Bug #2045

ral(4): Fatal trap 12: page fault while in kernel mode (two panics)

Added by herrgard about 3 years ago. Updated over 2 years ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

These two happen from time to time for me. I don't know how to reproduce them. Box is runnig x86_64.

They are available as .6 and .7 in leaf~mh/crash.

Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x0
fault code = supervisor read data, page not present
instruction pointer = 0x8:0xffffffff802dd08e
stack pointer = 0x10:0xffffffe01d61a680
frame pointer = 0x10:0xffffffe01d61a800
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = Idle
current thread = pri 12
trap number = 12
panic: page fault
Trace beginning at frame 0xffffffe01d61a418
panic() at panic+0x136
panic() at panic+0x136
trap_fatal() at trap_fatal+0x39d
trap_pfault() at trap_pfault+0x173
trap() at trap+0x3d9
calltrap() at calltrap+0x8
--- trap 000000000000000c, rip = ffffffff802dd08e, rsp = ffffffe01d61a680, rbp = ffffffe01d61a800 ---
rt2661_start_locked() at rt2661_start_locked+0xec
rt2661_start() at rt2661_start+0x9
ifq_dispatch() at ifq_dispatch+0x11b
ieee80211_handoff() at ieee80211_handoff+0x9a
ieee80211_start() at ieee80211_start+0x74f
ifq_dispatch() at ifq_dispatch+0x11b
ether_output_frame() at ether_output_frame+0x199
ether_output() at ether_output+0x2ee
ieee80211_output() at ieee80211_output+0x4c
ip_output() at ip_output+0xd3c
tcp_output() at tcp_output+0x1242
tcp_usr_send() at tcp_usr_send+0x209
netmsg_service_loop() at netmsg_service_loop+0x7f

(kgdb) bt
#0 _get_mycpu (di=<value optimized out>) at ./machine/thread.h:69
#1 md_dumpsys (di=<value optimized out>) at /usr/src/sys/platform/pc64/x86_64/dump_machdep.c:263
#2 0xffffffff8037428d in dumpsys () at /usr/src/sys/kern/kern_shutdown.c:893
#3 0xffffffff8037488a in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:388
#4 0xffffffff80374a60 in panic (fmt=0xffffffff806330c8 "%s") at /usr/src/sys/kern/kern_shutdown.c:799
#5 0xffffffff80607b0e in trap_fatal (frame=0xffffffe01d61a5c8, eva=<value optimized out>) at /usr/src/sys/platform/pc64/x86_64/trap.c:977
#6 0xffffffff80607c9f in trap_pfault (frame=0xffffffe01d61a5c8, usermode=<value optimized out>) at /usr/src/sys/platform/pc64/x86_64/trap.c:875
#7 0xffffffff8060810b in trap (frame=0xffffffe01d61a5c8) at /usr/src/sys/platform/pc64/x86_64/trap.c:590
#8 0xffffffff80600fee in calltrap () at /usr/src/sys/platform/pc64/x86_64/exception.S:185
#9 0xffffffff802dd08e in rt2661_start_locked (ifp=<value optimized out>) at /usr/src/sys/dev/netif/ral/rt2661.c:1634
#10 0xffffffff802de3e3 in rt2661_start (ifp=0x0) at /usr/src/sys/dev/netif/ral/rt2661.c:1648
#11 0xffffffff804050e6 in ifq_dispatch (ifp=0xffffffe01d7e8000, m=0xffffffe042f18400, pa=<value optimized out>) at /usr/src/sys/net/if.c:2489
#12 0xffffffff80424422 in ieee80211_handoff (dst_ifp=0xffffffe01d7e8000, m=0xffffffe042f18400) at /usr/src/sys/netproto/802_11/wlan/ieee80211_dragonfly.c:826
#13 0xffffffff80440101 in ieee80211_start (ifp=0xffffffe01e130400) at /usr/src/sys/netproto/802_11/wlan/ieee80211_output.c:360
#14 0xffffffff804050e6 in ifq_dispatch (ifp=0xffffffe01e130400, m=0xffffffe042f18400, pa=<value optimized out>) at /usr/src/sys/net/if.c:2489
#15 0xffffffff80406a65 in ether_output_frame (ifp=0xffffffe01e130400, m=0xffffffe042f18400) at /usr/src/sys/net/if_ethersubr.c:506
#16 0xffffffff80406d5c in ether_output (ifp=0xffffffe01e130400, m=0xffffffe042f18400, dst=0xffffffe005cabf50, rt=0xffffffe042f387d8) at /usr/src/sys/net/if_ethersubr.c:426
#17 0xffffffff8043e152 in ieee80211_output (ifp=0x0, m=0xffffffe042f18400, dst=0xffffffe005cabf50, rt=0xffffffe01d7e8000) at /usr/src/sys/netproto/802_11/wlan/ieee80211_output.c:405
#18 0xffffffff8045c7ec in ip_output (m0=<value optimized out>, opt=<value optimized out>, ro=0xffffffe01daff4c0, flags=<value optimized out>, imo=0x0, inp=0xffffffe01daff470) at /usr/src/sys/netinet/ip_output.c:976
#19 0xffffffff80462ac7 in tcp_output (tp=0xffffffe01daff590) at /usr/src/sys/netinet/tcp_output.c:1003
#20 0xffffffff8046a4b9 in tcp_usr_send (msg=0xffffffe042df8888) at /usr/src/sys/netinet/tcp_usrreq.c:834
#21 0xffffffff80411040 in netmsg_service_loop (arg=<value optimized out>) at /usr/src/sys/net/netisr.c:307
#22 0xffffffff8037dc00 in lwkt_deschedule_self (td=0x0) at /usr/src/sys/kern/lwkt_thread.c:282

Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x0
fault code = supervisor read data, page not present
instruction pointer = 0x8:0xffffffff802dd0ae
stack pointer = 0x10:0xffffffe01db3c9b0
frame pointer = 0x10:0xffffffe01db3cb30
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 0, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = Idle
current thread = pri 28 (CRIT)
trap number = 12
panic: page fault
Trace beginning at frame 0xffffffe01db3c748
panic() at panic+0x136
panic() at panic+0x136
trap_fatal() at trap_fatal+0x39d
trap_pfault() at trap_pfault+0x173
trap() at trap+0x3d9
calltrap() at calltrap+0x8
--- trap 000000000000000c, rip = ffffffff802dd0ae, rsp = ffffffe01db3c9b0, rbp = ffffffe01db3cb30 ---
rt2661_start_locked() at rt2661_start_locked+0xec
rt2661_intr() at rt2661_intr+0x766
lwkt_serialize_handler_call() at lwkt_serialize_handler_call+0x7e
ithread_handler() at ithread_handler+0xf9

(kgdb) bt
#0 _get_mycpu (di=<value optimized out>) at ./machine/thread.h:69
#1 md_dumpsys (di=<value optimized out>) at /usr/src/sys/platform/pc64/x86_64/dump_machdep.c:263
#2 0xffffffff803742ad in dumpsys () at /usr/src/sys/kern/kern_shutdown.c:893
#3 0xffffffff803748aa in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:388
#4 0xffffffff80374a80 in panic (fmt=0xffffffff80633168 "%s") at /usr/src/sys/kern/kern_shutdown.c:799
#5 0xffffffff80607b5e in trap_fatal (frame=0xffffffe01db3c8f8, eva=<value optimized out>) at /usr/src/sys/platform/pc64/x86_64/trap.c:977
#6 0xffffffff80607cef in trap_pfault (frame=0xffffffe01db3c8f8, usermode=<value optimized out>) at /usr/src/sys/platform/pc64/x86_64/trap.c:875
#7 0xffffffff8060815b in trap (frame=0xffffffe01db3c8f8) at /usr/src/sys/platform/pc64/x86_64/trap.c:590
#8 0xffffffff8060103e in calltrap () at /usr/src/sys/platform/pc64/x86_64/exception.S:185
#9 0xffffffff802dd0ae in rt2661_start_locked (ifp=<value optimized out>) at /usr/src/sys/dev/netif/ral/rt2661.c:1634
#10 0xffffffff802de210 in rt2661_tx_intr (arg=<value optimized out>) at /usr/src/sys/dev/netif/ral/rt2661.c:961
#11 rt2661_intr (arg=<value optimized out>) at /usr/src/sys/dev/netif/ral/rt2661.c:1203
#12 0xffffffff803818f0 in lwkt_serialize_handler_call (s=0xffffffff809fbe10, func=0xffffffff802ddaaa <rt2661_intr>, arg=0xffffffe01d95a470, frame=0x0) at /usr/src/sys/kern/lwkt_serialize.c:229
#13 0xffffffff8034e4f4 in ithread_handler (arg=<value optimized out>) at /usr/src/sys/kern/kern_intr.c:823
#14 0xffffffff8037dc20 in lwkt_deschedule_self (td=0x0) at /usr/src/sys/kern/lwkt_thread.c:282

History

#1 Updated by marino over 2 years ago

I have a ral card and this is happening to me as well.
I have a dump!

core txt: http://leaf.dragonflybsd.org/~marino/core7.txt

Also available in: Atom PDF