Re: Fatal trap 12: page fault while in kernel mode - current process: flowcleaner

From: Lawrence Stewart <lstewart_at_freebsd.org>
Date: Fri, 07 Aug 2009 13:52:37 +0100
Fabian Keil wrote:
> Using:
> 
> FreeBSD TP51.local 8.0-BETA2 FreeBSD 8.0-BETA2 #36: Sat Aug  1 00:07:09 CEST 2009
> fk_at_TP51.local:/usr/obj/usr/src/sys/THINKPAD  i386
> 
> I got the following panic:
> 
> fk_at_TP51 /usr/crash $kgdb /boot/kernel/kernel.symbols vmcore.6
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "i386-marcel-freebsd"...
> 
> Unread portion of the kernel message buffer:
> 
> 
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 00
> fault virtual address   = 0x0
> fault code              = supervisor read, page not present
> instruction pointer     = 0x20:0x0
> stack pointer           = 0x28:0xf1a2fc94
> frame pointer           = 0x28:0xf1a2fcd8
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 40 (flowcleaner)
> panic: from debugger
> cpuid = 0
> Uptime: 2m1s
> Physical memory: 998 MB
> Dumping 144 MB: 129 113 97 81 65 49 33 17 1
> 
> Reading symbols from /boot/kernel/unionfs.ko...Reading symbols from /boot/kernel/unionfs.ko.symbols...done.
> done.
> [...]
> Loaded symbols for /boot/kernel/fdescfs.ko
> #0  doadump () at pcpu.h:246
> 246     pcpu.h: No such file or directory.
>         in pcpu.h
> (kgdb) where
> #0  doadump () at pcpu.h:246
> #1  0xc0678e66 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:419
> #2  0xc06790a2 in panic (fmt=Variable "fmt" is not available.
> ) at /usr/src/sys/kern/kern_shutdown.c:575
> #3  0xc04f2e57 in db_panic (addr=Could not find the frame base for "db_panic".
> ) at /usr/src/sys/ddb/db_command.c:478
> #4  0xc04f33e1 in db_command (last_cmdp=0xc0a1f31c, cmd_table=0x0, dopager=1) at /usr/src/sys/ddb/db_command.c:445
> #5  0xc04f353a in db_command_loop () at /usr/src/sys/ddb/db_command.c:498
> #6  0xc04f532d in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:229
> #7  0xc06a33c6 in kdb_trap (type=12, code=0, tf=0xf1a2fc54) at /usr/src/sys/kern/subr_kdb.c:534
> #8  0xc0913a8f in trap_fatal (frame=0xf1a2fc54, eva=0) at /usr/src/sys/i386/i386/trap.c:924
> #9  0xc0913cc3 in trap_pfault (frame=0xf1a2fc54, usermode=0, eva=0) at /usr/src/sys/i386/i386/trap.c:846
> #10 0xc091469a in trap (frame=0xf1a2fc54) at /usr/src/sys/i386/i386/trap.c:528
> #11 0xc08f83bb in calltrap () at /usr/src/sys/i386/i386/exception.s:165
> #12 0x00000000 in ?? ()
> Previous frame inner to this frame (corrupt stack?)
> 
> The backtrace in ddb mentioned several flow* functions,
> but unfortunately it doesn't seem to have survived the
> dump.
> 
> The problem occurred after booting the system with the rc.conf line:
>   ifconfig_wlan0="inet 192.168.178.49 -wme"
> changing it to:
>   ifconfig_wlan0="inet 192.168.178.49 ssid [...] wepkey 1:[0x...] deftxkey 1 wepmode on chanlist 7 -wme"
> running:
>   /etc/rc.d/netif restart
> followed by:
>   ifconfig wlan0
> which showed that wlan0 got associated.
> The panic happened less than a second later.
> 
> The system is an IBM ThinkPad R51 with iwi0 as wlandev.
> em0 was configured and up but unconnected.


I can reliably trigger a flowcleaner panic as well on my Toshiba R600 
laptop with a rum based WIFI dongle (D-Link DWA-110). I only get it on 
teardown/detach though. Kip is aware of the issue and will hopefully 
have a patch for us at some point.

Panic details:

Fatal trap 9: general protection fault while in kernel mode
cpuid = 1; apic id = 01
instruction pointer     = 0x20:0xffffffff80628998
stack pointer           = 0x28:0xffffff80568ebba0
frame pointer           = 0x28:0xffffff80568ebc00
code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 51 (flowcleaner)


Relevant part of backtrace:

#8  0xffffffff80849083 in calltrap () at 
/usr/src/sys/amd64/amd64/exception.S:224
#9  0xffffffff80628998 in flowtable_free_stale (ft=Variable "ft" is not 
available.
) at /usr/src/sys/net/flowtable.c:835
#10 0xffffffff80628b17 in flowtable_cleaner () at 
/usr/src/sys/net/flowtable.c:944
#11 0xffffffff8055a37a in fork_exit (callout=0xffffffff80628a60 
<flowtable_cleaner>, arg=0x0,
     frame=0xffffff80568ebc80) at /usr/src/sys/kern/kern_fork.c:838
#12 0xffffffff8084955e in fork_trampoline () at 
/usr/src/sys/amd64/amd64/exception.S:561



Cheers,
Lawrence
Received on Fri Aug 07 2009 - 10:53:17 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:53 UTC