From owner-freebsd-bugs@FreeBSD.ORG Thu Feb 16 21:30:12 2012 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E97CA1065673 for ; Thu, 16 Feb 2012 21:30:12 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C54568FC19 for ; Thu, 16 Feb 2012 21:30:12 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q1GLUCIS004162 for ; Thu, 16 Feb 2012 21:30:12 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q1GLUCNo004160; Thu, 16 Feb 2012 21:30:12 GMT (envelope-from gnats) Resent-Date: Thu, 16 Feb 2012 21:30:12 GMT Resent-Message-Id: <201202162130.q1GLUCNo004160@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Adam Twardowski Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9CA981065670 for ; Thu, 16 Feb 2012 21:21:24 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 80E498FC15 for ; Thu, 16 Feb 2012 21:21:24 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q1GLLOHj094842 for ; Thu, 16 Feb 2012 21:21:24 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id q1GLLODr094841; Thu, 16 Feb 2012 21:21:24 GMT (envelope-from nobody) Message-Id: <201202162121.q1GLLODr094841@red.freebsd.org> Date: Thu, 16 Feb 2012 21:21:24 GMT From: Adam Twardowski To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/165214: Kernel panic in ieee80211_output.c:2505 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2012 21:30:13 -0000 >Number: 165214 >Category: kern >Synopsis: Kernel panic in ieee80211_output.c:2505 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Feb 16 21:30:12 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Adam Twardowski >Release: 9.0-RELEASE >Organization: >Environment: FreeBSD p4 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Mon Feb 13 03:19:58 EST 2012 root@p4:/usr/obj/usr/src/sys/ROUTETABLES i386 >Description: [513][root.p4: ROUTETABLES]$ # kgdb kernel.debug /var/crash/vmcore.2 GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd"... Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x0 fault code = supervisor read, page not present instruction pointer = 0x20:0xc0746b9d stack pointer = 0x28:0xd85acbdc frame pointer = 0x28:0xd85acbf4 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 15 (usbus4) trap number = 12 panic: page fault cpuid = 0 KDB: stack backtrace: #0 0xc069421a at kdb_backtrace+0x43 #1 0xc0663652 at panic+0x114 #2 0xc08fbcb4 at trap_fatal+0x320 #3 0xc08fbd49 at trap_pfault+0x89 #4 0xc08fca67 at trap+0x437 #5 0xc08e6e7c at calltrap+0x6 #6 0xc072b61a at ieee80211_process_callback+0x46 #7 0xc0574743 at urtw_bulk_tx_callback+0x96 #8 0xc056f8ab at usbd_callback_wrapper+0x70c #9 0xc056bda4 at usb_command_wrapper+0xc5 #10 0xc056e7ce at usb_callback_proc+0x100 #11 0xc0568c8e at usb_process+0xf5 #12 0xc06375db at fork_exit+0x91 #13 0xc08e6ef4 at fork_trampoline+0x8 Uptime: 3h44m34s Physical memory: 1006 MB Dumping 209 MB: 194 178 162 146 130 114 98 82 66 50 34 18 2 Reading symbols from /boot/kernel/geom_mirror.ko...Reading symbols from /boot/kernel/geom_mirror.ko.symbols...done. done. Loaded symbols for /boot/kernel/geom_mirror.ko #0 doadump (textdump=1) at pcpu.h:244 244 __asm("movl %%fs:0,%0" : "=r" (td)); (kgdb) list *0xc0746b9d 0xc0746b9d is in ieee80211_tx_mgt_cb (/usr/src/sys/net80211/ieee80211_output.c:2505). 2500 } 2501 2502 static void 2503 ieee80211_tx_mgt_cb(struct ieee80211_node *ni, void *arg, int status) 2504 { 2505 struct ieee80211vap *vap = ni->ni_vap; 2506 enum ieee80211_state ostate = (enum ieee80211_state) arg; 2507 2508 /* 2509 * Frame transmit completed; arrange timer callback. If (kgdb) backtrace #0 doadump (textdump=1) at pcpu.h:244 #1 0xc06633fe in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:442 #2 0xc066368f in panic (fmt=Variable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:607 #3 0xc08fbcb4 in trap_fatal (frame=0xd85acb9c, eva=0) at /usr/src/sys/i386/i386/trap.c:975 #4 0xc08fbd49 in trap_pfault (frame=0xd85acb9c, usermode=0, eva=0) at /usr/src/sys/i386/i386/trap.c:839 #5 0xc08fca67 in trap (frame=0xd85acb9c) at /usr/src/sys/i386/i386/trap.c:558 #6 0xc08e6e7c in calltrap () at /usr/src/sys/i386/i386/exception.s:168 #7 0xc0746b9d in ieee80211_tx_mgt_cb (ni=0x0, arg=0x2, status=0) at /usr/src/sys/net80211/ieee80211_output.c:2504 #8 0xc072b61a in ieee80211_process_callback (ni=0x0, m=0xc818f100, status=0) at /usr/src/sys/net80211/ieee80211_freebsd.c:478 #9 0xc0574743 in urtw_bulk_tx_callback (xfer=0xc3cc9168, error=USB_ERR_NORMAL_COMPLETION) at /usr/src/sys/dev/usb/wlan/if_urtw.c:4176 #10 0xc056f8ab in usbd_callback_wrapper (pq=0xc3cc9030) at /usr/src/sys/dev/usb/usb_transfer.c:2231 #11 0xc056bda4 in usb_command_wrapper (pq=0xc3cc9030, xfer=0x0) at /usr/src/sys/dev/usb/usb_transfer.c:2860 #12 0xc056e7ce in usb_callback_proc (_pm=0xc3cc9044) at /usr/src/sys/dev/usb/usb_transfer.c:2096 #13 0xc0568c8e in usb_process (arg=0xc3a96ccc) at /usr/src/sys/dev/usb/usb_process.c:170 #14 0xc06375db in fork_exit (callout=0xc0568b99 , arg=0xc3a96ccc, frame=0xd85acd28) at /usr/src/sys/kern/kern_fork.c:995 #15 0xc08e6ef4 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:275 (kgdb) >How-To-Repeat: Not sure, seems to happen randomly. I did notice that that it happened about 15 min after the wireless link went down. The adapter is an Alfa AWUS036H. urtw0: on usbus4 urtw0: unknown RTL8187L type: 0x8000000 Feb 16 05:51:17 p4 kernel: wlan0: link state changed to DOWN Feb 16 06:06:36 p4 syslogd: kernel boot file is /boot/kernel/kernel Feb 16 06:06:37 p4 kernel: Copyright (c) 1992-2012 The FreeBSD Project. Feb 16 06:06:37 p4 kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 >Fix: >Release-Note: >Audit-Trail: >Unformatted: