From nobody@FreeBSD.org  Tue Apr  1 11:37:57 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0826B106566C
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  1 Apr 2008 11:37:57 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id EE04A8FC28
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  1 Apr 2008 11:37:56 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m31BbtnB087380
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 1 Apr 2008 11:37:55 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m31BbtFL087379;
	Tue, 1 Apr 2008 11:37:55 GMT
	(envelope-from nobody)
Message-Id: <200804011137.m31BbtFL087379@www.freebsd.org>
Date: Tue, 1 Apr 2008 11:37:55 GMT
From: Matthias Apitz <guru@Sisis.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: 7.0-RELEASE && panic in Wifi area with WPA mode (not in WEP mode)
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         122331
>Category:       kern
>Synopsis:       [wpa] [panic] 7.0-RELEASE && panic in Wifi area with WPA mode (not in WEP mode)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bschmidt
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 01 11:40:04 UTC 2008
>Closed-Date:    Tue Jan 04 08:23:08 UTC 2011
>Last-Modified:  Tue Jan 04 08:23:08 UTC 2011
>Originator:     Matthias Apitz
>Release:        7.0-RELEASE
>Organization:
>Environment:
FreeBSD rebelion.Sisis.de 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008     root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
when wpa_supplicant with WPA is used (i.e. the problem does not occur
with WEP. even not in days of uptime) the kernel crashes from time to
time, after hours or even after a some minutes;

last kgdb bt shows:

# kgdb /boot/kernel/kernel vmcore.3
[GDB will not be able to debug user-mode threads:
/usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0xffff1a18
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc07fa3ee
stack pointer           = 0x28:0xe6904aa4
frame pointer           = 0x28:0xe6904ad0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 1546 (gkrellm)
trap number             = 12
panic: page fault
cpuid = 0
Uptime: 16m21s
Physical memory: 1009 MB
Dumping 156 MB: (CTRL-C to abort)  141 125 109 93 (CTRL-C to abort)  77
61 45 29 (CTRL-C to abort)  13

#0  doadump () at pcpu.h:195
195     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:195
#1  0xc0754457 in boot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:409
#2  0xc0754719 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:563
#3  0xc0a4905c in trap_fatal (frame=0xe6904a64, eva=4294908440) at
/usr/src/sys/i386/i386/trap.c:899
#4  0xc0a492e0 in trap_pfault (frame=0xe6904a64, usermode=0,
eva=4294908440)
    at /usr/src/sys/i386/i386/trap.c:812
#5  0xc0a49c8c in trap (frame=0xe6904a64) at
/usr/src/sys/i386/i386/trap.c:490
#6  0xc0a2fc0b in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc07fa3ee in rt_msg2 (type=12, rtinfo=0xe6904b04, cp=0x0,
w=0xe6904b34)
    at /usr/src/sys/net/rtsock.c:784
#8  0xc07fb1a5 in sysctl_rtsock (oidp=0xc0b84ac0, arg1=0xe6904c1c,
arg2=4, req=0xe6904ba4)
    at /usr/src/sys/net/rtsock.c:1153
#9  0xc075dc97 in sysctl_root (oidp=Variable "oidp" is not available.
) at /usr/src/sys/kern/kern_sysctl.c:1306
#10 0xc075dde4 in userland_sysctl (td=0xc472fc60, name=0xe6904c14,
namelen=6, old=0x0,
    oldlenp=0xbfbfe478, inkernel=0, new=0x0, newlen=0,
retval=0xe6904c10, flags=0)
    at /usr/src/sys/kern/kern_sysctl.c:1401
#11 0xc075eb7e in __sysctl (td=0xc472fc60, uap=0xe6904cfc) at
/usr/src/sys/kern/kern_sysctl.c:1336
#12 0xc0a49635 in syscall (frame=0xe6904d38) at
/usr/src/sys/i386/i386/trap.c:1035
#13 0xc0a2fc70 in Xint0x80_syscall () at
/usr/src/sys/i386/i386/exception.s:196
#14 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb)

