Date: Fri, 14 Aug 2009 14:07:54 +0200 From: Hans Petter Selasky <hselasky@c2i.net> To: freebsd-current@freebsd.org Cc: Florent Thoumie <flz@xbsd.org> Subject: Re: Panic in rum(4) on 8.0-BETA2 Message-ID: <200908141407.56248.hselasky@c2i.net> In-Reply-To: <a01628140908140417q6df66913n12603111214a5f44@mail.gmail.com> References: <a01628140908140417q6df66913n12603111214a5f44@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 14 August 2009 13:17:35 Florent Thoumie wrote: > Since upgrading from 7.2-RELEASE to 8.0-BETA2, I've been experiencing the > > following panic on a regular basis: > : flz@cream:/var/crash; sudo kgdb -c vmcore.1 /boot/kernel/kernel.symbols > > GNU gdb 6.1.1 [FreeBSD] > Copyright 2004 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you > are > > welcome to change it and/or distribute copies of it under certain > conditions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for details. > This GDB was configured as "i386-marcel-freebsd"... > > Unread portion of the kernel message buffer: > Kernel page fault with the following non-sleepable locks held: > exclusive sleep mutex rum0 (network driver) r = 0 (0xc4ad29a4) locked @ > /usr/src/sys/dev/usb/wlan/if_rum.c:1278 > exclusive sleep mutex rum0_com_lock (rum0_com_lock) r = 0 (0xc4b06014) > locked @ /usr/src/sys/net80211/ieee80211_scan.c:683 > KDB: stack backtrace: > db_trace_self_wrapper(c0c6baf4,f3694a60,c08bc995,c0c7edcd,2ab,...) at > db_trace_self_wrapper+0x26 > kdb_backtrace(c0c7edcd,2ab,ffffffff,c0efbc54,f3694a98,...) at > kdb_backtrace+0x29 > _witness_debugger(c0c6df35,f3694aac,4,1,0,...) at _witness_debugger+0x25 > witness_warn(5,0,c0ca1b88,80246,c0db9aa0,...) at witness_warn+0x1fd > trap(f3694b38) at trap+0x173 > calltrap() at calltrap+0x6 > --- trap 0xc, eip = 0xc093f0e8, esp = 0xf3694b78, ebp = 0xf3694b94 --- > ieee80211_crypto_encap(c592d000,c4a0ca00,c0c58b19,4b3,c0efbc60,...) at > ieee80211_crypto_encap+0xa8 > rum_start(c4ad2000,f3694c1c,c09232cf,c4ad2000,0,...) at rum_start+0x358 > if_start(c4ad2000,0,c0c778c5,c01,52,...) at if_start+0x12 > if_transmit(c4ad2000,c4a11100,c4a0b700,a4,c4b06000,...) at > if_transmit+0x13f > > ieee80211_start(c4691800,f3694ca4,c096918e,c4691800,5,...) at > ieee80211_start+0x661 > if_start(c4691800,5,10,654,f3694ca4,...) at if_start+0x12 > ieee80211_newstate_cb(c8cf9000,1,c0c6d2f0,54,c4ace8dc,...) at > ieee80211_newstate_cb+0x20e > taskqueue_run(c4ace8c0,c4ace8dc,0,c0c5e82b,0,...) at taskqueue_run+0x10b > taskqueue_thread_loop(c4b06074,f3694d38,c0c63ebc,342,c0db9aa0,...) at > taskqueue_thread_loop+0x68 > fork_exit(c08b5b10,c4b06074,f3694d38) at fork_exit+0xb8 > fork_trampoline() at fork_trampoline+0x8 > --- trap 0, eip = 0, esp = 0xf3694d70, ebp = 0 --- > > > Fatal trap 12: page fault while in kernel mode > cpuid = 0; apic id = 00 > fault virtual address = 0x20 > fault code = supervisor read, page not present > instruction pointer = 0x20:0xc093f0e8 > stack pointer = 0x28:0xf3694b78 > frame pointer = 0x28:0xf3694b94 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 0 (rum0 taskq) > panic: from debugger > cpuid = 0 > Uptime: 40m53s > Physical memory: 1007 MB > Dumping 155 MB: 140 124 108 92 76 60 44 28 12 > > Reading symbols from /boot/kernel/snd_emu10kx.ko...Reading symbols from > /boot/kernel/snd_emu10kx.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/snd_emu10kx.ko > Reading symbols from /boot/kernel/sound.ko...Reading symbols from > /boot/kernel/sound.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/sound.ko > Reading symbols from /boot/kernel/atapicam.ko...Reading symbols from > /boot/kernel/atapicam.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/atapicam.ko > Reading symbols from /boot/kernel/fdescfs.ko...Reading symbols from > /boot/kernel/fdescfs.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/fdescfs.ko > Reading symbols from /boot/kernel/linprocfs.ko...Reading symbols from > /boot/kernel/linprocfs.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/linprocfs.ko > Reading symbols from /boot/kernel/linux.ko...Reading symbols from > /boot/kernel/linux.