kern/165214: Kernel panic in ieee80211_output.c:2505

Adam Twardowski adam.twardowski at gmail.com
Thu Feb 16 21:30:13 UTC 2012 

>Number:         165214
>Category:       kern
>Synopsis:       Kernel panic in ieee80211_output.c:2505
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 16 21:30:12 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Adam Twardowski
>Release:        9.0-RELEASE
>Organization:
>Environment:
FreeBSD p4 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Mon Feb 13 03:19:58 EST 2012     root at p4:/usr/obj/usr/src/sys/ROUTETABLES  i386
>Description:
[513][root.p4: ROUTETABLES]$ # kgdb kernel.debug /var/crash/vmcore.2
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x0
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc0746b9d
stack pointer           = 0x28:0xd85acbdc
frame pointer           = 0x28:0xd85acbf4
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 15 (usbus4)
trap number             = 12
panic: page fault
cpuid = 0
KDB: stack backtrace:
#0 0xc069421a at kdb_backtrace+0x43
#1 0xc0663652 at panic+0x114
#2 0xc08fbcb4 at trap_fatal+0x320
#3 0xc08fbd49 at trap_pfault+0x89
#4 0xc08fca67 at trap+0x437
#5 0xc08e6e7c at calltrap+0x6
#6 0xc072b61a at ieee80211_process_callback+0x46
#7 0xc0574743 at urtw_bulk_tx_callback+0x96
#8 0xc056f8ab at usbd_callback_wrapper+0x70c
#9 0xc056bda4 at usb_command_wrapper+0xc5
#10 0xc056e7ce at usb_callback_proc+0x100
#11 0xc0568c8e at usb_process+0xf5
#12 0xc06375db at fork_exit+0x91
#13 0xc08e6ef4 at fork_trampoline+0x8
Uptime: 3h44m34s
Physical memory: 1006 MB
Dumping 209 MB: 194 178 162 146 130 114 98 82 66 50 34 18 2

Reading symbols from /boot/kernel/geom_mirror.ko...Reading symbols from /boot/kernel/geom_mirror.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/geom_mirror.ko
#0  doadump (textdump=1) at pcpu.h:244
244             __asm("movl %%fs:0,%0" : "=r" (td));
(kgdb) list *0xc0746b9d
0xc0746b9d is in ieee80211_tx_mgt_cb (/usr/src/sys/net80211/ieee80211_output.c:2505).
2500    }
2501
2502    static void
2503    ieee80211_tx_mgt_cb(struct ieee80211_node *ni, void *arg, int status)
2504    {
2505            struct ieee80211vap *vap = ni->ni_vap;
2506            enum ieee80211_state ostate = (enum ieee80211_state) arg;
2507
2508            /*
2509             * Frame transmit completed; arrange timer callback.  If
(kgdb) backtrace
#0  doadump (textdump=1) at pcpu.h:244
#1  0xc06633fe in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:442
#2  0xc066368f in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:607
#3  0xc08fbcb4 in trap_fatal (frame=0xd85acb9c, eva=0) at /usr/src/sys/i386/i386/trap.c:975
#4  0xc08fbd49 in trap_pfault (frame=0xd85acb9c, usermode=0, eva=0) at /usr/src/sys/i386/i386/trap.c:839
#5  0xc08fca67 in trap (frame=0xd85acb9c) at /usr/src/sys/i386/i386/trap.c:558
#6  0xc08e6e7c in calltrap () at /usr/src/sys/i386/i386/exception.s:168
#7  0xc0746b9d in ieee80211_tx_mgt_cb (ni=0x0, arg=0x2, status=0) at /usr/src/sys/net80211/ieee80211_output.c:2504
#8  0xc072b61a in ieee80211_process_callback (ni=0x0, m=0xc818f100, status=0) at /usr/src/sys/net80211/ieee80211_freebsd.c:478
#9  0xc0574743 in urtw_bulk_tx_callback (xfer=0xc3cc9168, error=USB_ERR_NORMAL_COMPLETION) at /usr/src/sys/dev/usb/wlan/if_urtw.c:4176
#10 0xc056f8ab in usbd_callback_wrapper (pq=0xc3cc9030) at /usr/src/sys/dev/usb/usb_transfer.c:2231
#11 0xc056bda4 in usb_command_wrapper (pq=0xc3cc9030, xfer=0x0) at /usr/src/sys/dev/usb/usb_transfer.c:2860
#12 0xc056e7ce in usb_callback_proc (_pm=0xc3cc9044) at /usr/src/sys/dev/usb/usb_transfer.c:2096
#13 0xc0568c8e in usb_process (arg=0xc3a96ccc) at /usr/src/sys/dev/usb/usb_process.c:170
#14 0xc06375db in fork_exit (callout=0xc0568b99 <usb_process>, arg=0xc3a96ccc, frame=0xd85acd28) at /usr/src/sys/kern/kern_fork.c:995
#15 0xc08e6ef4 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:275
(kgdb)

>How-To-Repeat:
Not sure, seems to happen randomly.  I did notice that that it happened about 15 min after the wireless link went down.  The adapter is an Alfa AWUS036H.

urtw0: <vendor 0x0bda product 0x8187, class 0/0, rev 2.00/1.00, addr 2> on usbus4
urtw0: unknown RTL8187L type: 0x8000000


Feb 16 05:51:17 p4 kernel: wlan0: link state changed to DOWN
Feb 16 06:06:36 p4 syslogd: kernel boot file is /boot/kernel/kernel
Feb 16 06:06:37 p4 kernel: Copyright (c) 1992-2012 The FreeBSD Project.
Feb 16 06:06:37 p4 kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994

>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list