Bug 240060

Summary: Fatal trap 12: page fault while in kernel mode, wpa_supplicant
Product: Base System Reporter: Martin Filla <freebsd>
Component: wirelessAssignee: freebsd-wireless (Nobody) <wireless>
Status: Closed Overcome By Events    
Severity: Affects Only Me    
Priority: ---    
Version: 12.0-RELEASE   
Hardware: amd64   
OS: Any   
Attachments:
Description Flags
core.txt.0
none
core.txt.1 none

Description Martin Filla 2019-08-23 18:43:02 UTC 
Hello, i have problem with panics

Type "apropos word" to search for commands related to "word"...
Reading symbols from /boot/kernel/kernel...
Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug...

Unread portion of the kernel message buffer:

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0x410
fault code		= supervisor read data, page not present
instruction pointer	= 0x20:0xffffffff80b7ac6d
stack pointer	        = 0x0:0xfffffe006a290660
frame pointer	        = 0x0:0xfffffe006a2906d0
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 74528 (wpa_supplicant)
trap number		= 12
panic: page fault
cpuid = 0
time = 1566585018
KDB: stack backtrace:
#0 0xffffffff80be78d7 at kdb_backtrace+0x67
#1 0xffffffff80b9b4b3 at vpanic+0x1a3
#2 0xffffffff80b9b303 at panic+0x43
#3 0xffffffff81074bff at trap_fatal+0x35f
#4 0xffffffff81074c59 at trap_pfault+0x49
#5 0xffffffff8107427e at trap+0x29e
#6 0xffffffff8104f625 at calltrap+0x8
#7 0xffffffff80ba6813 at _sleep+0x2e3
#8 0xffffffff80bfa339 at taskqueue_drain+0xf9
#9 0xffffffff80cfee78 at ieee80211_waitfor_parent+0x28
#10 0xffffffff80ce4a82 at ieee80211_ioctl+0x422
#11 0xffffffff80c9ab6a at ifhwioctl+0xd4a
#12 0xffffffff80c9c0ff at ifioctl+0x45f
#13 0xffffffff80c04e9d at kern_ioctl+0x26d
#14 0xffffffff80c04bbe at sys_ioctl+0x15e
#15 0xffffffff810756d9 at amd64_syscall+0x369
#16 0xffffffff8104ff0d at fast_syscall_common+0x101
Uptime: 5h35m12s
Dumping 1383 out of 7943 MB:..2%..11%..21%..31%..41%..51%..61%..71%..81%..91%

__curthread () at ./machine/pcpu.h:234
234	./machine/pcpu.h: No such file or directory.
(kgdb) bt
#0  __curthread () at ./machine/pcpu.h:234
#1  doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff80b9b09b in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:446
#3  0xffffffff80b9b513 in vpanic (fmt=<optimized out>, ap=0xfffffe006a2903b0) at /usr/src/sys/kern/kern_shutdown.c:872
#4  0xffffffff80b9b303 in panic (fmt=<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:799
#5  0xffffffff81074bff in trap_fatal (frame=0xfffffe006a2905a0, eva=1040) at /usr/src/sys/amd64/amd64/trap.c:929
#6  0xffffffff81074c59 in trap_pfault (frame=0xfffffe006a2905a0, usermode=0) at /usr/src/sys/amd64/amd64/trap.c:765
#7  0xffffffff8107427e in trap (frame=0xfffffe006a2905a0) at /usr/src/sys/amd64/amd64/trap.c:441
#8  <signal handler called>
#9  __mtx_lock_sleep (c=0xfffff8000ab50750, v=<optimized out>) at /usr/src/sys/kern/kern_mutex.c:565
#10 0xffffffff80ba6813 in _sleep (ident=0xfffffe004d5a2138, lock=0xfffff8000ab50738, priority=108, wmesg=0xffffffff8123a845 "-", sbt=0, pr=0, flags=256)
    at /usr/src/sys/kern/kern_synch.c:226
#11 0xffffffff80bfa339 in TQ_SLEEP (t=<error reading variable: Cannot access memory at address 0x0>, tq=<optimized out>, p=<optimized out>, 
    m=<optimized out>, pri=<optimized out>, wm=<optimized out>) at /usr/src/sys/kern/subr_taskqueue.c:124
#12 taskqueue_drain (queue=0xfffff8000ab50700, task=0xfffffe004d5a2138) at /usr/src/sys/kern/subr_taskqueue.c:573
#13 0xffffffff80cfee78 in ieee80211_draintask (ic=0xfffffe004d5a2020, task=0x4) at /usr/src/sys/net80211/ieee80211_var.h:794
#14 ieee80211_waitfor_parent (ic=0xfffffe004d5a2020) at /usr/src/sys/net80211/ieee80211_proto.c:1440
#15 0xffffffff80ce4a82 in ieee80211_ioctl (ifp=0xfffff800b1cae800, cmd=<optimized out>, data=<optimized out>) at /usr/src/sys/net80211/ieee80211_ioctl.c:3535
#16 0xffffffff80c9ab6a in ifhwioctl (cmd=<optimized out>, ifp=<optimized out>, data=0xfffffe006a290a10 "wlan0", td=<optimized out>)
    at /usr/src/sys/net/if.c:2704
#17 0xffffffff80c9c0ff in ifioctl (so=0xfffff8023523b000, cmd=2149607696, data=<optimized out>, td=0xfffff80217205000) at /usr/src/sys/net/if.c:3124
#18 0xffffffff80c04e9d in fo_ioctl (fp=<optimized out>, com=<optimized out>, active_cred=0xfffff80217205000, td=<optimized out>, data=<optimized out>)
    at /usr/src/sys/sys/file.h:330
#19 kern_ioctl (td=0xfffff80217205000, fd=4, com=2149607696, data=0xffffffff82112320 <common_tss> "") at /usr/src/sys/kern/sys_generic.c:800
#20 0xffffffff80c04bbe in sys_ioctl (td=0xfffff80217205000, uap=0xfffff802172053c0) at /usr/src/sys/kern/sys_generic.c:712
#21 0xffffffff810756d9 in syscallenter (td=<optimized out>) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
#22 amd64_syscall (td=0xfffff80217205000, traced=0) at /usr/src/sys/amd64/amd64/trap.c:1076
#23 <signal handler called>
#24 0x00000008008d911a in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffffffe8a8
Comment 1 Martin Filla 2019-08-23 19:12:22 UTC 
FreeBSD  12.0-RELEASE-p10 FreeBSD 12.0-RELEASE-p10 GENERIC  amd64
Comment 2 Martin Filla 2019-08-23 21:41:04 UTC 
Created attachment 206836 [details]
core.txt.0
Comment 3 Martin Filla 2019-08-24 18:38:54 UTC 
It is suspicion on small stack overflow

#0  __curthread () at ./machine/pcpu.h:234
#1  doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff80b9b09b in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:446
#3  0xffffffff80b9b513 in vpanic (fmt=<optimized out>, ap=0xfffffe006a2903b0) at /usr/src/sys/kern/kern_shutdown.c:872
#4  0xffffffff80b9b303 in panic (fmt=<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:799
#5  0xffffffff81074bff in trap_fatal (frame=0xfffffe006a2905a0, eva=1040) at /usr/src/sys/amd64/amd64/trap.c:929
#6  0xffffffff81074c59 in trap_pfault (frame=0xfffffe006a2905a0, usermode=0) at /usr/src/sys/amd64/amd64/trap.c:765
#7  0xffffffff8107427e in trap (frame=0xfffffe006a2905a0) at /usr/src/sys/amd64/amd64/trap.c:441
#8  <signal handler called>
#9  __mtx_lock_sleep (c=0xfffff8000ab50750, v=<optimized out>) at /usr/src/sys/kern/kern_mutex.c:565
#10 0xffffffff80ba6813 in _sleep (ident=0xfffffe004d5a2138, lock=0xfffff8000ab50738, priority=108, wmesg=0xffffffff8123a845 "-", sbt=0, pr=0, flags=256)
    at /usr/src/sys/kern/kern_synch.c:226
#11 0xffffffff80bfa339 in TQ_SLEEP (t=<error reading variable: Cannot access memory at address 0x0>, tq=<optimized out>, p=<optimized out>, 
    m=<optimized out>, pri=<optimized out>, wm=<optimized out>) at /usr/src/sys/kern/subr_taskqueue.c:124
#12 taskqueue_drain (queue=0xfffff8000ab50700, task=0xfffffe004d5a2138) at /usr/src/sys/kern/subr_taskqueue.c:573
#13 0xffffffff80cfee78 in ieee80211_draintask (ic=0xfffffe004d5a2020, task=0x4) at /usr/src/sys/net80211/ieee80211_var.h:794
#14 ieee80211_waitfor_parent (ic=0xfffffe004d5a2020) at /usr/src/sys/net80211/ieee80211_proto.c:1440
#15 0xffffffff80ce4a82 in ieee80211_ioctl (ifp=0xfffff800b1cae800, cmd=<optimized out>, data=<optimized out>) at /usr/src/sys/net80211/ieee80211_ioctl.c:3535
#16 0xffffffff80c9ab6a in ifhwioctl (cmd=<optimized out>, ifp=<optimized out>, data=0xfffffe006a290a10 "wlan0", td=<optimized out>)
    at /usr/src/sys/net/if.c:2704
#17 0xffffffff80c9c0ff in ifioctl (so=0xfffff8023523b000, cmd=2149607696, data=<optimized out>, td=0xfffff80217205000) at /usr/src/sys/net/if.c:3124
#18 0xffffffff80c04e9d in fo_ioctl (fp=<optimized out>, com=<optimized out>, active_cred=0xfffff80217205000, td=<optimized out>, data=<optimized out>)
    at /usr/src/sys/sys/file.h:330
#19 kern_ioctl (td=0xfffff80217205000, fd=4, com=2149607696, data=0xffffffff82112320 <common_tss> "") at /usr/src/sys/kern/sys_generic.c:800
#20 0xffffffff80c04bbe in sys_ioctl (td=0xfffff80217205000, uap=0xfffff802172053c0) at /usr/src/sys/kern/sys_generic.c:712
#21 0xffffffff810756d9 in syscallenter (td=<optimized out>) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
#22 amd64_syscall (td=0xfffff80217205000, traced=0) at /usr/src/sys/amd64/amd64/trap.c:1076
#23 <signal handler called>
#24 0x00000008008d911a in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffffffe8a8
(kgdb) list
1455	 *
1456	 * Return 0 if we're ok, 1 if the channel needs to be reset.
1457	 *
1458	 * See PR kern/202502.
1459	 */
1460	static int
1461	ieee80211_start_check_reset_chan(struct ieee80211vap *vap)
1462	{
1463		struct ieee80211com *ic = vap->iv_ic;
(kgdb) frame 14
#14 ieee80211_waitfor_parent (ic=0xfffffe004d5a2020) at /usr/src/sys/net80211/ieee80211_proto.c:1440
1440		ieee80211_draintask(ic, &ic->ic_parent_task);
(kgdb) frame 13
#13 0xffffffff80cfee78 in ieee80211_draintask (ic=0xfffffe004d5a2020, task=0x4) at /usr/src/sys/net80211/ieee80211_var.h:794
794		taskqueue_drain(ic->ic_tq, task);
(kgdb) frame 14
#14 ieee80211_waitfor_parent (ic=0xfffffe004d5a2020) at /usr/src/sys/net80211/ieee80211_proto.c:1440
1440		ieee80211_draintask(ic, &ic->ic_parent_task);
(kgdb) print  &ic->ic_parent_task
$15 = (struct task *) 0xfffffe004d5a2138
Comment 4 Andriy Gapon freebsd_committer freebsd_triage 2019-08-26 13:37:12 UTC 
I removed an irrelevant gdb complaint from the bug title.

