IGMP+WiFi panic on recent kernel - in igmp_fasttimo()
Hi
Recent 8-CURRENT
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x14
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc05f7251
stack pointer = 0x28:0xc4a8db8c
frame pointer = 0x28:0xc4a8dc24
code segment= base 0x0, limit 0xf, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags= interrupt enabled, resume, IOPL = 0
current process = 11 (swi4: clock)
...
#0 doadump () at pcpu.h:246
246 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) bt
#0 doadump () at pcpu.h:246
#1 0xc0478399 in db_fncall (dummy1=0, dummy2=0, dummy3=-1065953936,
dummy4=0xc4a8d930 "p�,\004") at /usr/src/sys/ddb/db_command.c:548
#2 0xc0478791 in db_command (last_cmdp=0xc075709c, cmd_table=0x0, dopager=1)
at /usr/src/sys/ddb/db_command.c:445
#3 0xc04788ea in db_command_loop () at /usr/src/sys/ddb/db_command.c:498
#4 0xc047a72d in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:229
#5 0xc05798a4 in kdb_trap (type=12, code=0, tf=0xc4a8db4c)
at /usr/src/sys/kern/subr_kdb.c:534
#6 0xc06bb70f in trap_fatal (frame=0xc4a8db4c, eva=20)
at /usr/src/sys/i386/i386/trap.c:917
#7 0xc06bb9b0 in trap_pfault (frame=0xc4a8db4c, usermode=0, eva=20)
at /usr/src/sys/i386/i386/trap.c:839
#8 0xc06bc312 in trap (frame=0xc4a8db4c) at /usr/src/sys/i386/i386/trap.c:521
#9 0xc06a331b in calltrap () at /usr/src/sys/i386/i386/exception.s:165
#10 0xc05f7251 in igmp_fasttimo () at /usr/src/sys/netinet/igmp.c:1817
#11 0xc0598e29 in pffasttimo (arg=0x0) at /usr/src/sys/kern/uipc_domain.c:498
#12 0xc0562cbc in softclock (arg=0xc076ddc0)
at /usr/src/sys/kern/kern_timeout.c:411
#13 0xc053021b in intr_event_execute_handlers (p=0xc4c61a90, ie=0xc4c9c200)
at /usr/src/sys/kern/kern_intr.c:1134
#14 0xc05315ca in ithread_loop (arg=0xc4c472f0)
at /usr/src/sys/kern/kern_intr.c:1147
---Type to continue, or q to quit---
#15 0xc052db70 in fork_exit (callout=0xc0531560 ,
arg=0xc4c472f0, frame=0xc4a8dd38) at /usr/src/sys/kern/kern_fork.c:821
#16 0xc06a3390 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:270
(kgdb) fr 10
#10 0xc05f7251 in igmp_fasttimo () at /usr/src/sys/netinet/igmp.c:1817
1817if (inm->inm_timer == 0) {
(kgdb)
This happens when I've configured IP-TV on DSL rounter, and though TV should go
to another port (ethernet)
FreeBSD kernel now crashes while try to get connected through WiFi.
If I try to connect through wired port to same broadcast domain - everything in
ok.
Wireless card:
ath0: mem 0xedf0-0xedf0 irq 17 at device 0.0 on pci3
ath0: [ITHREAD]
ath0: AR5413 mac 10.3 RF5424 phy 6.1
key_mgmt=WPA-PSK with wpa_supplicant
crash is 100% reproducible
--
Vladimir B. Grebenschikov
Project Manager, Automation
Parallels Inc. v...@parallels.com
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
IGMP+WiFi panic on recent kernel - in igmp_fasttimo()
Hi
Recent 8-CURRENT
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x14
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc05f7251
stack pointer = 0x28:0xc4a8db8c
frame pointer = 0x28:0xc4a8dc24
code segment= base 0x0, limit 0xf, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags= interrupt enabled, resume, IOPL = 0
current process = 11 (swi4: clock)
...
#0 doadump () at pcpu.h:246
246 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) bt
#0 doadump () at pcpu.h:246
#1 0xc0478399 in db_fncall (dummy1=0, dummy2=0, dummy3=-1065953936,
dummy4=0xc4a8d930 "p�,\004") at /usr/src/sys/ddb/db_command.c:548
#2 0xc0478791 in db_command (last_cmdp=0xc075709c, cmd_table=0x0, dopager=1)
at /usr/src/sys/ddb/db_command.c:445
#3 0xc04788ea in db_command_loop () at /usr/src/sys/ddb/db_command.c:498
#4 0xc047a72d in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:229
#5 0xc05798a4 in kdb_trap (type=12, code=0, tf=0xc4a8db4c)
at /usr/src/sys/kern/subr_kdb.c:534
#6 0xc06bb70f in trap_fatal (frame=0xc4a8db4c, eva=20)
at /usr/src/sys/i386/i386/trap.c:917
#7 0xc06bb9b0 in trap_pfault (frame=0xc4a8db4c, usermode=0, eva=20)
at /usr/src/sys/i386/i386/trap.c:839
#8 0xc06bc312 in trap (frame=0xc4a8db4c) at /usr/src/sys/i386/i386/trap.c:521
#9 0xc06a331b in calltrap () at /usr/src/sys/i386/i386/exception.s:165
#10 0xc05f7251 in igmp_fasttimo () at /usr/src/sys/netinet/igmp.c:1817
#11 0xc0598e29 in pffasttimo (arg=0x0) at /usr/src/sys/kern/uipc_domain.c:498
#12 0xc0562cbc in softclock (arg=0xc076ddc0)
at /usr/src/sys/kern/kern_timeout.c:411
#13 0xc053021b in intr_event_execute_handlers (p=0xc4c61a90, ie=0xc4c9c200)
at /usr/src/sys/kern/kern_intr.c:1134
#14 0xc05315ca in ithread_loop (arg=0xc4c472f0)
at /usr/src/sys/kern/kern_intr.c:1147
---Type to continue, or q to quit---
#15 0xc052db70 in fork_exit (callout=0xc0531560 ,
arg=0xc4c472f0, frame=0xc4a8dd38) at /usr/src/sys/kern/kern_fork.c:821
#16 0xc06a3390 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:270
(kgdb) fr 10
#10 0xc05f7251 in igmp_fasttimo () at /usr/src/sys/netinet/igmp.c:1817
1817if (inm->inm_timer == 0) {
(kgdb)
This happens when I've configured IP-TV on DSL rounter, and though TV should go
to another port (ethernet)
FreeBSD kernel now crashes while try to get connected through WiFi.
If I try to connect through wired port to same broadcast domain - everything in
ok.
Wireless card:
ath0: mem 0xedf0-0xedf0 irq 17 at device 0.0 on pci3
ath0: [ITHREAD]
ath0: AR5413 mac 10.3 RF5424 phy 6.1
key_mgmt=WPA-PSK with wpa_supplicant
crash is 100% reproducible
With older kernel (4 mar 2009) everything working as expected.
--
Vladimir B. Grebenschikov
Project Manager, Automation
Parallels Inc. v...@parallels.com
--
Vladimir B. Grebenschikov
v...@fbsd.ru
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: IGMP+WiFi panic on recent kernel - in igmp_fasttimo()
Thanks for this report. Sam has reported wihat I believe is the same issue. I haven't had a chance to look at this yet, I'm absolutely exhausted from working on some other stuff that had to happen right away. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: IGMP+WiFi panic on recent kernel - in igmp_fasttimo()
All I have in the kit box is what appears to be a Belkin branded Ralink cardbus card. I think it's a Ralikn 25xx. I have a PCI-Cardbus bridge, so I'm going to leave a NanoBSD image of SVN HEAD to cook in the background whilst I sort out my humanity... ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: IGMP+WiFi panic on recent kernel - in igmp_fasttimo()
This patches avoids the crash. Not sure how ifma_protospec is supposed
to be handled so I'm not committing it.
