kern/144755: [iwi] iwi panic when issueing /etc/rc.d/netif restart on 8-STABLE r205159

Edwin Groothuis edwin at mavetju.org
Mon Mar 15 06:10:11 UTC 2010 

>Number:         144755
>Category:       kern
>Synopsis:       [iwi] iwi panic when issueing /etc/rc.d/netif restart on 8-STABLE r205159
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Mar 15 06:10:08 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Edwin Groothuis
>Release:        FreeBSD 8.0-STABLE i386
>Organization:
-
>Environment:
	FreeBSD vaio.mavetju.org 8.0-STABLE FreeBSD 8.0-STABLE #13 r205159: Mon Mar 15 08:59:42 EST 2010     root at vaio.mavetju.org:/usr/obj/usr/home/edwin/svn/build/sys/GENERIC  i386

>Description:
Machine panics when issueing /etc/rc.d/netif restart.

wlan0: ieee80211_new_state_locked: pending SCAN -> AUTH transition lost

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0xc4fe81d5
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc4fa9b0c
stack pointer           = 0x28:0xdf834b7c
frame pointer           = 0x28:0xdf834c34
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (iwi0 taskq)
trap number             = 12
panic: page fault
cpuid = 0
Uptime: 30m31s
Physical memory: 750 MB
Dumping 78 MB: (CTRL-C to abort)  (CTRL-C to abort)  63 47 31 15


    at /usr/home/edwin/svn/build/sys/i386/i386/trap.c:938
#4  0xc0bc1ce0 in trap_pfault (frame=0xdf834b3c, usermode=0, eva=3305013717)
    at /usr/home/edwin/svn/build/sys/i386/i386/trap.c:851
#5  0xc0bc2625 in trap (frame=0xdf834b3c)
    at /usr/home/edwin/svn/build/sys/i386/i386/trap.c:533
#6  0xc0ba4c0b in calltrap ()
    at /usr/home/edwin/svn/build/sys/i386/i386/exception.s:165
#7  0xc4fa9b0c in iwi_auth_and_assoc (sc=0xc4298800, vap=0xc4a61000)
    at /usr/home/edwin/svn/build/sys/modules/iwi/../../dev/iwi/if_iwi.c:2854
#8  0xc4faa1f9 in iwi_newstate (vap=0xc4a61000, nstate=IEEE80211_S_AUTH,
    arg=192)
    at /usr/home/edwin/svn/build/sys/modules/iwi/../../dev/iwi/if_iwi.c:1001
#9  0xc09767a1 in ieee80211_newstate_cb (xvap=0xc4a61000, npending=1)
    at /usr/home/edwin/svn/build/sys/net80211/ieee80211_proto.c:1654
#10 0xc08c52a2 in taskqueue_run (queue=0xc4b61cc0)
    at /usr/home/edwin/svn/build/sys/kern/subr_taskqueue.c:239
#11 0xc08c54ad in taskqueue_thread_loop (arg=0xc4fad074)
    at /usr/home/edwin/svn/build/sys/kern/subr_taskqueue.c:360
#12 0xc0862231 in fork_exit (callout=0xc08c53f0 <taskqueue_thread_loop>,
    arg=0xc4fad074, frame=0xdf834d38)
    at /usr/home/edwin/svn/build/sys/kern/kern_fork.c:843
#13 0xc0ba4c80 in fork_trampoline ()
    at /usr/home/edwin/svn/build/sys/i386/i386/exception.s:270
(kgdb)


(kgdb) frame 7
#7  0xc4fa9b0c in iwi_auth_and_assoc (sc=0xc4298800, vap=0xc4a61000)
    at /usr/home/edwin/svn/build/sys/modules/iwi/../../dev/iwi/if_iwi.c:2854
2854            rs.mode = mode;
(kgdb) list
2849            if (error != 0)
2850                    goto done;
2851
2852            /* the rate set has already been "negotiated" */
2853            memset(&rs, 0, sizeof rs);
2854            rs.mode = mode;
2855            rs.type = IWI_RATESET_TYPE_NEGOTIATED;
2856            rs.nrates = ni->ni_rates.rs_nrates;
2857            if (rs.nrates > IWI_RATESET_SIZE) {
2858                    DPRINTF(("Truncating negotiated rate set from %u\n",
(kgdb) info local
ic = (struct ieee80211com *) 0xc4fad000
ifp = (struct ifnet *) 0xc43f2000
ni = (struct ieee80211_node *) 0xc4fe8000
config = {bluetooth_coexistence = 0 '\0', reserved1 = 0 '\0',
  answer_pbreq = 0 '\0', allow_invalid_frames = 0 '\0',
  multicast_enabled = 1 '\001', drop_unicast_unencrypted = 0 '\0',
  disable_unicast_decryption = 1 '\001', drop_multicast_unencrypted = 0 '\0',
  disable_multicast_decryption = 1 '\001', antenna = 0 '\0',
  include_crc = 0 '\0', use_protection = 1 '\001',
  protection_ctsonly = 0 '\0', enable_multicast_filtering = 0 '\0',
  bluetooth_threshold = 0 '\0', silence_threshold = 0 '\0',
  allow_beacon_and_probe_resp = 0 '\0', allow_mgt = 0 '\0',
  noise_reported = 0 '\0', reserved5 = 0 '\0'}
assoc = Variable "assoc" is not available.
(kgdb) p ni
$1 = (struct ieee80211_node *) 0xc4fe8000
(kgdb) p *ni
Cannot access memory at address 0xc4fe8000


Information available:

[~/svn/build] edwin at vaio>svn info
[...]
Revision: 205159
Last Changed Author: jilles
Last Changed Rev: 205150
Last Changed Date: 2010-03-15 00:07:40 +1100 (Mon, 15 Mar 2010)


In http://www.mavetju.org/~edwin/vmcore.1:

-rw-r--r--  1 1001  80     22423 Mar 15 05:43 core.txt.1.bz2
-rw-r--r--  1 1001  80       464 Mar 15 05:43 info.1
-rw-r--r--  1 1001  80  18104049 Mar 15 06:01 kernel.debug.bz2
-rw-r--r--  1 1001  80  17194295 Mar 15 05:51 vmcore.1.bz2


>How-To-Repeat:
>Fix:

I am able to reproduce this on demand, please let me know which
steps you want me to take to troubleshoot this or test patches if needed.
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list