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/linux.ko > Reading symbols from /boot/kernel/linsysfs.ko...Reading symbols from > /boot/kernel/linsysfs.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/linsysfs.ko > Reading symbols from /boot/kernel/zfs.ko...Reading symbols from > /boot/kernel/zfs.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/zfs.ko > Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols from > /boot/kernel/opensolaris.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/opensolaris.ko > #0 doadump () at pcpu.h:246 > 246 pcpu.h: No such file or directory. > in pcpu.h > (kgdb) doadump > Undefined command: "doadump". Try "help". > (kgdb) help > List of classes of commands: > > aliases -- Aliases of other commands > breakpoints -- Making program stop at certain points > data -- Examining data > files -- Specifying and examining files > internals -- Maintenance commands > obscure -- Obscure features > running -- Running the program > stack -- Examining the stack > status -- Status inquiries > support -- Support facilities > tracepoints -- Tracing of program execution without stopping the program > user-defined -- User-defined commands > > Type "help" followed by a class name for a list of commands in that class. > Type "help" followed by command name for full documentation. > Command name abbreviations are allowed if unambiguous. > (kgdb) bt > #0 doadump () at pcpu.h:246 > #1 0xc087ba2e in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:419 > #2 0xc087bd02 in panic (fmt=Variable "fmt" is not available. > ) at /usr/src/sys/kern/kern_shutdown.c:575 > #3 0xc04caf57 in db_panic (addr=Could not find the frame base for > "db_panic". > ) at /usr/src/sys/ddb/db_command.c:478 > #4 0xc04cb581 in db_command (last_cmdp=0xc0d8963c, cmd_table=0x0, > dopager=1) at /usr/src/sys/ddb/db_command.c:445 > #5 0xc04cb6da in db_command_loop () at /usr/src/sys/ddb/db_command.c:498 > #6 0xc04cd56d in db_trap (type=12, code=0) at > /usr/src/sys/ddb/db_main.c:229 > #7 0xc08a9696 in kdb_trap (type=12, code=0, tf=0xf3694b38) at > /usr/src/sys/kern/subr_kdb.c:534 > #8 0xc0ba88cf in trap_fatal (frame=0xf3694b38, eva=32) at > /usr/src/sys/i386/i386/trap.c:924 > #9 0xc0ba9231 in trap (frame=0xf3694b38) at > /usr/src/sys/i386/i386/trap.c:325 > #10 0xc0b8b9db in calltrap () at /usr/src/sys/i386/i386/exception.s:165 > #11 0xc093f0e8 in ieee80211_crypto_encap (ni=0xc592d000, m=0xc4a0ca00) at > /usr/src/sys/net80211/ieee80211_crypto.c:560 > #12 0xc07c4c68 in rum_start (ifp=0xc4ad2000) at > /usr/src/sys/dev/usb/wlan/if_rum.c:1216 > #13 0xc0922be2 in if_start (ifp=0xc4ad2000) at /usr/src/sys/net/if.c:3061 > #14 0xc09232cf in if_transmit (ifp=0xc4ad2000, m=0xc4a11100) at > /usr/src/sys/net/if.c:3073 > #15 0xc0963711 in ieee80211_start (ifp=0xc4691800) at > /usr/src/sys/net80211/ieee80211_output.c:347 > #16 0xc0922be2 in if_start (ifp=0xc4691800) at /usr/src/sys/net/if.c:3061 > #17 0xc096918e in ieee80211_newstate_cb (xvap=0xc8cf9000, npending=1) at > /usr/src/sys/net80211/ieee80211_proto.c:1681 > #18 0xc08b5a1b in taskqueue_run (queue=0xc4ace8c0) at > /usr/src/sys/kern/subr_taskqueue.c:282 > #19 0xc08b5b78 in taskqueue_thread_loop (arg=0xc4b06074) at > /usr/src/sys/kern/subr_taskqueue.c:403 > #20 0xc0852238 in fork_exit (callout=0xc08b5b10 <taskqueue_thread_loop>, > arg=0xc4b06074, frame=0xf3694d38) at /usr/src/sys/kern/kern_fork.c:842 > #21 0xc0b8ba50 in fork_trampoline () at > /usr/src/sys/i386/i386/exception.s:270 > > I noticed that shortly before it happens, I also get the following message > from wpa_supplicant: "Failed to disable WPA in the driver". Hi, This looks like a WLAN problem rather than an USB problem. Some months back the WLAN statemachine was converted to taskqueues. In that regard I've seen 100% reproducable panics, but I did not have time to investigate. If you put some delay between the "ifconfig" commands on your wlan device, does the problem disappear? Related PR: usb/137341: driver if_rum doesn't work at all and throws panics --HPS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908141407.56248.hselasky>