Sam
Index: in.c
===
--- in.c(revision 189750)
+++ in.c(working copy)
@@ -1040,7 +1040,8 @@
*/
IF_ADDR_LOCK(ifp);
TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
- if (ifma->ifma_addr->sa_family != AF_INET)
+ if (ifma->ifma_addr->sa_family != AF_INET ||
+ ifma->ifma_protospec == NULL)
continue;
inm = (struct in_multi *)ifma->ifma_protospec;
LIST_INSERT_HEAD(&purgeinms, inm, inm_link);
Index: igmp.c
===
--- igmp.c (revision 189750)
+++ igmp.c (working copy)
@@ -623,7 +623,8 @@
if (igi->igi_version == IGMP_VERSION_3) {
IF_ADDR_LOCK(ifp);
TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
- if (ifma->ifma_addr->sa_family != AF_INET)
+ if (ifma->ifma_addr->sa_family != AF_INET ||
+ ifma->ifma_protospec == NULL)
continue;
inm = (struct in_multi *)ifma->ifma_protospec;
if (inm->inm_state == IGMP_LEAVING_MEMBER) {
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: IGMP+WiFi panic on recent kernel - in igmp_fasttimo()
Sam, Sam Leffler wrote: This patches avoids the crash. Not sure how ifma_protospec is supposed to be handled so I'm not committing it. Thanks for this. I have a test machine ready to be prepped but it's missing a CF card (I have none) so need to pick one up from a friend. I have a pci-cardbus adapter + a ral(4) CardBus card, but no CardBus ath(4) -- I imagine this ain't specific to ath(4) so that should be fine. I'll try to look at this Sun/Mon, I have a -CURRENT image built for the 1U box now that just needs bootstrapping (it has a CF slot). thanks, BMS ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: IGMP+WiFi panic on recent kernel - in igmp_fasttimo()
The crash that I am seeing (using if_ndis) occurs in igmp_fasttimo...
This patch doesn't fix that, I'll get more info as soon as I can.
On Sat, 2009-03-14 at 14:06 -0700, Sam Leffler wrote:
> This patches avoids the crash. Not sure how ifma_protospec is supposed
> to be handled so I'm not committing it.
>
> Sam
>
> plain text document attachment (mcast.patch)
> Index: in.c
> ===
> --- in.c (revision 189750)
> +++ in.c (working copy)
> @@ -1040,7 +1040,8 @@
>*/
> IF_ADDR_LOCK(ifp);
> TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
> - if (ifma->ifma_addr->sa_family != AF_INET)
> + if (ifma->ifma_addr->sa_family != AF_INET ||
> + ifma->ifma_protospec == NULL)
> continue;
> inm = (struct in_multi *)ifma->ifma_protospec;
> LIST_INSERT_HEAD(&purgeinms, inm, inm_link);
> Index: igmp.c
> ===
> --- igmp.c(revision 189750)
> +++ igmp.c(working copy)
> @@ -623,7 +623,8 @@
> if (igi->igi_version == IGMP_VERSION_3) {
> IF_ADDR_LOCK(ifp);
> TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
> - if (ifma->ifma_addr->sa_family != AF_INET)
> + if (ifma->ifma_addr->sa_family != AF_INET ||
> + ifma->ifma_protospec == NULL)
> continue;
> inm = (struct in_multi *)ifma->ifma_protospec;
> if (inm->inm_state == IGMP_LEAVING_MEMBER) {
> ___
> freebsd-curr...@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
--
Coleman Kane
signature.asc
Description: This is a digitally signed message part
Re: IGMP+WiFi panic on recent kernel - in igmp_fasttimo()
It is the same issue but the root cause is unclear. There is much code
that does assumes ifma_protospec might be NULL and checks for it. In my
case (creating a wlan ifnet and then destroying it on eject) the patch
below is sufficient. I don't care to dig right now to understand how
this stuff is supposed to work; it should be clear from comments etc but
the code is lacking.
