panic with RELENG_6, 2005-11-09 source

Sam Leffler sam at errno.com
Thu Dec 22 09:37:06 PST 2005 

Rory Arms wrote:
> I'm not subscribed to the list, so include me in any replies.
> 
> Now the report...
> 
> I'm reporting a kernel panic with a 6.0-STABLE machine using RELENG_6  
> source from 2006-11-09.
> It was triggered when I ran the command "ifconfig ath0 pureg" as an  
> attempt to switch the  D-Link G520 running in hostAP mode, into "g  
> only" mode. I did this because I've been experiencing slow rates with  
> Airport Express clients (PowerBook) where no matter what the settings  
> on the AP are, it refuses to go above 1 Mbit/s.
> 
> Here's the pertinent debug info:
> 
> from /etc/rc.conf
> 
> # ath0 to be bridged with fxp0. See /etc/sysctl.conf
> ifconfig_ath0="inet up ssid FOO mode 11g mediaopt hostap -wme wepmode  
> on wepkey 1:hexkeyhere authmode shared deftxkey 1 pureg"
> 
> Notice the "pureg" directive in there.. I added that after doing the  
> interactive test mentioned above, which crashed the system. It seems  to 
> be ok if it's enabled at boot time.
> 
> Also, I'm using bridge(4), so here's the relevant sysctl(8) oid:
> 
> net.link.ether.bridge.config: fxp0,ath0
> 
> Titan> sudo kgdb /usr/obj/usr/src/sys/TITAN/kernel.debug vmcore.15
> Password:
> [GDB will not be able to debug user-mode threads: /usr/lib/ 
> libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and  
> you are
> welcome to change it and/or distribute copies of it under certain  
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for  
> details.
> This GDB was configured as "i386-marcel-freebsd".
> 
> Unread portion of the kernel message buffer:
> 
> 
> Fatal trap 12: page fault while in kernel mode
> fault virtual address   = 0x10002
> fault code              = supervisor read, page not present
> instruction pointer     = 0x20:0xc059d5aa
> stack pointer           = 0x28:0xd43f6ba4
> frame pointer           = 0x28:0xd43f6ba8
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 39 (swi6: task queue)
> trap number             = 12
> panic: page fault
> Uptime: 4d23h24m31s
> Dumping 510 MB (2 chunks)
>   chunk 0: 1MB (160 pages) ... ok
>   chunk 1: 510MB (130416 pages) 494 478 462 446 430 414 398 382 366  350 
> 334 318 302 286 270 254 238 222 206 190 174 158 142 126 110 94 78  62 46 
> 30 14
> 
> #0  doadump () at pcpu.h:165
> 165     pcpu.h: No such file or directory.
>         in pcpu.h
> (kgdb) bt
> #0  doadump () at pcpu.h:165
> #1  0xc0505706 in boot (howto=260) at /usr/src/sys/kern/ 
> kern_shutdown.c:399
> #2  0xc0505a10 in panic (fmt=0xc0714375 "%s")
>     at /usr/src/sys/kern/kern_shutdown.c:555
> #3  0xc06ecea0 in trap_fatal (frame=0xd43f6b64, eva=0)
>     at /usr/src/sys/i386/i386/trap.c:831
> #4  0xc06ecbc5 in trap_pfault (frame=0xd43f6b64, usermode=0, eva=65538)
>     at /usr/src/sys/i386/i386/trap.c:742
> #5  0xc06ec7af in trap (frame=
>       {tf_fs = -1045430264, tf_es = -734068696, tf_ds = -1068564440,  
> tf_edi = -1045884500, tf_esi = -1045427200, tf_ebp = -734041176,  tf_isp 
> = -734041200, tf_ebx = -1045884500, tf_edx = -1064610944,  tf_ecx = 
> 65535, tf_eax = 65535, tf_trapno = 12, tf_err = 0, tf_eip =  
> -1067854422, tf_cs = 32, tf_eflags = 590338, tf_esp = -1009879030,  
> tf_ss = -734041136}) at /usr/src/sys/i386/i386/trap.c:432
> #6  0xc06db2ca in calltrap () at /usr/src/sys/i386/i386/exception.s:139
> #7  0xc059d5aa in ieee80211_chan2mode (ic=0xc1a911ac, chan=0xffff)
>     at /usr/src/sys/net80211/ieee80211.c:892
> #8  0xc05a9e5e in ieee80211_tmp_node (ic=0xc1a911ac,  macaddr=0xc3ce780a 
> "")
>     at /usr/src/sys/net80211/ieee80211_node.c:225
> #9  0xc05a007b in ieee80211_send_error (ic=0xc1a911ac, ni=0xc1b01000,
>     mac=0xffff <Address 0xffff out of bounds>, subtype=65535,  arg=65535)
>     at /usr/src/sys/net80211/ieee80211_input.c:957
> #10 0xc059f15d in ieee80211_input (ic=0xc1a911ac, m=0xc1aab100,  
> ni=0xc1b01000,
> ---Type <return> to continue, or q <return> to quit---
>     rssi=19, rstamp=23891) at /usr/src/sys/net80211/ ieee80211_input.c:341
> #11 0xc0889aa4 in ?? ()
> #12 0xc1a911ac in ?? ()
> #13 0xc1aab100 in ?? ()
> #14 0xc1b01000 in ?? ()
> #15 0x00000013 in ?? ()
> #16 0x00005d53 in ?? ()
> #17 0xc1989a80 in ?? ()
> #18 0xc1aab100 in ?? ()
> #19 0xc1a3ab44 in ?? ()
> #20 0xc1a93000 in ?? ()
> #21 0xc1a82000 in ?? ()
> #22 0xc1a911ac in ?? ()
> #23 0xc1a920a8 in ?? ()
> #24 0xc1a43480 in ?? ()
> #25 0x00000004 in ?? ()
> #26 0xd43f6cc0 in ?? ()
> #27 0xc0528ffa in taskqueue_run (queue=0xc1a9689c)
>     at /usr/src/sys/kern/subr_taskqueue.c:217
> Previous frame identical to this frame (corrupt stack?)
> (kgdb) Titan> uname -a
> FreeBSD Titan 6.0-STABLE FreeBSD 6.0-STABLE #0: Wed Nov  9 22:03:41  MST 
> 2005  root at Titan:/usr/obj/usr/src/sys/TITAN  i386

	<...snip...>

The fix for this has been in HEAD for a while.  The MFC is in my queue. 
  If you want to patch your system look at rev 1.67 of 
net80211/ieee80211_node.c.

	Sam

More information about the freebsd-stable mailing list