240060 – Fatal trap 12: page fault while in kernel mode, wpa_supplicant

Bug 240060 - Fatal trap 12: page fault while in kernel mode, wpa_supplicant

Summary: Fatal trap 12: page fault while in kernel mode, wpa_supplicant

Status:	Closed Overcome By Events

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	wireless (show other bugs)
Version:	12.0-RELEASE
Hardware:	amd64 Any

Importance:	--- Affects Only Me
Assignee:	freebsd-wireless (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-08-23 18:43 UTC by Martin Filla
Modified:	2020-12-26 12:19 UTC (History)
CC List:	0 users

See Also:

Attachments
core.txt.0 (369.07 KB, text/plain) 2019-08-23 21:41 UTC, Martin Filla	no flags	Details
core.txt.1 (297.07 KB, text/plain) 2019-08-27 17:09 UTC, Martin Filla	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Martin Filla 2019-08-23 18:43:02 UTC

Hello, i have problem with panics

Type "apropos word" to search for commands related to "word"...
Reading symbols from /boot/kernel/kernel...
Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug...

Unread portion of the kernel message buffer:

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0x410
fault code		= supervisor read data, page not present
instruction pointer	= 0x20:0xffffffff80b7ac6d
stack pointer	        = 0x0:0xfffffe006a290660
frame pointer	        = 0x0:0xfffffe006a2906d0
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 74528 (wpa_supplicant)
trap number		= 12
panic: page fault
cpuid = 0
time = 1566585018
KDB: stack backtrace:
#0 0xffffffff80be78d7 at kdb_backtrace+0x67
#1 0xffffffff80b9b4b3 at vpanic+0x1a3
#2 0xffffffff80b9b303 at panic+0x43
#3 0xffffffff81074bff at trap_fatal+0x35f
#4 0xffffffff81074c59 at trap_pfault+0x49
#5 0xffffffff8107427e at trap+0x29e
#6 0xffffffff8104f625 at calltrap+0x8
#7 0xffffffff80ba6813 at _sleep+0x2e3
#8 0xffffffff80bfa339 at taskqueue_drain+0xf9
#9 0xffffffff80cfee78 at ieee80211_waitfor_parent+0x28
#10 0xffffffff80ce4a82 at ieee80211_ioctl+0x422
#11 0xffffffff80c9ab6a at ifhwioctl+0xd4a
#12 0xffffffff80c9c0ff at ifioctl+0x45f
#13 0xffffffff80c04e9d at kern_ioctl+0x26d
#14 0xffffffff80c04bbe at sys_ioctl+0x15e
#15 0xffffffff810756d9 at amd64_syscall+0x369
#16 0xffffffff8104ff0d at fast_syscall_common+0x101
Uptime: 5h35m12s
Dumping 1383 out of 7943 MB:..2%..11%..21%..31%..41%..51%..61%..71%..81%..91%

