From nobody@FreeBSD.org  Fri May  9 13:20:48 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DBCEF1065744
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  9 May 2008 13:20:48 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 5CFFB8FC26
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  9 May 2008 13:20:48 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m49DJn81065911
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 9 May 2008 13:19:49 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m49DJnEY065910;
	Fri, 9 May 2008 13:19:49 GMT
	(envelope-from nobody)
Message-Id: <200805091319.m49DJnEY065910@www.freebsd.org>
Date: Fri, 9 May 2008 13:19:49 GMT
From: Gareth Wyn Roberts <g.w.roberts@cs.cardiff.ac.uk>
To: freebsd-gnats-submit@FreeBSD.org
Subject: kernel panic during network activity on ath0
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         123552
>Category:       kern
>Synopsis:       [ath] [panic] kernel panic during network activity on ath0
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    sam
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 09 13:30:01 UTC 2008
>Closed-Date:    Sun Nov 23 22:06:23 UTC 2008
>Last-Modified:  Sun Nov 23 22:06:23 UTC 2008
>Originator:     Gareth Wyn Roberts
>Release:        FreeBSD 7.0-STABLE #0: Wed May  7 17:30:52 BST 2008
>Organization:
Cardiff University
>Environment:
FreeBSD 7.0-STABLE #0: Wed May  7 17:30:52 BST 2008
>Description:
Kernel panics during network activity on ath0.
Problem occurs with FreeBSD 7.0-STABLE built on 7 May, so I have reverted to my previous kernel which was built on 15 March, which is stable.

/var/crash/info.6 contains:-

Dump header from device /dev/da0s1b
  Architecture: i386
  Architecture Version: 2
  Dump Length: 113618944B (108 MB)
  Blocksize: 512
  Dumptime: Fri May  9 13:06:22 2008
  Hostname: penrallt-3
  Magic: FreeBSD Kernel Dump
  Version String: FreeBSD 7.0-STABLE #0: Wed May  7 17:30:52 BST 2008
    gwr@penrallt-3:/a/mcu5/usr/obj/a/mcu5/usr/home/src-RELENG_7/src/sys/GENERIC
  Panic String: page fault
  Dump Parity: 31568421
  Bounds: 6
  Dump Status: good

and a backtrace from kgdb /boot/kernel/kernel.symbols /var/crash/vmcore.6 gives:-

[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
There is no member named pathname.
Reading symbols from /boot/kernel/snd_ich.ko...Reading symbols from /boot/kernel/snd_ich.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/snd_ich.ko
Reading symbols from /boot/kernel/sound.ko...Reading symbols from /boot/kernel/sound.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/sound.ko
Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi.ko
Reading symbols from /boot/kernel/linprocfs.ko...Reading symbols from /boot/kernel/linprocfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linprocfs.ko
Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/kernel/linux.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linux.ko
Reading symbols from /usr/local/modules/fuse.ko...done.
Loaded symbols for /usr/local/modules/fuse.ko

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0x0
fault code		= supervisor read, page not present
instruction pointer	= 0x20:0xc0522b46
stack pointer	        = 0x28:0xe46127f8
frame pointer	        = 0x28:0xe4612864
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 24 (ath0 taskq)
trap number		= 12
panic: page fault
cpuid = 0
Uptime: 2m22s
Physical memory: 1011 MB
Dumping 108 MB: 93 77 61 45 29 13

#0  doadump () at pcpu.h:195
195	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) where
#0  doadump () at pcpu.h:195
#1  0xc0768ee7 in boot (howto=260)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/kern/kern_shutdown.c:418
#2  0xc07691a9 in panic (fmt=Variable "fmt" is not available.
)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/kern/kern_shutdown.c:572
#3  0xc0a7084c in trap_fatal (frame=0xe46127b8, eva=0)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/i386/i386/trap.c:899
#4  0xc0a70ad0 in trap_pfault (frame=0xe46127b8, usermode=0, eva=0)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/i386/i386/trap.c:812
#5  0xc0a7147c in trap (frame=0xe46127b8)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/i386/i386/trap.c:490
#6  0xc0a5720b in calltrap ()
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/i386/i386/exception.s:139
#7  0xc0522b46 in ath_start (ifp=0xc40ab800)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/dev/ath/if_ath.c:1747
#8  0xc07fb059 in if_start (ifp=0xc40ab800)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/net/if.c:2704
#9  0xc08017ab in ether_output_frame (ifp=0xc40ab800, m=0xc405f900)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/net/if_ethersubr.c:405
#10 0xc0801d5c in ether_output (ifp=0xc40ab800, m=0xc405f900, dst=0xc43f64f0, 
    rt0=0xc441ab40)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/net/if_ethersubr.c:374
#11 0xc082dceb in ieee80211_output (ifp=0xc40ab800, m=0xc405f900, 
    dst=0xc43f64f0, rt0=0xc441ab40)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/net80211/ieee80211_output.c:261
#12 0xc0847136 in ip_output (m=0xc405f900, opt=0x0, ro=0xe461295c, flags=Variable "flags" is not available.
)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/netinet/ip_output.c:551
#13 0xc08a8995 in tcp_respond (tp=0x0, ipgen=0xc4083024, th=0xc4083038, 
    m=0xc405f900, ack=0, seq=3484348755, flags=Variable "flags" is not available.
)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/netinet/tcp_subr.c:572
#14 0xc08a0b89 in tcp_dropwithreset (m=0xc405f900, th=0xc4083038, tp=0x0, 
    tlen=24, rstreason=3)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/netinet/tcp_input.c:2465
#15 0xc08a3888 in tcp_input (m=0xc405f900, off0=20)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/netinet/tcp_input.c:851
#16 0xc084567e in ip_input (m=0xc405f900)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/netinet/ip_input.c:665
#17 0xc080bfa5 in netisr_dispatch (num=2, m=0xc405f900)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/net/netisr.c:185
#18 0xc0801f81 in ether_demux (ifp=0xc40ab800, m=0xc405f900)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/net/if_ethersubr.c:834
#19 0xc0802373 in ether_input (ifp=0xc40ab800, m=0xc405f900)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/net/if_ethersubr.c:692
#20 0xc081eedd in ieee80211_deliver_data (ic=0xc40b122c, ni=0xc4427000, 
    m=0xc405f900)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/net80211/ieee80211_input.c:779
#21 0xc08245ec in ieee80211_input (ic=0xc40b122c, m=0xc405f900, 
    ni=0xc4427000, rssi=21, noise=-96, rstamp=21903)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/net80211/ieee80211_input.c:519
#22 0xc052526d in ath_rx_proc (arg=0xc40b1000, npending=1)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/dev/ath/if_ath.c:3673
#23 0xc079bc35 in taskqueue_run (queue=0xc4044880)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/kern/subr_taskqueue.c:255
#24 0xc079be3b in taskqueue_thread_loop (arg=0xc40b2674)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/kern/subr_taskqueue.c:374
#25 0xc0746889 in fork_exit (callout=0xc079bd80 <taskqueue_thread_loop>, 
    arg=0xc40b2674, frame=0xe4612d38)
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/kern/kern_fork.c:783
#26 0xc0a57280 in fork_trampoline ()
    at /a/mcu5/usr/home/src-RELENG_7/src/sys/i386/i386/exception.s:205
(kgdb) quit

