From owner-freebsd-bugs@FreeBSD.ORG Mon Mar 15 06:10:10 2010 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 92EA0106567A for ; Mon, 15 Mar 2010 06:10:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 7168C8FC21 for ; Mon, 15 Mar 2010 06:10:10 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o2F6A9Ia038771 for ; Mon, 15 Mar 2010 06:10:09 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o2F6A90u038770; Mon, 15 Mar 2010 06:10:09 GMT (envelope-from gnats) Resent-Date: Mon, 15 Mar 2010 06:10:09 GMT Resent-Message-Id: <201003150610.o2F6A90u038770@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Edwin Groothuis Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 85E73106564A for ; Mon, 15 Mar 2010 06:05:10 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: from k7.mavetju.org (ppp113-58.static.internode.on.net [150.101.113.58]) by mx1.freebsd.org (Postfix) with ESMTP id DAC4B8FC30 for ; Mon, 15 Mar 2010 06:05:09 +0000 (UTC) Received: by k7.mavetju.org (Postfix, from userid 1001) id 27260451CE; Mon, 15 Mar 2010 17:03:49 +1100 (EST) Message-Id: <20100315060349.27260451CE@k7.mavetju.org> Date: Mon, 15 Mar 2010 17:03:49 +1100 (EST) From: Edwin Groothuis To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: kern/144755: [iwi] iwi panic when issueing /etc/rc.d/netif restart on 8-STABLE r205159 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Edwin Groothuis List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Mar 2010 06:10:11 -0000 >Number: 144755 >Category: kern >Synopsis: [iwi] iwi panic when issueing /etc/rc.d/netif restart on 8-STABLE r205159 >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Mar 15 06:10:08 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Edwin Groothuis >Release: FreeBSD 8.0-STABLE i386 >Organization: - >Environment: FreeBSD vaio.mavetju.org 8.0-STABLE FreeBSD 8.0-STABLE #13 r205159: Mon Mar 15 08:59:42 EST 2010 root@vaio.mavetju.org:/usr/obj/usr/home/edwin/svn/build/sys/GENERIC i386 >Description: Machine panics when issueing /etc/rc.d/netif restart. wlan0: ieee80211_new_state_locked: pending SCAN -> AUTH transition lost Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0xc4fe81d5 fault code = supervisor read, page not present instruction pointer = 0x20:0xc4fa9b0c stack pointer = 0x28:0xdf834b7c frame pointer = 0x28:0xdf834c34 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 0 (iwi0 taskq) trap number = 12 panic: page fault cpuid = 0 Uptime: 30m31s Physical memory: 750 MB Dumping 78 MB: (CTRL-C to abort) (CTRL-C to abort) 63 47 31 15 at /usr/home/edwin/svn/build/sys/i386/i386/trap.c:938 #4 0xc0bc1ce0 in trap_pfault (frame=0xdf834b3c, usermode=0, eva=3305013717) at /usr/home/edwin/svn/build/sys/i386/i386/trap.c:851 #5 0xc0bc2625 in trap (frame=0xdf834b3c) at /usr/home/edwin/svn/build/sys/i386/i386/trap.c:533 #6 0xc0ba4c0b in calltrap () at /usr/home/edwin/svn/build/sys/i386/i386/exception.s:165 #7 0xc4fa9b0c in iwi_auth_and_assoc (sc=0xc4298800, vap=0xc4a61000) at /usr/home/edwin/svn/build/sys/modules/iwi/../../dev/iwi/if_iwi.c:2854 #8 0xc4faa1f9 in iwi_newstate (vap=0xc4a61000, nstate=IEEE80211_S_AUTH, arg=192) at /usr/home/edwin/svn/build/sys/modules/iwi/../../dev/iwi/if_iwi.c:1001 #9 0xc09767a1 in ieee80211_newstate_cb (xvap=0xc4a61000, npending=1) at /usr/home/edwin/svn/build/sys/net80211/ieee80211_proto.c:1654 #10 0xc08c52a2 in taskqueue_run (queue=0xc4b61cc0) at /usr/home/edwin/svn/build/sys/kern/subr_taskqueue.c:239 #11 0xc08c54ad in taskqueue_thread_loop (arg=0xc4fad074) at /usr/home/edwin/svn/build/sys/kern/subr_taskqueue.c:360 #12 0xc0862231 in fork_exit (callout=0xc08c53f0 , arg=0xc4fad074, frame=0xdf834d38) at /usr/home/edwin/svn/build/sys/kern/kern_fork.c:843 #13 0xc0ba4c80 in fork_trampoline () at /usr/home/edwin/svn/build/sys/i386/i386/exception.s:270 (kgdb) (kgdb) frame 7 #7 0xc4fa9b0c in iwi_auth_and_assoc (sc=0xc4298800, vap=0xc4a61000) at /usr/home/edwin/svn/build/sys/modules/iwi/../../dev/iwi/if_iwi.c:2854 2854 rs.mode = mode; (kgdb) list 2849 if (error != 0) 2850 goto done; 2851 2852 /* the rate set has already been "negotiated" */ 2853 memset(&rs, 0, sizeof rs); 2854 rs.mode = mode; 2855 rs.type = IWI_RATESET_TYPE_NEGOTIATED; 2856 rs.nrates = ni->ni_rates.rs_nrates; 2857 if (rs.nrates > IWI_RATESET_SIZE) { 2858 DPRINTF(("Truncating negotiated rate set from %u\n", (kgdb) info local ic = (struct ieee80211com *) 0xc4fad000 ifp = (struct ifnet *) 0xc43f2000 ni = (struct ieee80211_node *) 0xc4fe8000 config = {bluetooth_coexistence = 0 '\0', reserved1 = 0 '\0', answer_pbreq = 0 '\0', allow_invalid_frames = 0 '\0', multicast_enabled = 1 '\001', drop_unicast_unencrypted = 0 '\0', disable_unicast_decryption = 1 '\001', drop_multicast_unencrypted = 0 '\0', disable_multicast_decryption = 1 '\001', antenna = 0 '\0', include_crc = 0 '\0', use_protection = 1 '\001', protection_ctsonly = 0 '\0', enable_multicast_filtering = 0 '\0', bluetooth_threshold = 0 '\0', silence_threshold = 0 '\0', allow_beacon_and_probe_resp = 0 '\0', allow_mgt = 0 '\0', noise_reported = 0 '\0', reserved5 = 0 '\0'} assoc = Variable "assoc" is not available. (kgdb) p ni $1 = (struct ieee80211_node *) 0xc4fe8000 (kgdb) p *ni Cannot access memory at address 0xc4fe8000 Information available: [~/svn/build] edwin@vaio>svn info [...] Revision: 205159 Last Changed Author: jilles Last Changed Rev: 205150 Last Changed Date: 2010-03-15 00:07:40 +1100 (Mon, 15 Mar 2010) In http://www.mavetju.org/~edwin/vmcore.1: -rw-r--r-- 1 1001 80 22423 Mar 15 05:43 core.txt.1.bz2 -rw-r--r-- 1 1001 80 464 Mar 15 05:43 info.1 -rw-r--r-- 1 1001 80 18104049 Mar 15 06:01 kernel.debug.bz2 -rw-r--r-- 1 1001 80 17194295 Mar 15 05:51 vmcore.1.bz2 >How-To-Repeat: >Fix: I am able to reproduce this on demand, please let me know which steps you want me to take to troubleshoot this or test patches if needed. >Release-Note: >Audit-Trail: >Unformatted: