On Monday 23 March 2009 22:23:47 Mel Flynn wrote: > Hi, > > I've been bit twice now by a panic in wpi(4). It's hard to reproduce but > the panics are consistent, meaning the two panics are identical. I'm not > using wpi at the moment, but may again in the relative near future. > > At the time of the crashes the card was used as wireless g connection to an > FreeBSD hostap using ral(4), via WEP. Some additional info about it: it seems to happen after a long period of non- activity but not always, since I've had the machine up for >5 days with good nights of sleep. I tend to think it's caused by coming from "sleep mode" and desktop widgets like RSS and weather panels, at the same time requesting stuff from the net, but it's a gut feeling. I haven't found a solid reproduction scenario, not for lack of trying. > % ident /boot/kernel/if_wpi.ko > /boot/kernel/if_wpi.ko: > $FreeBSD: src/sys/dev/wpi/if_wpi.c,v 1.19 2009/02/13 16:17:05 sam Exp > $ > > Script started on Sat Mar 7 10:55:59 2009 > # kgdb /boot/kernel/kernel /var/crash/vmcore.0 > GNU gdb 6.1.1 [FreeBSD] > Copyright 2004 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you > are welcome to change it and/or distribute copies of it under certain > conditions. Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for details. > This GDB was configured as "i386-marcel-freebsd"... > > Unread portion of the kernel message buffer: > > > Fatal trap 12: page fault while in kernel mode > cpuid = 0; apic id = 00 > fault virtual address = 0x7d1667b8 > fault code = supervisor read, page not present > instruction pointer = 0x20:0xc0688be1 > stack pointer = 0x28:0xc4aabba0 > frame pointer = 0x28:0xc4aabbb4 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 12 (irq16: vgapci0+++) > trap number = 12 > panic: page fault > cpuid = 0 > Uptime: 1d16h11m34s > Physical memory: 1517 MB > Dumping 287 MB: 272 256 240 224 208 192 176 160 144 128 112 96 80 64 48 32 > 16 > > Reading symbols from /boot/kernel/geom_journal.ko...Reading symbols from > /boot/kernel/geom_journal.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/geom_journal.ko > Reading symbols from /boot/kernel/snd_hda.ko...Reading symbols from > /boot/kernel/snd_hda.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/snd_hda.ko > Reading symbols from /boot/kernel/sound.ko...Reading symbols from > /boot/kernel/sound.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/sound.ko > Reading symbols from /boot/modules/nvidia.ko...done. > Loaded symbols for /boot/modules/nvidia.ko > Reading symbols from /boot/kernel/linux.ko...Reading symbols from > /boot/kernel/linux.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/linux.ko > Reading symbols from /boot/kernel/smb.ko...Reading symbols from > /boot/kernel/smb.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/smb.ko > Reading symbols from /boot/kernel/linprocfs.ko...Reading symbols from > /boot/kernel/linprocfs.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/linprocfs.ko > Reading symbols from /boot/kernel/wpifw.ko...Reading symbols from > /boot/kernel/wpifw.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/wpifw.ko > Reading symbols from /boot/kernel/blank_saver.ko...Reading symbols from > /boot/kernel/blank_saver.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/blank_saver.ko > #0 doadump () at pcpu.h:246 > 246 pcpu.h: No such file or directory. > in pcpu.h > (kgdb) bt > #0 doadump () at pcpu.h:246 > #1 0xc0637bdc in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:420 > #2 0xc0637ea9 in panic (fmt=Variable "fmt" is not available. > ) at /usr/src/sys/kern/kern_shutdown.c:576 > #3 0xc08633cc in trap_fatal (frame=0xc4aabb60, eva=2098620344) > at /usr/src/sys/i386/i386/trap.c:929 > #4 0xc0863630 in trap_pfault (frame=0xc4aabb60, usermode=0, > eva=2098620344) at /usr/src/sys/i386/i386/trap.c:842 > #5 0xc0863fb2 in trap (frame=0xc4aabb60) at > /usr/src/sys/i386/i386/trap.c:522 #6 0xc084932b in calltrap () at > /usr/src/sys/i386/i386/exception.s:165 #7 0xc0688be1 in mb_free_ext > (m=0xc925d300) at > /usr/src/sys/kern/uipc_mbuf.c:228 > #8 0xc0689381 in m_freem (mb=0x0) at mbuf.h:524 > #9 0xc083d981 in wpi_intr (arg=0xc4e2c800) at > /usr/src/sys/dev/wpi/if_wpi.c:1589 > #10 0xc061688b in intr_event_execute_handlers (p=0xc4d2e7ec, ie=0xc4d70380) > at /usr/src/sys/kern/kern_intr.c:1134 > #11 0xc0617cab in ithread_loop (arg=0xc4eda680) at > /usr/src/sys/kern/kern_intr.c:1147 > #12 0xc06145e3 in fork_exit (callout=0xc0617c40 <ithread_loop>, > arg=0xc4eda680, > frame=0xc4aabd38) at /usr/src/sys/kern/kern_fork.c:821 > #13 0xc08493a0 in fork_trampoline () at > /usr/src/sys/i386/i386/exception.s:270 (kgdb) frame 7 > #7 0xc0688be1 in mb_free_ext (m=0xc925d300) at > /usr/src/sys/kern/uipc_mbuf.c:228 > 228 if (*(m->m_ext.ref_cnt) == 1 || > (kgdb) print m->M_dat.MH.MH_dat.MH_ext > $1 = {ext_buf = 0x6ddc9134 <Address 0x6ddc9134 out of bounds>, ext_free = > 0x6e378c2e, > ext_arg1 = 0xc25a829, ext_arg2 = 0x6070e28f, ext_size = 2799295368, > ref_cnt = 0x7d1667b8, ext_type = 908986233} > (kgdb) print *(m->M_dat.MH.MH_dat.MH_ext.ref_cnt) > Cannot access memory at address 0x7d1667b8 > (kgdb) frame 9 > #9 0xc083d981 in wpi_intr (arg=0xc4e2c800) at > /usr/src/sys/dev/wpi/if_wpi.c:1589 > 1589 m_freem(txdata->m); > (kgdb) list > 1584 ifp->if_opackets++; > 1585 > 1586 bus_dmamap_sync(ring->data_dmat, txdata->map, BUS_DMASYNC_POSTWRITE); > 1587 bus_dmamap_unload(ring->data_dmat, txdata->map); > 1588 /* XXX handle M_TXCB? */ > 1589 m_freem(txdata->m); > 1590 txdata->m = NULL; > 1591 ieee80211_free_node(txdata->ni); > 1592 txdata->ni = NULL; > 1593 -- MelReceived on Tue Mar 24 2009 - 19:42:30 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:44 UTC