kern/63360: panic: page fault in ath kernel module if_ath on
5.2-RELEASE
Matthew Fremont
m_fremont at yahoo.com
Wed Feb 25 09:50:15 PST 2004
>Number: 63360
>Category: kern
>Synopsis: panic: page fault in ath kernel module if_ath on 5.2-RELEASE
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Feb 25 09:50:14 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Matthew Fremont
>Release: 5.2-RELEASE
>Organization:
>Environment:
FreeBSD futomaki.6230.net 5.2-RELEASE FreeBSD 5.2-RELEASE #0: Sun Jan 11 04:21:45 GMT 2004 root at wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386
>Description:
Page fault panic in if_ath.c on 5.2-RELEASE resulting from network traffic on ath(4) device (NetGear WG311). Panic can be easily reproduced by writing to Samba share from Win2k client, but has also occurred with NFS writes from Win2k client as well as FTP downloads initiated by sysinstall running on problem machine.
last message on console prior to panic was:
ath0: discard oversize frame (ether type 5e4 flags 3 len 1522 > max 1514)
info from crash dump:
This GDB was configured as "i386-unknown-freebsd"...
(no debugging symbols found)...
panic: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 01
fault virtual address = 0x3823155c
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc0669260
stack pointer = 0x10:0xd8a8fc54
frame pointer = 0x10:0xd8a8fc58
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 52 (swi7: task queue)
trap number = 12
panic: page fault
cpuid = 0;
boot() called on cpu#0
syncing disks, buffers remaining... 3842 3841 3841 3841 3841 3841 3841 3841 3841 3841 3841 3841 3841 3841 ath0: device timeout
3841 3841 3841 3841 3841 3841 3841
giving up on 1724 buffers
Uptime: 18h50m7s
Dumping 511 MB
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496
---
Reading symbols from /boot/kernel/ath_hal.ko...(no debugging symbols found)...
done.
Loaded symbols for /boot/kernel/ath_hal.ko
Reading symbols from /boot/kernel/acpi.ko...(no debugging symbols found)...
done.
Loaded symbols for /boot/kernel/acpi.ko
Reading symbols from /boot/kernel/green_saver.ko...
(no debugging symbols found)...done.
Loaded symbols for /boot/kernel/green_saver.ko
Reading symbols from /boot/kernel/linux.ko...(no debugging symbols found)...
done.
Loaded symbols for /boot/kernel/linux.ko
Reading symbols from /boot/kernel/if_ath_g.ko...done.
Loaded symbols for /boot/kernel/if_ath_g.ko
#0 0xc063140b in doadump ()
(kgdb) bt
#0 0xc063140b in doadump ()
#1 0xc0631967 in boot ()
#2 0xc0631cde in panic ()
#3 0xc07db62c in trap_fatal ()
#4 0xc07db2d2 in trap_pfault ()
#5 0xc07daedd in trap ()
#6 0xc07c8278 in calltrap ()
#7 0xc48167e3 in ath_rx_proc (arg=0xc481b000, npending=0)
at /usr/src/sys/dev/ath/if_ath.c:1737
#8 0xc065408c in taskqueue_run ()
#9 0xc0654113 in taskqueue_swi_run ()
#10 0xc061f822 in ithread_loop ()
#11 0xc061e93e in fork_exit ()
(kgdb)
NOTE: I recompiled if_ath.c with -g in order to get a line number in if_ath.c for the backtrace. The debug version of this module is loaded as if_ath_g.ko. This is the only change from 5.2-RELEASE.
dmesg.today:
Copyright (c) 1992-2004 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 5.2-RELEASE #0: Sun Jan 11 04:21:45 GMT 2004
root at wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC
Preloaded elf kernel "/boot/kernel/kernel" at 0xc0a67000.
Preloaded elf module "/boot/kernel/if_ath_g.ko" at 0xc0a671f4.
Preloaded elf module "/boot/kernel/ath_hal.ko" at 0xc0a672a4.
Preloaded elf module "/boot/kernel/acpi.ko" at 0xc0a67350.
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Pentium III/Pentium III Xeon/Celeron (498.34-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x673 Stepping = 3
Features=0x383fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
real memory = 536862720 (511 MB)
avail memory = 511815680 (488 MB)
ACPI APIC Table: <DELL PE2400 >
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
cpu0 (BSP): APIC ID: 1
cpu1 (AP): APIC ID: 0
ioapic0: Changing APIC ID to 2
ioapic1: Changing APIC ID to 3
ioapic0 <Version 1.1> irqs 0-15 on motherboard
ioapic1 <Version 1.1> irqs 16-31 on motherboard
Pentium Pro MTRR support enabled
npx0: [FAST]
npx0: <math processor> on motherboard
npx0: INT 16 interface
acpi0: <DELL PE2400 > on motherboard
acpi0: Power Button (fixed)
Timecounter "ACPI-safe" frequency 3579545 Hz quality 1000
pcibios: BIOS version 2.10
Using $PIR table, 11 entries at 0xc00fc330
acpi_timer0: <32-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
acpi_cpu0: <CPU> on acpi0
acpi_cpu1: <CPU> on acpi0
pcib0: <ACPI Host-PCI bridge> on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> at device 2.0 on pci0
pci1: <ACPI PCI bus> on pcib1
ahc0: <Adaptec aic7890/91 Ultra2 SCSI adapter> port 0xfc00-0xfcff mem 0xfcfff000-0xfcffffff irq 31 at device 4.0 on pci1
aic7890/91: Ultra2 Wide Channel A, SCSI Id=7, 32/253 SCBs
ahc1: <Adaptec aic7880 Ultra SCSI adapter> port 0xf800-0xf8ff mem 0xfcffe000-0xfcffefff irq 30 at device 6.0 on pci1
aic7880: Ultra Single Channel A, SCSI Id=7, 16/253 SCBs
fxp0: <Intel 82559 Pro/100 Ethernet> port 0xecc0-0xecff mem 0xfe000000-0xfe0fffff,0xfe102000-0xfe102fff irq 16 at device 8.0 on pci0
fxp0: Ethernet address 00:b0:d0:21:b1:b3
miibus0: <MII bus> on fxp0
inphy0: <i82555 10/100 media interface> on miibus0
inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
pci0: <display, VGA> at device 14.0 (no driver attached)
isab0: <PCI-ISA bridge> port 0x580-0x58f at device 15.0 on pci0
isa0: <ISA bus> on isab0
pcib2: <ACPI Host-PCI bridge> on acpi0
pci2: <ACPI PCI bus> on pcib2
ath0: <Atheros 5212> mem 0xf6010000-0xf601ffff irq 28 at device 6.0 on pci2
ath0: mac 5.6 phy 4.1 5ghz radio 1.7 2ghz radio 2.3
ath0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
ath0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
ath0: 802.11 address: 00:09:5b:94:6e:b6
pci2: <simple comms, UART> at device 14.0 (no driver attached)
fdc0: <Enhanced floppy controller (i82077, NE72065 or clone)> port 0x3f7,0x3f0-0x3f5 irq 6 drq 2 on acpi0
fdc0: FIFO enabled, 8 bytes threshold
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
atkbdc0: <Keyboard controller (i8042)> port 0x64,0x60 irq 1 on acpi0
atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
kbd0 at atkbd0
sio0 port 0x3f8-0x3ff irq 4 on acpi0
sio0: type 16550A
sio1 port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550A
ppc0 port 0x778-0x77f,0x378-0x37f irq 7 on acpi0
ppc0: Generic chipset (ECP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/8 bytes threshold
ppbus0: <Parallel port bus> on ppc0
plip0: <PLIP network interface> on ppbus0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
orm0: <Option ROMs> at iomem 0xcd000-0xcd7ff,0xc8000-0xccfff,0xc0000-0xc7fff on isa0
pmtimer0 on isa0
ata0 at port 0x3f6,0x1f0-0x1f7 irq 14 on isa0
ata0: [MPSAFE]
ata1 at port 0x376,0x170-0x177 irq 15 on isa0
ata1: [MPSAFE]
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounters tick every 10.000 msec
Waiting 15 seconds for SCSI devices to settle
(probe2:ahc0:0:1:1): AutoSense Failed
(probe2:ahc0:0:1:2): AutoSense Failed
(probe2:ahc0:0:1:3): AutoSense Failed
(probe0:ahc0:0:1:4): AutoSense Failed
(probe0:ahc0:0:1:5): AutoSense Failed
(probe0:ahc0:0:1:6): AutoSense Failed
(probe0:ahc0:0:1:7): AutoSense Failed
sa0 at ahc1 bus 0 target 6 lun 0
sa0: <SONY SDT-10000 01u4> Removable Sequential Access SCSI-2 device
sa0: 20.000MB/s transfers (20.000MHz, offset 15)
ses0 at ahc0 bus 0 target 6 lun 0
ses0: <DELL 1x6 U2W SCSI BP 5.35> Fixed Processor SCSI-2 device
ses0: 3.300MB/s transfers
ses0: SAF-TE Compliant Device
GEOM: create disk cd0 dp=0xc47d0600
GEOM: create disk da0 dp=0xc493a050
GEOM: create disk da1 dp=0xc493a450
SMP: AP CPU #1 Launched!
da1 at ahc0 bus 0 target 1 lun 0
da1: <SEAGATE ST39204LC 0005> Fixed Direct Access SCSI-3 device
da1: 80.000MB/s transfers (40.000MHz, offset 63, 16bit), Tagged Queueing Enabled
da1: 8683MB (17783239 512 byte sectors: 255H 63S/T 1106C)
cd0 at ahc1 bus 0 target 5 lun 0
cd0: <NEC CD-ROM DRIVE:466 1.06> Removable CD-ROM SCSI-2 device
cd0: 20.000MB/s transfers (20.000MHz, offset 15)
cd0: Attempt to query device size failed: NOT READY, Medium not present
da0 at ahc0 bus 0 target 0 lun 0
da0: <IBM DNES-309170Y SA60> Fixed Direct Access SCSI-3 device
da0: 80.000MB/s transfers (40.000MHz, offset 31, 16bit), Tagged Queueing Enabled
da0: 8683MB (17783301 512 byte sectors: 255H 63S/T 1106C)
Mounting root from ufs:/dev/da0s1a
WARNING: / was not properly dismounted
WARNING: /tmp was not properly dismounted
WARNING: /usr was not properly dismounted
WARNING: /var was not properly dismounted
>How-To-Repeat:
Two reliable ways to reproduce the panic:
1. initiate a sustained write to a Samba share hosted on the 5.2-CURRENT system from a Win2k client.
With a Samba-3.0.0.1 port on FreeBSD system mounted as Z: on Win2k client the following cygwin command reliably induces the page fault after writing about 80MB to the Samba share:
tar cvf /cygdrive/z/test.tar .
2. attempt to install all src distributions from ftp2.freebsd.org with sysinstall. kernel panics before completing download. I've experienced panics after as little as 20MB transferred and as much as 46MB.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list