>How-To-Repeat:
Use the network - e.g. portupgrade, sftp.
>Fix:
None known.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Fri May 9 14:43:19 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123552 
State-Changed-From-To: open->feedback 
State-Changed-By: sam 
State-Changed-When: Fri May 9 17:10:24 UTC 2008 
State-Changed-Why:  
need system and network configuration at a minimum 


Responsible-Changed-From-To: freebsd-net->sam 
Responsible-Changed-By: sam 
Responsible-Changed-When: Fri May 9 17:10:24 UTC 2008 
Responsible-Changed-Why:  
need system and network configuration at a minimum; e.g. provide a dmesg 
and the output of ifconfig 


http://www.freebsd.org/cgi/query-pr.cgi?pr=123552 

From: Gareth Wyn Roberts <g.w.roberts@cs.cardiff.ac.uk>
To: bug-followup@freebsd.org,
 g.w.roberts@cs.cardiff.ac.uk
Cc:  
Subject: Re: kern/123552: [ath] [panic] kernel panic during network activity on ath0
Date: Fri, 9 May 2008 23:34:40 +0100

 Apologies - at the time of submitting the PR, I had already booted to the 
 older stable kernel and I had forgotten to store ifconfig and dmesg output.
 Here are a couple of ifconfig outputs and /var/run/dmesg.boot from the 
 unstable kernel (GENERIC).
 
 ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
 	ether 00:18:4d:76:3b:9b
 	inet 192.168.0.3 netmask 0xffffff00 broadcast 192.168.0.255
 	media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/12Mbps)
 	status: associated
 	ssid NETGEAR channel 11 (2462 Mhz 11g) bssid 00:0f:b5:d2:9e:2e
 	authmode OPEN privacy ON deftxkey 1 wepkey 1:40-bit wepkey 2:40-bit
 	wepkey 3:40-bit wepkey 4:40-bit txpower 31.5 bmiss 7 scanvalid 60
 	bgscan bgscanintvl 300 bgscanidle 250 roam:rssi11g 7 roam:rate11g 5
 	protmode CTS burst
 
 ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
 	ether 00:18:4d:76:3b:9b
 	inet 192.168.0.3 netmask 0xffffff00 broadcast 192.168.0.255
 	media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps)
 	status: associated
 	ssid NETGEAR channel 11 (2462 Mhz 11g) bssid 00:0f:b5:d2:9e:2e
 	authmode OPEN privacy ON deftxkey 1 wepkey 1:40-bit wepkey 2:40-bit
 	wepkey 3:40-bit wepkey 4:40-bit txpower 31.5 bmiss 7 scanvalid 60
 	bgscan bgscanintvl 300 bgscanidle 250 roam:rssi11g 7 roam:rate11g 5
 	protmode CTS burst
 
 
 Copyright (c) 1992-2008 The FreeBSD Project.
 Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
 	The Regents of the University of California. All rights reserved.
 FreeBSD is a registered trademark of The FreeBSD Foundation.
 FreeBSD 7.0-STABLE #0: Wed May  7 17:30:52 BST 2008
     
 gwr@penrallt-3:/a/mcu5/usr/obj/a/mcu5/usr/home/src-RELENG_7/src/sys/GENERIC
 Timecounter "i8254" frequency 1193182 Hz quality 0
 CPU: Intel(R) Pentium(R) 4 CPU 2.20GHz (2193.35-MHz 686-class CPU)
   Origin = "GenuineIntel"  Id = 0xf24  Stepping = 4
   