Sam
Coleman Kane wrote:
The crash that I am seeing (using if_ndis) occurs in igmp_fasttimo...
This patch doesn't fix that, I'll get more info as soon as I can.
On Sat, 2009-03-14 at 14:06 -0700, Sam Leffler wrote:
This patches avoids the crash. Not sure how ifma_protospec is supposed
to be handled so I'm not committing it.
Sam
plain text document attachment (mcast.patch)
Index: in.c
===
--- in.c(revision 189750)
+++ in.c(working copy)
@@ -1040,7 +1040,8 @@
*/
IF_ADDR_LOCK(ifp);
TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
- if (ifma->ifma_addr->sa_family != AF_INET)
+ if (ifma->ifma_addr->sa_family != AF_INET ||
+ ifma->ifma_protospec == NULL)
continue;
inm = (struct in_multi *)ifma->ifma_protospec;
LIST_INSERT_HEAD(&purgeinms, inm, inm_link);
Index: igmp.c
===
--- igmp.c (revision 189750)
+++ igmp.c (working copy)
@@ -623,7 +623,8 @@
if (igi->igi_version == IGMP_VERSION_3) {
IF_ADDR_LOCK(ifp);
TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
- if (ifma->ifma_addr->sa_family != AF_INET)
+ if (ifma->ifma_addr->sa_family != AF_INET ||
+ ifma->ifma_protospec == NULL)
continue;
inm = (struct in_multi *)ifma->ifma_protospec;
if (inm->inm_state == IGMP_LEAVING_MEMBER) {
___
freebsd-curr...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: IGMP+WiFi panic on recent kernel - in igmp_fasttimo()
Sam Leffler wrote: It is the same issue but the root cause is unclear. There is much code that does assumes ifma_protospec might be NULL and checks for it. In my case (creating a wlan ifnet and then destroying it on eject) the patch below is sufficient. I don't care to dig right now to understand how this stuff is supposed to work; it should be clear from comments etc but the code is lacking. This is just to say I've tried to reproduce the 802.11 related panics, however have hit a brick wall because the PCI-CardBus bridge does not seem to detect anything in its slot. (1U Itox Expanding Dragon industrial PC w/a SiteCom branded Ricoh RL475 cardbus card). I tried unloading if_fxp with IGMPv3 active on the ifnet, and didn't see any panic, I'm assuming this is OK for the time being. Qing Li volunteered to test IGMPv3 out for any VLAN related issues -- I understand it stacks ifnets in a similar way to that of 802.11 -- however I have had no feedback from him since last week. So I'm waiting for a HEAD build to a USB2 stick to finish, so I can try testing nondestructively on my laptop, where I know for sure that the PCI-CardBus bridge slot works, and I can detach an 802.11 card on the fly. Re ifma_protospec: Yes, there are tricks in the ifnet/in layer which set it to NULL and look for it to be NULL. I ended up doing it this way mainly because adding reference counting to ifnet would have simply been too much work, and it's really a ball that needs to be kicked around at a dev summit. However time presses on and it's better to get SOMETHING out there. Most likely the IGMPv3 changes are hitting this in the 802.11 case somehow, I don't have a complete picture of how/why/what's going on, and have been relying on feedback from others so far. cheers BMS ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: IGMP+WiFi panic on recent kernel - in igmp_fasttimo()
On Tue, 2009-03-17 at 08:12 +, Bruce Simpson wrote: > Sam Leffler wrote: > > It is the same issue but the root cause is unclear. There is much > > code that does assumes ifma_protospec might be NULL and checks for > > it. In my case (creating a wlan ifnet and then destroying it on > > eject) the patch below is sufficient. I don't care to dig right now > > to understand how this stuff is supposed to work; it should be clear > > from comments etc but the code is lacking. > > > > This is just to say I've tried to reproduce the 802.11 related > panics, however have hit a brick wall because the PCI-CardBus bridge > does not seem to detect anything in its slot. (1U Itox Expanding Dragon > industrial PC w/a SiteCom branded Ricoh RL475 cardbus card). I tried > unloading if_fxp with IGMPv3 active on the ifnet, and didn't see any > panic, I'm assuming this is OK for the time being. > > Qing Li volunteered to test IGMPv3 out for any VLAN related issues > -- I understand it stacks ifnets in a similar way to that of 802.11 -- > however I have had no feedback from him since last week. > So I'm waiting for a HEAD build to a USB2 stick to finish, so I can > try testing nondestructively on my laptop, where I know for sure that > the PCI-CardBus bridge slot works, and I can detach an 802.11 card on > the fly. > > Re ifma_protospec: Yes, there are tricks in the ifnet/in layer which > set it to NULL and look for it to be NULL. I ended up doing it this way > mainly because adding reference counting to ifnet would have simply been > too much work, and it's really a ball that needs to be kicked around at > a dev summit. However time presses on and it's better to get SOMETHING > out there. > Most likely the IGMPv3 changes are hitting this in the 802.11 case > somehow, I don't have a complete picture of how/why/what's going on, and > have been relying on feedback from others so far. > > cheers > BMS > Today I played with it a bit. I've been unable to produce the crash on my wired (if_bge) interface, however it happens regularly on my wireless (ndis0/wlan0) interface. I was unable to get a core dump for other reasons. However, on my system I do not get the crash if I turn off avahi_daemon (set avahi_daemon_enable="NO" in /etc/rc.conf). I tried booting to single user, ran dhclient on wlan0 (after setting it up properly), and then proceeded to boot the system multi-user. As soon as avahi went live, the kernel panicked, as above. If you are looking for a reliable test case, this might be it for you, but I think you need a wlan interface to test it with: * Install net/avahi from ports * Set avahi_daemon_enable="YES" in rc.conf * Configure VAP params for wlan0 card in rc.conf * Log in and run "dhclient wlan0" to trigger the panic -- Coleman Kane signature.asc Description: This is a digitally signed message part
Re: IGMP+WiFi panic on recent kernel - in igmp_fasttimo()
Coleman Kane wrote: If you are looking for a reliable test case, this might be it for you, but I think you need a wlan interface to test it with: * Install net/avahi from ports * Set avahi_daemon_enable="YES" in rc.conf * Configure VAP params for wlan0 card in rc.conf * Log in and run "dhclient wlan0" to trigger the panic Actually I was able to panic the kernel right away with the 802.11 code, just by joining a multicast group with mtest(8) on the wlan interface. i.e. # mtest j 224.0.0.2 192.168.x.x -> boom I believe I've found the symptom, but the root cause I don't fully understand. Sam indicated that the VAP code is using ifma's in some nested way between the ifnets which comprise the VAP's member interfaces. A workaround is pending cheers BMS ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: IGMP+WiFi panic on recent kernel - in igmp_fasttimo()
A suitably kludgy fix for this issue has now been committed to HEAD. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: IGMP+WiFi panic on recent kernel - in igmp_fasttimo()
Bruce Simpson wrote: Coleman Kane wrote: If you are looking for a reliable test case, this might be it for you, but I think you need a wlan interface to test it with: * Install net/avahi from ports * Set avahi_daemon_enable="YES" in rc.conf * Configure VAP params for wlan0 card in rc.conf * Log in and run "dhclient wlan0" to trigger the panic Actually I was able to panic the kernel right away with the 802.11 code, just by joining a multicast group with mtest(8) on the wlan interface. i.e. # mtest j 224.0.0.2 192.168.x.x -> boom I believe I've found the symptom, but the root cause I don't fully understand. Sam indicated that the VAP code is using ifma's in some nested way between the ifnets which comprise the VAP's member interfaces. A workaround is pending net80211 uses the public api's to push mcast addresses from the vap's to the parent ifnet. It does not directly frob any internal data structures except to workaround the ioctl-based callback out of the mcast code when adding an address. Look at ieee80211_ioctl_updatemulti for details. Sam ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
