Re: panic with RELENG_6, 2005-11-09 source

[Sam Leffler]

Rory Arms wrote:
I'm not subscribed to the list, so include me in any replies.
Now the report...

I'm reporting a kernel panic with a 6.0-STABLE machine using RELENG_6  
source from 2006-11-09.
It was triggered when I ran the command "ifconfig ath0 pureg" as an  
attempt to switch the  D-Link G520 running in hostAP mode, into "g  
only" mode. I did this because I've been experiencing slow rates with  
Airport Express clients (PowerBook) where no matter what the settings  
on the AP are, it refuses to go above 1 Mbit/s.

Here's the pertinent debug info:

from /etc/rc.conf

# ath0 to be bridged with fxp0. See /etc/sysctl.conf
ifconfig_ath0="inet up ssid FOO mode 11g mediaopt hostap -wme wepmode  
on wepkey 1:hexkeyhere authmode shared deftxkey 1 pureg"

Notice the "pureg" directive in there.. I added that after doing the  
interactive test mentioned above, which crashed the system. It seems  to 
be ok if it's enabled at boot time.

Also, I'm using bridge(4), so here's the relevant sysctl(8) oid:

net.link.ether.bridge.config: fxp0,ath0

Titan> sudo kgdb /usr/obj/usr/src/sys/TITAN/kernel.debug vmcore.15
Password:
[GDB will not be able to debug user-mode threads: /usr/lib/ 
libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and  
you are
welcome to change it and/or distribute copies of it under certain  
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for  
details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x10002
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc059d5aa
stack pointer           = 0x28:0xd43f6ba4
frame pointer           = 0x28:0xd43f6ba8
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 39 (swi6: task queue)
trap number             = 12
panic: page fault
Uptime: 4d23h24m31s
Dumping 510 MB (2 chunks)
  chunk 0: 1MB (160 pages) ... ok
  chunk 1: 510MB (130416 pages) 494 478 462 446 430 414 398 382 366  350 
334 318 302 286 270 254 238 222 206 190 174 158 142 126 110 94 78  62 46 
30 14

#0  doadump () at pcpu.h:165
165     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:165
#1  0xc0505706 in boot (howto=260) at /usr/src/sys/kern/ 
kern_shutdown.c:399
#2  0xc0505a10 in panic (fmt=0xc0714375 "%s")
    at /usr/src/sys/kern/kern_shutdown.c:555
#3  0xc06ecea0 in trap_fatal (frame=0xd43f6b64, eva=0)
    at /usr/src/sys/i386/i386/trap.c:831
#4  0xc06ecbc5 in trap_pfault (frame=0xd43f6b64, usermode=0, eva=65538)
    at /usr/src/sys/i386/i386/trap.c:742
#5  0xc06ec7af in trap (frame=
      {tf_fs = -1045430264, tf_es = -734068696, tf_ds = -1068564440,  
tf_edi = -1045884500, tf_esi = -1045427200, tf_ebp = -734041176,  tf_isp 
= -734041200, tf_ebx = -1045884500, tf_edx = -1064610944,  tf_ecx = 
65535, tf_eax = 65535, tf_trapno = 12, tf_err = 0, tf_eip =  
-1067854422, tf_cs = 32, tf_eflags = 590338, tf_esp = -1009879030,  
tf_ss = -734041136}) at /usr/src/sys/i386/i386/trap.c:432
#6  0xc06db2ca in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc059d5aa in ieee80211_chan2mode (ic=0xc1a911ac, chan=0xffff)
    at /usr/src/sys/net80211/ieee80211.c:892
#8  0xc05a9e5e in ieee80211_tmp_node (ic=0xc1a911ac,  macaddr=0xc3ce780a 
"")
    at /usr/src/sys/net80211/ieee80211_node.c:225
#9  0xc05a007b in ieee80211_send_error (ic=0xc1a911ac, ni=0xc1b01000,
    mac=0xffff <Address 0xffff out of bounds>, subtype=65535,  arg=65535)
    at /usr/src/sys/net80211/ieee80211_input.c:957
#10 0xc059f15d in ieee80211_input (ic=0xc1a911ac, m=0xc1aab100,  
ni=0xc1b01000,
---Type <return> to continue, or q <return> to quit---
    rssi=19, rstamp=23891) at /usr/src/sys/net80211/ ieee80211_input.c:341
#11 0xc0889aa4 in ?? ()
#12 0xc1a911ac in ?? ()
#13 0xc1aab100 in ?? ()
#14 0xc1b01000 in ?? ()
#15 0x00000013 in ?? ()
#16 0x00005d53 in ?? ()
#17 0xc1989a80 in ?? ()
#18 0xc1aab100 in ?? ()
#19 0xc1a3ab44 in ?? ()
#20 0xc1a93000 in ?? ()
#21 0xc1a82000 in ?? ()
#22 0xc1a911ac in ?? ()
#23 0xc1a920a8 in ?? ()
#24 0xc1a43480 in ?? ()
#25 0x00000004 in ?? ()
#26 0xd43f6cc0 in ?? ()
#27 0xc0528ffa in taskqueue_run (queue=0xc1a9689c)
    at /usr/src/sys/kern/subr_taskqueue.c:217
Previous frame identical to this frame (corrupt stack?)
(kgdb) Titan> uname -a
FreeBSD Titan 6.0-STABLE FreeBSD 6.0-STABLE #0: Wed Nov  9 22:03:41  MST 
2005  [EMAIL PROTECTED]:/usr/obj/usr/src/sys/TITAN  i386

        <...snip...>

The fix for this has been in HEAD for a while.  The MFC is in my queue. 
 If you want to patch your system look at rev 1.67 of 
net80211/ieee80211_node.c.

        Sam
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"