 Features=0x3febfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM>
 real memory  = 1073479680 (1023 MB)
 avail memory = 1036865536 (988 MB)
 ACPI APIC Table: <D850MV MV85010A>
 ioapic0: Changing APIC ID to 1
 ioapic0 <Version 2.0> irqs 0-23 on motherboard
 kbd1 at kbdmux0
 ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
 acpi0: <D850MV MV85010A> on motherboard
 acpi0: [ITHREAD]
 acpi0: Power Button (fixed)
 acpi0: reservation of 0, a0000 (3) failed
 acpi0: reservation of 100000, 3ff00000 (3) failed
 Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
 cpu0: <ACPI CPU> on acpi0
 p4tcc0: <CPU Frequency Thermal Control> on cpu0
 acpi_button0: <Power Button> on acpi0
 pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
 pci0: <ACPI PCI bus> on pcib0
 agp0: <Intel 82850 host to AGP bridge> on hostb0
 pcib1: <PCI-PCI bridge> at device 1.0 on pci0
 pci1: <PCI bus> on pcib1
 vgapci0: <VGA-compatible display> mem 
 0xfd000000-0xfdffffff,0xe8000000-0xefffffff irq 16 at device 0.0 on pci1
 pcib2: <ACPI PCI-PCI bridge> at device 30.0 on pci0
 pci2: <ACPI PCI bus> on pcib2
 fxp0: <Intel 82801BA/CAM (ICH2/3) Pro/100 Ethernet> port 0xdf00-0xdf3f mem 
 0xfeafe000-0xfeafefff irq 20 at device 8.0 on pci2
 miibus0: <MII bus> on fxp0
 inphy0: <i82562ET 10/100 media interface> PHY 1 on miibus0
 inphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
 fxp0: Ethernet address: 00:03:47:e5:57:57
 fxp0: [ITHREAD]
 ath0: <Atheros 5212> mem 0xfeae0000-0xfeaeffff irq 23 at device 11.0 on pci2
 ath0: [ITHREAD]
 ath0: using obsoleted if_watchdog interface
 ath0: Ethernet address: 00:18:4d:76:3b:9b
 ath0: mac 7.9 phy 4.5 radio 5.6
 ahc0: <Adaptec 19160B Ultra160 SCSI adapter> port 0xd800-0xd8ff mem 
 0xfeaff000-0xfeafffff irq 17 at device 12.0 on pci2
 ahc0: [ITHREAD]
 aic7892: Ultra160 Wide Channel A, SCSI Id=7, 32/253 SCBs
 isab0: <PCI-ISA bridge> at device 31.0 on pci0
 isa0: <ISA bus> on isab0
 atapci0: <Intel ICH2 UDMA100 controller> port 
 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf at device 31.1 on pci0
 ata0: <ATA channel 0> on atapci0
 ata0: [ITHREAD]
 ata1: <ATA channel 1> on atapci0
 ata1: [ITHREAD]
 uhci0: <Intel 82801BA/BAM (ICH2) USB controller USB-A> port 0xef40-0xef5f irq 
 19 at device 31.2 on pci0
 uhci0: [GIANT-LOCKED]
 uhci0: [ITHREAD]
 usb0: <Intel 82801BA/BAM (ICH2) USB controller USB-A> on uhci0
 usb0: USB revision 1.0
 uhub0: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb0
 uhub0: 2 ports with 2 removable, self powered
 pci0: <serial bus, SMBus> at device 31.3 (no driver attached)
 uhci1: <Intel 82801BA/BAM (ICH2) USB controller USB-B> port 0xef80-0xef9f irq 
 23 at device 31.4 on pci0
 uhci1: [GIANT-LOCKED]
 uhci1: [ITHREAD]
 usb1: <Intel 82801BA/BAM (ICH2) USB controller USB-B> on uhci1
 usb1: USB revision 1.0
 uhub1: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb1
 uhub1: 2 ports with 2 removable, self powered
 pcm0: <Intel ICH2 (82801BA)> port 0xe800-0xe8ff,0xef00-0xef3f irq 17 at device 
 31.5 on pci0
 pcm0: [ITHREAD]
 pcm0: <Analog Devices AD1885 AC97 Codec>
 atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
 atkbd0: <AT Keyboard> irq 1 on atkbdc0
 kbd0 at atkbd0
 atkbd0: [GIANT-LOCKED]
 atkbd0: [ITHREAD]
 psm0: <PS/2 Mouse> irq 12 on atkbdc0
 psm0: [GIANT-LOCKED]
 psm0: [ITHREAD]
 psm0: model IntelliMouse Explorer, device ID 4
 fdc0: <floppy drive controller> port 0x3f0-0x3f1,0x3f2-0x3f3,0x3f4-0x3f5,0x3f7 
 irq 6 drq 2 on acpi0
 fdc0: [FILTER]
 fd0: <1440-KB 3.5" drive> on fdc0 drive 0
 sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
 sio0: type 16550A
 sio0: [FILTER]
 sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
 sio1: type 16550A
 sio1: [FILTER]
 pmtimer0 on isa0
 orm0: <ISA Option ROMs> at iomem 
 0xc0000-0xcc7ff,0xcc800-0xcd7ff,0xd3000-0xd3fff pnpid ORM0000 on isa0
 ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
 ppc0: Generic chipset (EPP/NIBBLE) in COMPATIBLE mode
 ppbus0: <Parallel port bus> on ppc0
 ppbus0: [ITHREAD]
 plip0: <PLIP network interface> on ppbus0
 lpt0: <Printer> on ppbus0
 lpt0: Interrupt-driven port
 ppi0: <Parallel I/O> on ppbus0
 ppc0: [GIANT-LOCKED]
 ppc0: [ITHREAD]
 sc0: <System console> at flags 0x100 on isa0
 sc0: VGA <16 virtual consoles, flags=0x300>
 vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
 uhub2: <vendor 0x0424 product 0x0140, class 9/0, rev 1.10/0.00, addr 2> on 
 uhub1
 uhub2: 4 ports with 4 removable, self powered
 ulpt0: <Lexmark International Lexmark C522, class 0/0, rev 2.00/0.00, addr 3> 
 on uhub2
 ulpt0: using bi-directional mode
 Timecounter "TSC" frequency 2193348296 Hz quality 800
 Timecounters tick every 1.000 msec
 Waiting 5 seconds for SCSI devices to settle
 ad0: 58644MB <IC35L060AVER07 0 ER6OA46A> at ata0-master UDMA100
 acd0: CDRW <PLEXTOR CD-R PX-W4012A/1.01> at ata1-master UDMA33
 acd1: CDROM <SAMSUNG CD-ROM SC-152L/C100> at ata1-slave PIO4
 pcm0: measured ac97 link rate at 55934 Hz
 da0 at ahc0 bus 0 target 15 lun 0
 da0: <FUJITSU MAM3184MP 0105> Fixed Direct Access SCSI-3 device 
 da0: 160.000MB/s transfers (80.000MHz DT, offset 127, 16bit)
 da0: Command Queueing Enabled
 da0: 17522MB (35885344 512 byte sectors: 255H 63S/T 2233C)
 Trying to mount root from ufs:/dev/da0s1a

From: Martin <nakal@web.de>
To: bug-followup@FreeBSD.org
Cc: g.w.roberts@cs.cardiff.ac.uk, sam@FreeBSD.org
Subject: Re: kern/123552: [ath] [panic] kernel panic during network activity
 on ath0
Date: Sat, 24 May 2008 23:46:39 +0200

 Hi,
 
 I want to confirm this bug. It happened after I started firefox. The
 wireless network had a very weak connectivity (perhaps interesting info
 for you).
 
 uname -a
 FreeBSD link.local 7.0-STABLE FreeBSD 7.0-STABLE #0: Thu May 22
 00:34:45 CEST 2008     root@link.local:/usr/obj/usr/src/sys/LINK  i386
 
 
 Here my kernel coredump which looks pretty similar to that one in this
 bug description:
 
 Fatal trap 12: page fault while in kernel mode
 cpuid =3D 0; apic id =3D 00
 fault virtual address	=3D 0x0
 fault code		=3D supervisor read, page not present
 instruction pointer	=3D 0x20:0xc04ef6d7
 stack pointer	        =3D 0x28:0xe6a8d8a8
 frame pointer	        =3D 0x28:0xe6a8d914
 code segment		=3D base 0x0, limit 0xfffff, type 0x1b
 			=3D DPL 0, pres 1, def32 1, gran 1
 processor eflags	=3D interrupt enabled, resume, IOPL =3D 0
 current process		=3D 1578 (firefox-bin)
 Physical memory: 1010 MB
 Dumping 168 MB: 153 137 121 105 89 73 57 41 25 9
 
 Error while mapping shared library sections:
 rtc.ko: No such file or directory.
 Reading symbols from /boot/kernel/linprocfs.ko...Reading symbols
 from /boot/kernel/linprocfs.ko.symbols...done. done.
 Loaded symbols for /boot/kernel/linprocfs.ko
 Reading symbols from /boot/kernel/linux.ko...Reading symbols
 from /boot/kernel/linux.ko.symbols...done. done.
 Loaded symbols for /boot/kernel/linux.ko
 Reading symbols from /boot/kernel/linsysfs.ko...Reading symbols
 from /boot/kernel/linsysfs.ko.symbols...done. done.
 Loaded symbols for /boot/kernel/linsysfs.ko
 Reading symbols from /boot/kernel/sound.ko...Reading symbols
 from /boot/kernel/sound.ko.symbols...done. done.
 Loaded symbols for /boot/kernel/sound.ko
 Reading symbols from /boot/kernel/snd_hda.ko...Reading symbols
 from /boot/kernel/snd_hda.ko.symbols...done. done.
 Loaded symbols for /boot/kernel/snd_hda.ko
 Reading symbols from /boot/kernel/acpi_video.ko...Reading symbols
 from /boot/kernel/acpi_video.ko.symbols...done. done.
 Loaded symbols for /boot/kernel/acpi_video.ko
 Reading symbols from /boot/kernel/acpi.ko...Reading symbols
 from /boot/kernel/acpi.ko.symbols...done. done.
 Loaded symbols for /boot/kernel/acpi.ko
 Reading symbols from /boot/kernel/acpi_ibm.ko...Reading symbols
 from /boot/kernel/acpi_ibm.ko.symbols...done. done.
 Loaded symbols for /boot/kernel/acpi_ibm.ko
 Reading symbols from /boot/kernel/aio.ko...Reading symbols
 from /boot/kernel/aio.ko.symbols...done. done.
 Loaded symbols for /boot/kernel/aio.ko
 Reading symbols from /boot/modules/kqemu.ko...done.
 Loaded symbols for /boot/modules/kqemu.ko
 Reading symbols from /boot/kernel/ubtbcmfw.ko...Reading symbols
 from /boot/kernel/ubtbcmfw.ko.symbols...done. done.
 Loaded symbols for /boot/kernel/ubtbcmfw.ko
 Reading symbols from /boot/kernel/ng_ubt.ko...Reading symbols
 from /boot/kernel/ng_ubt.ko.symbols...done. done.
 Loaded symbols for /boot/kernel/ng_ubt.ko
 Reading symbols from /boot/kernel/netgraph.ko...Reading symbols
 from /boot/kernel/netgraph.ko.symbols...done. done.
 Loaded symbols for /boot/kernel/netgraph.ko
 Reading symbols from /boot/kernel/geom_journal.ko...Reading symbols
 from /boot/kernel/geom_journal.ko.symbols...done. done.
 Loaded symbols for /boot/kernel/geom_journal.ko
 Reading symbols from /boot/kernel/geom_eli.ko...Reading symbols
 from /boot/kernel/geom_eli.ko.symbols...done. done.
 Loaded symbols for /boot/kernel/geom_eli.ko
 Reading symbols from /boot/kernel/ng_btsocket.ko...Reading symbols
 from /boot/kernel/ng_btsocket.ko.symbols...done. done.
 Loaded symbols for /boot/kernel/ng_btsocket.ko
 Reading symbols from /boot/kernel/ng_bluetooth.ko...Reading symbols
 from /boot/kernel/ng_bluetooth.ko.symbols...done. done.
 Loaded symbols for /boot/kernel/ng_bluetooth.ko
 Error while reading shared library symbols:
 rtc.ko: No such file or directory.
 #0  doadump () at pcpu.h:195
 195	pcpu.h: No such file or directory.
 	in pcpu.h
 (kgdb) bt
 #0  doadump () at pcpu.h:195
 #1  0xc04b04c9 in db_fncall (dummy1=3D-1062293216, dummy2=3D0,
 dummy3=3D-1062039072, dummy4=3D0xe6a8d63c "=EF=BF=BD=CD=AF=EF=BF=BD")
 at /usr/src/sys/ddb/db_command.c:516 #2  0xc04b0a2c in db_command
 (last_cmdp=3D0xc0ae2a94, cmd_table=3D0x0, dopager=3D1)
 at /usr/src/sys/ddb/db_command.c:413 #3  0xc04b0b2d in db_command_loop
 () at /usr/src/sys/ddb/db_command.c:466 #4  0xc04b248f in db_trap
 (type=3D12, code=3D0) at /usr/src/sys/ddb/db_main.c:228 #5  0xc07044e8 in
 kdb_trap (type=3D12, code=3D0, tf=3D0xe6a8d868)
 at /usr/src/sys/kern/subr_kdb.c:524 #6  0xc0997089 in trap_fatal
 (frame=3D0xe6a8d868, eva=3D0) at /usr/src/sys/i386/i386/trap.c:890
 #7  0xc099731d in trap_pfault (frame=3D0xe6a8d868, usermode=3D0, eva=3D0)
     at /usr/src/sys/i386/i386/trap.c:812
 #8  0xc0997d23 in trap (frame=3D0xe6a8d868)
 at /usr/src/sys/i386/i386/trap.c:490 #9  0xc097eadb in calltrap ()
 at /usr/src/sys/i386/i386/exception.s:139 #10 0xc04ef6d7 in ath_start
 (ifp=3D0xc4121c00) at /usr/src/sys/dev/ath/if_ath.c:1747
 #11 0xc076d1d5 in if_start (ifp=3D0xc4121c00)
 at /usr/src/sys/net/if.c:2704 #12 0xc077356f in ether_output_frame
 (ifp=3D0xc4121c00, m=3D0xc449c000) at /usr/src/sys/net/if_ethersubr.c:405
 #13 0xc0773ad2 in ether_output (ifp=3D0xc4121c00, m=3D0xc449c000,
 dst=3D0xc4fafc50, rt0=3D0xc449a0f0) at /usr/src/sys/net/if_ethersubr.c:374
 #14 0xc07a48ac in ieee80211_output (ifp=3D0xc4121c00, m=3D0xc449c000,=20
     dst=3D0xc4fafc50, rt0=3D0xc449a0f0)
     at /usr/src/sys/net80211/ieee80211_output.c:261
 #15 0xc07bda48 in ip_output (m=3D0xc449c000, opt=3D0x0, ro=3D0xe6a8da08,
 flags=3DVariable "flags" is not available. )
     at /usr/src/sys/netinet/ip_output.c:551
 #16 0xc0819e24 in tcp_output (tp=3D0xc45e5570)
     at /usr/src/sys/netinet/tcp_output.c:1135
 #17 0xc082446c in tcp_usr_rcvd (so=3D0xc51607bc, flags=3D0)
     at /usr/src/sys/netinet/tcp_usrreq.c:738
 #18 0xc0733383 in soreceive_generic (so=3D0xc51607bc, psa=3D0xe6a8dbe8,=20
     uio=3D0xe6a8dbf4, mp0=3D0x0, controlp=3D0x0, flagsp=3D0xe6a8dc78)
     at /usr/src/sys/kern/uipc_socket.c:1825
 #19 0xc072e2e1 in soreceive (so=3D0xc51607bc, psa=3D0xe6a8dbe8,
 uio=3D0xe6a8dbf4, mp0=3D0x0, controlp=3D0x0, flagsp=3D0xe6a8dc78)
     at /usr/src/sys/kern/uipc_socket.c:1853
 #20 0xc073450a in kern_recvit (td=3D0xc4959aa0, s=3D11, mp=3D0xe6a8dc60,=20
     fromseg=3DUIO_USERSPACE, controlp=3D0x0)
     at /usr/src/sys/kern/uipc_syscalls.c:986
 #21 0xc07346c0 in recvit (td=3DVariable "td" is not available.
 ) at /usr/src/sys/kern/uipc_syscalls.c:1093
 #22 0xc0734818 in recvfrom (td=3D0xc4959aa0, uap=3D0xe6a8dcfc)
     at /usr/src/sys/kern/uipc_syscalls.c:1137
 #23 0xc0997660 in syscall (frame=3D0xe6a8dd38)
     at /usr/src/sys/i386/i386/trap.c:1035
 #24 0xc097eb40 in Xint0x80_syscall ()
 at /usr/src/sys/i386/i386/exception.s:196
 #25 0x00000033 in ?? ()
 Previous frame inner to this frame (corrupt stack?)
 
