From owner-freebsd-wireless@freebsd.org Fri Apr 8 15:55:02 2016 Return-Path: Delivered-To: freebsd-wireless@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7E606B083A6 for ; Fri, 8 Apr 2016 15:55:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 630F91B01 for ; Fri, 8 Apr 2016 15:55:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u38Ft2gs056445 for ; Fri, 8 Apr 2016 15:55:02 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-wireless@FreeBSD.org Subject: [Bug 208636] [net80211][panic]Kernel panic in adhoc mode Date: Fri, 08 Apr 2016 15:55:02 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: wireless X-Bugzilla-Version: 10.3-BETA2 X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: shamaz.mazum@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-wireless@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-wireless@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Discussions of 802.11 stack, tools device driver development." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Apr 2016 15:55:02 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D208636 Bug ID: 208636 Summary: [net80211][panic]Kernel panic in adhoc mode Product: Base System Version: 10.3-BETA2 Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: wireless Assignee: freebsd-wireless@FreeBSD.org Reporter: shamaz.mazum@gmail.com Hello. I am using FreeBSD 10.3-RELEASE and have a following bug when trying= to configure adhoc mode on Atheros Wi-Fi adapter (the driver is ath, of course= ). I do the following in console: $ ifconfig wlan0 create wlandev ath0 wlanmode adhoc $ ifconfig wlan0 up $ ifconfig wlan0 list scan (optional, I think) $ ifconfig wlan0 ssid skynetV6 channel 10 and get a kernel panic. When I do just this, as it is stated in manual, everything is OK: $ ifconfig wlan0 create wlandev ath0 wlanmode adhoc $ ifconfig wlan0 ssid skynetV6 channel 10 kgdb output: root@ressurected:~ # kgdb /boot/kernel/kernel /var/crash/vmcore.0 GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain condition= s. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid =3D 0; apic id =3D 10 fault virtual address =3D 0xffff fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff80a77017 stack pointer =3D 0x28:0xfffffe023bb037c0 frame pointer =3D 0x28:0xfffffe023bb03820 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 0 (ath0 net80211 taskq) trap number =3D 12 panic: page fault cpuid =3D 0 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe023bb03= 2a0 kdb_backtrace() at kdb_backtrace+0x39/frame 0xfffffe023bb03350 vpanic() at vpanic+0x126/frame 0xfffffe023bb03390 panic() at panic+0x43/frame 0xfffffe023bb033f0 trap_fatal() at trap_fatal+0x36b/frame 0xfffffe023bb03450 trap_pfault() at trap_pfault+0x2ed/frame 0xfffffe023bb034f0 trap() at trap+0x47a/frame 0xfffffe023bb03700 calltrap() at calltrap+0x8/frame 0xfffffe023bb03700 --- trap 0xc, rip =3D 0xffffffff80a77017, rsp =3D 0xfffffe023bb037d0, rbp = =3D 0xfffffe023bb03820 --- ieee80211_beacon_construct() at ieee80211_beacon_construct+0x97/frame 0xfffffe023bb03820 ieee80211_beacon_alloc() at ieee80211_beacon_alloc+0xa2/frame 0xfffffe023bb03870 ath_beacon_alloc() at ath_beacon_alloc+0x75/frame 0xfffffe023bb038c0 ath_newstate() at ath_newstate+0x22a/frame 0xfffffe023bb03920 ieee80211_newstate_cb() at ieee80211_newstate_cb+0x14f/frame 0xfffffe023bb0= 3970 taskqueue_run_locked() at taskqueue_run_locked+0xe5/frame 0xfffffe023bb039c0 taskqueue_thread_loop() at taskqueue_thread_loop+0xa8/frame 0xfffffe023bb03= 9f0 fork_exit() at fork_exit+0x9a/frame 0xfffffe023bb03a30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe023bb03a30 --- trap 0, rip =3D 0, rsp =3D 0, rbp =3D 0 --- Uptime: 7m35s Dumping 458 out of 8147 MB:..4%..11%..21%..32%..42%..53%..63%..74%..81%..91% Reading symbols from /boot/kernel/zfs.ko.symbols...done. Loaded symbols for /boot/kernel/zfs.ko.symbols Reading symbols from /boot/kernel/opensolaris.ko.symbols...done. Loaded symbols for /boot/kernel/opensolaris.ko.symbols Reading symbols from /boot/kernel/amdtemp.ko.symbols...done. Loaded symbols for /boot/kernel/amdtemp.ko.symbols Reading symbols from /boot/kernel/if_bridge.ko.symbols...done. Loaded symbols for /boot/kernel/if_bridge.ko.symbols Reading symbols from /boot/kernel/bridgestp.ko.symbols...done. Loaded symbols for /boot/kernel/bridgestp.ko.symbols Reading symbols from /boot/kernel/wlan_xauth.ko.symbols...done. Loaded symbols for /boot/kernel/wlan_xauth.ko.symbols #0 doadump (textdump=3D1) at pcpu.h:219 219 pcpu.h: No such file or directory. in pcpu.h (kgdb) bt #0 doadump (textdump=3D1) at pcpu.h:219 #1 0xffffffff8095cd47 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:486 #2 0xffffffff8095d145 in vpanic (fmt=3D, ap=3D) at /usr/src/sys/kern/kern_shutdown.c:889 #3 0xffffffff8095cfd3 in panic (fmt=3D0x0) at /usr/src/sys/kern/kern_shutdown.c:818 #4 0xffffffff80d847bb in trap_fatal (frame=3D, eva=3D= ) at /usr/src/sys/amd64/amd64/trap.c:858 #5 0xffffffff80d84abd in trap_pfault (frame=3D0xfffffe023bb03710, usermode=3D) at /usr/src/sys/amd64/amd64/trap.c:681 #6 0xffffffff80d8413a in trap (frame=3D0xfffffe023bb03710) at /usr/src/sys/amd64/amd64/trap.c:447 #7 0xffffffff80d69b22 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:236 #8 0xffffffff80a77017 in ieee80211_beacon_construct (m=3D0xfffff800930d9c0= 0, frm=3D0xfffff80093159158 "",=20 bo=3D0xfffff800932b89f8, ni=3D0xfffffe0004ea7000) at /usr/src/sys/net80211/ieee80211_output.c:2110 #9 0xffffffff80a76e52 in ieee80211_beacon_alloc (ni=3D0xfffffe0004ea7000, bo=3D0xfffff800932b89f8) at /usr/src/sys/net80211/ieee80211_output.c:3046 #10 0xffffffff80421545 in ath_beacon_alloc (sc=3D0xfffffe0000b0c000, ni=3D0xfffffe0004ea7000) at /usr/src/sys/dev/ath/if_ath_beacon.c:201 #11 0xffffffff80420aea in ath_newstate (vap=3D0xfffff800932b8000, nstate=3D= ,=20 arg=3D) at /usr/src/sys/dev/ath/if_ath.c:5398 #12 0xffffffff80a7942f in ieee80211_newstate_cb (xvap=3D0xfffff800932b8000, npending=3D) at /usr/src/sys/net80211/ieee80211_proto.c:1756 #13 0xffffffff809ac135 in taskqueue_run_locked (queue=3D0xfffff800055e1500)= at /usr/src/sys/kern/subr_taskqueue.c:342 #14 0xffffffff809acbc8 in taskqueue_thread_loop (arg=3D) at /usr/src/sys/kern/subr_taskqueue.c:563 #15 0xffffffff8092524a in fork_exit (callout=3D0xffffffff809acb20 , arg=3D0xfffffe0000b3e0f0,=20 frame=3D0xfffffe023bb03a40) at /usr/src/sys/kern/kern_fork.c:1027 #16 0xffffffff80d6a05e in fork_trampoline () at /usr/src/sys/amd64/amd64/exception.S:611 #17 0x0000000000000000 in ?? () Current language: auto; currently minimal (kgdb) frame 8 #8 0xffffffff80a77017 in ieee80211_beacon_construct (m=3D0xfffff800930d9c0= 0, frm=3D0xfffff80093159158 "",=20 bo=3D0xfffff800932b89f8, ni=3D0xfffffe0004ea7000) at /usr/src/sys/net80211/ieee80211_output.c:2110 2110 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && (kgdb) p ni->ni_chan $1 =3D (struct ieee80211_channel *) 0xffff (kgdb) p ni->ni_ic->ic_bsschan $2 =3D (struct ieee80211_channel *) 0xfffffe0000b3e56c (kgdb) p *ni->ni_ic->ic_bsschan $3 =3D {ic_flags =3D 263296, ic_freq =3D 2457, ic_ieee =3D 10 '\n', ic_maxr= egpower =3D 20 '\024', ic_maxpower =3D 63 '?',=20 ic_minpower =3D 0 '\0', ic_state =3D 0 '\0', ic_extieee =3D 6 '\006', ic_= maxantgain =3D 0 '\0', ic_pad =3D 0 '\0',=20 ic_devdata =3D 9} (kgdb) root@ressurected:~ # exit The real line in frame 8 is capinfo =3D ieee80211_getcapinfo(vap, ni->ni_ch= an); in ieee80211_beacon_construct() It's clear that ni->ni_chan contains IEEE80211_CHAN_ANY constant and is bei= ng dereferenced. This problem report looks very similar to bug #145826, but I am not sure if= it is the same bug (likely so), or a different one, because steps to repeat it differ with mine. Also this problem exists in DragonFlyBSD (http://bugs.dragonflybsd.org/issues/2891), but folks there are not eager to help. Also, can anyone tell me if this problem is driver or net80211 code specifi= c? I mean, can you repeat it with other (non-Atheros) hardware? --=20 You are receiving this mail because: You are the assignee for the bug.=