Date: Wed, 25 Feb 2004 09:45:28 -0800 (PST) From: Matthew Fremont <m_fremont@yahoo.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/63360: panic: page fault in ath kernel module if_ath on 5.2-RELEASE Message-ID: <200402251745.i1PHjSe4014945@www.freebsd.org> Resent-Message-ID: <200402251750.i1PHoFrJ030528@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 63360 >Category: kern >Synopsis: panic: page fault in ath kernel module if_ath on 5.2-RELEASE >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Feb 25 09:50:14 PST 2004 >Closed-Date: >Last-Modified: >Originator: Matthew Fremont >Release: 5.2-RELEASE >Organization: >Environment: FreeBSD futomaki.6230.net 5.2-RELEASE FreeBSD 5.2-RELEASE #0: Sun Jan 11 04:21:45 GMT 2004 root@wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386 >Description: Page fault panic in if_ath.c on 5.2-RELEASE resulting from network traffic on ath(4) device (NetGear WG311). Panic can be easily reproduced by writing to Samba share from Win2k client, but has also occurred with NFS writes from Win2k client as well as FTP downloads initiated by sysinstall running on problem machine. last message on console prior to panic was: ath0: discard oversize frame (ether type 5e4 flags 3 len 1522 > max 1514) info from crash dump: This GDB was configured as "i386-unknown-freebsd"... (no debugging symbols found)... panic: page fault panic messages: --- Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 01 fault virtual address = 0x3823155c fault code = supervisor read, page not present instruction pointer = 0x8:0xc0669260 stack pointer = 0x10:0xd8a8fc54 frame pointer = 0x10:0xd8a8fc58 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 52 (swi7: task queue) trap number = 12 panic: page fault cpuid = 0; boot() called on cpu#0 syncing disks, buffers remaining... 3842 3841 3841 3841 3841 3841 3841 3841 3841 3841 3841 3841 3841 3841 ath0: device timeout 3841 3841 3841 3841 3841 3841 3841 giving up on 1724 buffers Uptime: 18h50m7s Dumping 511 MB 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496 --- Reading symbols from /boot/kernel/ath_hal.ko...(no debugging symbols found)... done. Loaded symbols for /boot/kernel/ath_hal.ko Reading symbols from /boot/kernel/acpi.ko...(no debugging symbols found)... done. Loaded symbols for /boot/kernel/acpi.ko Reading symbols from /boot/kernel/green_saver.ko... (no debugging symbols found)...done. Loaded symbols for /boot/kernel/green_saver.ko Reading symbols from /boot/kernel/linux.ko...(no debugging symbols found)... done. Loaded symbols for /boot/kernel/linux.ko Reading symbols from /boot/kernel/if_ath_g.ko...done. Loaded symbols for /boot/kernel/if_ath_g.ko #0 0xc063140b in doadump () (kgdb) bt #0 0xc063140b in doadump () #1 0xc0631967 in boot () #2 0xc0631cde in panic () #3 0xc07db62c in trap_fatal () #4 0xc07db2d2 in trap_pfault () #5 0xc07daedd in trap () #6 0xc07c8278 in calltrap () #7 0xc48167e3 in ath_rx_proc (arg=0xc481b000, npending=0) at /usr/src/sys/dev/ath/if_ath.c:1737 #8 0xc065408c in taskqueue_run () #9 0xc0654113 in taskqueue_swi_run () #10 0xc061f822 in ithread_loop () #11 0xc061e93e in fork_exit () (kgdb) NOTE: I recompiled if_ath.c with -g in order to get a line number in if_ath.c for the backtrace. The debug version of this module is loaded as if_ath_g.ko. This is the only change from 5.2-RELEASE. dmesg.today: Copyright (c) 1992-2004 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.2-RELEASE #0: Sun Jan 11 04:21:45 GMT 2004 root@wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC Preloaded elf kernel "/boot/kernel/kernel" at 0xc0a67000. Preloaded elf module "/boot/kernel/if_ath_g.ko" at 0xc0a671f4. Preloaded elf module "/boot/kernel/ath_hal.ko" at 0xc0a672a4. Preloaded elf module "/boot/kernel/acpi.ko" at 0xc0a67350. Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Pentium III/Pentium III Xeon/Celeron (498.34-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x673 Stepping = 3 Features=0x383fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE> real memory = 536862720 (511 MB) avail memory = 511815680 (488 MB) ACPI APIC Table: <DELL PE2400 > FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0 (BSP): APIC ID: 1 cpu1 (AP): APIC ID: 0 ioapic0: Changing APIC ID to 2 ioapic1: Changing APIC ID to 3 ioapic0 <Version 1.1> irqs 0-15 on motherboard ioapic1 <Version 1.1> irqs 16-31 on motherboard Pentium Pro MTRR support enabled npx0: [FAST] npx0: <math processor> on motherboard npx0: INT 16 interface acpi0: <DELL PE2400 > on motherboard acpi0: Power Button (fixed) Timecounter "ACPI-safe" frequency 3579545 Hz quality 1000 pcibios: BIOS version 2.10 Using $PIR table, 11 entries at 0xc00fc330 acpi_timer0: <32-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0 acpi_cpu0: <CPU> on acpi0 acpi_cpu1: <CPU> on acpi0 pcib0: <ACPI Host-PCI bridge> on acpi0 pci0: <ACPI PCI bus> on pcib0 pcib1: <ACPI PCI-PCI bridge> at device 2.0 on pci0 pci1: <ACPI PCI bus> on pcib1 ahc0: <Adaptec aic7890/91 Ultra2 SCSI adapter> port 0xfc00-0xfcff mem 0xfcfff000-0xfcffffff irq 31 at device 4.0 on pci1 aic7890/91: Ultra2 Wide Channel A, SCSI Id=7, 32/253 SCBs ahc1: <Adaptec aic7880 Ultra SCSI adapter> port 0xf800-0xf8ff mem 0xfcffe000-0xfcffefff irq 30 at device 6.0 on pci1 aic7880: Ultra Single Channel A, SCSI Id=7, 16/253 SCBs fxp0: <Intel 82559 Pro/100 Ethernet> port 0xecc0-0xecff mem 0xfe000000-0xfe0fffff,0xfe102000-0xfe102fff irq 16 at device 8.0 on pci0 fxp0: Ethernet address 00:b0:d0:21:b1:b3 miibus0: <MII bus> on fxp0 inphy0: <i82555 10/100 media interface> on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto pci0: <display, VGA> at device 14.0 (no driver attached) isab0: <PCI-ISA bridge> port 0x580-0x58f at device 15.0 on pci0 isa0: <ISA bus> on isab0 pcib2: <ACPI Host-PCI bridge> on acpi0 pci2: <ACPI PCI bus> on pcib2 ath0: <Atheros 5212> mem 0xf6010000-0xf601ffff irq 28 at device 6.0 on pci2 ath0: mac 5.6 phy 4.1 5ghz radio 1.7 2ghz radio 2.3 ath0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps ath0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps ath0: 802.11 address: 00:09:5b:94:6e:b6 pci2: <simple comms, UART> at device 14.0 (no driver attached) fdc0: <Enhanced floppy controller (i82077, NE72065 or clone)> port 0x3f7,0x3f0-0x3f5 irq 6 drq 2 on acpi0 fdc0: FIFO enabled, 8 bytes threshold fd0: <1440-KB 3.5" drive> on fdc0 drive 0 atkbdc0: <Keyboard controller (i8042)> port 0x64,0x60 irq 1 on acpi0 atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0 kbd0 at atkbd0 sio0 port 0x3f8-0x3ff irq 4 on acpi0 sio0: type 16550A sio1 port 0x2f8-0x2ff irq 3 on acpi0 sio1: type 16550A ppc0 port 0x778-0x77f,0x378-0x37f irq 7 on acpi0 ppc0: Generic chipset (ECP/PS2/NIBBLE) in COMPATIBLE mode ppc0: FIFO with 16/16/8 bytes threshold ppbus0: <Parallel port bus> on ppc0 plip0: <PLIP network interface> on ppbus0 lpt0: <Printer> on ppbus0 lpt0: Interrupt-driven port ppi0: <Parallel I/O> on ppbus0 orm0: <Option ROMs> at iomem 0xcd000-0xcd7ff,0xc8000-0xccfff,0xc0000-0xc7fff on isa0 pmtimer0 on isa0 ata0 at port 0x3f6,0x1f0-0x1f7 irq 14 on isa0 ata0: [MPSAFE] ata1 at port 0x376,0x170-0x177 irq 15 on isa0 ata1: [MPSAFE] sc0: <System console> at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 Timecounters tick every 10.000 msec Waiting 15 seconds for SCSI devices to settle (probe2:ahc0:0:1:1): AutoSense Failed (probe2:ahc0:0:1:2): AutoSense Failed (probe2:ahc0:0:1:3): AutoSense Failed (probe0:ahc0:0:1:4): AutoSense Failed (probe0:ahc0:0:1:5): AutoSense Failed (probe0:ahc0:0:1:6): AutoSense Failed (probe0:ahc0:0:1:7): AutoSense Failed sa0 at ahc1 bus 0 target 6 lun 0 sa0: <SONY SDT-10000 01u4> Removable Sequential Access SCSI-2 device sa0: 20.000MB/s transfers (20.000MHz, offset 15) ses0 at ahc0 bus 0 target 6 lun 0 ses0: <DELL 1x6 U2W SCSI BP 5.35> Fixed Processor SCSI-2 device ses0: 3.300MB/s transfers ses0: SAF-TE Compliant Device GEOM: create disk cd0 dp=0xc47d0600 GEOM: create disk da0 dp=0xc493a050 GEOM: create disk da1 dp=0xc493a450 SMP: AP CPU #1 Launched! da1 at ahc0 bus 0 target 1 lun 0 da1: <SEAGATE ST39204LC 0005> Fixed Direct Access SCSI-3 device da1: 80.000MB/s transfers (40.000MHz, offset 63, 16bit), Tagged Queueing Enabled da1: 8683MB (17783239 512 byte sectors: 255H 63S/T 1106C) cd0 at ahc1 bus 0 target 5 lun 0 cd0: <NEC CD-ROM DRIVE:466 1.06> Removable CD-ROM SCSI-2 device cd0: 20.000MB/s transfers (20.000MHz, offset 15) cd0: Attempt to query device size failed: NOT READY, Medium not present da0 at ahc0 bus 0 target 0 lun 0 da0: <IBM DNES-309170Y SA60> Fixed Direct Access SCSI-3 device da0: 80.000MB/s transfers (40.000MHz, offset 31, 16bit), Tagged Queueing Enabled da0: 8683MB (17783301 512 byte sectors: 255H 63S/T 1106C) Mounting root from ufs:/dev/da0s1a WARNING: / was not properly dismounted WARNING: /tmp was not properly dismounted WARNING: /usr was not properly dismounted WARNING: /var was not properly dismounted >How-To-Repeat: Two reliable ways to reproduce the panic: 1. initiate a sustained write to a Samba share hosted on the 5.2-CURRENT system from a Win2k client. With a Samba-3.0.0.1 port on FreeBSD system mounted as Z: on Win2k client the following cygwin command reliably induces the page fault after writing about 80MB to the Samba share: tar cvf /cygdrive/z/test.tar . 2. attempt to install all src distributions from ftp2.freebsd.org with sysinstall. kernel panics before completing download. I've experienced panics after as little as 20MB transferred and as much as 46MB. >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402251745.i1PHjSe4014945>