 --
 Martin
 

From: Guy Coleman <gtcmail@mm.st>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/123552: [ath] [panic] kernel panic during network activity
 on ath0
Date: Sat, 26 Jul 2008 17:14:50 +0100

 "Me too".
 
 I get this panic with an up to date RELENG_7 kernel but not with an old 
 kernel from 13th April 2008. Any non-trivial network load triggers it.
 
 ifconfig:
 
 ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
          ether 00:14:6c:82:78:12
          inet 192.168.0.4 netmask 0xffffff00 broadcast 192.168.0.255
          media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps)
          status: associated
          ssid xxx channel 8 (2447 Mhz 11g) bssid 00:1b:2f:90:03:8e
          authmode WPA privacy ON deftxkey UNDEF TKIP 2:128-bit TKIP 
 3:128-bit
          txpower 31.5 bmiss 7 scanvalid 60 bgscan bgscanintvl 300
          bgscanidle 250 roam:rssi11g 7 roam:rate11g 5 protmode CTS burst
          roaming MANUAL
 
 
 Dmesg from the working kernel:
 
 Copyright (c) 1994-2008 The FreeBSD Project.
 Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
 	The Regents of the University of California. All rights reserved.
 FreeBSD is a registered trademark of The FreeBSD Foundation.
 FreeBSD 7.0-STABLE #4: Sun Apr 13 22:09:21 BST 2008
      gtc00u@fire.alarm:/vol1/obj/usr/src/sys/FIRE
 Timecounter "i8254" frequency 1193182 Hz quality 0
 CPU: Intel(R) Pentium(R) 4 CPU 2.40GHz (2520.01-MHz 686-class CPU)
    Origin = "GenuineIntel"  Id = 0xf25  Stepping = 5
  
 Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
    Features2=0x4400<CNXT-ID,xTPR>
    Logical CPUs per core: 2
 real memory  = 1072889856 (1023 MB)
 avail memory = 1040711680 (992 MB)
 ACPI APIC Table: <A M I  OEMAPIC >
 ioapic0 <Version 2.0> irqs 0-23 on motherboard
 ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
 acpi0: <A M I OEMXSDT> on motherboard
 acpi0: [ITHREAD]
 acpi0: Power Button (fixed)
 acpi0: reservation of 0, a0000 (3) failed
 acpi0: reservation of 100000, 3fef0000 (3) failed
 Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
 cpu0: <ACPI CPU> on acpi0
 pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
 pci0: <ACPI PCI bus> on pcib0
 agp0: <Intel 82875P host to AGP bridge> on hostb0
 pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0
 pci1: <ACPI PCI bus> on pcib1
 vgapci0: <VGA-compatible display> port 0xc000-0xc0ff mem 
 0xe0000000-0xe7ffffff,0xfe9f0000-0xfe9fffff irq 16 at device 0.0 on pci1
 drm0: <ATI Radeon RV280 9200> on vgapci0
 info: [drm] AGP at 0xf4000000 64MB
 info: [drm] Initialized radeon 1.25.0 20060524
 vgapci1: <VGA-compatible display> mem 
 0xd8000000-0xdfffffff,0xfe9e0000-0xfe9effff at device 0.1 on pci1
 uhci0: <Intel 82801EB (ICH5) USB controller USB-A> port 0xeec0-0xeedf 
 irq 16 at device 29.0 on pci0
 uhci0: [GIANT-LOCKED]
 uhci0: [ITHREAD]
 usb0: <Intel 82801EB (ICH5) USB controller USB-A> on uhci0
 usb0: USB revision 1.0
 uhub0: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb0
 uhub0: 2 ports with 2 removable, self powered
 uhci1: <Intel 82801EB (ICH5) USB controller USB-B> port 0xef00-0xef1f 
 irq 19 at device 29.1 on pci0
 uhci1: [GIANT-LOCKED]
 uhci1: [ITHREAD]
 usb1: <Intel 82801EB (ICH5) USB controller USB-B> on uhci1
 usb1: USB revision 1.0
 uhub1: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb1
 uhub1: 2 ports with 2 removable, self powered
 uhci2: <Intel 82801EB (ICH5) USB controller USB-C> port 0xef20-0xef3f 
 irq 18 at device 29.2 on pci0
 uhci2: [GIANT-LOCKED]
 uhci2: [ITHREAD]
 usb2: <Intel 82801EB (ICH5) USB controller USB-C> on uhci2
 usb2: USB revision 1.0
 uhub2: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb2
 uhub2: 2 ports with 2 removable, self powered
 uhci3: <Intel 82801EB (ICH5) USB controller USB-D> port 0xef40-0xef5f 
 irq 16 at device 29.3 on pci0
 uhci3: [GIANT-LOCKED]
 uhci3: [ITHREAD]
 usb3: <Intel 82801EB (ICH5) USB controller USB-D> on uhci3
 usb3: USB revision 1.0
 uhub3: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb3
 uhub3: 2 ports with 2 removable, self powered
 ehci0: <Intel 82801EB/R (ICH5) USB 2.0 controller> mem 
 0xfebfbc00-0xfebfbfff irq 23 at device 29.7 on pci0
 ehci0: [GIANT-LOCKED]
 ehci0: [ITHREAD]
 usb4: EHCI version 1.0
 usb4: companion controllers, 2 ports each: usb0 usb1 usb2 usb3
 usb4: <Intel 82801EB/R (ICH5) USB 2.0 controller> on ehci0
 usb4: USB revision 2.0
 uhub4: <Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1> on usb4
 uhub4: 8 ports with 8 removable, self powered
 pcib2: <ACPI PCI-PCI bridge> at device 30.0 on pci0
 pci2: <ACPI PCI bus> on pcib2
 atapci0: <Promise PDC20378 SATA150 controller> port 
 0xdf00-0xdf3f,0xdfa0-0xdfaf,0xdc00-0xdc7f mem 
 0xfeafe000-0xfeafefff,0xfeac0000-0xfeadffff irq 23 at device 4.0 on pci2
 atapci0: [ITHREAD]
 atapci0: [ITHREAD]
 ata2: <ATA channel 0> on atapci0
 ata2: [ITHREAD]
 ata3: <ATA channel 1> on atapci0
 ata3: [ITHREAD]
 ata4: <ATA channel 2> on atapci0
 ata4: [ITHREAD]
 pci2: <network, ethernet> at device 5.0 (no driver attached)
 pci2: <network, ethernet> at device 12.0 (no driver attached)
 isab0: <PCI-ISA bridge> at device 31.0 on pci0
 isa0: <ISA bus> on isab0
 atapci1: <Intel ICH5 UDMA100 controller> port 
 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xfc00-0xfc0f at device 31.1 on pci0
 ata0: <ATA channel 0> on atapci1
 ata0: [ITHREAD]
 ata1: <ATA channel 1> on atapci1
 ata1: [ITHREAD]
 atapci2: <Intel ICH5 SATA150 controller> port 
 0xefe0-0xefe7,0xefac-0xefaf,0xefa0-0xefa7,0xefa8-0xefab,0xef90-0xef9f 
 irq 18 at device 31.2 on pci0
 atapci2: [ITHREAD]
 ata5: <ATA channel 0> on atapci2
 ata5: [ITHREAD]
 ata6: <ATA channel 1> on atapci2
 ata6: [ITHREAD]
 pci0: <serial bus, SMBus> at device 31.3 (no driver attached)
 pci0: <multimedia, audio> at device 31.5 (no driver attached)
 acpi_button0: <Power Button> on acpi0
 atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
 atkbd0: <AT Keyboard> irq 1 on atkbdc0
 kbd0 at atkbd0
 atkbd0: [GIANT-LOCKED]
 atkbd0: [ITHREAD]
 psm0: <PS/2 Mouse> irq 12 on atkbdc0
 psm0: [GIANT-LOCKED]
 psm0: [ITHREAD]
 psm0: model IntelliMouse, device ID 3
 pmtimer0 on isa0
 orm0: <ISA Option ROM> at iomem 0xc0000-0xccfff pnpid ORM0000 on isa0
 sc0: <System console> at flags 0x100 on isa0
 sc0: VGA <16 virtual consoles, flags=0x300>
 vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
 Timecounter "TSC" frequency 2520013968 Hz quality 800
 Timecounters tick every 1.000 msec
 ad6: 190782MB <WDC WD2000JD-00GBB0 02.05D02> at ata3-master SATA150
 ad10: 35304MB <WDC WD360GD-00FNA0 35.06K35> at ata5-master SATA150
 ad12: 190782MB <WDC WD2000JD-00GBB0 02.05D02> at ata6-master SATA150
 GEOM_MIRROR: Device mirror/vol1 launched (2/2).
 Trying to mount root from ufs:/dev/ad10s1a
 ath0: <Atheros 5212> mem 0xfeae0000-0xfeaeffff irq 20 at device 12.0 on pci2
 ath0: [ITHREAD]
 ath0: using obsoleted if_watchdog interface
 ath0: Ethernet address: 00:14:6c:82:78:12
 ath0: mac 7.9 phy 4.5 radio 5.6
 info: [drm] Setting GART location based on new memory map
 info: [drm] Loading R200 Microcode
 info: [drm] writeback test succeeded in 1 usecs
 drm0: [ITHREAD]
 ath0: device timeout

