From owner-freebsd-bugs@FreeBSD.ORG Sun Aug 9 12:50:03 2009 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 802DD1065692 for ; Sun, 9 Aug 2009 12:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 5D9F68FC24 for ; Sun, 9 Aug 2009 12:50:03 +0000 (UTC) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n79Co3k6054075 for ; Sun, 9 Aug 2009 12:50:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n79Co3Ki054074; Sun, 9 Aug 2009 12:50:03 GMT (envelope-from gnats) Resent-Date: Sun, 9 Aug 2009 12:50:03 GMT Resent-Message-Id: <200908091250.n79Co3Ki054074@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, parv Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E85821065672 for ; Sun, 9 Aug 2009 09:24:25 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id D5FFB8FC27 for ; Sun, 9 Aug 2009 09:24:25 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n799OPXt067867 for ; Sun, 9 Aug 2009 09:24:25 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id n799OPXL067849; Sun, 9 Aug 2009 09:24:25 GMT (envelope-from nobody) Message-Id: <200908090924.n799OPXL067849@www.freebsd.org> Date: Sun, 9 Aug 2009 09:24:25 GMT From: parv To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/137592: [ath] panic - 7-STABLE (Aug 7, 2009 UTC) crashes on network X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Aug 2009 12:50:03 -0000 >Number: 137592 >Category: kern >Synopsis: [ath] panic - 7-STABLE (Aug 7, 2009 UTC) crashes on network >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Aug 09 12:50:02 UTC 2009 >Closed-Date: >Last-Modified: >Originator: parv >Release: 7-STABLE >Organization: >Environment: FreeBSD/i386 7-STABLE around Aug 7, 2009 2pm UTC (updated from cvsup5), custom kernel, on Lenovo Thinkpad T61 (32 bit). DDB, KDB, WITNESS{,_SKIPSPIN}, INVARIANTS options are enabled in the kernel. >Description: Change from 6-STABLE to 7-STABLE has been stymied due to FreeBSD/i386 7 crashing on network activity. Machine is Thinkpad T61 with Atheros 5212 (IBM 802.11 a/b/g) card. Machine information (under FreeBSD 6.X) can be obtained from ... http://www103.pair.com/parv/comp//unix/freebsd/thinkpad-t61-8897-cto/sys/dmesg http://www103.pair.com/parv/comp//unix/freebsd/thinkpad-t61-8897-cto/sys/pciconf-lcv (in particular to ath0: ath0@pci3:0:0: class=0x020000 card=0x058a1014 chip=0x1014168c rev=0x01 hdr=0x00 vendor = 'Atheros Communications Inc.' device = 'AR5212 Atheros AR5212 802.11abg wireless' class = network subclass = ethernet cap 01[40] = powerspec 2 supports D0 D3 current D0 cap 05[50] = MSI supports 1 message cap 10[60] = PCI-Express 1 legacy endpoint cap 11[90] = MSI-X supports 1 message in map 0x10 ) .. until I do the disk replacement dance again (& get the 7-STABLE specific dmesg & pciconf data). Note that I do not have any problem with ath driver in 6-STABLE. I wonder if -CURRENT is any better(?). Crash dump ... GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd"... Unread portion of the kernel message buffer: panic: operating mode 1 cpuid = 1 KDB: stack backtrace: db_trace_self_wrapper(c0c260f0,e8fbc8fc,c0852763,c0c5338d,1,...) at db_trace_self_wrapper+0x26 kdb_backtrace(c0c5338d,1,c0c3326f,e8fbc908,1,...) at kdb_backtrace+0x29 panic(c0c3326f,1,4,c0c21ab3,ce,...) at panic+0x114 ieee80211_set_tim(c7aac000,1,c0c345ca,c7,0,c7aad510,c670d22c) at ieee80211_set_tim+0x2d ieee80211_pwrsave(c7aac000,c7b1ab00,c0be15cd,62c,c0c30884,...) at ieee80211_pwrsave+0x1f3 ath_start(c6709000,c6709108,e8fbca08,c08ed81f,c6709000,...) at ath_start+0x4e3 if_start(c6709000,0,c0c30884,195,2,...) at if_start+0x4f ether_output_frame(c6709000,c7b1ab00,6,0,e8fbca2a,...) at ether_output_frame+0x1ce ether_output(c6709000,c7b1ab00,e8fbcac0,c6b45e0c,0,...) at ether_output+0x48d ieee80211_output(c6709000,c7b1ab00,e8fbcac0,c6b45e0c,c6b402d0,...) at ieee80211_output+0x38 ip_output(c7b1ab00,0,e8fbcabc,0,0,...) at ip_output+0xa10 udp_send(c6b051a0,0,c7b1ab00,0,0,...) at udp_send+0x89b sosend_dgram(c6b051a0,0,e8fbcbe0,c7b1ab00,0,...) at sosend_dgram+0x359 sosend(c6b051a0,0,e8fbcbe0,0,0,...) at sosend+0x3f