Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 14 Aug 2009 14:07:54 +0200
From:      Hans Petter Selasky <hselasky@c2i.net>
To:        freebsd-current@freebsd.org
Cc:        Florent Thoumie <flz@xbsd.org>
Subject:   Re: Panic in rum(4) on 8.0-BETA2
Message-ID:  <200908141407.56248.hselasky@c2i.net>
In-Reply-To: <a01628140908140417q6df66913n12603111214a5f44@mail.gmail.com>
References:  <a01628140908140417q6df66913n12603111214a5f44@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 14 August 2009 13:17:35 Florent Thoumie wrote:
> Since upgrading from 7.2-RELEASE to 8.0-BETA2, I've been experiencing the
>
> following panic on a regular basis:
> : flz@cream:/var/crash; sudo kgdb -c vmcore.1 /boot/kernel/kernel.symbols
>
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you
> are
>
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "i386-marcel-freebsd"...
>
> Unread portion of the kernel message buffer:
> Kernel page fault with the following non-sleepable locks held:
> exclusive sleep mutex rum0 (network driver) r = 0 (0xc4ad29a4) locked @
> /usr/src/sys/dev/usb/wlan/if_rum.c:1278
> exclusive sleep mutex rum0_com_lock (rum0_com_lock) r = 0 (0xc4b06014)
> locked @ /usr/src/sys/net80211/ieee80211_scan.c:683
> KDB: stack backtrace:
> db_trace_self_wrapper(c0c6baf4,f3694a60,c08bc995,c0c7edcd,2ab,...) at
> db_trace_self_wrapper+0x26
> kdb_backtrace(c0c7edcd,2ab,ffffffff,c0efbc54,f3694a98,...) at
> kdb_backtrace+0x29
> _witness_debugger(c0c6df35,f3694aac,4,1,0,...) at _witness_debugger+0x25
> witness_warn(5,0,c0ca1b88,80246,c0db9aa0,...) at witness_warn+0x1fd
> trap(f3694b38) at trap+0x173
> calltrap() at calltrap+0x6
> --- trap 0xc, eip = 0xc093f0e8, esp = 0xf3694b78, ebp = 0xf3694b94 ---
> ieee80211_crypto_encap(c592d000,c4a0ca00,c0c58b19,4b3,c0efbc60,...) at
> ieee80211_crypto_encap+0xa8
> rum_start(c4ad2000,f3694c1c,c09232cf,c4ad2000,0,...) at rum_start+0x358
> if_start(c4ad2000,0,c0c778c5,c01,52,...) at if_start+0x12
> if_transmit(c4ad2000,c4a11100,c4a0b700,a4,c4b06000,...) at
> if_transmit+0x13f
>
> ieee80211_start(c4691800,f3694ca4,c096918e,c4691800,5,...) at
> ieee80211_start+0x661
> if_start(c4691800,5,10,654,f3694ca4,...) at if_start+0x12
> ieee80211_newstate_cb(c8cf9000,1,c0c6d2f0,54,c4ace8dc,...) at
> ieee80211_newstate_cb+0x20e
> taskqueue_run(c4ace8c0,c4ace8dc,0,c0c5e82b,0,...) at taskqueue_run+0x10b
> taskqueue_thread_loop(c4b06074,f3694d38,c0c63ebc,342,c0db9aa0,...) at
> taskqueue_thread_loop+0x68
> fork_exit(c08b5b10,c4b06074,f3694d38) at fork_exit+0xb8
> fork_trampoline() at fork_trampoline+0x8
> --- trap 0, eip = 0, esp = 0xf3694d70, ebp = 0 ---
>
>
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 00
> fault virtual address    = 0x20
> fault code        = supervisor read, page not present
> instruction pointer    = 0x20:0xc093f0e8
> stack pointer            = 0x28:0xf3694b78
> frame pointer            = 0x28:0xf3694b94
> code segment        = base 0x0, limit 0xfffff, type 0x1b
>             = DPL 0, pres 1, def32 1, gran 1
> processor eflags    = interrupt enabled, resume, IOPL = 0
> current process        = 0 (rum0 taskq)
> panic: from debugger
> cpuid = 0
> Uptime: 40m53s
> Physical memory: 1007 MB
> Dumping 155 MB: 140 124 108 92 76 60 44 28 12
>
> Reading symbols from /boot/kernel/snd_emu10kx.ko...Reading symbols from
> /boot/kernel/snd_emu10kx.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/snd_emu10kx.ko
> Reading symbols from /boot/kernel/sound.ko...Reading symbols from
> /boot/kernel/sound.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/sound.ko
> Reading symbols from /boot/kernel/atapicam.ko...Reading symbols from
> /boot/kernel/atapicam.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/atapicam.ko
> Reading symbols from /boot/kernel/fdescfs.ko...Reading symbols from
> /boot/kernel/fdescfs.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/fdescfs.ko
> Reading symbols from /boot/kernel/linprocfs.ko...Reading symbols from
> /boot/kernel/linprocfs.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/linprocfs.ko
> Reading symbols from /boot/kernel/linux.ko...Reading symbols from
