Panic: Kernel page fault with ath0_com_lock held, r211295

From: David Wolfskill <david_at_catwhisker.org>
Date: Sat, 14 Aug 2010 08:29:07 -0700
Previously built _at_r211278; just build r211295 this morning, and didn't
quite pass the smoke test.  I'll attach core.txt; here are highlights:

FreeBSD localhost 9.0-CURRENT FreeBSD 9.0-CURRENT #89 r211295: Sat Aug 14 07:34:56 PDT 2010     root_at_g1-219.catwhisker.org.:/usr/obj/usr/src/sys/CANARY  i386
...
Kernel page fault with the following non-sleepable locks held:
exclusive sleep mutex ath0_com_lock (ath0_com_lock) r = 0 (0xc896e014) locked _at_ /usr/src/sys/net80211/ieee80211_scan.c:957
KDB: stack backtrace:
db_trace_self_wrapper(c0cb0eda,c53b9aa0,c08d93e5,3bd,0,...) at 0xc04da736 = db_trace_self_wrapper+0x26
kdb_backtrace(3bd,0,ffffffff,c0f47aac,c53b9ad8,...) at 0xc08c4319 = kdb_backtrace+0x29
_witness_debugger(c0cb3689,c53b9aec,4,1,0,...) at 0xc08d93e5 = _witness_debugger+0x25
witness_warn(5,0,c0ceadbf,c08d0229,c0e04de0,...) at 0xc08da8ee = witness_warn+0x1fe
trap(c53b9b78) at 0xc0bd9835 = trap+0x195
calltrap() at 0xc0bc0b9c = calltrap+0x6
--- trap 0xc, eip = 0xc0962604, esp = 0xc53b9bb8, ebp = 0xc53b9bd8 ---
amrr_node_init(c8d3c000,c7d18d2e,c7d18d3f,1,c8d37800,...) at 0xc0962604 = amrr_node_init+0x84
ieee80211_sta_join(c8cac000,c896e320,c7d18d00,1,c896e000,...) at 0xc0985c07 = ieee80211_sta_join+0x1f7
sta_pick_bss(c8996800,c8cac000,c0cc54c4,3bd,246,...) at 0xc0993853 = sta_pick_bss+0x113
scan_task(c8996800,1,c0cb27d9,53,c53b9cd8,...) at 0xc099102b = scan_task+0x4bb
taskqueue_run(c894e880,c894e898,0,c0ccee5e,0,...) at 0xc08d09d3 = taskqueue_run+0xc3
taskqueue_thread_loop(c896e074,c53b9d28,c0ca8b19,343,c0e04de0,...) at 0xc08d119e = taskqueue_thread_loop+0x6e
fork_exit(c08d1130,c896e074,c53b9d28) at 0xc0867348 = fork_exit+0xb8
fork_trampoline() at 0xc0bc0c14 = fork_trampoline+0x8
--- trap 0, eip = 0, esp = 0xc53b9d60, ebp = 0 ---

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x0
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc0962604
stack pointer           = 0x28:0xc53b9bb8
frame pointer           = 0x28:0xc53b9bd8
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (ath0 taskq)
panic: from debugger
cpuid = 0
KDB: stack backtrace:
Uptime: 35s
Physical memory: 2031 MB
Dumping 94 MB: 79 63 47 31 15
...
Loaded symbols for /boot/kernel/tmpfs.ko
#0  doadump () at pcpu.h:231
231     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) #0  doadump () at pcpu.h:231
#1  0xc089166e in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:416
#2  0xc0891942 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:590
#3  0xc04d8037 in db_panic (addr=Could not find the frame base for "db_panic".
) at /usr/src/sys/ddb/db_command.c:478
#4  0xc04d8661 in db_command (last_cmdp=0xc0de6a5c, cmd_table=0x0, dopager=1)
    at /usr/src/sys/ddb/db_command.c:445
#5  0xc04d87ba in db_command_loop () at /usr/src/sys/ddb/db_command.c:498
#6  0xc04da6dd in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:229
#7  0xc08c407e in kdb_trap (type=12, code=0, tf=0xc53b9b78)
    at /usr/src/sys/kern/subr_kdb.c:535
#8  0xc0bd931f in trap_fatal (frame=0xc53b9b78, eva=0)
    at /usr/src/sys/i386/i386/trap.c:936
#9  0xc0bd9843 in trap (frame=0xc53b9b78) at /usr/src/sys/i386/i386/trap.c:326
#10 0xc0bc0b9c in calltrap () at /usr/src/sys/i386/i386/exception.s:166
#11 0xc0962604 in amrr_node_init (ni=0xc8d3c000)
    at /usr/src/sys/net80211/ieee80211_amrr.c:152
#12 0xc0985c07 in ieee80211_sta_join (vap=0xc8cac000, chan=0xc896e320, 
    se=0xc7d18d00) at ieee80211_ratectl.h:80
#13 0xc0993853 in sta_pick_bss (ss=0xc8996800, vap=0xc8cac000)
    at /usr/src/sys/net80211/ieee80211_scan_sta.c:1244
#14 0xc099102b in scan_task (arg=0xc8996800, pending=1)
    at /usr/src/sys/net80211/ieee80211_scan.c:986
#15 0xc08d09d3 in taskqueue_run (queue=0xc894e880, tpp=0xc53b9cd8)
    at /usr/src/sys/kern/subr_taskqueue.c:240
#16 0xc08d119e in taskqueue_thread_loop (arg=0xc896e074)
    at /usr/src/sys/kern/subr_taskqueue.c:365
#17 0xc0867348 in fork_exit (callout=0xc08d1130 <taskqueue_thread_loop>, 
    arg=0xc896e074, frame=0xc53b9d28) at /usr/src/sys/kern/kern_fork.c:843
#18 0xc0bc0c14 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:273


I see that r211295 is fairly recent, but that there were some
ath(4)-related commits subsequent (r211299; r211303).  While I admit
but sketchy knowlegde of the code, I don't see anything glaringly
obvious there.

I'm certainly willing to test, but I have some more critical domestic
priorities for most of the day, unfortunately.

Peace,
david
-- 
David H. Wolfskill				david_at_catwhisker.org
Depriving a girl or boy of an opportunity for education is evil.

See http://www.catwhisker.org/~david/publickey.gpg for my public key.
Received on Sat Aug 14 2010 - 13:29:10 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:06 UTC