From owner-freebsd-stable@FreeBSD.ORG Thu Apr 26 23:21:26 2007 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4DA6716A406 for ; Thu, 26 Apr 2007 23:21:26 +0000 (UTC) (envelope-from sgk@troutmask.apl.washington.edu) Received: from troutmask.apl.washington.edu (troutmask.apl.washington.edu [128.208.78.105]) by mx1.freebsd.org (Postfix) with ESMTP id 38D6A13C458 for ; Thu, 26 Apr 2007 23:21:26 +0000 (UTC) (envelope-from sgk@troutmask.apl.washington.edu) Received: from troutmask.apl.washington.edu (localhost.apl.washington.edu [127.0.0.1]) by troutmask.apl.washington.edu (8.14.1/8.13.8) with ESMTP id l3QNKJXt050683 for ; Thu, 26 Apr 2007 16:20:19 -0700 (PDT) (envelope-from sgk@troutmask.apl.washington.edu) Received: (from sgk@localhost) by troutmask.apl.washington.edu (8.14.1/8.13.8/Submit) id l3QNKBr9050682 for freebsd-stable@freebsd.org; Thu, 26 Apr 2007 16:20:11 -0700 (PDT) (envelope-from sgk) Date: Thu, 26 Apr 2007 16:20:11 -0700 From: Steve Kargl To: freebsd-stable@freebsd.org Message-ID: <20070426232011.GA50555@troutmask.apl.washington.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.4.2.2i Subject: ath induced panic in -stable X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2007 23:21:26 -0000 In trying to update from a 6.2-release to 6-2.-stable, I run into a nasty panic which results in a corrupt backtrace. It looks like a cascade of panics. In 6.2-release, I initialize my ath wirelss NIC with the following script #! /bin/sh ifconfig ath0 inet 192.168.0.10 ifconfig ath0 ssid "My_ssid" mode 11g channel 11 wepmode on ifconfig ath0 wepkey 0xValid_WEP_key deftxkey 1 route add default 192.168.0.1 I can get to the net without a problem. However, with up-to-date 6.2-stable sources, the above script will cause a panic. In trying various things, I've found that the "mode 11g" in the second command is the guilty party. Without "mode 11g", I can once again to the net. Here's the output of a kgdb session Unread portion of the kernel message buffer: ifhwioctl(c0286938,c34c4c00,c3723e80,c3722000) at ifhwioctl+0xa40 ifioctl(c355a000,c0286938,c3723e80,c3722000,0,...) at ifioctl+0xc3 soo_ioctl(c3512a68,c0286938,c3723e80,c3745180,c3722000) at soo_ioctl+0x2db ioctl(c3722000,da95ad04) at ioctl+0x396 syscall(bfbf003b,3b,bfbf003b,805d028,0,...) at syscall+0x22f Xint0x80_syscall() at Xint0x80_syscall+0x1f --- syscall (54, FreeBSD ELF32, ioctl), eip = 0x28149787, esp = 0xbfbfe2fc, ebp = 0xbfbfe328 --- KDB: enter: witness_checkorder Dumping 511 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 511MB (130786 pages) 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 #0 doadump () at pcpu.h:165 165 pcpu.h: No such file or directory. in pcpu.h (kgdb) bt #0 doadump () at pcpu.h:165 #1 0xc0477d1b in db_fncall (dummy1=-1065228384, dummy2=0, dummy3=-1066610577, dummy4=0xda95a7c4 "ð§\225ÚÀ³lÀܧ\225Úà§\225Ú\220\a") at /usr/src/sys/ddb/db_command.c:492 #2 0xc0477b20 in db_command (last_cmdp=0xc07aef44, cmd_table=0x0, aux_cmd_tablep=0xc0764a34, aux_cmd_tablep_end=0xc0764a38) at /usr/src/sys/ddb/db_command.c:350 #3 0xc0477be8 in db_command_loop () at /usr/src/sys/ddb/db_command.c:458 #4 0xc04797e5 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:222 #5 0xc0573997 in kdb_trap (type=3, code=0, tf=0xda95a904) at /usr/src/sys/kern/subr_kdb.c:473 #6 0xc06e9a24 in trap (frame= {tf_fs = -627769336, tf_es = -1068040152, tf_ds = -1066205144, tf_edi = 9, tf_esi = -1020494300, tf_ebp = -627726012, tf_isp = -627726032, tf_ebx = -1065345868, tf_edx = 0, tf_ecx = -1056878592, tf_eax = 31, tf_trapno = 3, tf_err = 0, tf_eip = -1068026085, tf_cs = 32, tf_eflags = 662, tf_esp = -627725960, tf_ss = -1067982253}) at /usr/src/sys/i386/i386/trap.c:594 #7 0xc06d7f5a in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #8 0xc057371b in kdb_enter (msg=0x1f
) at cpufunc.h:60 #9 0xc057e253 in witness_checkorder (lock=0xc32c7e24, flags=9, file=0xc075587c "/usr/src/sys/vm/vm_map.c", line=3074) at /usr/src/sys/kern/subr_witness.c:1079 #10 0xc0560a74 in _sx_xlock (sx=0xc32c7e24, file=0xc075587c "/usr/src/sys/vm/vm_map.c", line=3074) at /usr/src/sys/kern/kern_sx.c:171 #11 0xc067c273 in _vm_map_lock_read (map=0x1f, file=0xc1015000 "Copyright (c) 1992-2007 The FreeBSD Project.\nCopyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994\n\tThe Regents of the University of California. All rights reserved.\nFreeBSD is a re"..., line=0) at /usr/src/sys/vm/vm_map.c:453 #12 0xc067f330 in vm_map_lookup (var_map=0xda95aa6c, vaddr=134602752, fault_typea=2 '\002', out_entry=0xda95aa70, object=0x1f, pindex=0xc1015000, out_prot=0x1f
, wired=0xda95aa48) at /usr/src/sys/vm/vm_map.c:3074 #13 0xc06784bd in vm_fault (map=0xc32c7de0, vaddr=134602752, fault_type=2 '\002', fault_flags=8) at /usr/src/sys/vm/vm_fault.c:235 #14 0xc06e9bae in trap_pfault (frame=0xda95ab34, usermode=0, eva=134602752) at /usr/src/sys/i386/i386/trap.c:722 #15 0xc06e98b1 in trap (frame= {tf_fs = -1065680888, tf_es = 40, tf_ds = -1066205144, tf_edi = 134602752, tf_esi = -1019717632, tf_ebp = -627725396, tf_isp = -627725472, tf_ebx = 620, tf_edx = 0, tf_ecx = 155, tf_eax = 134603372, tf_trapno = 12, tf_err = 2, tf_eip = -1066500010, tf_cs = 32, tf_eflags = 66050, tf_esp = -1015923072, tf_ss = 155}) at /usr/src/sys/i386/i386/trap.c:435 #16 0xc06d7f5a in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #17 0xc06e8056 in generic_copyout () at /usr/src/sys/i386/i386/support.s:760 Previous frame inner to this frame (corrupt stack?) If one goes back upto the "Unread portion" above, on the console I see a line about ath_ioctl, then frame #17. -- Steve