Trigerring a taskqueue from the if_start routine crashes FreeBSD6

John Baldwin jhb at
Mon Nov 14 17:23:16 GMT 2005

On Saturday 12 November 2005 08:00 am, Sebastien wrote:
> Hello,
> My 802.11 driver queues frames to send to the device in a tailq and then
> triggers a taskqueue to actually send them. The taskqueue is required
> because I need to do two USB transfers, and wait for the first one to
> complete before I start the second : doing this asynchronously would be a
> pain.
> This used to work fine under FreeBSD 5, but with 6, the system randomly
> freezes without any error message, and doesn't respond to anything else
> than the big red button. The crash seems more likely to happen when there
> are 3 or more frames in the tailq when the taskqueue runs.
> My code is online at
> The taskqueue-related code is all in output_layer.c, and the interface with
> the 802.11 and network stack, from which the taskqueue is triggered, is in
> netif.c.
> The taskqueue is also trigerred from the thread created to bring the device
> up when it's detected, but it doesn't crash there (but the frames are
> queued one by one there).
> Any ideas ?

I don't see anything in output_layer.c   Note that it's ok to hold locks over 
a call to free() so that your output_free() routine could be simplified 

	while (!TAILQ_EMPTY(&sc->output_queue) {
		bf = TAILQ_FIRST(&sc->output_queue);
		TAILQ_REMOVE(&sc->output_queue, bf, bf_list);
		free(bf, M_USBDEV);

but that is just a suggestion, I don't think it would affect your problem.  
Are you able to add KDB into your kernel and break into the debugger when the 
machine hangs (either via Ctrl-Alt-Esc or via a serial break over a serial 

John Baldwin <jhb at>  <><
"Power Users Use the Power to Serve"  =

More information about the freebsd-hackers mailing list