>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: linimon 
State-Changed-When: Wed Apr 2 00:24:15 UTC 2008 
State-Changed-Why:  
See kern/122286 from same submitter. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122331 
State-Changed-From-To: closed->open 
State-Changed-By: linimon 
State-Changed-When: Thu Apr 3 22:18:46 UTC 2008 
State-Changed-Why:  
Closed by mistake. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122331 

From: Matthias Apitz <matthias.apitz@oclc.org>
To: bug-followup@FreeBSD.org, guru@sisis.de
Cc:  
Subject: Re: kern/122331: [wpa] [panic] 7.0-RELEASE &amp;&amp; panic in Wifi area with WPA mode (not in WEP mode)
Date: Fri, 4 Apr 2008 16:37:58 +0200

 I'm doing since two days a
 
 	ifconfig iwi0 -bgscan
 
 in the devd(8) hook scripts when interface comes UP and since this I
 have no more panics; seems that the problem is related to background
 scans;
 
 	matthias

From: Volker <volker@vwsoft.com>
To: bug-followup@FreeBSD.org, guru@Sisis.de
Cc:  
Subject: Re: kern/122331: [wpa] [panic] 7.0-RELEASE &amp;&amp; panic in Wifi area with WPA mode (not in WEP mode)
Date: Tue, 08 Apr 2008 23:06:56 +0200

 Even this PR does not look like the panic might be related to iwi code.
 
 If I'm not mistaken (the backtrace rings some bells), a `sysctl -a' may
 also produce this panic.
 
 Just to add a note: PR kern/122286 has now been closed in favor to this one.

Subject: panic's on KDE-launches (but only in WPA Wifi area) / kern/122331
Date: Mon, 15 Sep 2008 13:08:38 +0200
From: Matthias Apitz <guru@unixarea.de>
Reply-To: Matthias Apitz <guru@unixarea.de>

 Hello,
 
 I'm booting my laptop 3 times a day: in the morning at home (WEP area),
 when I arrive in my office (WPA area) and in the evening at home
 (again);
 
 the sequence is always the same: booting, login into console, startx
 which launches via ~/.xinitrc the KDE;
 
 in about 1 of 2-3 cases and only in the office(!) the system panics when
 KDE comes up, at the end of the KDE booting and the jingle already
 played; today it crashed again and again and after switching off the
 Wifi radio on the laptop it came finally up fine;
 
 I did this (Wifi off) because I'm assuming somehow a relation with
 http://www.freebsd.org/cgi/query-pr.cgi?pr=122331
 where my laptop as well only panic'ed in WPA mode (i.e. in the office)
 and with 'bgscan' active; which I now have deactivated;
 
 all these panics look in the debugger more or less like this one:
 
 Fatal trap 12: page fault while in kernel mode
 cpuid = 0; apic id = 00
 fault virtual address   = 0xc
 fault code              = supervisor read, page not present
 instruction pointer     = 0x20:0xc0788b98
 stack pointer           = 0x28:0xe6960acc
 frame pointer           = 0x28:0xe6960c50
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = 1426 (kdeinit)
 trap number             = 12
 panic: page fault
 cpuid = 0
 Uptime: 1m36s
 Physical memory: 1009 MB
 Dumping 129 MB: 114 98 82 66 50 34 18 2
 
