From owner-freebsd-stable@FreeBSD.ORG  Thu Dec 22 17:37:05 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: FreeBSD-stable@freebsd.org
Delivered-To: FreeBSD-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C64B116A426
	for <FreeBSD-stable@freebsd.org>; Thu, 22 Dec 2005 17:37:05 +0000 (GMT)
	(envelope-from sam@errno.com)
Received: from ebb.errno.com (ebb.errno.com [69.12.149.25])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E61BF43D5A
	for <FreeBSD-stable@freebsd.org>; Thu, 22 Dec 2005 17:36:57 +0000 (GMT)
	(envelope-from sam@errno.com)
Received: from [10.0.0.198] ([10.0.0.198]) (authenticated bits=0)
	by ebb.errno.com (8.12.9/8.12.6) with ESMTP id jBMHahiE030792
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Thu, 22 Dec 2005 09:36:45 -0800 (PST) (envelope-from sam@errno.com)
Message-ID: <43AAE46E.3080901@errno.com>
Date: Thu, 22 Dec 2005 09:37:50 -0800
From: Sam Leffler <sam@errno.com>
User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051207)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Rory Arms <rorya@TrueStep.com>
References: <5D02DA64-FA99-4870-B01D-646578EE1496@TrueStep.com>
In-Reply-To: <5D02DA64-FA99-4870-B01D-646578EE1496@TrueStep.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: FreeBSD-stable@freebsd.org
Subject: Re: panic with RELENG_6, 2005-11-09 source
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Dec 2005 17:37:06 -0000

