From owner-freebsd-bugs@FreeBSD.ORG Tue Nov 3 11:20:02 2009 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9D10F10656A5 for ; Tue, 3 Nov 2009 11:20:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 609DF8FC1A for ; Tue, 3 Nov 2009 11:20:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id nA3BK25O030630 for ; Tue, 3 Nov 2009 11:20:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id nA3BK2OC030629; Tue, 3 Nov 2009 11:20:02 GMT (envelope-from gnats) Resent-Date: Tue, 3 Nov 2009 11:20:02 GMT Resent-Message-Id: <200911031120.nA3BK2OC030629@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Sergey Maltsev Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 18075106568B for ; Tue, 3 Nov 2009 11:12:29 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 067618FC18 for ; Tue, 3 Nov 2009 11:12:29 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id nA3BCSGw063964 for ; Tue, 3 Nov 2009 11:12:28 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id nA3BCSNF063963; Tue, 3 Nov 2009 11:12:28 GMT (envelope-from nobody) Message-Id: <200911031112.nA3BCSNF063963@www.freebsd.org> Date: Tue, 3 Nov 2009 11:12:28 GMT From: Sergey Maltsev To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/140245: Kernel panic during network activity on device ath in 7.2-RELEASE-p4 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Nov 2009 11:20:02 -0000 >Number: 140245 >Category: kern >Synopsis: Kernel panic during network activity on device ath in 7.2-RELEASE-p4 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Nov 03 11:20:02 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Sergey Maltsev >Release: FreeBSD 7.2-RELEASE-p4 i386 >Organization: >Environment: FreeBSD sergio.planet-a.ru 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #0: Mon Nov 2 22:35:57 YEKT 2009 root@sergio.planet-a.ru:/usr/obj/usr/src/sys/SERGIO i386 >Description: I am using a wireless card D-link DWL-G520 with Atheros chipset. Usually more heavy network activity (with P2P-client running) causes kernel panic. I have a core dump. Here is a backtrace from kgdb: Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0xc fault code = supervisor read, page not present instruction pointer = 0x20:0xc0640262 stack pointer = 0x28:0xe627db60 frame pointer = 0x28:0xe627db7c code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 44 (ath0 taskq) trap number = 12 panic: page fault cpuid = 1 Uptime: 9h5m24s Physical memory: 2026 MB Dumping 282 MB: Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0xc fault code = supervisor read, page not present instruction pointer = 0x20:0xc0640262 stack pointer = 0x28:0xc5bfd94c frame pointer = 0x28:0xc5bfd968 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 13 (swi4: clock) trap number = 12 panic: page fault cpuid = 1 267 251 235 219 203 187 171 155 139 123 107 91 75 59 43 27 11 Reading symbols from /boot/kernel/snd_hda.ko...Reading symbols from /boot/kernel/snd_hda.ko.symbols...done. done. Loaded symbols for /boot/kernel/snd_hda.ko Reading symbols from /boot/modules/nvidia.ko...done. Loaded symbols for /boot/modules/nvidia.ko Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/kernel/linux.ko.symbols...done. done. Loaded symbols for /boot/kernel/linux.ko Reading symbols from /boot/kernel/sem.ko...Reading symbols from /boot/kernel/sem.ko.symbols...done. done. Loaded symbols for /boot/kernel/sem.ko Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done. done. Loaded symbols for /boot/kernel/acpi.ko Reading symbols from /boot/kernel/linprocfs.ko...Reading symbols from /boot/kernel/linprocfs.ko.symbols...done. done. Loaded symbols for /boot/kernel/linprocfs.ko Reading symbols from /usr/local/modules/fuse.ko...done. Loaded symbols for /usr/local/modules/fuse.ko #0 doadump () at pcpu.h:196 196 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) backtrace #0 doadump () at pcpu.h:196 #1 0xc05ef60c in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418 #2 0xc05ef8b9 in panic (fmt=Variable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:574 #3 0xc080698c in trap_fatal (frame=0xe627db20, eva=12) at /usr/src/sys/i386/i386/trap.c:939 #4 0xc0806bf0 in trap_pfault (frame=0xe627db20, usermode=0, eva=12) at /usr/src/sys/i386/i386/trap.c:852 #5 0xc0807572 in trap (frame=0xe627db20) at /usr/src/sys/i386/i386/trap.c:530 #6 0xc07ece9b in calltrap () at /usr/src/sys/i386/i386/exception.s:159 #7 0xc0640262 in m_copydata (m=0x0, off=2240, len=2314, cp=0xc939a6f4 "") at /usr/src/sys/kern/uipc_mbuf.c:808 #8 0xc06c599f in ieee80211_encap (ic=0xc5edb22c, m=0xc7c5f900, ni=0xc6709000) at /usr/src/sys/net80211/ieee80211_output.c:1057 #9 0xc049125c in ath_start (ifp=0xc5ebc800) at /usr/src/sys/dev/ath/if_ath.c:1656 #10 0xc0493eee in ath_tx_proc_q0123 (arg=0xc5edb000, npending=2) at /usr/src/sys/dev/ath/if_ath.c:4653 #11 0xc06246b5 in taskqueue_run (queue=0xc5ea1e80) at /usr/src/sys/kern/subr_taskqueue.c:282 #12 0xc06248c8 in taskqueue_thread_loop (arg=0xc5edc674) at /usr/src/sys/kern/subr_taskqueue.c:401 #13 0xc05c94f9 in fork_exit (callout=0xc0624800 , arg=0xc5edc674, frame=0xe627dd38) at /usr/src/sys/kern/kern_fork.c:810 #14 0xc07ecf10 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:264 >How-To-Repeat: Use the network - e.g. rtorrent (p2p-client). >Fix: >Release-Note: >Audit-Trail: >Unformatted: