Date: Fri, 9 May 2008 13:19:49 GMT From: Gareth Wyn Roberts <g.w.roberts@cs.cardiff.ac.uk> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/123552: kernel panic during network activity on ath0 Message-ID: <200805091319.m49DJnEY065910@www.freebsd.org> Resent-Message-ID: <200805091330.m49DU1fZ055434@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 123552
>Category: kern
>Synopsis: kernel panic during network activity on ath0
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri May 09 13:30:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Gareth Wyn Roberts
>Release: FreeBSD 7.0-STABLE #0: Wed May 7 17:30:52 BST 2008
>Organization:
Cardiff University
>Environment:
FreeBSD 7.0-STABLE #0: Wed May 7 17:30:52 BST 2008
>Description:
Kernel panics during network activity on ath0.
Problem occurs with FreeBSD 7.0-STABLE built on 7 May, so I have reverted to my previous kernel which was built on 15 March, which is stable.
/var/crash/info.6 contains:-
Dump header from device /dev/da0s1b
Architecture: i386
Architecture Version: 2
Dump Length: 113618944B (108 MB)
Blocksize: 512
Dumptime: Fri May 9 13:06:22 2008
Hostname: penrallt-3
Magic: FreeBSD Kernel Dump
Version String: FreeBSD 7.0-STABLE #0: Wed May 7 17:30:52 BST 2008
gwr@penrallt-3:/a/mcu5/usr/obj/a/mcu5/usr/home/src-RELENG_7/src/sys/GENERIC
Panic String: page fault
Dump Parity: 31568421
Bounds: 6
Dump Status: good
and a backtrace from kgdb /boot/kernel/kernel.symbols /var/crash/vmcore.6 gives:-
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
There is no member named pathname.
Reading symbols from /boot/kernel/snd_ich.ko...Reading symbols from /boot/kernel/snd_ich.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/snd_ich.ko
Reading symbols from /boot/kernel/sound.ko...Reading symbols from /boot/kernel/sound.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/sound.ko
Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi.ko
Reading symbols from /boot/kernel/linprocfs.ko...Reading symbols from /boot/kernel/linprocfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linprocfs.ko
Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/kernel/linux.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linux.ko
Reading symbols from /usr/local/modules/fuse.ko...done.
Loaded symbols for /usr/local/modules/fuse.ko
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x0
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc0522b46
stack pointer = 0x28:0xe46127f8
frame pointer = 0x28:0xe4612864
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 24 (ath0 taskq)
trap number = 12
panic: page fault
cpuid = 0
Uptime: 2m22s
Physical memory: 1011 MB
Dumping 108 MB: 93 77 61 45 29 13
#0 doadump () at pcpu.h:195
195 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) where
#0 doadump () at pcpu.h:195
#1 0xc0768ee7 in boot (howto=260)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/kern/kern_shutdown.c:418
#2 0xc07691a9 in panic (fmt=Variable "fmt" is not available.
)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/kern/kern_shutdown.c:572
#3 0xc0a7084c in trap_fatal (frame=0xe46127b8, eva=0)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/i386/i386/trap.c:899
#4 0xc0a70ad0 in trap_pfault (frame=0xe46127b8, usermode=0, eva=0)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/i386/i386/trap.c:812
#5 0xc0a7147c in trap (frame=0xe46127b8)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/i386/i386/trap.c:490
#6 0xc0a5720b in calltrap ()
at /a/mcu5/usr/home/src-RELENG_7/src/sys/i386/i386/exception.s:139
#7 0xc0522b46 in ath_start (ifp=0xc40ab800)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/dev/ath/if_ath.c:1747
#8 0xc07fb059 in if_start (ifp=0xc40ab800)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/net/if.c:2704
#9 0xc08017ab in ether_output_frame (ifp=0xc40ab800, m=0xc405f900)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/net/if_ethersubr.c:405
#10 0xc0801d5c in ether_output (ifp=0xc40ab800, m=0xc405f900, dst=0xc43f64f0,
rt0=0xc441ab40)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/net/if_ethersubr.c:374
#11 0xc082dceb in ieee80211_output (ifp=0xc40ab800, m=0xc405f900,
dst=0xc43f64f0, rt0=0xc441ab40)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/net80211/ieee80211_output.c:261
#12 0xc0847136 in ip_output (m=0xc405f900, opt=0x0, ro=0xe461295c, flags=Variable "flags" is not available.
)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/netinet/ip_output.c:551
#13 0xc08a8995 in tcp_respond (tp=0x0, ipgen=0xc4083024, th=0xc4083038,
m=0xc405f900, ack=0, seq=3484348755, flags=Variable "flags" is not available.
)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/netinet/tcp_subr.c:572
#14 0xc08a0b89 in tcp_dropwithreset (m=0xc405f900, th=0xc4083038, tp=0x0,
tlen=24, rstreason=3)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/netinet/tcp_input.c:2465
#15 0xc08a3888 in tcp_input (m=0xc405f900, off0=20)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/netinet/tcp_input.c:851
#16 0xc084567e in ip_input (m=0xc405f900)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/netinet/ip_input.c:665
#17 0xc080bfa5 in netisr_dispatch (num=2, m=0xc405f900)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/net/netisr.c:185
#18 0xc0801f81 in ether_demux (ifp=0xc40ab800, m=0xc405f900)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/net/if_ethersubr.c:834
#19 0xc0802373 in ether_input (ifp=0xc40ab800, m=0xc405f900)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/net/if_ethersubr.c:692
#20 0xc081eedd in ieee80211_deliver_data (ic=0xc40b122c, ni=0xc4427000,
m=0xc405f900)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/net80211/ieee80211_input.c:779
#21 0xc08245ec in ieee80211_input (ic=0xc40b122c, m=0xc405f900,
ni=0xc4427000, rssi=21, noise=-96, rstamp=21903)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/net80211/ieee80211_input.c:519
#22 0xc052526d in ath_rx_proc (arg=0xc40b1000, npending=1)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/dev/ath/if_ath.c:3673
#23 0xc079bc35 in taskqueue_run (queue=0xc4044880)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/kern/subr_taskqueue.c:255
#24 0xc079be3b in taskqueue_thread_loop (arg=0xc40b2674)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/kern/subr_taskqueue.c:374
#25 0xc0746889 in fork_exit (callout=0xc079bd80 <taskqueue_thread_loop>,
arg=0xc40b2674, frame=0xe4612d38)
at /a/mcu5/usr/home/src-RELENG_7/src/sys/kern/kern_fork.c:783
#26 0xc0a57280 in fork_trampoline ()
at /a/mcu5/usr/home/src-RELENG_7/src/sys/i386/i386/exception.s:205
(kgdb) quit
>How-To-Repeat:
Use the network - e.g. portupgrade, sftp.
>Fix:
None known.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200805091319.m49DJnEY065910>