From: Guy Coleman <gtc@mm.st>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/123552: [ath] [panic] kernel panic during network activity
 on ath0
Date: Tue, 29 Jul 2008 21:51:18 +0100

 Panic stacktrace:
 
 > GNU gdb 6.1.1 [FreeBSD]
 > Copyright 2004 Free Software Foundation, Inc.
 > GDB is free software, covered by the GNU General Public License, and you are
 > welcome to change it and/or distribute copies of it under certain conditions.
 > Type "show copying" to see the conditions.
 > There is absolutely no warranty for GDB.  Type "show warranty" for details.
 > This GDB was configured as "i386-marcel-freebsd"...
 > 
 > Unread portion of the kernel message buffer:
 > 
 > 
 > Fatal trap 12: page fault while in kernel mode
 > fault virtual address	= 0x0
 > fault code		= supervisor read, page not present
 > instruction pointer	= 0x20:0xc077969f
 > stack pointer	        = 0x28:0xe46197ac
 > frame pointer	        = 0x28:0xe4619820
 > code segment		= base 0x0, limit 0xfffff, type 0x1b
 > 			= DPL 0, pres 1, def32 1, gran 1
 > processor eflags	= interrupt enabled, resume, IOPL = 0
 > current process		= 34 (ath0 taskq)
 > Physical memory: 1014 MB
 > Dumping 77 MB: 62 46 30 14
 > 
 > Reading symbols from /boot/kernel/geom_label.ko...Reading symbols from /boot/kernel/geom_label.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/geom_label.ko
 > Reading symbols from /boot/kernel/geom_mirror.ko...Reading symbols from /boot/kernel/geom_mirror.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/geom_mirror.ko
 > Reading symbols from /boot/kernel/if_ath.ko...Reading symbols from /boot/kernel/if_ath.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/if_ath.ko
 > Reading symbols from /boot/kernel/ath_hal.ko...Reading symbols from /boot/kernel/ath_hal.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/ath_hal.ko
 > Reading symbols from /boot/kernel/wlan.ko...Reading symbols from /boot/kernel/wlan.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/wlan.ko
 > Reading symbols from /boot/kernel/ath_rate.ko...Reading symbols from /boot/kernel/ath_rate.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/ath_rate.ko
 > Reading symbols from /boot/kernel/if_sk.ko...Reading symbols from /boot/kernel/if_sk.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/if_sk.ko
 > Reading symbols from /boot/kernel/snd_es137x.ko...Reading symbols from /boot/kernel/snd_es137x.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/snd_es137x.ko
 > Reading symbols from /boot/kernel/sound.ko...Reading symbols from /boot/kernel/sound.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/sound.ko
 > Reading symbols from /boot/kernel/ugen.ko...Reading symbols from /boot/kernel/ugen.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/ugen.ko
 > Reading symbols from /boot/kernel/umass.ko...Reading symbols from /boot/kernel/umass.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/umass.ko
 > Reading symbols from /boot/kernel/agp.ko...Reading symbols from /boot/kernel/agp.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/agp.ko
 > Reading symbols from /boot/kernel/random.ko...Reading symbols from /boot/kernel/random.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/random.ko
 > Reading symbols from /boot/kernel/radeon.ko...Reading symbols from /boot/kernel/radeon.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/radeon.ko
 > Reading symbols from /boot/kernel/drm.ko...Reading symbols from /boot/kernel/drm.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/drm.ko
 > Reading symbols from /boot/kernel/wlan_tkip.ko...Reading symbols from /boot/kernel/wlan_tkip.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/wlan_tkip.ko
 > Reading symbols from /boot/kernel/wlan_scan_sta.ko...Reading symbols from /boot/kernel/wlan_scan_sta.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/wlan_scan_sta.ko
 > Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/acpi.ko
 > Reading symbols from /boot/kernel/geom_ccd.ko...Reading symbols from /boot/kernel/geom_ccd.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/geom_ccd.ko
 > Reading symbols from /boot/kernel/procfs.ko...Reading symbols from /boot/kernel/procfs.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/procfs.ko
 > Reading symbols from /boot/kernel/pseudofs.ko...Reading symbols from /boot/kernel/pseudofs.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/pseudofs.ko
 > Reading symbols from /boot/kernel/fdescfs.ko...Reading symbols from /boot/kernel/fdescfs.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/fdescfs.ko
 > Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/kernel/linux.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/linux.ko
 > Reading symbols from /boot/kernel/snake_saver.ko...Reading symbols from /boot/kernel/snake_saver.ko.symbols...done.
 > done.
 > Loaded symbols for /boot/kernel/snake_saver.ko
 > #0  doadump () at pcpu.h:195
 > 195		__asm __volatile("movl %%fs:0,%0" : "=r" (td));
 > (kgdb) bt
 > #0  doadump () at pcpu.h:195
 > #1  0xc0445de7 in db_fncall (dummy1=1, dummy2=0, dummy3=-1066569184, 
 >     dummy4=0xe4619550 "") at /usr/src/sys/ddb/db_command.c:516
 > #2  0xc0446337 in db_command (last_cmdp=0xc06b0954, cmd_table=0x0, dopager=1)
 >     at /usr/src/sys/ddb/db_command.c:413
 > #3  0xc044643a in db_command_loop () at /usr/src/sys/ddb/db_command.c:466
 > #4  0xc0447d9e in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:228
 > #5  0xc05260f4 in kdb_trap (type=12, code=0, tf=0xe461976c)
 >     at /usr/src/sys/kern/subr_kdb.c:524
 > #6  0xc063e0d1 in trap_fatal (frame=0xe461976c, eva=0)
 >     at /usr/src/sys/i386/i386/trap.c:890
 > #7  0xc063e361 in trap_pfault (frame=0xe461976c, usermode=0, eva=0)
 >     at /usr/src/sys/i386/i386/trap.c:812
 > #8  0xc063ec96 in trap (frame=0xe461976c) at /usr/src/sys/i386/i386/trap.c:490
 > #9  0xc0628cbb in calltrap () at /usr/src/sys/i386/i386/exception.s:139
 > #10 0xc077969f in ath_start (ifp=0xc3bf1800)
 >     at /usr/src/sys/modules/ath/../../dev/ath/if_ath.c:1747
 > #11 0xc0589cf8 in if_start (ifp=0xc3bf1800) at /usr/src/sys/net/if.c:2707
 > #12 0xc058feec in ether_output_frame (ifp=0xc3bf1800, m=0xc3ec1900)
 >     at /usr/src/sys/net/if_ethersubr.c:405
 > #13 0xc0590436 in ether_output (ifp=0xc3bf1800, m=0xc3ec1900, dst=0xc3c32bf0, 
 >     rt0=0xc3eacd90) at /usr/src/sys/net/if_ethersubr.c:374
 > #14 0xc05a8118 in ip_output (m=0xc3ec1900, opt=0x0, ro=0xe46198f4, flags=Variable "flags" is not available.
 > )
 >     at /usr/src/sys/netinet/ip_output.c:552
 > ---Type <return> to continue, or q <return> to quit---
 > #15 0xc05afd42 in tcp_output (tp=0xc402c910)
 >     at /usr/src/sys/netinet/tcp_output.c:1135
 > #16 0xc05adb05 in tcp_do_segment (m=0xc3f7b600, th=0xc3fa683c, so=0xc431a7d0, 
 >     tp=0xc402c910, drop_hdrlen=52, tlen=1448)
 >     at /usr/src/sys/netinet/tcp_input.c:2348
 > #17 0xc05ae6dd in tcp_input (m=0xc3f7b600, off0=20)
 >     at /usr/src/sys/netinet/tcp_input.c:846
 > #18 0xc05a6704 in ip_input (m=0xc3f7b600)
 >     at /usr/src/sys/netinet/ip_input.c:665
 > #19 0xc0591787 in netisr_dispatch (num=2, m=0xc3f7b600)
 >     at /usr/src/sys/net/netisr.c:185
 > #20 0xc0590629 in ether_demux (ifp=0xc3bf1800, m=0xc3f7b600)
 >     at /usr/src/sys/net/if_ethersubr.c:834
 > #21 0xc05909fd in ether_input (ifp=0xc3bf1800, m=0xc3f7b600)
 >     at /usr/src/sys/net/if_ethersubr.c:692
 > #22 0xc07c3bf6 in ieee80211_input (ic=0xc3bf222c, m=0xc3f7b600, 
 >     ni=0xc3f0c000, rssi=17, noise=-96, rstamp=9043)
 >     at /usr/src/sys/modules/wlan/../../net80211/ieee80211_input.c:519
 > #23 0xc077b767 in ath_rx_proc (arg=0xc3bf2000, npending=1)
 >     at /usr/src/sys/modules/ath/../../dev/ath/if_ath.c:3673
 > #24 0xc052e545 in taskqueue_run (queue=0xc3bdac00)
 >     at /usr/src/sys/kern/subr_taskqueue.c:255
 > #25 0xc052e6f4 in taskqueue_thread_loop (arg=0xc3bf3674)
 >     at /usr/src/sys/kern/subr_taskqueue.c:374
 > ---Type <return> to continue, or q <return> to quit---
 > #26 0xc04df7b9 in fork_exit (callout=0xc052e675 <taskqueue_thread_loop>, 
 >     arg=0xc3bf3674, frame=0xe4619d38) at /usr/src/sys/kern/kern_fork.c:781
 > #27 0xc0628d30 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:205
 
