ath / ieee80211 kernel crash (brigding involved)
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 16 Oct 2025 14:22:37 UTC
Admittedly, this happened on a system running stable/14 between 14.2 and 14.3 points, so the problem could have been already fixed. Here is the stack trace: #8 <signal handler called> #9 0xffffffff80a60753 in ieee80211_hdrspace (ic=0xdeadc0dedeadc0de, data=0xfffff8002817966e) at sys/net80211/ieee80211_var.h:893 #10 ccmp_encap (k=0xfffffe007ac38160, m=0xfffff80028179600) at sys/net80211/ieee80211_crypto_ccmp.c:172 #11 0xffffffff80a60164 in ieee80211_crypto_encap (ni=<optimized out>, m=m@entry=0xfffff80028179600) at sys/net80211/ieee80211_crypto.c:599 #12 0xffffffff8065d83c in ath_tx_tag_crypto (sc=0xfffffe00045fd000, ni=0xfffffe007ac38000, m0=0xfffff80028179600, iswep=64, isfrag=0, hdrlen=<optimized out>, pktlen=<optimized out>, keyix=<optimized out>) at sys/dev/ath/if_ath_tx.c:997 #13 ath_tx_normal_setup (sc=0xfffffe00045fd000, ni=0xfffffe007ac38000, bf=0xfffffe000478cd58, m0=0xfffff80028179600, txq=0xfffffe0004604860) at sys/dev/ath/if_ath_tx.c:1593 #14 ath_tx_start (sc=sc@entry=0xfffffe00045fd000, ni=ni@entry=0xfffffe007ac38000, bf=bf@entry=0xfffffe000478cd58, m0=m0@entry=0xfffff80028179600) at sys/dev/ath/if_ath_tx.c:2072 #15 0xffffffff80651ebd in ath_transmit (ic=<optimized out>, m=0xfffff80028179600) at sys/dev/ath/if_ath.c:3516 #16 0xffffffff80a68967 in ieee80211_parent_xmitpkt (ic=ic@entry=0xfffffe00045fd000, m=m@entry=0xfffff80028179600) at sys/net80211/ieee80211_freebsd.c:721 #17 0xffffffff80a89656 in ieee80211_vap_pkt_send_dest (vap=vap@entry=0xfffff8000e766000, m=0xfffff80028179600, m@entry=0xfffff8000ee7de00, ni=<optimized out>) at sys/net80211/ieee80211_output.c:322 #18 0xffffffff80a8a964 in ieee80211_start_pkt (vap=0xfffff8000e766000, m=0xfffff8000ee7de00) at sys/net80211/ieee80211_output.c:479 #19 ieee80211_vap_transmit (ifp=<optimized out>, m=<optimized out>) at sys/net80211/ieee80211_output.c:539 #20 0xffffffff80a210e4 in bridge_enqueue (sc=sc@entry=0xfffff8000778d400, dst_ifp=dst_ifp@entry=0xfffff80068819000, m=0xdeadc0dedeadc0de, m@entry=0xfffff8000ee7de00) at sys/net/if_bridge.c:2108 #21 0xffffffff80a21c6c in bridge_transmit (ifp=ifp@entry=0xfffff800692be000, m=0xfffff8000ee7de00) at sys/net/if_bridge.c:2298 #22 0xffffffff80a1e3ef in bridge_altq_transmit (ifp=0xfffff800692be000, m=0xdeadc0dedeadc0de) at sys/net/if_bridge.c:2331 #23 0xffffffff80a2629c in ether_output_frame (ifp=0xfffff800692be000, m=0xfffff8000ee7de00) at sys/net/if_ethersubr.c:515 #24 0xffffffff80a2614b in ether_output (ifp=<optimized out>, m=0xfffff8000ee7de00, dst=<optimized out>, ro=<optimized out>) at sys/net/if_ethersubr.c:441 #25 0xffffffff80ac6924 in ip_output_send (inp=0x0, ifp=0xfffff800692be000, m=0xdeadc0dedeadc0de, gw=0xfffffe0050fcdb20, ro=0xfffffe0050fcdb00, stamp_tag=true) at sys/netinet/ip_output.c:270 #26 ip_output (m=0xfffff8000ee7de00, opt=opt@entry=0x0, ro=ro@entry=0xfffffe0050fcdb00, flags=flags@entry=1, imo=imo@entry=0x0, inp=inp@entry=0x0) at sys/netinet/ip_output.c:798 #27 0xffffffff80abe905 in ip_forward (m=0xfffff8000ee7de00, srcrt=<optimized out>) at sys/netinet/ip_input.c:1038 #28 0xffffffff80abe39c in ip_input (m=0xfffff8000ee7de00) at sys/netinet/ip_input.c:643 #29 0xffffffff80a47680 in netisr_dispatch_src (proto=proto@entry=1, source=source@entry=0, m=0xfffff8000ee7de00) at sys/net/netisr.c:1152 #30 0xffffffff80a479ee in netisr_dispatch (proto=26, proto@entry=1, m=0x88) at sys/net/netisr.c:1243 #31 0xffffffff80a26459 in ether_demux (ifp=ifp@entry=0xfffff800025cc000, m=0xfffff8000ee7de00) at sys/net/if_ethersubr.c:954 #32 0xffffffff80a2776e in ether_input_internal (ifp=0xfffff800025cc000, m=0xfffff8000ee7de00) at sys/net/if_ethersubr.c:718 #33 ether_nh_input (m=<optimized out>) at sys/net/if_ethersubr.c:748 #34 0xffffffff80a47680 in netisr_dispatch_src (proto=proto@entry=5, source=source@entry=0, m=0xfffff8000ee7de00) at sys/net/netisr.c:1152 #35 0xffffffff80a479ee in netisr_dispatch (proto=26, proto@entry=5, m=0x88) at sys/net/netisr.c:1243 #36 0xffffffff80a268a5 in ether_input (ifp=0xfffff800025cc000, m=0xdeadc0dedeadc0de) at sys/net/if_ethersubr.c:859 #37 0xffffffff80a1be9a in if_input (ifp=0x1a, ifp@entry=0xfffff800025cc000, sendmp=0xdeadc0dedeadc0de) at sys/net/if.c:4841 #38 0xffffffff80a40377 in iflib_rxeof (rxq=0xfffff800025cdb40, budget=<optimized out>) at sys/net/iflib.c:3081 #39 _task_fn_rx (context=0xfffff800025cdb40) at sys/net/iflib.c:4155 #40 0xffffffff80936e3e in gtaskqueue_run_locked (queue=queue@entry=0xfffff8000241fb00) at sys/kern/subr_gtaskqueue.c:369 #41 0xffffffff80936b83 in gtaskqueue_thread_loop (arg=arg@entry=0xfffffe00035bd020) at sys/kern/subr_gtaskqueue.c:545 As you can see, the packet path involved bridging from a wired interface to an ath one. The kernel is built with INVARIANTS, so 0xdeadc0dedeadc0de seen here are probably related to freed memory _somewhere_. -- Andriy Gapon