run panic double fault in nanobsd image, FreeBSD 10.1

Guido Falsi mad at madpilot.net
Fri May 8 08:27:08 UTC 2015 

Hi, as the subject states I'm experiencing a panic in a custom nanobsd
image when trying to use a run device. The hardware is an ALIX board.

In this image I have a custom kernel (attached) and am loading some
modules with the following line in rc.conf:

kld_list="wlan wlan_wep wlan_ccmp wlan_tkip wlan_amrr if_run runfw"

I'm using sources from /releng/10.1 and have merged in r273636, since it
looked like it could be related.

This is some information from the device (from another machine):

> usbconfig -d ugen1.5 dump_device_desc
ugen1.5: <802.11 n WLAN Ralink> at usbus1, cfg=0 md=HOST spd=HIGH
(480Mbps) pwr=ON (450mA)

  bLength = 0x0012
  bDescriptorType = 0x0001
  bcdUSB = 0x0200
  bDeviceClass = 0x0000  <Probed by interface class>
  bDeviceSubClass = 0x0000
  bDeviceProtocol = 0x0000
  bMaxPacketSize0 = 0x0040
  idVendor = 0x148f
  idProduct = 0x5572
  bcdDevice = 0x0101
  iManufacturer = 0x0001  <Ralink>
  iProduct = 0x0002  <802.11 n WLAN>
  iSerialNumber = 0x0003  <1.0>
  bNumConfigurations = 0x0001

The system fails while configuring the wireless netowrk:

Mounting local file systems:.
Loading kernel modules:
run0: <1.0> on usbus1
run0: MAC/BBP RT5592 (rev 0x0222), RF RT5592 (MIMO 2T2R), address
e8:94:f6:14:f6:0f
Writing entropy file:.
Setting hostname: rvdemo.
vr1: link state changed to DOWN
wlan0: Ethernet address: e8:94:f6:14:f6:0f
Starting wpa_supplicant.
Starting dhclient.
wlan0: no link ...run0: firmware RT3071 ver. 0.33 loaded
vr1: link state changed to UP

Fatal double fault:
eip = 0xc324d1a2
esp = 0xd23b5fb0
ebp = 0xd23b6450
panic: double fault
KDB: stack backtrace:
db_trace_self_wrapper(c0909d9e,c09814ec,c0935832,c0999e88,c0999e88,...)
at db_trace_self_wrapper+0x2d/frame 0xc0999e54
panic(c0935832,d23b6450,d23b6450,d23b5fb0,c324d1a2,...) at
panic+0x85/frame 0xc0999e7c
dblfault_handler() at dblfault_handler+0x6c/frame 0xc0999e7c
--- trap 0x17, eip = 0xc324d1a2, esp = 0xd23b5fb0, ebp = 0xd23b6450 ---
run_select_chan_group(c2a74000,c32742d4,d23b6568,0,0,...) at
run_select_chan_group+0x12/frame 0xd23b6450
run_set_chan(c2a74000,c32742d4,d23b7630,0,0,...) at 0xc324b744/frame
0xd23b6e40
run_init_locked(c32742e4,0,c327025b,ec3,2db,...) at 0xc326bb3d/frame
0xd23b7be8
run_ioctl(c2aa1800,80206910,0,d23b7c98,c066f996,...) at
run_ioctl+0x281/frame 0xd23b7c44
parent_updown(c2aa1800,1,0,0,0,...) at parent_updown+0x22/frame 0xd23b7c58
taskqueue_run_locked(c3198e80,c3198e98,0,c08ffd39,0,...) at
taskqueue_run_locked+0xe6/frame 0xd23b7c98
taskqueue_thread_loop(c32880a4,d23b7d08,0,0,c0670380,...) at
taskqueue_thread_loop+0x97/frame 0xd23b7cd0
fork_exit(c0670380,c32880a4,d23b7d08) at fork_exit+0x67/frame 0xd23b7cf4
fork_trampoline() at fork_trampoline+0x8/frame 0xd23b7cf4
--- trap 0, eip = 0, esp = 0xd23b7d40, ebp = 0 ---
KDB: enter: panic
[ thread pid 0 tid 100054 ]
Stopped at      kdb_enter+0x3d: movl    $0,kdb_why
db>


This does not happen on a FreeBSD installation with the stock kernel nor
a full FreeBSD-current installation, and I suspect it could be triggered
by something missing in my trimmed down nanobsd installation, although
the driver should not crash like that anyway.

Also if I include WITNESS, INVARIANTS and DEADLKRES in the kernel the
bug does not show up. Only including DDB "luckily" allows me to
reproduce it.

