Date: Thu, 22 Dec 2005 09:37:50 -0800 From: Sam Leffler <sam@errno.com> To: Rory Arms <rorya@TrueStep.com> Cc: FreeBSD-stable@freebsd.org Subject: Re: panic with RELENG_6, 2005-11-09 source Message-ID: <43AAE46E.3080901@errno.com> In-Reply-To: <5D02DA64-FA99-4870-B01D-646578EE1496@TrueStep.com> References: <5D02DA64-FA99-4870-B01D-646578EE1496@TrueStep.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Rory Arms wrote:
> I'm not subscribed to the list, so include me in any replies.
>
> Now the report...
>
> I'm reporting a kernel panic with a 6.0-STABLE machine using RELENG_6
> source from 2006-11-09.
> It was triggered when I ran the command "ifconfig ath0 pureg" as an
> attempt to switch the D-Link G520 running in hostAP mode, into "g
> only" mode. I did this because I've been experiencing slow rates with
> Airport Express clients (PowerBook) where no matter what the settings
> on the AP are, it refuses to go above 1 Mbit/s.
>
> Here's the pertinent debug info:
>
> from /etc/rc.conf
>
> # ath0 to be bridged with fxp0. See /etc/sysctl.conf
> ifconfig_ath0="inet up ssid FOO mode 11g mediaopt hostap -wme wepmode
> on wepkey 1:hexkeyhere authmode shared deftxkey 1 pureg"
>
> Notice the "pureg" directive in there.. I added that after doing the
> interactive test mentioned above, which crashed the system. It seems to
> be ok if it's enabled at boot time.
>
> Also, I'm using bridge(4), so here's the relevant sysctl(8) oid:
>
> net.link.ether.bridge.config: fxp0,ath0
>
> Titan> sudo kgdb /usr/obj/usr/src/sys/TITAN/kernel.debug vmcore.15
> Password:
> [GDB will not be able to debug user-mode threads: /usr/lib/
> libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and
> you are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for
> details.
> This GDB was configured as "i386-marcel-freebsd".
>
> Unread portion of the kernel message buffer:
>
>
> Fatal trap 12: page fault while in kernel mode
> fault virtual address = 0x10002
> fault code = supervisor read, page not present
> instruction pointer = 0x20:0xc059d5aa
> stack pointer = 0x28:0xd43f6ba4
> frame pointer = 0x28:0xd43f6ba8
> code segment = base 0x0, limit 0xfffff, type 0x1b
> = DPL 0, pres 1, def32 1, gran 1
> processor eflags = interrupt enabled, resume, IOPL = 0
> current process = 39 (swi6: task queue)
> trap number = 12
> panic: page fault
> Uptime: 4d23h24m31s
> Dumping 510 MB (2 chunks)
> chunk 0: 1MB (160 pages) ... ok
> chunk 1: 510MB (130416 pages) 494 478 462 446 430 414 398 382 366 350
> 334 318 302 286 270 254 238 222 206 190 174 158 142 126 110 94 78 62 46
> 30 14
>
> #0 doadump () at pcpu.h:165
> 165 pcpu.h: No such file or directory.
> in pcpu.h
> (kgdb) bt
> #0 doadump () at pcpu.h:165
> #1 0xc0505706 in boot (howto=260) at /usr/src/sys/kern/
> kern_shutdown.c:399
> #2 0xc0505a10 in panic (fmt=0xc0714375 "%s")
> at /usr/src/sys/kern/kern_shutdown.c:555
> #3 0xc06ecea0 in trap_fatal (frame=0xd43f6b64, eva=0)
> at /usr/src/sys/i386/i386/trap.c:831
> #4 0xc06ecbc5 in trap_pfault (frame=0xd43f6b64, usermode=0, eva=65538)
> at /usr/src/sys/i386/i386/trap.c:742
> #5 0xc06ec7af in trap (frame=
> {tf_fs = -1045430264, tf_es = -734068696, tf_ds = -1068564440,
> tf_edi = -1045884500, tf_esi = -1045427200, tf_ebp = -734041176, tf_isp
> = -734041200, tf_ebx = -1045884500, tf_edx = -1064610944, tf_ecx =
> 65535, tf_eax = 65535, tf_trapno = 12, tf_err = 0, tf_eip =
> -1067854422, tf_cs = 32, tf_eflags = 590338, tf_esp = -1009879030,
> tf_ss = -734041136}) at /usr/src/sys/i386/i386/trap.c:432
> #6 0xc06db2ca in calltrap () at /usr/src/sys/i386/i386/exception.s:139
> #7 0xc059d5aa in ieee80211_chan2mode (ic=0xc1a911ac, chan=0xffff)
> at /usr/src/sys/net80211/ieee80211.c:892
> #8 0xc05a9e5e in ieee80211_tmp_node (ic=0xc1a911ac, macaddr=0xc3ce780a
> "")
> at /usr/src/sys/net80211/ieee80211_node.c:225
> #9 0xc05a007b in ieee80211_send_error (ic=0xc1a911ac, ni=0xc1b01000,
> mac=0xffff <Address 0xffff out of bounds>, subtype=65535, arg=65535)
> at /usr/src/sys/net80211/ieee80211_input.c:957
> #10 0xc059f15d in ieee80211_input (ic=0xc1a911ac, m=0xc1aab100,
> ni=0xc1b01000,
> ---Type <return> to continue, or q <return> to quit---
> rssi=19, rstamp=23891) at /usr/src/sys/net80211/ ieee80211_input.c:341
> #11 0xc0889aa4 in ?? ()
> #12 0xc1a911ac in ?? ()
> #13 0xc1aab100 in ?? ()
> #14 0xc1b01000 in ?? ()
> #15 0x00000013 in ?? ()
> #16 0x00005d53 in ?? ()
> #17 0xc1989a80 in ?? ()
> #18 0xc1aab100 in ?? ()
> #19 0xc1a3ab44 in ?? ()
> #20 0xc1a93000 in ?? ()
> #21 0xc1a82000 in ?? ()
> #22 0xc1a911ac in ?? ()
> #23 0xc1a920a8 in ?? ()
> #24 0xc1a43480 in ?? ()
> #25 0x00000004 in ?? ()
> #26 0xd43f6cc0 in ?? ()
> #27 0xc0528ffa in taskqueue_run (queue=0xc1a9689c)
> at /usr/src/sys/kern/subr_taskqueue.c:217
> Previous frame identical to this frame (corrupt stack?)
> (kgdb) Titan> uname -a
> FreeBSD Titan 6.0-STABLE FreeBSD 6.0-STABLE #0: Wed Nov 9 22:03:41 MST
> 2005 root@Titan:/usr/obj/usr/src/sys/TITAN i386
<...snip...>
The fix for this has been in HEAD for a while. The MFC is in my queue.
If you want to patch your system look at rev 1.67 of
net80211/ieee80211_node.c.
Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43AAE46E.3080901>