__curthread () at ./machine/pcpu.h:234
234	./machine/pcpu.h: No such file or directory.
(kgdb) bt
#0  __curthread () at ./machine/pcpu.h:234
#1  doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff80b9b09b in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:446
#3  0xffffffff80b9b513 in vpanic (fmt=<optimized out>, ap=0xfffffe006a2903b0) at /usr/src/sys/kern/kern_shutdown.c:872
#4  0xffffffff80b9b303 in panic (fmt=<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:799
#5  0xffffffff81074bff in trap_fatal (frame=0xfffffe006a2905a0, eva=1040) at /usr/src/sys/amd64/amd64/trap.c:929
#6  0xffffffff81074c59 in trap_pfault (frame=0xfffffe006a2905a0, usermode=0) at /usr/src/sys/amd64/amd64/trap.c:765
#7  0xffffffff8107427e in trap (frame=0xfffffe006a2905a0) at /usr/src/sys/amd64/amd64/trap.c:441
#8  <signal handler called>
#9  __mtx_lock_sleep (c=0xfffff8000ab50750, v=<optimized out>) at /usr/src/sys/kern/kern_mutex.c:565
#10 0xffffffff80ba6813 in _sleep (ident=0xfffffe004d5a2138, lock=0xfffff8000ab50738, priority=108, wmesg=0xffffffff8123a845 "-", sbt=0, pr=0, flags=256)
    at /usr/src/sys/kern/kern_synch.c:226
#11 0xffffffff80bfa339 in TQ_SLEEP (t=<error reading variable: Cannot access memory at address 0x0>, tq=<optimized out>, p=<optimized out>, 
    m=<optimized out>, pri=<optimized out>, wm=<optimized out>) at /usr/src/sys/kern/subr_taskqueue.c:124
#12 taskqueue_drain (queue=0xfffff8000ab50700, task=0xfffffe004d5a2138) at /usr/src/sys/kern/subr_taskqueue.c:573
#13 0xffffffff80cfee78 in ieee80211_draintask (ic=0xfffffe004d5a2020, task=0x4) at /usr/src/sys/net80211/ieee80211_var.h:794
#14 ieee80211_waitfor_parent (ic=0xfffffe004d5a2020) at /usr/src/sys/net80211/ieee80211_proto.c:1440
#15 0xffffffff80ce4a82 in ieee80211_ioctl (ifp=0xfffff800b1cae800, cmd=<optimized out>, data=<optimized out>) at /usr/src/sys/net80211/ieee80211_ioctl.c:3535
#16 0xffffffff80c9ab6a in ifhwioctl (cmd=<optimized out>, ifp=<optimized out>, data=0xfffffe006a290a10 "wlan0", td=<optimized out>)
    at /usr/src/sys/net/if.c:2704
#17 0xffffffff80c9c0ff in ifioctl (so=0xfffff8023523b000, cmd=2149607696, data=<optimized out>, td=0xfffff80217205000) at /usr/src/sys/net/if.c:3124
#18 0xffffffff80c04e9d in fo_ioctl (fp=<optimized out>, com=<optimized out>, active_cred=0xfffff80217205000, td=<optimized out>, data=<optimized out>)
    at /usr/src/sys/sys/file.h:330
#19 kern_ioctl (td=0xfffff80217205000, fd=4, com=2149607696, data=0xffffffff82112320 <common_tss> "") at /usr/src/sys/kern/sys_generic.c:800
#20 0xffffffff80c04bbe in sys_ioctl (td=0xfffff80217205000, uap=0xfffff802172053c0) at /usr/src/sys/kern/sys_generic.c:712
#21 0xffffffff810756d9 in syscallenter (td=<optimized out>) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
#22 amd64_syscall (td=0xfffff80217205000, traced=0) at /usr/src/sys/amd64/amd64/trap.c:1076
#23 <signal handler called>
#24 0x00000008008d911a in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffffffe8a8