> /boot/kernel/linux.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/linux.ko
> Reading symbols from /boot/kernel/linsysfs.ko...Reading symbols from
> /boot/kernel/linsysfs.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/linsysfs.ko
> Reading symbols from /boot/kernel/zfs.ko...Reading symbols from
> /boot/kernel/zfs.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/zfs.ko
> Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols from
> /boot/kernel/opensolaris.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/opensolaris.ko
> #0  doadump () at pcpu.h:246
> 246    pcpu.h: No such file or directory.
>     in pcpu.h
> (kgdb) doadump
> Undefined command: "doadump".  Try "help".
> (kgdb) help
> List of classes of commands:
>
> aliases -- Aliases of other commands
> breakpoints -- Making program stop at certain points
> data -- Examining data
> files -- Specifying and examining files
> internals -- Maintenance commands
> obscure -- Obscure features
> running -- Running the program
> stack -- Examining the stack
> status -- Status inquiries
> support -- Support facilities
> tracepoints -- Tracing of program execution without stopping the program
> user-defined -- User-defined commands
>
> Type "help" followed by a class name for a list of commands in that class.
> Type "help" followed by command name for full documentation.
> Command name abbreviations are allowed if unambiguous.
> (kgdb) bt
> #0  doadump () at pcpu.h:246
> #1  0xc087ba2e in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:419
> #2  0xc087bd02 in panic (fmt=Variable "fmt" is not available.
> ) at /usr/src/sys/kern/kern_shutdown.c:575
> #3  0xc04caf57 in db_panic (addr=Could not find the frame base for
> "db_panic".
> ) at /usr/src/sys/ddb/db_command.c:478
> #4  0xc04cb581 in db_command (last_cmdp=0xc0d8963c, cmd_table=0x0,
> dopager=1) at /usr/src/sys/ddb/db_command.c:445
> #5  0xc04cb6da in db_command_loop () at /usr/src/sys/ddb/db_command.c:498
> #6  0xc04cd56d in db_trap (type=12, code=0) at
> /usr/src/sys/ddb/db_main.c:229
> #7  0xc08a9696 in kdb_trap (type=12, code=0, tf=0xf3694b38) at
> /usr/src/sys/kern/subr_kdb.c:534
> #8  0xc0ba88cf in trap_fatal (frame=0xf3694b38, eva=32) at
> /usr/src/sys/i386/i386/trap.c:924
> #9  0xc0ba9231 in trap (frame=0xf3694b38) at
> /usr/src/sys/i386/i386/trap.c:325
> #10 0xc0b8b9db in calltrap () at /usr/src/sys/i386/i386/exception.s:165
> #11 0xc093f0e8 in ieee80211_crypto_encap (ni=0xc592d000, m=0xc4a0ca00) at
> /usr/src/sys/net80211/ieee80211_crypto.c:560
> #12 0xc07c4c68 in rum_start (ifp=0xc4ad2000) at
> /usr/src/sys/dev/usb/wlan/if_rum.c:1216
> #13 0xc0922be2 in if_start (ifp=0xc4ad2000) at /usr/src/sys/net/if.c:3061
> #14 0xc09232cf in if_transmit (ifp=0xc4ad2000, m=0xc4a11100) at
> /usr/src/sys/net/if.c:3073
> #15 0xc0963711 in ieee80211_start (ifp=0xc4691800) at
> /usr/src/sys/net80211/ieee80211_output.c:347
> #16 0xc0922be2 in if_start (ifp=0xc4691800) at /usr/src/sys/net/if.c:3061
> #17 0xc096918e in ieee80211_newstate_cb (xvap=0xc8cf9000, npending=1) at
> /usr/src/sys/net80211/ieee80211_proto.c:1681
> #18 0xc08b5a1b in taskqueue_run (queue=0xc4ace8c0) at
> /usr/src/sys/kern/subr_taskqueue.c:282
> #19 0xc08b5b78 in taskqueue_thread_loop (arg=0xc4b06074) at
> /usr/src/sys/kern/subr_taskqueue.c:403
> #20 0xc0852238 in fork_exit (callout=0xc08b5b10 <taskqueue_thread_loop>,
> arg=0xc4b06074, frame=0xf3694d38) at /usr/src/sys/kern/kern_fork.c:842
> #21 0xc0b8ba50 in fork_trampoline () at
> /usr/src/sys/i386/i386/exception.s:270
>
> I noticed that shortly before it happens, I also get the following message
> from wpa_supplicant: "Failed to disable WPA in the driver".

Hi,

This looks like a WLAN problem rather than an USB problem. Some months back 
the WLAN statemachine was converted to taskqueues. In that regard I've seen 
100% reproducable panics, but I did not have time to investigate. If you put 
some delay between the "ifconfig" commands on your wlan device, does the 
problem disappear?

Related PR:

usb/137341: driver if_rum doesn't work at all and throws panics

--HPS




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908141407.56248.hselasky>