FreeBSD Mail Archives

Date:      Fri, 10 May 2013 02:04:27 GMT
From:      Glen Barber <gjb@FreeBSD.org>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/178470: [panic][ath] bss vap can and does change
Message-ID:  <201305100204.r4A24RfN065663@oldred.FreeBSD.org>
Resent-Message-ID: <201305100210.r4A2A0lx097809@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help


>Number:         178470
>Category:       kern
>Synopsis:       [panic][ath] bss vap can and does change
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 10 02:10:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Glen Barber
>Release:        10.0-CURRENT r250344
>Organization:
>Environment:
FreeBSD orion 10.0-CURRENT FreeBSD 10.0-CURRENT #9 r250344: Tue May  7 21:52:45 EDT 2013     root@orion:/usr/obj/usr/src/sys/ORION  amd64

>Description:
Requested output from prior discussion with adrian:

root@orion:/usr/obj/usr/src/sys/ORION # kgdb ./kernel.debug /var/crash/vmcore.7
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:
wlan0: ieee80211_new_state_locked: pending RUN -> SCAN transition lost


Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 03
fault virtual address   = 0xffff
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff8072fb3f
stack pointer           = 0x28:0xffffff81a944d970
frame pointer           = 0x28:0xffffff81a944d9a0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 12 (irq22: ath0)
trap number             = 12
panic: page fault
cpuid = 3
KDB: stack backtrace:
#0 0xffffffff80676366 at kdb_backtrace+0x66
#1 0xffffffff8063a78b at panic+0x13b
#2 0xffffffff80918300 at trap_fatal+0x290
#3 0xffffffff80918671 at trap_pfault+0x221
#4 0xffffffff80918c24 at trap+0x344
#5 0xffffffff809023b3 at calltrap+0x8
#6 0xffffffff8074c14b at ieee80211_beacon_update+0x21b
#7 0xffffffff8037bcc2 at ath_beacon_generate+0x52
#8 0xffffffff8037c15f at ath_beacon_proc+0x23f
#9 0xffffffff80376a7f at ath_intr+0x44f
#10 0xffffffff8060b99d at intr_event_execute_handlers+0xfd
#11 0xffffffff8060d14b at ithread_loop+0x9b
#12 0xffffffff8060854f at fork_exit+0x11f
#13 0xffffffff809028de at fork_trampoline+0xe
Uptime: 1d23h22m39s
(ada0:ahcich0:0:0:0): FLUSHCACHE48. ACB: ea 00 00 00 00 40 00 00 00 00 00 00
(ada0:ahcich0:0:0:0): CAM status: CCB request is in progress
(ada0:ahcich0:0:0:0): Error 5, Retries exhausted
(ada0:ahcich0:0:0:0): Synchronize cache failed
(ada1:ahcich1:0:0:0): FLUSHCACHE48. ACB: ea 00 00 00 00 40 00 00 00 00 00 00
(ada1:ahcich1:0:0:0): CAM status: CCB request is in progress
(ada1:ahcich1:0:0:0): Error 5, Retries exhausted
(ada1:ahcich1:0:0:0): Synchronize cache failed
(ada2:ahcich4:0:0:0): FLUSHCACHE48. ACB: ea 00 00 00 00 40 00 00 00 00 00 00
(ada2:ahcich4:0:0:0): CAM status: CCB request is in progress
(ada2:ahcich4:0:0:0): Error 5, Retries exhausted
(ada2:ahcich4:0:0:0): Synchronize cache failed
(ada3:ahcich5:0:0:0): FLUSHCACHE48. ACB: ea 00 00 00 00 40 00 00 00 00 00 00
(ada3:ahcich5:0:0:0): CAM status: CCB request is in progress
(ada3:ahcich5:0:0:0): Error 5, Retries exhausted
(ada3:ahcich5:0:0:0): Synchronize cache failed
Dumping 764 out of 6048 MB:..3%..11%..21%..32%..42%..51%..61%..72%..82%..93%

Reading symbols from /boot/kernel/zfs.ko.symbols...done.
Loaded symbols for /boot/kernel/zfs.ko.symbols
Reading symbols from /boot/kernel/opensolaris.ko.symbols...done.
Loaded symbols for /boot/kernel/opensolaris.ko.symbols
#0  doadump (textdump=<value optimized out>) at pcpu.h:231
231             __asm("movq %%gs:%1,%0" : "=r" (td)
(kgdb) list *0xffffffff8072fb3f
0xffffffff8072fb3f is in ieee80211_ht_update_beacon (/usr/src/sys/net80211/ieee80211_ht.c:2787).
2782            ht->hi_ctrlchannel = ieee80211_chan2ieee(ic, bsschan);
2783            if (vap->iv_flags_ht & IEEE80211_FHT_RIFS)
2784                    ht->hi_byte1 = IEEE80211_HTINFO_RIFSMODE_PERM;
2785            else
2786                    ht->hi_byte1 = IEEE80211_HTINFO_RIFSMODE_PROH;
2787            if (IEEE80211_IS_CHAN_HT40U(bsschan))
2788                    ht->hi_byte1 |= IEEE80211_HTINFO_2NDCHAN_ABOVE;
2789            else if (IEEE80211_IS_CHAN_HT40D(bsschan))
2790                    ht->hi_byte1 |= IEEE80211_HTINFO_2NDCHAN_BELOW;
2791            else
(kgdb) quit

>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201305100204.r4A24RfN065663>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation