svn.freebsd.org/base/head@298941 ccf9f872-aa2= e-dd11-9fc8-001c23d0bc1f >=20 > diff --git sys/net80211/ieee80211_ioctl.c sys/net80211/ieee80211_ioctl.= c > index c3b02e8..823906b 100644 > --- sys/net80211/ieee80211_ioctl.c > +++ sys/net80211/ieee80211_ioctl.c > @@ -3382,8 +3382,18 @@ ieee80211_ioctl(struct ifnet *ifp, u_long cmd, c= addr_t data) > } > IEEE80211_UNLOCK(ic); > /* Wait for parent ioctl handler if it was queued */ > - if (wait) > + if (wait) { > ieee80211_waitfor_parent(ic); > + > + /* > + * Check if the MAC address was changed > + * via SIOCSIFLLADDR ioctl. > + */ > + if ((ifp->if_flags & IFF_UP) =3D=3D 0 && > + !IEEE80211_ADDR_EQ(vap->iv_myaddr, IF_LLADD= R(ifp))) > + IEEE80211_ADDR_COPY(vap->iv_myaddr, > + IF_LLADDR(ifp)); > + } > break; > case SIOCADDMULTI: > case SIOCDELMULTI: > #9 0xffffffff80b9811c in ifioctl (so=3D,=20 > cmd=3D, data=3D,=20 > td=3D) at /usr/src/sys/net/if.c:2447 > #10 0xffffffff80afc914 in kern_ioctl (td=3D,=20 > fd=3D, com=3D2149607696, data=3D0xfffffe060bc9= 58e0 "wlan0") > at file.h:327 > #11 0xffffffff80afc5d1 in sys_ioctl (td=3D,=20 > uap=3D0xfffffe060bc95a40) at /usr/src/sys/kern/sys_generic.c:743 > #12 0xffffffff80eeb6c9 in amd64_syscall (td=3D,=20 > traced=3D) at subr_syscall.c:135 > #13 0xffffffff80ece3bb in Xfast_syscall () > at /usr/src/sys/amd64/amd64/exception.S:396 > #14 0x00000008015c448a in ?? () > Previous frame inner to this frame (corrupt stack?) > Current language: auto; currently minimal > (kgdb)=20 >=20 > This was on my laptop, which I'm actively using at work as I type > -- though it's now connected via wired NIC (em0). I had experienced > no trouble with wlan0 at home (before coming in to work) or on the > bus (en route to work). (I didn't attempt it while cycling to the > bus stop. :-}) >=20 > Also, I had no issues running stable/11 (amd64) @303870 -- either > at home or at work -- yesterday. On the other hand, this is (so > far) a one-off, so alleging a "pattern" at this point is not something > I'm willing to do. >=20 > Peace, > david >=20 --=20 Regards, Bryan Drewery --GdndliX6ClSn0d0P3nbpO00PlPaJ98R3t-- --BqbRauJcfcvbN44uDIwiDkAhfvpAqWmA8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJXq3wKAAoJEDXXcbtuRpfPFUAH/jRQqNZwvoqtkoZAWtcWof/v +37nTdh4uIt/G8Nl4Yo5ezPw+jH8LZBxyZWjN4QHhGYZnHthyli0qYtSDCBDnI+j UcqMVdYlUp+9Q6KB9N3nJTviZy7Z729zxUXCz88k0ERcKesWgLf6PlJ1ysCrjoY/ WFIHmI0nX27h2hTzl2oK4eE6S+gWChAEyIMn31c1CaBdKoBVc3ZbMO3s2JoU7ILE b6jiDaWwou+SR1VCiR/3qvOj77wA/DgFPDBwk1lwe0zNR+vNZzEEOiKerVMq55Jx E9/f94OdspsAqkCJc+dfApa2jHj1K5ZyH/Y01q3Ec+7R7HmK0gkMYsyNq2UFYCk= =ZP6l -----END PGP SIGNATURE----- --BqbRauJcfcvbN44uDIwiDkAhfvpAqWmA8--