From owner-freebsd-stable@FreeBSD.ORG Tue Apr 26 15:35:33 2011 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AF0A01065670; Tue, 26 Apr 2011 15:35:33 +0000 (UTC) (envelope-from gardnerbell@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 6E2298FC08; Tue, 26 Apr 2011 15:35:33 +0000 (UTC) Received: by iwn33 with SMTP id 33so830750iwn.13 for ; Tue, 26 Apr 2011 08:35:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to:cc :content-type; bh=Xz5iG63A+odphpH3ax3NrUk5xdzF4WpBJwxReJVEFu8=; b=ds8zzCLKNUk7TN7CJGkXbmL1whg4PnuaEn8HQ+pBIbaZxcwYKdxlGOqUn2SYkygEIm c8HYgUZG7QGqCJP5OUIXCkxzpQzOdbR6WzLdl24FlxgV8URXq5S1kCTCdQFSBOMTW3/9 xwzFsmtR3zZxcMWxMeLOJDsZKwuWTHHwTqPvI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:cc:content-type; b=RRA9AlScJUUlEfrDMj6z0eMUvwPJxOEY0ehyo3mrW7aVc5z1fkRWmGlO1wyUS0edLa dcOGUy7GXCCAPCH+6bSqmnmlc23A4UIhv6ACsuzBunepmSDTyuJpn7IXg0DAC0Cot7Ij PmJafenchTThx2KLrhaKJB1gu8SCLoO+hTV4g= MIME-Version: 1.0 Received: by 10.42.170.73 with SMTP id e9mr1081089icz.258.1303832132759; Tue, 26 Apr 2011 08:35:32 -0700 (PDT) Received: by 10.42.179.68 with HTTP; Tue, 26 Apr 2011 08:35:32 -0700 (PDT) Date: Tue, 26 Apr 2011 11:35:32 -0400 Message-ID: From: Gardner Bell To: bschmidt@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-stable@freebsd.org Subject: Re: Fatal trap 12: page fault while in kernel mode X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2011 15:35:33 -0000 On Tue, Apr 26, 2011 at 04:25:26PM +0200, Bernhard Schmidt wrote: > On Tuesday, April 26, 2011 15:15:45 Gardner Bell wrote: > > On Tue, Apr 26, 2011 at 4:12 AM, Bernhard Schmidt wrote: > > > On Tuesday, April 26, 2011 01:09:42 Gardner Bell wrote: > > >> Downloading a torrent with many peers on a toshiba satellite notebook > > >> using an Atheros AR5006 wireless nic caused the following panic. This > > >> is an i386 system running 8.2-STABLE from around April 06. > > > > > > Can you reproduce that? > > > > So far I've not been able to reproduce this. > > Ok. I assume this only happens when loosing the connection and trying > to re-associate. At least that is the only possible scenario I can > think of where a timeout for mgmt frames is involved. Probably we > aren't bumping a refcount correctly or something. Actually that sounds > rather plausible as it panics exactly when trying to access ni which > should, for a station, always point to iv_bss, which can in turn be > free'd almost unconditionally if someone's telling net80211 to > associate to another (or even the same) network. Hmm.. tracing refcount > it is. > > Were you running wpa_supplicant at that point? Any messages before > the panic happened? > Yes, I'm running wpa_supplicant with the following settings: network={ ssid="xxxxx" psk="xxxxx" } Other settings for the wireless card I have in rc.conf: wlans_ath0="wlan0" ifconfig_wlan0="WPA DHCP" ifconfig_wlan0_alias0="inet 192.168.0.12 netmask 0xffffffff" The last messages seen on the console before the panic are wlan0: ieee80211_new_state_locked: pending SCAN -> AUTH transition lost and several UP/DOWN events. > -- > Bernhard -- Gardner Bell