Bug 173235

Summary: [smbfs] [panic] Have received two crashes within 1 day after installing new packages: Fatal trap 12: page fault in kernel mode
Product: Base System Reporter: Tommy Sonne Alstrøm <tommy>
Component: kernAssignee: Andrey V. Elsukov <ae>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   

Description Tommy Sonne Alstrøm 2012-10-31 10:50:01 UTC 
I've been running freebsd for about 40 days now on the machine in question
without any issues. Yesterday I was migrating apache+mysql data and when I
was done I decided to run a zpool scrub (using ZFS raidz). I'm starting to
do this and then after about 30 seconds I loose the connection to my machine. 

When I got home I find the machine is hanging and it needs to be powered
off. The text on the screen is a kernel panic with some call stack (I took
a picture).

After a power-off the system was able to reboot but gave a new kernel panic,
this time with a dump. The system rebooted and made a crash dump and was
able to reboot into some kind of save mode. This is what I got:

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x20
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff80876af8
stack pointer           = 0x28:0xffffff8451ab29e0
frame pointer           = 0x28:0xffffff8451ab2a10
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = resume, IOPL = 0
current process         = 1192 (smbiod1)
trap number             = 12
panic: page fault
cpuid = 0
KDB: stack backtrace:
#0 0xffffffff808680fe at kdb_backtrace+0x5e
#1 0xffffffff80832cb7 at panic+0x187
#2 0xffffffff80b185a0 at trap_fatal+0x290
#3 0xffffffff80b18c57 at trap+0x287
#4 0xffffffff80b0324f at calltrap+0x8
#5 0xffffffff80822d50 at _mtx_unlock_sleep+0x50
#6 0xffffffff8185a50c at smb_iod_invrq+0xbc
#7 0xffffffff8185b621 at smb_iod_addrq+0x211
#8 0xffffffff81857fd9 at smb_rq_simple+0x39
#9 0xffffffff8185689e at smb_smb_ssnsetup+0x17e
#10 0xffffffff8185a68f at smb_iod_connect+0x11f
#11 0xffffffff8185b0e0 at smb_iod_thread+0x1d0
#12 0xffffffff8080682f at fork_exit+0x11f
#13 0xffffffff80b0377e at fork_trampoline+0xe
Uptime: 40s
Dumping 816 out of 16088 MB:..2%..12%..22%..32%..42%..51%..61%..71%..81%..91%

Here the zpool scrub managed to finish without errors. Then I rebooted
and everything worked fine. 

This morning again I've discovered that there was another crash. Again
this is what I got:

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x20
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff80876af8
stack pointer           = 0x28:0xffffff8451ab29e0
frame pointer           = 0x28:0xffffff8451ab2a10
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = resume, IOPL = 0
current process         = 1192 (smbiod1)
trap number             = 12
panic: page fault
cpuid = 0
KDB: stack backtrace:
#0 0xffffffff808680fe at kdb_backtrace+0x5e
#1 0xffffffff80832cb7 at panic+0x187
#2 0xffffffff80b185a0 at trap_fatal+0x290
#3 0xffffffff80b18c57 at trap+0x287
#4 0xffffffff80b0324f at calltrap+0x8
#5 0xffffffff80822d50 at _mtx_unlock_sleep+0x50
#6 0xffffffff8185a50c at smb_iod_invrq+0xbc
#7 0xffffffff8185b621 at smb_iod_addrq+0x211
#8 0xffffffff81857fd9 at smb_rq_simple+0x39
#9 0xffffffff8185689e at smb_smb_ssnsetup+0x17e
#10 0xffffffff8185a68f at smb_iod_connect+0x11f
#11 0xffffffff8185b0e0 at smb_iod_thread+0x1d0
#12 0xffffffff8080682f at fork_exit+0x11f
#13 0xffffffff80b0377e at fork_trampoline+0xe
Uptime: 40s
Dumping 816 out of 16088 MB:..2%..12%..22%..32%..42%..51%..61%..71%..81%..91%


I use an Intel Server MB with CRC memory so these errors should not occur,
but maybe this is a result of faulty memory ? In that case, how can I
exclude that?

I've read http://www.freebsd.org/doc/faq/troubleshoot.html#trap-12-panic and
http://www.freebsd.org/doc/faq/advanced.html#kernel-panic-troubleshooting

But since there is these core files I'm thinking maybe the dump is already
there ?

Thanks in advance!
Comment 1 Andriy Gapon freebsd_committer freebsd_triage 2012-10-31 12:31:15 UTC 
This looks like an smbfs/netsmb related bug.

P.S. There was no reason to chose 'amd64' category.
-- 
Andriy Gapon
Comment 2 Tommy Sonne Alstrøm 2012-10-31 12:35:35 UTC 
Thanks for the answer.

Please note, that I had no network shares mounted when the 2nd crash 
occurred.

Sorry if I chose the wrong category.

BR Tommy
Comment 3 Tommy Sonne Alstrøm 2012-10-31 12:44:01 UTC 
I'm very sorry, I just realized that I copied the 1st readout twice. The 
2nd readout was like this

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x6
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff809da0cc
stack pointer           = 0x28:0xffffff8451f549b0
frame pointer           = 0x28:0xffffff8451f54a40
code segment            = base rx0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 1068 (named)
trap number             = 12
panic: page fault
cpuid = 0
KDB: stack backtrace:
#0 0xffffffff808680fe at kdb_backtrace+0x5e
#1 0xffffffff80832cb7 at panic+0x187
#2 0xffffffff80b185a0 at trap_fatal+0x290
#3 0xffffffff80b188e9 at trap_pfault+0x1f9
#4 0xffffffff80b18daf at trap+0x3df
#5 0xffffffff80b0324f at calltrap+0x8
#6 0xffffffff809f75a7 at udp6_bind+0xa7
#7 0xffffffff808a152e at kern_bind+0xde
#8 0xffffffff808a15a1 at sys_bind+0x41
#9 0xffffffff80b17e90 at amd64_syscall+0x4e0
#10 0xffffffff80b03537 at Xfast_syscall+0xf7
Uptime: 9h41m13s
Dumping 3411 out of 16088 
MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%
Comment 4 Mark Linimon freebsd_committer freebsd_triage 2014-04-20 02:35:11 UTC 
Responsible Changed
From-To: freebsd-amd64->freebsd-fs

reclassify.
Comment 5 Andrey V. Elsukov freebsd_committer freebsd_triage 2014-05-02 22:49:54 UTC 
State Changed
From-To: open->closed

Fixed in head@r264600 and stable/10@r265243.
Comment 6 Andrey V. Elsukov freebsd_committer freebsd_triage 2014-05-02 22:49:54 UTC 
Responsible Changed
From-To: freebsd-fs->ae

Take it.