stopping ndis caused fatal trap 12

From: Scot Hetzel <swhetzel_at_gmail.com> Date: Sun, 15 Jul 2007 05:32:32 -0500 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:14 UTC

hp010# uname -a
FreeBSD hp010 7.0-CURRENT FreeBSD 7.0-CURRENT #0: Sat Jul 14 02:20:09
CDT 2007     root_at_hp010:/usr/src/7x/sys-p4/amd64/compile/GENERIC.debug
 amd64

I was testing wpa_supplicant at work, and couldn't get it to associate
with the network (open, no encryption), and so I had hardcoded the
network.  When I went home and booted the system, it still had the
hardcoded wireless network configured.  I then did a netif stop ndis0,
made the change to set ndis to "WPA DHCP", then when I used 'netif
start ndis0', it didn't obtain an IP.  So I performed an 'netif stop
ndis0' and received the following panic:

#/etc/rc.d/netif stop ndis0
Stopping network: Stopping wpa_supplicant
waiting for PIDS: 474Jul 15 01:28:08 hp010 dhclient[1424]: connection closed
Jul 15 01:28:08 hp010 dhclient[1424]: exiting
Kernel page fault with the following non-sleepable locks held:
exclusive sleep mutex HAL preemption lock (HAL lock) r = 0
(0xffffffff80dde3c0) locked _at_
/usr/src/7x/sys-p4/modules/ndis/../../compat/ndis/subr_hal.c:423
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2a
witness_warn() at witness_warn+0x24b
trap() at trap+0x26e
calltrap() at calltrap+0x8
--- trap 0xc, rip = 0xffffffff80d0269a, rsp = 0xffffffffa45036c0, rbp
= 0xffffffffa4503820 ---
bcmwl564_sys_drv_data_start() at 0xffffffff80d0269a
ndis_stop() at ndis_stop+0x9f
ndis_init() at ndis_init+0x40
ndis_ioctl() at ndis_ioctl+0x173
ifhwioctl() at ifhwioctl+0x75f
ifioctl() at ifioctl+0xb0
soo_ioctl() at soo_ioctl+0x3ad
kern_ioctl() at kern_ioctl+0xa3
ioctl() at ioctl+0xf1
syscall() at syscall+0x1ca
Xfast_syscall() at Xfast_syscall+0xab
--- syscall (54, FreeBSD ELF64, ioctl), rip = 0x8008276fc, rsp =
0x7fffffffe4e8, rbp = 0x1 ---

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0xffffffff816e46c8
fault code              = supervisor read data, page not present
instruction pointer     = 0x8:0xffffffff80d0269a
stack pointer           = 0x10:0xffffffffa45036c0
frame pointer           = 0x10:0xffffffffa4503820
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 1513 (ifconfig)
[thread pid 1513 tid 100095]
Stopped at        0xffffffff80d0269a:     movq    0x16c8(%rdi), %rax

-------
>From compat/ndis/subr_hal.c:

409 uint8_t
410 KfRaiseIrql(irql)
411        uint8_t                 irql;
412 {
413        uint8_t                 oldirql;
414
415        oldirql = KeGetCurrentIrql();
416
417        /* I am so going to hell for this. */
418        if (oldirql > irql)
419                panic("IRQL_NOT_LESS_THAN");
420
421        if (oldirql != DISPATCH_LEVEL) {
422                sched_pin();
423                mtx_lock(&disp_lock[curthread->td_oncpu]);
424        }
425 /*printf("RAISE IRQL: %d %d\n", irql, oldirql);*/
426
427        return(oldirql);
428 }

----
(kgdb) bt
#0  doadump () at pcpu.h:194
During symbol reading, Incomplete CFI data; unspecified registers at
0xffffffff804745bc.
#1  0xffffffff80474ad6 in boot (howto=0x104) at
../../../kern/kern_shutdown.c:409
#2  0xffffffff80474f57 in panic (fmt=Variable "fmt" is not available.
) at ../../../kern/kern_shutdown.c:563
During symbol reading, unsupported tag: 'DW_TAG_const_type'.
#3  0xffffffff801b9837 in db_panic (addr=Variable "addr" is not available.
) at ../../../ddb/db_command.c:433
#4  0xffffffff801ba11c in db_command_loop () at ../../../ddb/db_command.c:401
#5  0xffffffff801bbb5f in db_trap (type=Variable "type" is not available.
) at ../../../ddb/db_main.c:222
#6  0xffffffff8049bd90 in kdb_trap (type=0xc, code=0x0,
tf=0xffffffffa4503610) at ../../../kern/subr_kdb.c:502
#7  0xffffffff806e482d in trap_fatal (frame=0xffffffffa4503610,
eva=Variable "eva" is not available.
) at ../../../amd64/amd64/trap.c:690
#8  0xffffffff806e54b6 in trap (frame=0xffffffffa4503610) at
../../../amd64/amd64/trap.c:247
#9  0xffffffff806cbc9e in calltrap () at ../../../amd64/amd64/exception.S:169
#10 0xffffffff80d0269a in ?? ()
#11 0xffffffffa45036f0 in ?? ()
#12 0xffffffff80dd57d2 in KeAcquireSpinLockAtDpcLevel (lock=0xffffffffa4503770)
    at /usr/src/7x/sys-p4/modules/ndis/../../compat/ndis/subr_ntoskrnl.c:2374
#13 0xffffffff80df51ef in ndis_stop ()
#14 0xffffffff80df6790 in ndis_init (xsc=Variable "xsc" is not available.
) at /usr/src/7x/sys-p4/modules/if_ndis/../../dev/if_ndis/if_ndis.c:1928
#15 0xffffffff80df9983 in ndis_ioctl (ifp=0xffffff0001169000,
command=Variable "command" is not available.
)
    at /usr/src/7x/sys-p4/modules/if_ndis/../../dev/if_ndis/if_ndis.c:2848
#16 0xffffffff80506acf in ifhwioctl (cmd=0x80206910,
ifp=0xffffff0001169000, data=0xffffff0001f56680 "ndis0", td=Variable
"td" is not available.
)
    at ../../../net/if.c:1590
#17 0xffffffff805086f0 in ifioctl (so=0xffffff0001dbc570,
cmd=0x80206910, data=0xffffff0001f56680 "ndis0",
    td=0xffffff0001dee340) at ../../../net/if.c:1880
#18 0xffffffff804b3dbd in soo_ioctl (fp=Variable "fp" is not available.
) at ../../../kern/sys_socket.c:202
#19 0xffffffff804adf03 in kern_ioctl (td=0xffffff0001dee340, fd=0x3,
com=0x80206910, data=0xffffff0001f56680 "ndis0")
    at file.h:266
#20 0xffffffff804ae161 in ioctl (td=0xffffff0001dee340,
uap=0xffffffffa4503be0) at ../../../kern/sys_generic.c:570
#21 0xffffffff806e4d7a in syscall (frame=0xffffffffa4503c70) at
../../../amd64/amd64/trap.c:820
#22 0xffffffff806cbe4b in Xfast_syscall () at
../../../amd64/amd64/exception.S:272
#23 0x00000008008276fc in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb)

Let me know if there is any more debug info I can provide for this crash.

Scot

PS:  I tried to reproduce the problem, and wasn't able to reproduce it.
-- 
DISCLAIMER:
No electrons were mamed while sending this message. Only slightly bruised.