I have not analyzed the crash but perhaps taskqueue_drain was called on an already destroyed task queue.
Comment 5 Martin Filla 2019-08-27 17:09:52 UTC 
Created attachment 206959 [details]
core.txt.1

next kernel panic here is backtrace and new core.txt.1

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0x0
fault code		= supervisor read data, page not present
instruction pointer	= 0x20:0xffffffff80ce4a9b
stack pointer	        = 0x0:0xfffffe005b57b7b0
frame pointer	        = 0x0:0xfffffe005b57b840
run0: code segment		= base rx0, limit 0xfffff, type 0x1b
detached
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 1689 (wpa_supplicant)
trap number		= 12
panic: page fault
cpuid = 0
time = 1566922324
KDB: stack backtrace:
#0 0xffffffff80be78d7 at kdb_backtrace+0x67
#1 0xffffffff80b9b4b3 at vpanic+0x1a3
#2 0xffffffff80b9b303 at panic+0x43
#3 0xffffffff81074bff at trap_fatal+0x35f
#4 0xffffffff81074c59 at trap_pfault+0x49
#5 0xffffffff8107427e at trap+0x29e
#6 0xffffffff8104f625 at calltrap+0x8
#7 0xffffffff80c9ab6a at ifhwioctl+0xd4a
#8 0xffffffff80c9c0ff at ifioctl+0x45f
#9 0xffffffff80c04e9d at kern_ioctl+0x26d
#10 0xffffffff80c04bbe at sys_ioctl+0x15e
#11 0xffffffff810756d9 at amd64_syscall+0x369
#12 0xffffffff8104ff0d at fast_syscall_common+0x101
Uptime: 35m43s
Dumping 827 out of 7943 MB:..2%..12%..22%..31%..41%..51%..62%..72%..82%..91%

__curthread () at ./machine/pcpu.h:234
234	./machine/pcpu.h: No such file or directory.
(kgdb) bt
#0  __curthread () at ./machine/pcpu.h:234
#1  doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff80b9b09b in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:446
#3  0xffffffff80b9b513 in vpanic (fmt=<optimized out>, ap=0xfffffe005b57b500) at /usr/src/sys/kern/kern_shutdown.c:872
#4  0xffffffff80b9b303 in panic (fmt=<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:799
#5  0xffffffff81074bff in trap_fatal (frame=0xfffffe005b57b6f0, eva=0) at /usr/src/sys/amd64/amd64/trap.c:929
#6  0xffffffff81074c59 in trap_pfault (frame=0xfffffe005b57b6f0, usermode=0) at /usr/src/sys/amd64/amd64/trap.c:765
#7  0xffffffff8107427e in trap (frame=0xfffffe005b57b6f0) at /usr/src/sys/amd64/amd64/trap.c:441
#8  <signal handler called>
#9  0xffffffff80ce4a9b in ieee80211_ioctl (ifp=0xfffff801395c4800, cmd=<optimized out>, data=<optimized out>) at /usr/src/sys/net80211/ieee80211_ioctl.c:3543
#10 0xffffffff80c9ab6a in ifhwioctl (cmd=<optimized out>, ifp=<optimized out>, data=0xfffffe005b57ba10 "wlan0", td=<optimized out>)
    at /usr/src/sys/net/if.c:2704
#11 0xffffffff80c9c0ff in ifioctl (so=0xfffff80084054000, cmd=2149607696, data=<optimized out>, td=0xfffff801a79b5580) at /usr/src/sys/net/if.c:3124
#12 0xffffffff80c04e9d in fo_ioctl (fp=<optimized out>, com=<optimized out>, active_cred=0x1, td=<optimized out>, data=<optimized out>)
    at /usr/src/sys/sys/file.h:330
#13 kern_ioctl (td=0xfffff801a79b5580, fd=4, com=2149607696, data=0x0) at /usr/src/sys/kern/sys_generic.c:800
#14 0xffffffff80c04bbe in sys_ioctl (td=0xfffff801a79b5580, uap=0xfffff801a79b5940) at /usr/src/sys/kern/sys_generic.c:712
#15 0xffffffff810756d9 in syscallenter (td=<optimized out>) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
#16 amd64_syscall (td=0xfffff801a79b5580, traced=0) at /usr/src/sys/amd64/amd64/trap.c:1076
#17 <signal handler called>
#18 0x00000008008d911a in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffffffe8a8
Comment 6 Martin Filla 2019-08-30 12:47:36 UTC 
notice: this problems are on usb wifi TP-LINK TL-WN321G
Comment 7 Martin Filla 2019-09-22 14:52:39 UTC 
Today again kernel panic with usb wifi
Unread portion of the kernel message buffer:
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 74093 (wpa_supplicant)
trap number		= 12
panic: page fault
cpuid = 1
time = 1569163448
KDB: stack backtrace:
#0 0xffffffff80be78d7 at kdb_backtrace+0x67
#1 0xffffffff80b9b4b3 at vpanic+0x1a3
#2 0xffffffff80b9b303 at panic+0x43
#3 0xffffffff81074bff at trap_fatal+0x35f
#4 0xffffffff81074c59 at trap_pfault+0x49
#5 0xffffffff8107427e at trap+0x29e
#6 0xffffffff8104f625 at calltrap+0x8
#7 0xffffffff80c9ab6a at ifhwioctl+0xd4a
#8 0xffffffff80c9c0ff at ifioctl+0x45f
#9 0xffffffff80c04e9d at kern_ioctl+0x26d
#10 0xffffffff80c04bbe at sys_ioctl+0x15e
#11 0xffffffff810756d9 at amd64_syscall+0x369
#12 0xffffffff8104ff0d at fast_syscall_common+0x101
Uptime: 3h42m4s
Dumping 852 out of 7943 MB:..2%..12%..21%..31%..42%..51%..61%..72%..81%..91%

