Date: Thu, 26 Apr 2007 16:20:11 -0700 From: Steve Kargl <sgk@troutmask.apl.washington.edu> To: freebsd-stable@freebsd.org Subject: ath induced panic in -stable Message-ID: <20070426232011.GA50555@troutmask.apl.washington.edu>
next in thread | raw e-mail | index | archive | help
In trying to update from a 6.2-release to 6-2.-stable, I run into a nasty panic which results in a corrupt backtrace. It looks like a cascade of panics. In 6.2-release, I initialize my ath wirelss NIC with the following script #! /bin/sh ifconfig ath0 inet 192.168.0.10 ifconfig ath0 ssid "My_ssid" mode 11g channel 11 wepmode on ifconfig ath0 wepkey 0xValid_WEP_key deftxkey 1 route add default 192.168.0.1 I can get to the net without a problem. However, with up-to-date 6.2-stable sources, the above script will cause a panic. In trying various things, I've found that the "mode 11g" in the second command is the guilty party. Without "mode 11g", I can once again to the net. Here's the output of a kgdb session Unread portion of the kernel message buffer: ifhwioctl(c0286938,c34c4c00,c3723e80,c3722000) at ifhwioctl+0xa40 ifioctl(c355a000,c0286938,c3723e80,c3722000,0,...) at ifioctl+0xc3 soo_ioctl(c3512a68,c0286938,c3723e80,c3745180,c3722000) at soo_ioctl+0x2db ioctl(c3722000,da95ad04) at ioctl+0x396 syscall(bfbf003b,3b,bfbf003b,805d028,0,...) at syscall+0x22f Xint0x80_syscall() at Xint0x80_syscall+0x1f --- syscall (54, FreeBSD ELF32, ioctl), eip = 0x28149787, esp = 0xbfbfe2fc, ebp = 0xbfbfe328 --- KDB: enter: witness_checkorder Dumping 511 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 511MB (130786 pages) 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 #0 doadump () at pcpu.h:165 165 pcpu.h: No such file or directory. in pcpu.h (kgdb) bt #0 doadump () at pcpu.h:165 #1 0xc0477d1b in db_fncall (dummy1=-1065228384, dummy2=0, dummy3=-1066610577, dummy4=0xda95a7c4 "ð§\225ÚÀ³lÀܧ\225Úà§\225Ú\220\a") at /usr/src/sys/ddb/db_command.c:492 #2 0xc0477b20 in db_command (last_cmdp=0xc07aef44, cmd_table=0x0, aux_cmd_tablep=0xc0764a34, aux_cmd_tablep_end=0xc0764a38) at /usr/src/sys/ddb/db_command.c:350 #3 0xc0477be8 in db_command_loop () at /usr/src/sys/ddb/db_command.c:458 #4 0xc04797e5 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:222 #5 0xc0573997 in kdb_trap (type=3, code=0, tf=0xda95a904) at /usr/src/sys/kern/subr_kdb.c:473 #6 0xc06e9a24 in trap (frame= {tf_fs = -627769336, tf_es = -1068040152, tf_ds = -1066205144, tf_edi = 9, tf_esi = -1020494300, tf_ebp = -627726012, tf_isp = -627726032, tf_ebx = -1065345868, tf_edx = 0, tf_ecx = -1056878592, tf_eax = 31, tf_trapno = 3, tf_err = 0, tf_eip = -1068026085, tf_cs = 32, tf_eflags = 662, tf_esp = -627725960, tf_ss = -1067982253}) at /usr/src/sys/i386/i386/trap.c:594 #7 0xc06d7f5a in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #8 0xc057371b in kdb_enter (msg=0x1f <Address 0x1f out of bounds>) at cpufunc.h:60 #9 0xc057e253 in witness_checkorder (lock=0xc32c7e24, flags=9, file=0xc075587c "/usr/src/sys/vm/vm_map.c", line=3074) at /usr/src/sys/kern/subr_witness.c:1079 #10 0xc0560a74 in _sx_xlock (sx=0xc32c7e24, file=0xc075587c "/usr/src/sys/vm/vm_map.c", line=3074) at /usr/src/sys/kern/kern_sx.c:171 #11 0xc067c273 in _vm_map_lock_read (map=0x1f, file=0xc1015000 "Copyright (c) 1992-2007 The FreeBSD Project.\nCopyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994\n\tThe Regents of the University of California. All rights reserved.\nFreeBSD is a re"..., line=0) at /usr/src/sys/vm/vm_map.c:453 #12 0xc067f330 in vm_map_lookup (var_map=0xda95aa6c, vaddr=134602752, fault_typea=2 '\002', out_entry=0xda95aa70, object=0x1f, pindex=0xc1015000, out_prot=0x1f <Address 0x1f out of bounds>, wired=0xda95aa48) at /usr/src/sys/vm/vm_map.c:3074 #13 0xc06784bd in vm_fault (map=0xc32c7de0, vaddr=134602752, fault_type=2 '\002', fault_flags=8) at /usr/src/sys/vm/vm_fault.c:235 #14 0xc06e9bae in trap_pfault (frame=0xda95ab34, usermode=0, eva=134602752) at /usr/src/sys/i386/i386/trap.c:722 #15 0xc06e98b1 in trap (frame= {tf_fs = -1065680888, tf_es = 40, tf_ds = -1066205144, tf_edi = 134602752, tf_esi = -1019717632, tf_ebp = -627725396, tf_isp = -627725472, tf_ebx = 620, tf_edx = 0, tf_ecx = 155, tf_eax = 134603372, tf_trapno = 12, tf_err = 2, tf_eip = -1066500010, tf_cs = 32, tf_eflags = 66050, tf_esp = -1015923072, tf_ss = 155}) at /usr/src/sys/i386/i386/trap.c:435 #16 0xc06d7f5a in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #17 0xc06e8056 in generic_copyout () at /usr/src/sys/i386/i386/support.s:760 Previous frame inner to this frame (corrupt stack?) If one goes back upto the "Unread portion" above, on the console I see a line about ath_ioctl, then frame #17. -- Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070426232011.GA50555>