Comment 1 Martin Filla 2019-08-23 19:12:22 UTC

FreeBSD  12.0-RELEASE-p10 FreeBSD 12.0-RELEASE-p10 GENERIC  amd64

Comment 2 Martin Filla 2019-08-23 21:41:04 UTC

Created attachment 206836 [details]
core.txt.0

Comment 3 Martin Filla 2019-08-24 18:38:54 UTC

It is suspicion on small stack overflow

#0  __curthread () at ./machine/pcpu.h:234
#1  doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff80b9b09b in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:446
#3  0xffffffff80b9b513 in vpanic (fmt=<optimized out>, ap=0xfffffe006a2903b0) at /usr/src/sys/kern/kern_shutdown.c:872
#4  0xffffffff80b9b303 in panic (fmt=<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:799
#5  0xffffffff81074bff in trap_fatal (frame=0xfffffe006a2905a0, eva=1040) at /usr/src/sys/amd64/amd64/trap.c:929
#6  0xffffffff81074c59 in trap_pfault (frame=0xfffffe006a2905a0, usermode=0) at /usr/src/sys/amd64/amd64/trap.c:765
#7  0xffffffff8107427e in trap (frame=0xfffffe006a2905a0) at /usr/src/sys/amd64/amd64/trap.c:441
#8  <signal handler called>
#9  __mtx_lock_sleep (c=0xfffff8000ab50750, v=<optimized out>) at /usr/src/sys/kern/kern_mutex.c:565
#10 0xffffffff80ba6813 in _sleep (ident=0xfffffe004d5a2138, lock=0xfffff8000ab50738, priority=108, wmesg=0xffffffff8123a845 "-", sbt=0, pr=0, flags=256)
    at /usr/src/sys/kern/kern_synch.c:226
#11 0xffffffff80bfa339 in TQ_SLEEP (t=<error reading variable: Cannot access memory at address 0x0>, tq=<optimized out>, p=<optimized out>, 
    m=<optimized out>, pri=<optimized out>, wm=<optimized out>) at /usr/src/sys/kern/subr_taskqueue.c:124
#12 taskqueue_drain (queue=0xfffff8000ab50700, task=0xfffffe004d5a2138) at /usr/src/sys/kern/subr_taskqueue.c:573
#13 0xffffffff80cfee78 in ieee80211_draintask (ic=0xfffffe004d5a2020, task=0x4) at /usr/src/sys/net80211/ieee80211_var.h:794
#14 ieee80211_waitfor_parent (ic=0xfffffe004d5a2020) at /usr/src/sys/net80211/ieee80211_proto.c:1440
#15 0xffffffff80ce4a82 in ieee80211_ioctl (ifp=0xfffff800b1cae800, cmd=<optimized out>, data=<optimized out>) at /usr/src/sys/net80211/ieee80211_ioctl.c:3535
#16 0xffffffff80c9ab6a in ifhwioctl (cmd=<optimized out>, ifp=<optimized out>, data=0xfffffe006a290a10 "wlan0", td=<optimized out>)
    at /usr/src/sys/net/if.c:2704
#17 0xffffffff80c9c0ff in ifioctl (so=0xfffff8023523b000, cmd=2149607696, data=<optimized out>, td=0xfffff80217205000) at /usr/src/sys/net/if.c:3124
#18 0xffffffff80c04e9d in fo_ioctl (fp=<optimized out>, com=<optimized out>, active_cred=0xfffff80217205000, td=<optimized out>, data=<optimized out>)
    at /usr/src/sys/sys/file.h:330
#19 kern_ioctl (td=0xfffff80217205000, fd=4, com=2149607696, data=0xffffffff82112320 <common_tss> "") at /usr/src/sys/kern/sys_generic.c:800
#20 0xffffffff80c04bbe in sys_ioctl (td=0xfffff80217205000, uap=0xfffff802172053c0) at /usr/src/sys/kern/sys_generic.c:712
#21 0xffffffff810756d9 in syscallenter (td=<optimized out>) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
#22 amd64_syscall (td=0xfffff80217205000, traced=0) at /usr/src/sys/amd64/amd64/trap.c:1076
#23 <signal handler called>
#24 0x00000008008d911a in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffffffe8a8
(kgdb) list
1455	 *
1456	 * Return 0 if we're ok, 1 if the channel needs to be reset.
1457	 *
1458	 * See PR kern/202502.
1459	 */
1460	static int
1461	ieee80211_start_check_reset_chan(struct ieee80211vap *vap)
1462	{
1463		struct ieee80211com *ic = vap->iv_ic;
(kgdb) frame 14
#14 ieee80211_waitfor_parent (ic=0xfffffe004d5a2020) at /usr/src/sys/net80211/ieee80211_proto.c:1440
1440		ieee80211_draintask(ic, &ic->ic_parent_task);
(kgdb) frame 13
#13 0xffffffff80cfee78 in ieee80211_draintask (ic=0xfffffe004d5a2020, task=0x4) at /usr/src/sys/net80211/ieee80211_var.h:794
794		taskqueue_drain(ic->ic_tq, task);
(kgdb) frame 14
#14 ieee80211_waitfor_parent (ic=0xfffffe004d5a2020) at /usr/src/sys/net80211/ieee80211_proto.c:1440
1440		ieee80211_draintask(ic, &ic->ic_parent_task);
(kgdb) print  &ic->ic_parent_task
$15 = (struct task *) 0xfffffe004d5a2138

Comment 4 Andriy Gapon freebsd_committer

2019-08-26 13:37:12 UTC

I removed an irrelevant gdb complaint from the bug title.

I have not analyzed the crash but perhaps taskqueue_drain was called on an already destroyed task queue.

Comment 5 Martin Filla 2019-08-27 17:09:52 UTC

Created attachment 206959 [details]
core.txt.1

next kernel panic here is backtrace and new core.txt.1

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0x0
fault code		= supervisor read data, page not present
instruction pointer	= 0x20:0xffffffff80ce4a9b
stack pointer	        = 0x0:0xfffffe005b57b7b0
frame pointer	        = 0x0:0xfffffe005b57b840
run0: code segment		= base rx0, limit 0xfffff, type 0x1b
detached
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 1689 (wpa_supplicant)
trap number		= 12
panic: page fault
cpuid = 0
time = 1566922324
KDB: stack backtrace:
#0 0xffffffff80be78d7 at kdb_backtrace+0x67
#1 0xffffffff80b9b4b3 at vpanic+0x1a3
#2 0xffffffff80b9b303 at panic+0x43
#3 0xffffffff81074bff at trap_fatal+0x35f
#4 0xffffffff81074c59 at trap_pfault+0x49
#5 0xffffffff8107427e at trap+0x29e
#6 0xffffffff8104f625 at calltrap+0x8
#7 0xffffffff80c9ab6a at ifhwioctl+0xd4a
#8 0xffffffff80c9c0ff at ifioctl+0x45f
#9 0xffffffff80c04e9d at kern_ioctl+0x26d
#10 0xffffffff80c04bbe at sys_ioctl+0x15e
#11 0xffffffff810756d9 at amd64_syscall+0x369
#12 0xffffffff8104ff0d at fast_syscall_common+0x101
Uptime: 35m43s
Dumping 827 out of 7943 MB:..2%..12%..22%..31%..41%..51%..62%..72%..82%..91%

__curthread () at ./machine/pcpu.h:234
234	./machine/pcpu.h: No such file or directory.
(kgdb) bt
#0  __curthread () at ./machine/pcpu.h:234
#1  doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff80b9b09b in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:446
#3  0xffffffff80b9b513 in vpanic (fmt=<optimized out>, ap=0xfffffe005b57b500) at /usr/src/sys/kern/kern_shutdown.c:872
#4  0xffffffff80b9b303 in panic (fmt=<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:799
#5  0xffffffff81074bff in trap_fatal (frame=0xfffffe005b57b6f0, eva=0) at /usr/src/sys/amd64/amd64/trap.c:929
#6  0xffffffff81074c59 in trap_pfault (frame=0xfffffe005b57b6f0, usermode=0) at /usr/src/sys/amd64/amd64/trap.c:765
#7  0xffffffff8107427e in trap (frame=0xfffffe005b57b6f0) at /usr/src/sys/amd64/amd64/trap.c:441
#8  <signal handler called>
#9  0xffffffff80ce4a9b in ieee80211_ioctl (ifp=0xfffff801395c4800, cmd=<optimized out>, data=<optimized out>) at /usr/src/sys/net80211/ieee80211_ioctl.c:3543
#10 0xffffffff80c9ab6a in ifhwioctl (cmd=<optimized out>, ifp=<optimized out>, data=0xfffffe005b57ba10 "wlan0", td=<optimized out>)
    at /usr/src/sys/net/if.c:2704
#11 0xffffffff80c9c0ff in ifioctl (so=0xfffff80084054000, cmd=2149607696, data=<optimized out>, td=0xfffff801a79b5580) at /usr/src/sys/net/if.c:3124
#12 0xffffffff80c04e9d in fo_ioctl (fp=<optimized out>, com=<optimized out>, active_cred=0x1, td=<optimized out>, data=<optimized out>)
    at /usr/src/sys/sys/file.h:330
#13 kern_ioctl (td=0xfffff801a79b5580, fd=4, com=2149607696, data=0x0) at /usr/src/sys/kern/sys_generic.c:800
#14 0xffffffff80c04bbe in sys_ioctl (td=0xfffff801a79b5580, uap=0xfffff801a79b5940) at /usr/src/sys/kern/sys_generic.c:712
#15 0xffffffff810756d9 in syscallenter (td=<optimized out>) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
#16 amd64_syscall (td=0xfffff801a79b5580, traced=0) at /usr/src/sys/amd64/amd64/trap.c:1076
#17 <signal handler called>
#18 0x00000008008d911a in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffffffe8a8

