Date: Wed, 10 Aug 2016 12:10:01 -0700 From: Bryan Drewery <bdrewery@FreeBSD.org> To: stable@freebsd.org, avos@FreeBSD.org Subject: Re: Panic in stable/11 (amd64) @r303903: page fault while in kernel mode Message-ID: <570bda1e-d4d7-42dc-6037-7c321ba9e97d@FreeBSD.org> In-Reply-To: <20160810165458.GB1112@albert.catwhisker.org> References: <20160810165458.GB1112@albert.catwhisker.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--BqbRauJcfcvbN44uDIwiDkAhfvpAqWmA8
Content-Type: multipart/mixed; boundary="GdndliX6ClSn0d0P3nbpO00PlPaJ98R3t"
From: Bryan Drewery <bdrewery@FreeBSD.org>
To: stable@freebsd.org, avos@FreeBSD.org
Message-ID: <570bda1e-d4d7-42dc-6037-7c321ba9e97d@FreeBSD.org>
Subject: Re: Panic in stable/11 (amd64) @r303903: page fault while in kernel
mode
References: <20160810165458.GB1112@albert.catwhisker.org>
In-Reply-To: <20160810165458.GB1112@albert.catwhisker.org>
--GdndliX6ClSn0d0P3nbpO00PlPaJ98R3t
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On 8/10/16 9:54 AM, David Wolfskill wrote:
> Happened after a few iterations of {"pkill dhclient" followed by
> "dhclient wlan0"}.
>=20
> Gory details (both "normal" and gzipped, and including the crash
> dump and crashinfo) are in
> <http://www.catwhisker.org/~david/FreeBSD/stable_11/2016.08.10/>.
>=20
> Summary:
> Wed Aug 10 15:56:26 UTC 2016
>=20
> FreeBSD 11.0-BETA4 FreeBSD 11.0-BETA4 #69 r303902M/303903:1100120: We=
d Aug 10 04:00:09 PDT 2016 root@g1-252.catwhisker.org:/common/S3/obj/=
usr/src/sys/CANARY amd64
>=20
> panic: page fault
>=20
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and yo=
u are
> welcome to change it and/or distribute copies of it under certain condi=
tions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for deta=
ils.
> This GDB was configured as "amd64-marcel-freebsd"...
>=20
> Unread portion of the kernel message buffer:
>=20
>=20
> Fatal trap 12: page fault while in kernel mode
> cpuid =3D 7; apic id =3D 07
> fault virtual address =3D 0x0
> fault code =3D supervisor read data, page not present
> instruction pointer =3D 0x20:0xffffffff80bdaaa1
> stack pointer =3D 0x28:0xfffffe060bc956e0
> frame pointer =3D 0x28:0xfffffe060bc957b0
> code segment =3D base 0x0, limit 0xfffff, type 0x1b
> =3D DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags =3D interrupt enabled, resume, IOPL =3D 0
> current process =3D 20685 (wpa_supplicant)
> trap number =3D 12
> panic: page fault
> cpuid =3D 7
> KDB: stack backtrace:
> #0 0xffffffff80add787 at kdb_backtrace+0x67
> #1 0xffffffff80a950e2 at vpanic+0x182
> #2 0xffffffff80a94f53 at panic+0x43
> #3 0xffffffff80eead51 at trap_fatal+0x351
> #4 0xffffffff80eeaf43 at trap_pfault+0x1e3
> #5 0xffffffff80eea4ec at trap+0x26c
> #6 0xffffffff80ece0d1 at calltrap+0x8
> #7 0xffffffff80b9811c at ifioctl+0x133c
> #8 0xffffffff80afc914 at kern_ioctl+0x2d4
> #9 0xffffffff80afc5d1 at sys_ioctl+0x171
> #10 0xffffffff80eeb6c9 at amd64_syscall+0x4e9
> #11 0xffffffff80ece3bb at Xfast_syscall+0xfb
> Uptime: 3h0m4s
> ...
> Reading symbols from /boot/kernel/linux64.ko...Reading symbols from /us=
r/lib/debug//boot/kernel/linux64.ko.debug...done.
> done.
> Loaded symbols for /boot/kernel/linux64.ko
> #0 doadump (textdump=3D<value optimized out>) at pcpu.h:221
> 221 pcpu.h: No such file or directory.
> in pcpu.h
> (kgdb) #0 doadump (textdump=3D<value optimized out>) at pcpu.h:221
> #1 0xffffffff80a94b69 in kern_reboot (howto=3D260)
> at /usr/src/sys/kern/kern_shutdown.c:366
> #2 0xffffffff80a9511b in vpanic (fmt=3D<value optimized out>,=20
> ap=3D<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:75=
9
> #3 0xffffffff80a94f53 in panic (fmt=3D0x0)
> at /usr/src/sys/kern/kern_shutdown.c:690
> #4 0xffffffff80eead51 in trap_fatal (frame=3D0xfffffe060bc95630, eva=3D=
0)
> at /usr/src/sys/amd64/amd64/trap.c:841
> #5 0xffffffff80eeaf43 in trap_pfault (frame=3D0xfffffe060bc95630, user=
mode=3D0)
> at /usr/src/sys/amd64/amd64/trap.c:691
> #6 0xffffffff80eea4ec in trap (frame=3D0xfffffe060bc95630)
> at /usr/src/sys/amd64/amd64/trap.c:442
> #7 0xffffffff80ece0d1 in calltrap ()
> at /usr/src/sys/amd64/amd64/exception.S:236
> #8 0xffffffff80bdaaa1 in ieee80211_ioctl (ifp=3D0xfffff80007991800,=20
> cmd=3D<value optimized out>, data=3D<value optimized out>)
> at /usr/src/sys/net80211/ieee80211_ioctl.c:3398
The code crashing is quite recent:
> commit c6321695321bae43c0cd024db564c5207a7e8e31
> Author: avos <avos@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
> Date: Mon May 2 20:46:05 2016 +0000
>=20
> net80211: fix MAC address change via SIOCSIFLLADDR ioctl.
>=20
> Recheck MAC address on SIOCSIFFLAGS; as a result,
> 'ifconfig wlan0 ether <addr>' can be used after interface startup.
>=20
> PR: 208933
>=20
>=20
> git-svn-id: svn+ssh://svn.freebsd.org/base/head@298941 ccf9f872-aa2=
e-dd11-9fc8-001c23d0bc1f
>=20
> diff --git sys/net80211/ieee80211_ioctl.c sys/net80211/ieee80211_ioctl.=
c
> index c3b02e8..823906b 100644
> --- sys/net80211/ieee80211_ioctl.c
> +++ sys/net80211/ieee80211_ioctl.c
> @@ -3382,8 +3382,18 @@ ieee80211_ioctl(struct ifnet *ifp, u_long cmd, c=
addr_t data)
> }
> IEEE80211_UNLOCK(ic);
> /* Wait for parent ioctl handler if it was queued */
> - if (wait)
> + if (wait) {
> ieee80211_waitfor_parent(ic);
> +
> + /*
> + * Check if the MAC address was changed
> + * via SIOCSIFLLADDR ioctl.
> + */
> + if ((ifp->if_flags & IFF_UP) =3D=3D 0 &&
> + !IEEE80211_ADDR_EQ(vap->iv_myaddr, IF_LLADD=
R(ifp)))
> + IEEE80211_ADDR_COPY(vap->iv_myaddr,
> + IF_LLADDR(ifp));
> + }
> break;
> case SIOCADDMULTI:
> case SIOCDELMULTI:
> #9 0xffffffff80b9811c in ifioctl (so=3D<value optimized out>,=20
> cmd=3D<value optimized out>, data=3D<value optimized out>,=20
> td=3D<value optimized out>) at /usr/src/sys/net/if.c:2447
> #10 0xffffffff80afc914 in kern_ioctl (td=3D<value optimized out>,=20
> fd=3D<value optimized out>, com=3D2149607696, data=3D0xfffffe060bc9=
58e0 "wlan0")
> at file.h:327
> #11 0xffffffff80afc5d1 in sys_ioctl (td=3D<value optimized out>,=20
> uap=3D0xfffffe060bc95a40) at /usr/src/sys/kern/sys_generic.c:743
> #12 0xffffffff80eeb6c9 in amd64_syscall (td=3D<value optimized out>,=20
> traced=3D<value optimized out>) at subr_syscall.c:135
> #13 0xffffffff80ece3bb in Xfast_syscall ()
> at /usr/src/sys/amd64/amd64/exception.S:396
> #14 0x00000008015c448a in ?? ()
> Previous frame inner to this frame (corrupt stack?)
> Current language: auto; currently minimal
> (kgdb)=20
>=20
> This was on my laptop, which I'm actively using at work as I type
> -- though it's now connected via wired NIC (em0). I had experienced
> no trouble with wlan0 at home (before coming in to work) or on the
> bus (en route to work). (I didn't attempt it while cycling to the
> bus stop. :-})
>=20
> Also, I had no issues running stable/11 (amd64) @303870 -- either
> at home or at work -- yesterday. On the other hand, this is (so
> far) a one-off, so alleging a "pattern" at this point is not something
> I'm willing to do.
>=20
> Peace,
> david
>=20
--=20
Regards,
Bryan Drewery
--GdndliX6ClSn0d0P3nbpO00PlPaJ98R3t--
--BqbRauJcfcvbN44uDIwiDkAhfvpAqWmA8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQEcBAEBCgAGBQJXq3wKAAoJEDXXcbtuRpfPFUAH/jRQqNZwvoqtkoZAWtcWof/v
+37nTdh4uIt/G8Nl4Yo5ezPw+jH8LZBxyZWjN4QHhGYZnHthyli0qYtSDCBDnI+j
UcqMVdYlUp+9Q6KB9N3nJTviZy7Z729zxUXCz88k0ERcKesWgLf6PlJ1ysCrjoY/
WFIHmI0nX27h2hTzl2oK4eE6S+gWChAEyIMn31c1CaBdKoBVc3ZbMO3s2JoU7ILE
b6jiDaWwou+SR1VCiR/3qvOj77wA/DgFPDBwk1lwe0zNR+vNZzEEOiKerVMq55Jx
E9/f94OdspsAqkCJc+dfApa2jHj1K5ZyH/Y01q3Ec+7R7HmK0gkMYsyNq2UFYCk=
=ZP6l
-----END PGP SIGNATURE-----
--BqbRauJcfcvbN44uDIwiDkAhfvpAqWmA8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?570bda1e-d4d7-42dc-6037-7c321ba9e97d>