Bug 140245 - [ath] [panic] Kernel panic during network activity on device ath in 7.2-RELEASE-p4
Summary: [ath] [panic] Kernel panic during network activity on device ath in 7.2-RELEA...
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: wireless (show other bugs)
Version: 7.2-RELEASE
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-wireless (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-11-03 11:20 UTC by Sergey Maltsev
Modified: 2018-05-28 19:45 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sergey Maltsev 2009-11-03 11:20:02 UTC
I am using a wireless card D-link DWL-G520 with Atheros chipset. 
Usually more heavy network activity (with P2P-client running) causes kernel panic. 
I have a core dump. Here is a backtrace from kgdb:
Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address   = 0xc
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc0640262
stack pointer           = 0x28:0xe627db60
frame pointer           = 0x28:0xe627db7c
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 44 (ath0 taskq)
trap number             = 12
panic: page fault
cpuid = 1
Uptime: 9h5m24s
Physical memory: 2026 MB
Dumping 282 MB:

Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address   = 0xc
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc0640262
stack pointer           = 0x28:0xc5bfd94c
frame pointer           = 0x28:0xc5bfd968
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 13 (swi4: clock)
trap number             = 12
panic: page fault
cpuid = 1
 267 251 235 219 203 187 171 155 139 123 107 91 75 59 43 27 11

Reading symbols from /boot/kernel/snd_hda.ko...Reading symbols from /boot/kernel/snd_hda.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/snd_hda.ko
Reading symbols from /boot/modules/nvidia.ko...done.
Loaded symbols for /boot/modules/nvidia.ko
Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/kernel/linux.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linux.ko
Reading symbols from /boot/kernel/sem.ko...Reading symbols from /boot/kernel/sem.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/sem.ko
Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi.ko
Reading symbols from /boot/kernel/linprocfs.ko...Reading symbols from /boot/kernel/linprocfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linprocfs.ko
Reading symbols from /usr/local/modules/fuse.ko...done.
Loaded symbols for /usr/local/modules/fuse.ko
#0  doadump () at pcpu.h:196
196             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) backtrace
#0  doadump () at pcpu.h:196
#1  0xc05ef60c in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
#2  0xc05ef8b9 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:574
#3  0xc080698c in trap_fatal (frame=0xe627db20, eva=12) at /usr/src/sys/i386/i386/trap.c:939
#4  0xc0806bf0 in trap_pfault (frame=0xe627db20, usermode=0, eva=12) at /usr/src/sys/i386/i386/trap.c:852
#5  0xc0807572 in trap (frame=0xe627db20) at /usr/src/sys/i386/i386/trap.c:530
#6  0xc07ece9b in calltrap () at /usr/src/sys/i386/i386/exception.s:159
#7  0xc0640262 in m_copydata (m=0x0, off=2240, len=2314, cp=0xc939a6f4 "") at /usr/src/sys/kern/uipc_mbuf.c:808
#8  0xc06c599f in ieee80211_encap (ic=0xc5edb22c, m=0xc7c5f900, ni=0xc6709000)
    at /usr/src/sys/net80211/ieee80211_output.c:1057
#9  0xc049125c in ath_start (ifp=0xc5ebc800) at /usr/src/sys/dev/ath/if_ath.c:1656
#10 0xc0493eee in ath_tx_proc_q0123 (arg=0xc5edb000, npending=2) at /usr/src/sys/dev/ath/if_ath.c:4653
#11 0xc06246b5 in taskqueue_run (queue=0xc5ea1e80) at /usr/src/sys/kern/subr_taskqueue.c:282
#12 0xc06248c8 in taskqueue_thread_loop (arg=0xc5edc674) at /usr/src/sys/kern/subr_taskqueue.c:401
#13 0xc05c94f9 in fork_exit (callout=0xc0624800 <taskqueue_thread_loop>, arg=0xc5edc674, frame=0xe627dd38)
    at /usr/src/sys/kern/kern_fork.c:810
#14 0xc07ecf10 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:264

How-To-Repeat: Use the network - e.g. rtorrent (p2p-client).
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2009-11-03 14:17:17 UTC
Responsible Changed
From-To: freebsd-bugs->freebsd-net

Over to maintainer(s).
Comment 2 Adrian Chadd freebsd_committer 2011-04-11 12:43:00 UTC
Responsible Changed
From-To: freebsd-net->freebsd-wireless

punt to wireless list
Comment 3 Eitan Adler freebsd_committer freebsd_triage 2018-05-28 19:45:24 UTC
batch change:

For bugs that match the following
-  Status Is In progress 
AND
- Untouched since 2018-01-01.
AND
- Affects Base System OR Documentation

DO:

Reset to open status.


Note:
I did a quick pass but if you are getting this email it might be worthwhile to double check to see if this bug ought to be closed.