Comment 6 Martin Filla 2019-08-30 12:47:36 UTC

notice: this problems are on usb wifi TP-LINK TL-WN321G

Comment 7 Martin Filla 2019-09-22 14:52:39 UTC

Today again kernel panic with usb wifi
Unread portion of the kernel message buffer:
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 74093 (wpa_supplicant)
trap number		= 12
panic: page fault
cpuid = 1
time = 1569163448
KDB: stack backtrace:
#0 0xffffffff80be78d7 at kdb_backtrace+0x67
#1 0xffffffff80b9b4b3 at vpanic+0x1a3
#2 0xffffffff80b9b303 at panic+0x43
#3 0xffffffff81074bff at trap_fatal+0x35f
#4 0xffffffff81074c59 at trap_pfault+0x49
#5 0xffffffff8107427e at trap+0x29e
#6 0xffffffff8104f625 at calltrap+0x8
#7 0xffffffff80c9ab6a at ifhwioctl+0xd4a
#8 0xffffffff80c9c0ff at ifioctl+0x45f
#9 0xffffffff80c04e9d at kern_ioctl+0x26d
#10 0xffffffff80c04bbe at sys_ioctl+0x15e
#11 0xffffffff810756d9 at amd64_syscall+0x369
#12 0xffffffff8104ff0d at fast_syscall_common+0x101
Uptime: 3h42m4s
Dumping 852 out of 7943 MB:..2%..12%..21%..31%..42%..51%..61%..72%..81%..91%

bt__curthread () at ./machine/pcpu.h:234
234	./machine/pcpu.h: No such file or directory.
(kgdb) bt
#0  __curthread () at ./machine/pcpu.h:234
#1  doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff80b9b09b in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:446
#3  0xffffffff80b9b513 in vpanic (fmt=<optimized out>, ap=0xfffffe005f7fd500) at /usr/src/sys/kern/kern_shutdown.c:872
#4  0xffffffff80b9b303 in panic (fmt=<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:799
#5  0xffffffff81074bff in trap_fatal (frame=0xfffffe005f7fd6f0, eva=0) at /usr/src/sys/amd64/amd64/trap.c:929
#6  0xffffffff81074c59 in trap_pfault (frame=0xfffffe005f7fd6f0, usermode=0) at /usr/src/sys/amd64/amd64/trap.c:765
#7  0xffffffff8107427e in trap (frame=0xfffffe005f7fd6f0) at /usr/src/sys/amd64/amd64/trap.c:441
#8  <signal handler called>
#9  0xffffffff80ce4a9b in ieee80211_ioctl (ifp=0xfffff80151136800, cmd=<optimized out>, data=<optimized out>) at /usr/src/sys/net80211/ieee80211_ioctl.c:3543
#10 0xffffffff80c9ab6a in ifhwioctl (cmd=<optimized out>, ifp=<optimized out>, data=0xfffffe005f7fda10 "wlan0", td=<optimized out>) at /usr/src/sys/net/if.c:2704
#11 0xffffffff80c9c0ff in ifioctl (so=0xfffff801ea7106d0, cmd=2149607696, data=<optimized out>, td=0xfffff801aec3a000) at /usr/src/sys/net/if.c:3124
#12 0xffffffff80c04e9d in fo_ioctl (fp=<optimized out>, com=<optimized out>, active_cred=0x1, td=<optimized out>, data=<optimized out>) at /usr/src/sys/sys/file.h:330
#13 kern_ioctl (td=0xfffff801aec3a000, fd=4, com=2149607696, data=0x0) at /usr/src/sys/kern/sys_generic.c:800
#14 0xffffffff80c04bbe in sys_ioctl (td=0xfffff801aec3a000, uap=0xfffff801aec3a3c0) at /usr/src/sys/kern/sys_generic.c:712
#15 0xffffffff810756d9 in syscallenter (td=<optimized out>) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
#16 amd64_syscall (td=0xfffff801aec3a000, traced=0) at /usr/src/sys/amd64/amd64/trap.c:1076
#17 <signal handler called>
#18 0x00000008008d911a in ?? ()

Comment 8 Martin Filla 2020-12-26 12:19:33 UTC

FreeBSD 12.0 is unsupported. In next version is without this issue.