If needed I can reboot the image and run diagnostic commands at the db>
prompt and am available for any further information or test which could
be needed.

I will file a full bug report in bugzilla if that's preferred.

Thanks in advance for any help.

-- 
Guido Falsi <mad at madpilot.net>
-------------- next part --------------
# $FreeBSD: releng/10.1/sys/i386/conf/GENERIC 271234 2014-09-07 18:43:26Z markj $

cpu		I586_CPU
ident		ALIX

options		CPU_GEODE

options 	SCHED_ULE		# ULE scheduler
options 	PREEMPTION		# Enable kernel thread preemption
options 	INET			# InterNETworking
options 	INET6			# IPv6 communications protocols
options 	TCP_OFFLOAD		# TCP offload
options 	SCTP			# Stream Control Transmission Protocol
options 	FFS			# Berkeley Fast Filesystem
options 	SOFTUPDATES		# Enable FFS soft updates support
options 	UFS_ACL			# Support for access control lists
options 	UFS_DIRHASH		# Improve performance on big directories
options		NFSCL			# New Network Filesystem Client
options		NFSLOCKD		# Network Lock Manager
options 	MD_ROOT			# MD is a potential root device
options 	MSDOSFS			# MSDOS Filesystem
options 	PROCFS			# Process filesystem (requires PSEUDOFS)
options 	PSEUDOFS		# Pseudo-filesystem framework
options 	GEOM_PART_GPT		# GUID Partition Tables.
options 	GEOM_LABEL		# Provides labelization
options 	SCSI_DELAY=5000		# Delay (in ms) before probing SCSI
options 	SYSVSHM			# SYSV-style shared memory
options 	SYSVMSG			# SYSV-style message queues
options 	SYSVSEM			# SYSV-style semaphores
options 	_KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options 	PRINTF_BUFR_SIZE=128	# Prevent printf output being interspersed.
options 	CAPABILITY_MODE		# Capsicum capability mode
options 	CAPABILITIES		# Capsicum capabilities
options 	PROCDESC		# Support for process descriptors

# Debugging support.  Always need this:
options 	KDB			# Enable kernel debugger support.
options 	KDB_TRACE		# Print a stack trace for a panic.
# For full debugger support use (turn off in stable branch):
options 	DDB			# Support DDB.

device		apic			# I/O APIC

# CPU frequency control
device		cpufreq

# Bus support.
device		acpi
device		pci

# ATA controllers
device		ata		# Legacy ATA/SATA controllers
options 	ATA_STATIC_ID	# Static device numbering

# ATA/SCSI peripherals
device		scbus		# SCSI bus (required for ATA/SCSI)
device		ch		# SCSI media changers
device		da		# Direct Access (disks)
device		sa		# Sequential Access (tape etc)
device		cd		# CD
device		pass		# Passthrough device (direct ATA/SCSI access)
device		ses		# Enclosure Services (SES and SAF-TE)
#device		ctl		# CAM Target Layer

# Serial (COM) ports
device		uart		# Generic UART driver

# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device		miibus		# MII bus support
device		vr		# VIA Rhine, Rhine II

# Wireless NIC cards
options		IEEE80211_DEBUG	# enable debug msgs
options		IEEE80211_AMPDU_AGE	# age frames in AMPDU reorder q's
options		IEEE80211_SUPPORT_MESH	# enable 802.11s draft support
options		AH_SUPPORT_AR5416	# enable AR5416 tx/rx descriptors
options		AH_AR5416_INTERRUPT_MITIGATION	# AR5416 interrupt mitigation
options		ATH_ENABLE_11N	# Enable 802.11n support for AR5416 and later

# Pseudo devices.
device		loop		# Network loopback
device		random		# Entropy device
device		ether		# Ethernet support
device		vlan		# 802.1Q VLAN support
device		tun		# Packet tunnel.
device		md		# Memory "disks"
device		gif		# IPv6 and IPv4 tunneling
device		faith		# IPv6-to-IPv4 relaying (translation)
device		firmware	# firmware assist module

device		crypto
device		cryptodev
device		glxsb

# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device		bpf		# Berkeley packet filter

# USB support
device		ohci		# OHCI PCI->USB interface
device		ehci		# EHCI PCI->USB interface (USB 2.0)
device		usb		# USB Bus (required)
device		umass		# Disks/Mass storage - Requires scbus and da
#device		ukbd		# Keyboard
#device		ulpt
#device		u3g
#device		ubsa
#device		uftdi

More information about the freebsd-wireless mailing list