kern/142391: bsnmpd triggers kernel panic when a second cloned WLAN interface was created before starting

Michael Moll kvedulv at kvedulv.de
Wed Jan 6 23:00:11 UTC 2010 

>Number:         142391
>Category:       kern
>Synopsis:       bsnmpd triggers kernel panic when a second cloned WLAN interface was created before starting
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 06 23:00:11 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Michael Moll
>Release:        8.0-RELEASE
>Organization:
>Environment:
FreeBSD geode.kvedulv.de 8.0-RELEASE-p1 FreeBSD 8.0-RELEASE-p1 #0: Wed Jan  6 23:12:22 CET 2010     root at buildhost.kvedulv.de:/usr/obj/usr/src/sys/GEODE_DB  i386
>Description:
I use following rc.conf entries to create a wlan0 interface:

wlans_ath0="wlan0"
create_args_wlan0="wlanmode hostap mode 11g country DE channel 3 ssid Kvedulv"
ifconfig_wlan0="inet 192.168.201.1 netmask 255.255.255.0"
ipv6_ifconfig_wlan0="2001:6f8:12f2:2::1/64"

bsnmpd is running perfectly with this config.

Now let's add a second VAP:
root at geode # ifconfig wlan1 create wlandev ath0 wlanmode hostap bssid mode 11g country DE channel 3 ssid IPV6
ifconfig: SIOCS80211: Device busy
root at geode # ifconfig wlan1 inet6 2001:6f8:12f2:3::1/64
root at geode # ifconfig wlan1 up
root at geode # ifconfig wlan1
wlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 06:0b:6b:81:d4:5b
        inet6 2001:6f8:12f2:3::1 prefixlen 64
        inet6 fe80::40b:6bff:fe81:d45b%wlan1 prefixlen 64 scopeid 0xb
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
        status: running
        ssid IPV6 channel 3 (2422 Mhz 11g) bssid 06:0b:6b:81:d4:5b
        regdomain ETSI country DE ecm authmode OPEN privacy OFF txpower 30
        scanvalid 60 protmode CTS wme burst dtimperiod 1 -dfs

Everything OK, until (re)starting bsnmpd:

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x44
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc05c9479
stack pointer           = 0x28:0xcd0e4afc
frame pointer           = 0x28:0xcd0e4b6c
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 1721 (bsnmpd)
[thread pid 1721 tid 100082 ]
Stopped at      sysctl_rtsock+0x4f9:    movl    0x44(%eax),%eax
db> bt
Tracing pid 1721 tid 100082 td 0xc24e86c0
sysctl_rtsock(c07f60e0,cd0e4c20,4,cd0e4bac,6,...) at sysctl_rtsock+0x4f9
sysctl_root(cd0e4bac,c24e86c0,1,0,0,...) at sysctl_root+0xc7
userland_sysctl(c24e86c0,cd0e4c18,6,0,bfbfc558,0,0,0,cd0e4c78,0) at userland_sysctl+0x126
__sysctl(c24e86c0,cd0e4cf8,c07e4c78,c24e86c0,297,...) at __sysctl+0x63
syscall(cd0e4d38) at syscall+0x194
Xint0x80_syscall() at Xint0x80_syscall+0x20
--- syscall (202, FreeBSD ELF32, __sysctl), eip = 0x281a5177, esp = 0xbfbfc48c, ebp = 0xbfbfc4c8 ---
>How-To-Repeat:
See example commands in the problem description
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list