kern_sendit(c6b49b40,4,e8fbcc5c,0,0,...) at kern_sendit+0x107 sendit(0,7844401d,0,0,0,...) at sendit+0xad sendto(c6b49b40,e8fbccfc,18,c0c3ea41,c,...) at sendto+0x48 syscall(e8fbcd38) at syscall+0x2a1 Xint0x80_syscall() at Xint0x80_syscall+0x20 --- syscall (133, FreeBSD ELF32, sendto), eip = 0x782d2e83, esp = 0xbfbfccdc, ebp = 0xbfbfcd08 --- KDB: enter: panic Physical memory: 3034 MB Dumping 156 MB: 141 125 109 93 77 61 45 29 13 Reading symbols from /boot/kernel/speaker.ko...Reading symbols from /boot/kernel/speaker.ko.symbols...done. done. Loaded symbols for /boot/kernel/speaker.ko Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done. done. Loaded symbols for /boot/kernel/acpi.ko #0 doadump () at pcpu.h:196 196 pcpu.h: No such file or directory. in pcpu.h (kgdb) bt #0 doadump () at pcpu.h:196 #1 0xc04db4eb in db_fncall (dummy1=1, dummy2=0, dummy3=-1059146496, dummy4=0xe8fbc6e0 "") at /usr/src7/sys/ddb/db_command.c:516 #2 0xc04dba4c in db_command (last_cmdp=0xc0d3b014, cmd_table=0x0, dopager=1) at /usr/src7/sys/ddb/db_command.c:413 #3 0xc04dbb4d in db_command_loop () at /usr/src7/sys/ddb/db_command.c:466 #4 0xc04dd20f in db_trap (type=3, code=0) at /usr/src7/sys/ddb/db_main.c:228 #5 0xc087e4fe in kdb_trap (type=3, code=0, tf=0xe8fbc888) at /usr/src7/sys/kern/subr_kdb.c:524 #6 0xc0b5976b in trap (frame=0xe8fbc888) at /usr/src7/sys/i386/i386/trap.c:687 #7 0xc0b3f73b in calltrap () at /usr/src7/sys/i386/i386/exception.s:166 #8 0xc087e65f in kdb_enter_why (why=0xc0c2320a "panic", msg=0xc0c2320a "panic") at cpufunc.h:60 #9 0xc0852780 in panic (fmt=0xc0c3326f "operating mode %u") at /usr/src7/sys/kern/kern_shutdown.c:557 #10 0xc09226e6 in ieee80211_set_tim (ni=0xc0c2320a, set=1) at /usr/src7/sys/net80211/ieee80211_power.c:140 #11 0xc0922401 in ieee80211_pwrsave (ni=0xc7aac000, m=0xc7b1ab00) at /usr/src7/sys/net80211/ieee80211_power.c:206 #12 0xc0583a45 in ath_start (ifp=0xc6709000) at /usr/src7/sys/dev/ath/if_ath.c:1618 #13 0xc08e75fb in if_start (ifp=0xc6709000) at /usr/src7/sys/net/if.c:2837 #14 0xc08ed81f in ether_output_frame (ifp=0xc6709000, m=0xc7b1ab00) ---Type to continue, or q to quit--- at /usr/src7/sys/net/if_ethersubr.c:405 #15 0xc08edde1 in ether_output (ifp=0xc6709000, m=0xc7b1ab00, dst=0xe8fbcac0, rt0=0xc6b45e0c) at /usr/src7/sys/net/if_ethersubr.c:374 #16 0xc0920299 in ieee80211_output (ifp=0xc6709000, m=0xc7b1ab00, dst=0xe8fbcac0, rt0=0xc6b45e0c) at /usr/src7/sys/net80211/ieee80211_output.c:261 #17 0xc093969c in ip_output (m=0xc7b1ab00, opt=0x0, ro=0xe8fbcabc, flags=Variable "flags" is not available. ) at /usr/src7/sys/netinet/ip_output.c:554 #18 0xc09a734a in udp_send (so=0xc6b051a0, flags=0, m=0xc7b1ab00, addr=0x0, control=0x0, td=0xc6b49b40) at /usr/src7/sys/netinet/udp_usrreq.c:1074 #19 0xc08ae729 in sosend_dgram (so=0xc6b051a0, addr=0x0, uio=0xe8fbcbe0, top=0xc7b1ab00, control=0x0, flags=Variable "flags" is not available. ) at /usr/src7/sys/kern/uipc_socket.c:1060 #20 0xc08ac439 in sosend (so=0xc6b051a0, addr=0x0, uio=0xe8fbcbe0, top=0x0, control=0x0, flags=0, td=0xc6b49b40) at /usr/src7/sys/kern/uipc_socket.c:1289 #21 0xc08b3408 in kern_sendit (td=0xc6b49b40, s=4, mp=0xe8fbcc5c, flags=0, control=0x0, segflg=UIO_USERSPACE) at /usr/src7/sys/kern/uipc_syscalls.c:805 #22 0xc08b54cd in sendit (td=0xc6b49b40, s=4, mp=0xe8fbcc5c, flags=0) at /usr/src7/sys/kern/uipc_syscalls.c:742 #23 0xc08b55c2 in sendto (td=0xc6b49b40, uap=0xe8fbccfc) at /usr/src7/sys/kern/uipc_syscalls.c:857 #24 0xc0b58f40 in syscall (frame=0xe8fbcd38) ---Type to continue, or q to quit--- at /usr/src7/sys/i386/i386/trap.c:1089 #25 0xc0b3f7a0 in Xint0x80_syscall () at /usr/src7/sys/i386/i386/exception.s:262 #26 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) q >How-To-Repeat: After initially connecting ath (DHCP with Belkin & Linksys units; WPA with the Belkin unit), wait about 1.5-2 hours & initiate network traffic, say, ping an address. Crash dump above is from panic which happened just about in half hour, while ping'ing Google address every five minutes. >Fix: >Release-Note: >Audit-Trail: >Unformatted: