b***@freebsd.org
2016-04-08 15:55:02 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208636
Bug ID: 208636
Summary: [net80211][panic]Kernel panic in adhoc mode
Product: Base System
Version: 10.3-BETA2
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: wireless
Assignee: freebsd-***@FreeBSD.org
Reporter: ***@gmail.com
Hello. I am using FreeBSD 10.3-RELEASE and have a following bug when trying to
configure adhoc mode on Atheros Wi-Fi adapter (the driver is ath, of course).
I do the following in console:
$ ifconfig wlan0 create wlandev ath0 wlanmode adhoc
$ ifconfig wlan0 up
$ ifconfig wlan0 list scan (optional, I think)
$ ifconfig wlan0 ssid skynetV6 channel 10
and get a kernel panic.
When I do just this, as it is stated in manual, everything is OK:
$ ifconfig wlan0 create wlandev ath0 wlanmode adhoc
$ ifconfig wlan0 ssid skynetV6 channel 10
kgdb output:
***@ressurected:~ # kgdb /boot/kernel/kernel /var/crash/vmcore.0
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 10
fault virtual address = 0xffff
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff80a77017
stack pointer = 0x28:0xfffffe023bb037c0
frame pointer = 0x28:0xfffffe023bb03820
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 0 (ath0 net80211 taskq)
trap number = 12
panic: page fault
cpuid = 0
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe023bb032a0
kdb_backtrace() at kdb_backtrace+0x39/frame 0xfffffe023bb03350
vpanic() at vpanic+0x126/frame 0xfffffe023bb03390
panic() at panic+0x43/frame 0xfffffe023bb033f0
trap_fatal() at trap_fatal+0x36b/frame 0xfffffe023bb03450
trap_pfault() at trap_pfault+0x2ed/frame 0xfffffe023bb034f0
trap() at trap+0x47a/frame 0xfffffe023bb03700
calltrap() at calltrap+0x8/frame 0xfffffe023bb03700
--- trap 0xc, rip = 0xffffffff80a77017, rsp = 0xfffffe023bb037d0, rbp =
0xfffffe023bb03820 ---
ieee80211_beacon_construct() at ieee80211_beacon_construct+0x97/frame
0xfffffe023bb03820
ieee80211_beacon_alloc() at ieee80211_beacon_alloc+0xa2/frame
0xfffffe023bb03870
ath_beacon_alloc() at ath_beacon_alloc+0x75/frame 0xfffffe023bb038c0
ath_newstate() at ath_newstate+0x22a/frame 0xfffffe023bb03920
ieee80211_newstate_cb() at ieee80211_newstate_cb+0x14f/frame 0xfffffe023bb03970
taskqueue_run_locked() at taskqueue_run_locked+0xe5/frame 0xfffffe023bb039c0
taskqueue_thread_loop() at taskqueue_thread_loop+0xa8/frame 0xfffffe023bb039f0
fork_exit() at fork_exit+0x9a/frame 0xfffffe023bb03a30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe023bb03a30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
Uptime: 7m35s
Dumping 458 out of 8147 MB:..4%..11%..21%..32%..42%..53%..63%..74%..81%..91%
Reading symbols from /boot/kernel/zfs.ko.symbols...done.
Loaded symbols for /boot/kernel/zfs.ko.symbols
Reading symbols from /boot/kernel/opensolaris.ko.symbols...done.
Loaded symbols for /boot/kernel/opensolaris.ko.symbols
Reading symbols from /boot/kernel/amdtemp.ko.symbols...done.
Loaded symbols for /boot/kernel/amdtemp.ko.symbols
Reading symbols from /boot/kernel/if_bridge.ko.symbols...done.
Loaded symbols for /boot/kernel/if_bridge.ko.symbols
Reading symbols from /boot/kernel/bridgestp.ko.symbols...done.
Loaded symbols for /boot/kernel/bridgestp.ko.symbols
Reading symbols from /boot/kernel/wlan_xauth.ko.symbols...done.
Loaded symbols for /boot/kernel/wlan_xauth.ko.symbols
#0 doadump (textdump=1) at pcpu.h:219
219 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) bt
#0 doadump (textdump=1) at pcpu.h:219
#1 0xffffffff8095cd47 in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:486
#2 0xffffffff8095d145 in vpanic (fmt=<value optimized out>, ap=<value
optimized out>)
at /usr/src/sys/kern/kern_shutdown.c:889
#3 0xffffffff8095cfd3 in panic (fmt=0x0) at
/usr/src/sys/kern/kern_shutdown.c:818
#4 0xffffffff80d847bb in trap_fatal (frame=<value optimized out>, eva=<value
optimized out>)
at /usr/src/sys/amd64/amd64/trap.c:858
#5 0xffffffff80d84abd in trap_pfault (frame=0xfffffe023bb03710,
usermode=<value optimized out>)
at /usr/src/sys/amd64/amd64/trap.c:681
#6 0xffffffff80d8413a in trap (frame=0xfffffe023bb03710) at
/usr/src/sys/amd64/amd64/trap.c:447
#7 0xffffffff80d69b22 in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:236
#8 0xffffffff80a77017 in ieee80211_beacon_construct (m=0xfffff800930d9c00,
frm=0xfffff80093159158 "",
bo=0xfffff800932b89f8, ni=0xfffffe0004ea7000) at
/usr/src/sys/net80211/ieee80211_output.c:2110
#9 0xffffffff80a76e52 in ieee80211_beacon_alloc (ni=0xfffffe0004ea7000,
bo=0xfffff800932b89f8)
at /usr/src/sys/net80211/ieee80211_output.c:3046
#10 0xffffffff80421545 in ath_beacon_alloc (sc=0xfffffe0000b0c000,
ni=0xfffffe0004ea7000)
at /usr/src/sys/dev/ath/if_ath_beacon.c:201
#11 0xffffffff80420aea in ath_newstate (vap=0xfffff800932b8000, nstate=<value
optimized out>,
arg=<value optimized out>) at /usr/src/sys/dev/ath/if_ath.c:5398
#12 0xffffffff80a7942f in ieee80211_newstate_cb (xvap=0xfffff800932b8000,
npending=<value optimized out>)
at /usr/src/sys/net80211/ieee80211_proto.c:1756
#13 0xffffffff809ac135 in taskqueue_run_locked (queue=0xfffff800055e1500) at
/usr/src/sys/kern/subr_taskqueue.c:342
#14 0xffffffff809acbc8 in taskqueue_thread_loop (arg=<value optimized out>)
at /usr/src/sys/kern/subr_taskqueue.c:563
#15 0xffffffff8092524a in fork_exit (callout=0xffffffff809acb20
<taskqueue_thread_loop>, arg=0xfffffe0000b3e0f0,
frame=0xfffffe023bb03a40) at /usr/src/sys/kern/kern_fork.c:1027
#16 0xffffffff80d6a05e in fork_trampoline () at
/usr/src/sys/amd64/amd64/exception.S:611
#17 0x0000000000000000 in ?? ()
Current language: auto; currently minimal
(kgdb) frame 8
#8 0xffffffff80a77017 in ieee80211_beacon_construct (m=0xfffff800930d9c00,
frm=0xfffff80093159158 "",
bo=0xfffff800932b89f8, ni=0xfffffe0004ea7000) at
/usr/src/sys/net80211/ieee80211_output.c:2110
2110 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
(kgdb) p ni->ni_chan
$1 = (struct ieee80211_channel *) 0xffff
(kgdb) p ni->ni_ic->ic_bsschan
$2 = (struct ieee80211_channel *) 0xfffffe0000b3e56c
(kgdb) p *ni->ni_ic->ic_bsschan
$3 = {ic_flags = 263296, ic_freq = 2457, ic_ieee = 10 '\n', ic_maxregpower = 20
'\024', ic_maxpower = 63 '?',
ic_minpower = 0 '\0', ic_state = 0 '\0', ic_extieee = 6 '\006', ic_maxantgain
= 0 '\0', ic_pad = 0 '\0',
ic_devdata = 9}
(kgdb) ***@ressurected:~ # exit
The real line in frame 8 is capinfo = ieee80211_getcapinfo(vap, ni->ni_chan);
in ieee80211_beacon_construct()
It's clear that ni->ni_chan contains IEEE80211_CHAN_ANY constant and is being
dereferenced.
This problem report looks very similar to bug #145826, but I am not sure if it
is the same bug (likely so), or a different one, because steps to repeat it
differ with mine.
Also this problem exists in DragonFlyBSD
(http://bugs.dragonflybsd.org/issues/2891), but folks there are not eager to
help.
Also, can anyone tell me if this problem is driver or net80211 code specific? I
mean, can you repeat it with other (non-Atheros) hardware?
Bug ID: 208636
Summary: [net80211][panic]Kernel panic in adhoc mode
Product: Base System
Version: 10.3-BETA2
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: wireless
Assignee: freebsd-***@FreeBSD.org
Reporter: ***@gmail.com
Hello. I am using FreeBSD 10.3-RELEASE and have a following bug when trying to
configure adhoc mode on Atheros Wi-Fi adapter (the driver is ath, of course).
I do the following in console:
$ ifconfig wlan0 create wlandev ath0 wlanmode adhoc
$ ifconfig wlan0 up
$ ifconfig wlan0 list scan (optional, I think)
$ ifconfig wlan0 ssid skynetV6 channel 10
and get a kernel panic.
When I do just this, as it is stated in manual, everything is OK:
$ ifconfig wlan0 create wlandev ath0 wlanmode adhoc
$ ifconfig wlan0 ssid skynetV6 channel 10
kgdb output:
***@ressurected:~ # kgdb /boot/kernel/kernel /var/crash/vmcore.0
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 10
fault virtual address = 0xffff
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff80a77017
stack pointer = 0x28:0xfffffe023bb037c0
frame pointer = 0x28:0xfffffe023bb03820
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 0 (ath0 net80211 taskq)
trap number = 12
panic: page fault
cpuid = 0
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe023bb032a0
kdb_backtrace() at kdb_backtrace+0x39/frame 0xfffffe023bb03350
vpanic() at vpanic+0x126/frame 0xfffffe023bb03390
panic() at panic+0x43/frame 0xfffffe023bb033f0
trap_fatal() at trap_fatal+0x36b/frame 0xfffffe023bb03450
trap_pfault() at trap_pfault+0x2ed/frame 0xfffffe023bb034f0
trap() at trap+0x47a/frame 0xfffffe023bb03700
calltrap() at calltrap+0x8/frame 0xfffffe023bb03700
--- trap 0xc, rip = 0xffffffff80a77017, rsp = 0xfffffe023bb037d0, rbp =
0xfffffe023bb03820 ---
ieee80211_beacon_construct() at ieee80211_beacon_construct+0x97/frame
0xfffffe023bb03820
ieee80211_beacon_alloc() at ieee80211_beacon_alloc+0xa2/frame
0xfffffe023bb03870
ath_beacon_alloc() at ath_beacon_alloc+0x75/frame 0xfffffe023bb038c0
ath_newstate() at ath_newstate+0x22a/frame 0xfffffe023bb03920
ieee80211_newstate_cb() at ieee80211_newstate_cb+0x14f/frame 0xfffffe023bb03970
taskqueue_run_locked() at taskqueue_run_locked+0xe5/frame 0xfffffe023bb039c0
taskqueue_thread_loop() at taskqueue_thread_loop+0xa8/frame 0xfffffe023bb039f0
fork_exit() at fork_exit+0x9a/frame 0xfffffe023bb03a30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe023bb03a30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
Uptime: 7m35s
Dumping 458 out of 8147 MB:..4%..11%..21%..32%..42%..53%..63%..74%..81%..91%
Reading symbols from /boot/kernel/zfs.ko.symbols...done.
Loaded symbols for /boot/kernel/zfs.ko.symbols
Reading symbols from /boot/kernel/opensolaris.ko.symbols...done.
Loaded symbols for /boot/kernel/opensolaris.ko.symbols
Reading symbols from /boot/kernel/amdtemp.ko.symbols...done.
Loaded symbols for /boot/kernel/amdtemp.ko.symbols
Reading symbols from /boot/kernel/if_bridge.ko.symbols...done.
Loaded symbols for /boot/kernel/if_bridge.ko.symbols
Reading symbols from /boot/kernel/bridgestp.ko.symbols...done.
Loaded symbols for /boot/kernel/bridgestp.ko.symbols
Reading symbols from /boot/kernel/wlan_xauth.ko.symbols...done.
Loaded symbols for /boot/kernel/wlan_xauth.ko.symbols
#0 doadump (textdump=1) at pcpu.h:219
219 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) bt
#0 doadump (textdump=1) at pcpu.h:219
#1 0xffffffff8095cd47 in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:486
#2 0xffffffff8095d145 in vpanic (fmt=<value optimized out>, ap=<value
optimized out>)
at /usr/src/sys/kern/kern_shutdown.c:889
#3 0xffffffff8095cfd3 in panic (fmt=0x0) at
/usr/src/sys/kern/kern_shutdown.c:818
#4 0xffffffff80d847bb in trap_fatal (frame=<value optimized out>, eva=<value
optimized out>)
at /usr/src/sys/amd64/amd64/trap.c:858
#5 0xffffffff80d84abd in trap_pfault (frame=0xfffffe023bb03710,
usermode=<value optimized out>)
at /usr/src/sys/amd64/amd64/trap.c:681
#6 0xffffffff80d8413a in trap (frame=0xfffffe023bb03710) at
/usr/src/sys/amd64/amd64/trap.c:447
#7 0xffffffff80d69b22 in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:236
#8 0xffffffff80a77017 in ieee80211_beacon_construct (m=0xfffff800930d9c00,
frm=0xfffff80093159158 "",
bo=0xfffff800932b89f8, ni=0xfffffe0004ea7000) at
/usr/src/sys/net80211/ieee80211_output.c:2110
#9 0xffffffff80a76e52 in ieee80211_beacon_alloc (ni=0xfffffe0004ea7000,
bo=0xfffff800932b89f8)
at /usr/src/sys/net80211/ieee80211_output.c:3046
#10 0xffffffff80421545 in ath_beacon_alloc (sc=0xfffffe0000b0c000,
ni=0xfffffe0004ea7000)
at /usr/src/sys/dev/ath/if_ath_beacon.c:201
#11 0xffffffff80420aea in ath_newstate (vap=0xfffff800932b8000, nstate=<value
optimized out>,
arg=<value optimized out>) at /usr/src/sys/dev/ath/if_ath.c:5398
#12 0xffffffff80a7942f in ieee80211_newstate_cb (xvap=0xfffff800932b8000,
npending=<value optimized out>)
at /usr/src/sys/net80211/ieee80211_proto.c:1756
#13 0xffffffff809ac135 in taskqueue_run_locked (queue=0xfffff800055e1500) at
/usr/src/sys/kern/subr_taskqueue.c:342
#14 0xffffffff809acbc8 in taskqueue_thread_loop (arg=<value optimized out>)
at /usr/src/sys/kern/subr_taskqueue.c:563
#15 0xffffffff8092524a in fork_exit (callout=0xffffffff809acb20
<taskqueue_thread_loop>, arg=0xfffffe0000b3e0f0,
frame=0xfffffe023bb03a40) at /usr/src/sys/kern/kern_fork.c:1027
#16 0xffffffff80d6a05e in fork_trampoline () at
/usr/src/sys/amd64/amd64/exception.S:611
#17 0x0000000000000000 in ?? ()
Current language: auto; currently minimal
(kgdb) frame 8
#8 0xffffffff80a77017 in ieee80211_beacon_construct (m=0xfffff800930d9c00,
frm=0xfffff80093159158 "",
bo=0xfffff800932b89f8, ni=0xfffffe0004ea7000) at
/usr/src/sys/net80211/ieee80211_output.c:2110
2110 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
(kgdb) p ni->ni_chan
$1 = (struct ieee80211_channel *) 0xffff
(kgdb) p ni->ni_ic->ic_bsschan
$2 = (struct ieee80211_channel *) 0xfffffe0000b3e56c
(kgdb) p *ni->ni_ic->ic_bsschan
$3 = {ic_flags = 263296, ic_freq = 2457, ic_ieee = 10 '\n', ic_maxregpower = 20
'\024', ic_maxpower = 63 '?',
ic_minpower = 0 '\0', ic_state = 0 '\0', ic_extieee = 6 '\006', ic_maxantgain
= 0 '\0', ic_pad = 0 '\0',
ic_devdata = 9}
(kgdb) ***@ressurected:~ # exit
The real line in frame 8 is capinfo = ieee80211_getcapinfo(vap, ni->ni_chan);
in ieee80211_beacon_construct()
It's clear that ni->ni_chan contains IEEE80211_CHAN_ANY constant and is being
dereferenced.
This problem report looks very similar to bug #145826, but I am not sure if it
is the same bug (likely so), or a different one, because steps to repeat it
differ with mine.
Also this problem exists in DragonFlyBSD
(http://bugs.dragonflybsd.org/issues/2891), but folks there are not eager to
help.
Also, can anyone tell me if this problem is driver or net80211 code specific? I
mean, can you repeat it with other (non-Atheros) hardware?
--
You are receiving this mail because:
You are the assignee for the bug.
You are receiving this mail because:
You are the assignee for the bug.