Date: Wed, 29 Jun 2011 12:57:17 +0200 From: Stefan Esser <se@freebsd.org> To: bschmidt@freebsd.org Cc: Adrian Chadd <adrian@freebsd.org>, freebsd-current@freebsd.org Subject: Re: Panic in ieee80211 tx mgmt timeout Message-ID: <4E0B050D.6090408@freebsd.org> In-Reply-To: <201106291241.17371.bschmidt@freebsd.org> References: <4E099EB2.7050902@freebsd.org> <BANLkTim601dRADEPz4sbETwMiEBt0YqyHg@mail.gmail.com> <4E0AE815.2070502@freebsd.org> <201106291241.17371.bschmidt@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 29.06.2011 12:41, schrieb Bernhard Schmidt: > On Wednesday, June 29, 2011 10:53:41 Stefan Esser wrote: >> I recreated the panic, this time with kernel dumps correctly configured >> (thanks for the hint, Scott). The panic message is: >> >> Fatal trap 12: page fault while in kernel mode >> cpuid = 0; apic id = 00 >> fault virtual address = 0xffffff809c7a1000 >> fault code = supervisor read data, page not present >> instruction pointer = 0x20:0xffffffff805e1851 >> stack pointer = 0x28:0xffffff8000288ab0 >> frame pointer = 0x28:0xffffff8000288b60 >> code segment = base 0x0, limit 0xfffff, type 0x1b >> = DPL 0, pres 1, long 1, def32 0, gran 1 >> processor eflags = interrupt enabled, resume, IOPL = 0 >> current process = 11 (swi4: clock) >> >> Traceback: >> >> #10 0xffffffff805e1851 in ieee80211_tx_mgt_timeout (arg=0xffffff809c7a1000) >> at ../../../net80211/ieee80211_output.c:2487 >> >> This indicates, that an invalid argument is passed and assigned to >> "*ni", which causes the page fault when dereferencing "ni" to obtain "*va". > > The problem here seems to be wpa_supplicant. It can try to associate > at any given point in time which results in the BSS ni being destroyed, > though it might still be referenced somewhere (In this case the timeout > stuff, or better said ath's TX queue). Not clearing the reference (or > stopping whatever is using it) is the fault here. Now how to figure out > who the caller is? Got the complete backtrace? Not sure that I understand your question correctly ... #10 0xffffffff805e1851 in ieee80211_tx_mgt_timeout (arg=0xffffff809c7a1000) at ../../../net80211/ieee80211_output.c:2487 #11 0xffffffff8050f45c in softclock (arg=Variable "arg" is not available.) at ../../../kern/kern_timeout.c:564 #12 0xffffffff804d9876 in intr_event_execute_handlers (p=Variable "p" is not available.) at ../../../kern/kern_intr.c:1257 #13 0xffffffff804da4d6 in ithread_loop (arg=0xfffffe00032dcc60) at ../../../kern/kern_intr.c:1270 #14 0xffffffff804d718d in fork_exit (callout=0xffffffff804da440 <ithread_loop>, arg=0xfffffe00032dcc60, frame=0xffffff8000288c50) at ../../../kern/kern_fork.c:920 #15 0xffffffff807258ce in fork_trampoline () at ../../../amd64/amd64/exception.S:603 Bernhard, I'm sending you the compressed "core.txt" in private mail. Regards, STefan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E0B050D.6090408>