 #0  doadump () at pcpu.h:195
 195     pcpu.h: No such file or directory.
         in pcpu.h
 (kgdb) bt
 #0  doadump () at pcpu.h:195
 #1  0xc0754457 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
 #2  0xc0754719 in panic (fmt=Variable "fmt" is not available.) at /usr/src/sys/kern/kern_shutdown.c:563
 #3  0xc0a4905c in trap_fatal (frame=0xe6960a8c, eva=12) at /usr/src/sys/i386/i386/trap.c:899
 #4  0xc0a492e0 in trap_pfault (frame=0xe6960a8c, usermode=0, eva=12)
     at /usr/src/sys/i386/i386/trap.c:812
 #5  0xc0a49c8c in trap (frame=0xe6960a8c) at /usr/src/sys/i386/i386/trap.c:490
 #6  0xc0a2fc0b in calltrap () at /usr/src/sys/i386/i386/exception.s:139
 #7  0xc0788b98 in kern_select (td=0xc49d5630, nd=9, fd_in=0x298ad840, fd_ou=0x298ad9c4, 
     fd_ex=0x298adb48, tvp=0x0) at filedesc.h:136
 #8  0xc07890de in select (td=0xc49d5630, uap=0xe6960cfc) at /usr/src/sys/kern/sys_generic.c:663
 #9  0xc0a49635 in syscall (frame=0xe6960d38) at /usr/src/sys/i386/i386/trap.c:1035
 #10 0xc0a2fc70 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:196
 #11 0x00000033 in ?? ()
 Previous frame inner to this frame (corrupt stack?)
 (kgdb) 
 
 the 'current process' (kdeinit in the above crash) changes, but is
 always one of the KDE parts; of course the problem is not KDE related,
 it is just that the system comes under heavy usage in that moment;
 
 I already run 'memtest 128' for some hours without any noted problem in
 memory; test are just passing fine;
 
 the same problem is with 7.0-RELEASE as with RELENG_7;
 
 what can I do to nail this down? it sucks somehow seeing it crashing on
 startup in the morning in the office :-((
 
 thx
 
 	matthias
 
 -- 
 Matthias Apitz
 Manager Technical Support - OCLC GmbH
 Gruenwalder Weg 28g - 82041 Oberhaching - Germany
 t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
 e <matthias.apitz@oclc.org> - w http://www.oclc.org/ http://www.UnixArea.de/
 b http://gurucubano.blogspot.com/
 A computer is like an air conditioner, it stops working when you open Windows
 Una computadora es como aire acondicionado, deja de funcionar si abres Windows

Subject: Re: panic's on KDE-launches (but only in WPA Wifi area) / kern/122331
Date: Mon, 15 Sep 2008 14:48:05 -0400
From: John Baldwin <jhb@freebsd.org>

 Can you go to frame 7 in kgdb and 'p *fdp'?
 
 -- 
 John Baldwin

Subject: Re: panic's on KDE-launches (but only in WPA Wifi area) / kern/122331
Date: Mon, 15 Sep 2008 21:48:53 +0200
From: Matthias Apitz <guru@unixarea.de>
To: John Baldwin <jhb@freebsd.org>

 (kgdb) frame 7
 #7  0xc0788b98 in kern_select (td=0xc49d5630, nd=9, fd_in=0x298ad840, 
     fd_ou=0x298ad9c4, fd_ex=0x298adb48, tvp=0x0) at filedesc.h:136
 		return (fd < 0 || fd >= fdp->fd_nfiles ? NULL : fdp->fd_ofiles[fd]);
 (kgdb) p *fdp
 Variable "fdp" is not available.
 (kgdb) 
 
 perhaps I do something wrong?
 
 	matthias
 
Subject: Re: panic's on KDE-launches (but only in WPA Wifi area) / kern/122331
Date: Mon, 15 Sep 2008 16:08:06 -0400
From: John Baldwin <jhb@freebsd.org>
To: Matthias Apitz <guru@unixarea.de>

 If 'td' is available then you can do 'p *td->td_proc->p_fd'
 
 -- 
 John Baldwin

Subject: Re: panic's on KDE-launches (but only in WPA Wifi area) / kern/122331
Date: Tue, 16 Sep 2008 00:24:14 +0200
From: Matthias Apitz <guru@unixarea.de>
To: John Baldwin <jhb@freebsd.org>
Reply-To: Matthias Apitz <guru@unixarea.de>
 