Rory Arms wrote:
> I'm not subscribed to the list, so include me in any replies.
> 
> Now the report...
> 
> I'm reporting a kernel panic with a 6.0-STABLE machine using RELENG_6  
> source from 2006-11-09.
> It was triggered when I ran the command "ifconfig ath0 pureg" as an  
> attempt to switch the  D-Link G520 running in hostAP mode, into "g  
> only" mode. I did this because I've been experiencing slow rates with  
> Airport Express clients (PowerBook) where no matter what the settings  
> on the AP are, it refuses to go above 1 Mbit/s.
> 
> Here's the pertinent debug info:
> 
> from /etc/rc.conf
> 
> # ath0 to be bridged with fxp0. See /etc/sysctl.conf
> ifconfig_ath0="inet up ssid FOO mode 11g mediaopt hostap -wme wepmode  
> on wepkey 1:hexkeyhere authmode shared deftxkey 1 pureg"
> 
> Notice the "pureg" directive in there.. I added that after doing the  
> interactive test mentioned above, which crashed the system. It seems  to 
> be ok if it's enabled at boot time.
> 
> Also, I'm using bridge(4), so here's the relevant sysctl(8) oid:
> 
> net.link.ether.bridge.config: fxp0,ath0
> 
> Titan> sudo kgdb /usr/obj/usr/src/sys/TITAN/kernel.debug vmcore.15
> Password:
> [GDB will not be able to debug user-mode threads: /usr/lib/ 
> libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and  
> you are
> welcome to change it and/or distribute copies of it under certain  
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for  
> details.
> This GDB was configured as "i386-marcel-freebsd".
> 
> Unread portion of the kernel message buffer:
> 
> 
> Fatal trap 12: page fault while in kernel mode
> fault virtual address   = 0x10002
> fault code              = supervisor read, page not present
> instruction pointer     = 0x20:0xc059d5aa
> stack pointer           = 0x28:0xd43f6ba4
> frame pointer           = 0x28:0xd43f6ba8
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 39 (swi6: task queue)
> trap number             = 12
> panic: page fault
> Uptime: 4d23h24m31s
> Dumping 510 MB (2 chunks)
>   chunk 0: 1MB (160 pages) ... ok
>   chunk 1: 510MB (130416 pages) 494 478 462 446 430 414 398 382 366  350 
> 334 318 302 286 270 254 238 222 206 190 174 158 142 126 110 94 78  62 46 
> 30 14
> 
> #0  doadump () at pcpu.h:165
> 165     pcpu.h: No such file or directory.
>         in pcpu.h
> (kgdb) bt
> #0  doadump () at pcpu.h:165
> #1  0xc0505706 in boot (howto=260) at /usr/src/sys/kern/ 
> kern_shutdown.c:399
> #2  0xc0505a10 in panic (fmt=0xc0714375 "%s")
>     at /usr/src/sys/kern/kern_shutdown.c:555
> #3  0xc06ecea0 in trap_fatal (frame=0xd43f6b64, eva=0)
>     at /usr/src/sys/i386/i386/trap.c:831
> #4  0xc06ecbc5 in trap_pfault (frame=0xd43f6b64, usermode=0, eva=65538)
>     at /usr/src/sys/i386/i386/trap.c:742
> #5  0xc06ec7af in trap (frame=
>       {tf_fs = -1045430264, tf_es = -734068696, tf_ds = -1068564440,  
> tf_edi = -1045884500, tf_esi = -1045427200, tf_ebp = -734041176,  tf_isp 
> = -734041200, tf_ebx = -1045884500, tf_edx = -1064610944,  tf_ecx = 
> 65535, tf_eax = 65535, tf_trapno = 12, tf_err = 0, tf_eip =  
> -1067854422, tf_cs = 32, tf_eflags = 590338, tf_esp = -1009879030,  
> tf_ss = -734041136}) at /usr/src/sys/i386/i386/trap.c:432
> #6  0xc06db2ca in calltrap () at /usr/src/sys/i386/i386/exception.s:139
> #7  0xc059d5aa in ieee80211_chan2mode (ic=0xc1a911ac, chan=0xffff)
>     at /usr/src/sys/net80211/ieee80211.c:892
> #8  0xc05a9e5e in ieee80211_tmp_node (ic=0xc1a911ac,  macaddr=0xc3ce780a 
> "")
>     at /usr/src/sys/net80211/ieee80211_node.c:225
> #9  0xc05a007b in ieee80211_send_error (ic=0xc1a911ac, ni=0xc1b01000,
>     mac=0xffff <Address 0xffff out of bounds>, subtype=65535,  arg=65535)
>     at /usr/src/sys/net80211/ieee80211_input.c:957
> #10 0xc059f15d in ieee80211_input (ic=0xc1a911ac, m=0xc1aab100,  
> ni=0xc1b01000,
> ---Type <return> to continue, or q <return> to quit---
>     rssi=19, rstamp=23891) at /usr/src/sys/net80211/ ieee80211_input.c:341
> #11 0xc0889aa4 in ?? ()
> #12 0xc1a911ac in ?? ()
> #13 0xc1aab100 in ?? ()
> #14 0xc1b01000 in ?? ()
> #15 0x00000013 in ?? ()
> #16 0x00005d53 in ?? ()
> #17 0xc1989a80 in ?? ()
> #18 0xc1aab100 in ?? ()
> #19 0xc1a3ab44 in ?? ()
> #20 0xc1a93000 in ?? ()
> #21 0xc1a82000 in ?? ()
> #22 0xc1a911ac in ?? ()
> #23 0xc1a920a8 in ?? ()
> #24 0xc1a43480 in ?? ()
> #25 0x00000004 in ?? ()
> #26 0xd43f6cc0 in ?? ()
> #27 0xc0528ffa in taskqueue_run (queue=0xc1a9689c)
>     at /usr/src/sys/kern/subr_taskqueue.c:217
> Previous frame identical to this frame (corrupt stack?)
> (kgdb) Titan> uname -a
> FreeBSD Titan 6.0-STABLE FreeBSD 6.0-STABLE #0: Wed Nov  9 22:03:41  MST 
> 2005  root@Titan:/usr/obj/usr/src/sys/TITAN  i386

	<...snip...>

The fix for this has been in HEAD for a while.  The MFC is in my queue. 
  If you want to patch your system look at rev 1.67 of 
net80211/ieee80211_node.c.

	Sam