 

From: Guy Coleman <gtcmail@mm.st>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/123552: [ath] [panic] kernel panic during network activity
 on ath0
Date: Sun, 19 Oct 2008 19:00:20 +0100

 This appears to be the same bug as reported in kern/125914, kern/125332 
 and kern/126475.

From: Guy Coleman <gtc@mm.st>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/123552: [ath] [panic] kernel panic during network activity
 on ath0
Date: Thu, 20 Nov 2008 21:51:37 +0000

 I've found that partially reverting revs 1.181.2.2 and 1.181.2.4 of 
 sys/net/bpf.c stops the panic from happening. I have no idea why.
 
 --- bpf.c.bak	2008-11-09 19:46:55.000000000 +0000
 +++ bpf.c	2008-11-16 22:37:10.000000000 +0000
 @@ -85,6 +85,8 @@
 
   #define PRINET  26			/* interruptible */
 
 +#define	M_SKIP_BPF	M_SKIP_FIREWALL
 +
   /*
    * bpf_iflist is a list of BPF interface structures, each 
 corresponding to a
    * specific DLT.  The same network interface might have several BPF 
 interface
 @@ -653,7 +655,7 @@
   			mc->m_pkthdr.rcvif = ifp;
   		/* Set M_PROMISC for outgoing packets to be discarded. */
   		if (d->bd_direction == BPF_D_INOUT)
 -			m->m_flags |= M_PROMISC;
 +			m->m_flags |= M_SKIP_BPF;
   	} else
   		mc = NULL;
 
 @@ -1358,9 +1360,8 @@
   	int gottime;
   	struct timeval tv;
 
 -	/* Skip outgoing duplicate packets. */
 -	if ((m->m_flags & M_PROMISC) != 0 && m->m_pkthdr.rcvif == NULL) {
 -		m->m_flags &= ~M_PROMISC;
 +	if (m->m_flags & M_SKIP_BPF) {
 +		m->m_flags &= ~M_SKIP_BPF;
   		return;
   	}
 
 @@ -1413,9 +1414,8 @@
   	int gottime;
   	struct timeval tv;
 
 -	/* Skip outgoing duplicate packets. */
 -	if ((m->m_flags & M_PROMISC) != 0 && m->m_pkthdr.rcvif == NULL) {
 -		m->m_flags &= ~M_PROMISC;
 +	if (m->m_flags & M_SKIP_BPF) {
 +		m->m_flags &= ~M_SKIP_BPF;
   		return;
   	}
 
 
State-Changed-From-To: feedback->closed 
State-Changed-By: sam 
State-Changed-When: Sun Nov 23 22:04:56 UTC 2008 
State-Changed-Why:  
fixed by r185190 based on patch from Guy Coleman 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123552 
>Unformatted:
