Date: Fri, 27 Apr 2007 14:26:15 -0700 From: Sam Leffler <sam@errno.com> To: Steve Kargl <sgk@troutmask.apl.washington.edu> Cc: freebsd-stable@freebsd.org Subject: Re: ath0 induced panic additional info Message-ID: <46326A77.4060607@errno.com> In-Reply-To: <20070426234153.GA50866@troutmask.apl.washington.edu> References: <20070426234153.GA50866@troutmask.apl.washington.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Steve Kargl wrote: > By increasing the kernel message buffer, I was able to > get the previous "Unread portion" im my last email. > > Unread portion of the kernel message buffer: > lock order reversal: (sleepable after non-sleepable) > 1st 0xc34caec0 ath0 (ath0) @ /usr/src/sys/dev/ath/if_ath.c:5210 > 2nd 0xc32cbe24 user map (user map) @ /usr/src/sys/vm/vm_map.c:3074 > KDB: stack backtrace: > kdb_backtrace(0,ffffffff,c07c3e08,c07c5500,c078596c,...) at kdb_backtrace+0x29 > witness_checkorder(c32cbe24,9,c075587c,c02) at witness_checkorder+0x578 > _sx_xlock(c32cbe24,c075587c,c02) at _sx_xlock+0x50 > _vm_map_lock_read(c32cbde0,c075587c,c02,2000246,c3722068,...) at _vm_map_lock_read+0x37 > vm_map_lookup(d9753a6c,805e000,2,d9753a70,d9753a60,d9753a64,d9753a47,d9753a48) at vm_map_lookup+0x28 > vm_fault(c32cbde0,805e000,2,8,c34ee180,...) at vm_fault+0x65 > trap_pfault(d9753b34,0,805e000) at trap_pfault+0xce > trap(c07b0008,28,c0730028,805e000,c334f400,...) at trap+0x319 > calltrap() at calltrap+0x5 > --- trap 0xc, eip = 0xc06e8056, esp = 0xd9753b74, ebp = 0xd9753bac --- > generic_copyout(c34c8c00,c3726400,c34cab30,c0286938,0,...) at generic_copyout+0x36 > ieee80211_ioctl(c34ca230,c0286938,c3726400) at ieee80211_ioctl+0xc1 > ath_ioctl(c34c8c00,c0286938,c3726400) at ath_ioctl+0x190 > ifhwioctl(c0286938,c34c8c00,c3726400,c34ee180) at ifhwioctl+0xa40 > ifioctl(c355e000,c0286938,c3726400,c34ee180,0,...) at ifioctl+0xc3 > soo_ioctl(c3516ab0,c0286938,c3726400,c3748480,c34ee180) at soo_ioctl+0x2db > ioctl(c34ee180,d9753d04) at ioctl+0x396 > syscall(3b,3b,3b,805d028,0,...) at syscall+0x22f > Xint0x80_syscall() at Xint0x80_syscall+0x1f > --- syscall (54, FreeBSD ELF32, ioctl), eip = 0x28149787, esp = 0xbfbfe2fc, ebp = 0xbfbfe328 --- > KDB: enter: witness_checkorder > panic: from debugger > KDB: stack backtrace: > Uptime: 1m1s > Dumping 511 MB (2 chunks) > chunk 0: 1MB (159 pages) ... ok > chunk 1: 511MB (130786 pages) 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 > > #0 doadump () at pcpu.h:165 > 165 pcpu.h: No such file or directory. > in pcpu.h > (kgdb) quit > mobile:root[157] exit > exit > > Script done on Thu Apr 26 16:38:51 2007 Age old issue: the driver calls into the net80211 layer holding it's softc lock but net80211 calls copyout and if that faults copying data to user mode then you'll blow up. I've proposed a solution but noone's responded so it remains. Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46326A77.4060607>