 (kgdb) frame 7
 #7  0xc0788b98 in kern_select (td=0xc49d5630, nd=9, fd_in=0x298ad840, 
     fd_ou=0x298ad9c4, fd_ex=0x298adb48, tvp=0x0) at filedesc.h:136
 136             return (fd < 0 || fd >= fdp->fd_nfiles ? NULL :
 fdp->fd_ofiles[fd]);
 (kgdb) p td
 $7 = (struct thread *) 0xc49d5630
 (kgdb) p *td->td_proc->p_fd
 $8 = {fd_ofiles = 0x0, fd_ofileflags = 0x0, fd_cdir = 0x0, 
   fd_rdir = 0xc42f3a00, fd_jdir = 0x0, fd_nfiles = 20, fd_map =
 0xc49db8b4, 
   fd_lastfile = 9, fd_freefile = 10, fd_cmask = 18, fd_refcnt = 1, 
   fd_holdcnt = 1, fd_sx = {lock_object = {
       lo_name = 0xc0ad3cbe "filedesc structure", 
       lo_type = 0xc0ad3cbe "filedesc structure", lo_flags = 37421056, 
       lo_witness_data = {lod_list = {stqe_next = 0x0}, lod_witness =
 0x0}}, 
     sx_lock = 17, sx_recurse = 0}, fd_kqlist = {slh_first = 0x0}, 
   fd_holdleaderscount = 0, fd_holdleaderswakeup = 0}
 (kgdb) 
 
 	matthias
 

From: Matthias Apitz <matthias.apitz@oclc.org>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/122331: [wpa] [panic] 7.0-RELEASE &amp;&amp; panic in Wifi area with WPA mode (not in WEP mode)
Date: Tue, 16 Sep 2008 06:33:47 +0200

 > 
 > If 'td' is available then you can do 'p *td->td_proc->p_fd'
 
 (kgdb) frame 7
 #7  0xc0788b98 in kern_select (td=0xc49d5630, nd=9, fd_in=0x298ad840, 
     fd_ou=0x298ad9c4, fd_ex=0x298adb48, tvp=0x0) at filedesc.h:136
 136             return (fd < 0 || fd >= fdp->fd_nfiles ? NULL :
 fdp->fd_ofiles[fd]);
 (kgdb) p td
 $7 = (struct thread *) 0xc49d5630
 (kgdb) p *td->td_proc->p_fd
 $8 = {fd_ofiles = 0x0, fd_ofileflags = 0x0, fd_cdir = 0x0,
   fd_rdir = 0xc42f3a00, fd_jdir = 0x0, fd_nfiles = 20, fd_map =
 0xc49db8b4,
   fd_lastfile = 9, fd_freefile = 10, fd_cmask = 18, fd_refcnt = 1,
   fd_holdcnt = 1, fd_sx = {lock_object = {
       lo_name = 0xc0ad3cbe "filedesc structure",
       lo_type = 0xc0ad3cbe "filedesc structure", lo_flags = 37421056,
       lo_witness_data = {lod_list = {stqe_next = 0x0}, lod_witness =
 0x0}},
     sx_lock = 17, sx_recurse = 0}, fd_kqlist = {slh_first = 0x0},
   fd_holdleaderscount = 0, fd_holdleaderswakeup = 0}
 (kgdb)
 
         matthias
 

From: John Baldwin <jhb@freebsd.org>
To: Matthias Apitz <guru@unixarea.de>
Cc: freebsd-hackers@freebsd.org, freebsd-net@freebsd.org,
        bug-followup@freebsd.org
Subject: Re: kern/122331: panic's on KDE-launches (but only in WPA Wifi area)
Date: Tue, 16 Sep 2008 11:25:44 -0400

 Well, fd_ofiles being NULL here is really odd.  It's also odd that you have=
  no=20
 current directory.  Because fd_nfiles is 20, fd_ofiles should be pointing t=
 o=20
 the static file descriptor array.  Off the top of my head I don't see how=20
 this is happening.  It might help if you can narrow down exactly what WPA=20
 operation you are doing that causes the panic.
 