bt__curthread () at ./machine/pcpu.h:234
234	./machine/pcpu.h: No such file or directory.
(kgdb) bt
#0  __curthread () at ./machine/pcpu.h:234
#1  doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff80b9b09b in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:446
#3  0xffffffff80b9b513 in vpanic (fmt=<optimized out>, ap=0xfffffe005f7fd500) at /usr/src/sys/kern/kern_shutdown.c:872
#4  0xffffffff80b9b303 in panic (fmt=<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:799
#5  0xffffffff81074bff in trap_fatal (frame=0xfffffe005f7fd6f0, eva=0) at /usr/src/sys/amd64/amd64/trap.c:929
#6  0xffffffff81074c59 in trap_pfault (frame=0xfffffe005f7fd6f0, usermode=0) at /usr/src/sys/amd64/amd64/trap.c:765
#7  0xffffffff8107427e in trap (frame=0xfffffe005f7fd6f0) at /usr/src/sys/amd64/amd64/trap.c:441
#8  <signal handler called>
#9  0xffffffff80ce4a9b in ieee80211_ioctl (ifp=0xfffff80151136800, cmd=<optimized out>, data=<optimized out>) at /usr/src/sys/net80211/ieee80211_ioctl.c:3543
#10 0xffffffff80c9ab6a in ifhwioctl (cmd=<optimized out>, ifp=<optimized out>, data=0xfffffe005f7fda10 "wlan0", td=<optimized out>) at /usr/src/sys/net/if.c:2704
#11 0xffffffff80c9c0ff in ifioctl (so=0xfffff801ea7106d0, cmd=2149607696, data=<optimized out>, td=0xfffff801aec3a000) at /usr/src/sys/net/if.c:3124
#12 0xffffffff80c04e9d in fo_ioctl (fp=<optimized out>, com=<optimized out>, active_cred=0x1, td=<optimized out>, data=<optimized out>) at /usr/src/sys/sys/file.h:330
#13 kern_ioctl (td=0xfffff801aec3a000, fd=4, com=2149607696, data=0x0) at /usr/src/sys/kern/sys_generic.c:800
#14 0xffffffff80c04bbe in sys_ioctl (td=0xfffff801aec3a000, uap=0xfffff801aec3a3c0) at /usr/src/sys/kern/sys_generic.c:712
#15 0xffffffff810756d9 in syscallenter (td=<optimized out>) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
#16 amd64_syscall (td=0xfffff801aec3a000, traced=0) at /usr/src/sys/amd64/amd64/trap.c:1076
#17 <signal handler called>
#18 0x00000008008d911a in ?? ()
Comment 8 Martin Filla 2020-12-26 12:19:33 UTC 
FreeBSD 12.0 is unsupported. In next version is without this issue.