 =2D-=20
 John Baldwin

From: Matthias Apitz <guru@unixarea.de>
To: John Baldwin <jhb@freebsd.org>
Cc: freebsd-hackers@freebsd.org, freebsd-net@freebsd.org,
        bug-followup@freebsd.org
Subject: Re: kern/122331: panic's on KDE-launches (but only in WPA Wifi area)
Date: Wed, 17 Sep 2008 09:27:47 +0200

 El da Tuesday, September 16, 2008 a las 11:25:44AM -0400, John Baldwin escribi:
 
 > Well, fd_ofiles being NULL here is really odd.  It's also odd that you have no 
 > current directory.  Because fd_nfiles is 20, fd_ofiles should be pointing to 
 > the static file descriptor array.  Off the top of my head I don't see how 
 > this is happening.  It might help if you can narrow down exactly what WPA 
 > operation you are doing that causes the panic.
 
 I'm doing nothing by my own with WPA; the wpa_supplicant is launched at
 boot time via /etc/rc.conf entry as:
 
 ifconfig_iwi0="WPA"
 
 i.e. in the moment when I launch the X11+KDE with 'startx' is
 already running, iwi0 is associated with the AP and IP/routing is up in
 the interface (I've checked this always with 'ifconfig iwi0');
 the difference between my home and the office is WEP (at home where I
 don't face that problem) and WPA in the office;
 
 yesterday and today morning KDE booted fine without causing this panic;
 
 could the reason be some inconsistency in the file system? but in this
 case as well I don't know where this could come from; I have always
 clean shutdowns before moving from my home to the office:
 
 	matthias
 
 -- 
 Matthias Apitz
 A computer is like an air conditioner, it stops working when you open Windows
 Una computadora es como aire acondicionado, deja de funcionar si abres Windows
State-Changed-From-To: open->feedback 
State-Changed-By: bschmidt 
State-Changed-When: Mon Jan 3 21:34:39 UTC 2011 
State-Changed-Why:  
requested feedback 


Responsible-Changed-From-To: freebsd-bugs->bschmidt 
Responsible-Changed-By: bschmidt 
Responsible-Changed-When: Mon Jan 3 21:34:39 UTC 2011 
Responsible-Changed-Why:  
over to me 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122331 

From: Bernhard Schmidt <bschmidt@freebsd.org>
To: Matthias Apitz <guru@unixarea.de>,
 Matthias Apitz <guru@sisis.de>,
 Matthias Apitz <matthias.apitz@oclc.org>
Cc: bug-followup@freebsd.org
Subject: Re: kern/122331: [wpa] [panic] 7.0-RELEASE && panic in Wifi area with WPA mode (not in WEP mode)
Date: Mon, 3 Jan 2011 22:34:27 +0100

 Hi,
 
 Is this still an issue on more recent system?
 
 -- 
 Bernhard

From: Matthias Apitz <guru@unixarea.de>
To: Bernhard Schmidt <bschmidt@freebsd.org>
Cc: Matthias Apitz <guru@unixarea.de>,
        Matthias Apitz <matthias.apitz@oclc.org>, bug-followup@freebsd.org
Subject: Re: kern/122331: [wpa] [panic] 7.0-RELEASE && panic in Wifi area
	with WPA mode (not in WEP mode)
Date: Tue, 4 Jan 2011 07:31:39 +0100

 El día Monday, January 03, 2011 a las 10:34:27PM +0100, Bernhard Schmidt escribió:
 
 > Hi,
 > 
 > Is this still an issue on more recent system?
 > 
 > -- 
 > Bernhard
 
 Hi,
 
 Since May 2009 I have not seen this in 8-CURRENT. 
 
 	matthias
 -- 
 Matthias Apitz
 t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
 e <guru@unixarea.de> - w http://www.unixarea.de/
State-Changed-From-To: feedback->closed 
State-Changed-By: bschmidt 
State-Changed-When: Tue Jan 4 08:22:18 UTC 2011 
State-Changed-Why:  
No longer an issue in recent versions, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122331 
>Unformatted:
