ath0 induced panic additional info

Sam Leffler sam at errno.com
Fri Apr 27 21:26:10 UTC 2007 

Steve Kargl wrote:
> By increasing the kernel message buffer, I was able to
> get the previous "Unread portion" im my last email.
> 
> Unread portion of the kernel message buffer:
> lock order reversal: (sleepable after non-sleepable)
>  1st 0xc34caec0 ath0 (ath0) @ /usr/src/sys/dev/ath/if_ath.c:5210
>  2nd 0xc32cbe24 user map (user map) @ /usr/src/sys/vm/vm_map.c:3074
> KDB: stack backtrace:
> kdb_backtrace(0,ffffffff,c07c3e08,c07c5500,c078596c,...) at kdb_backtrace+0x29
> witness_checkorder(c32cbe24,9,c075587c,c02) at witness_checkorder+0x578
> _sx_xlock(c32cbe24,c075587c,c02) at _sx_xlock+0x50
> _vm_map_lock_read(c32cbde0,c075587c,c02,2000246,c3722068,...) at _vm_map_lock_read+0x37
> vm_map_lookup(d9753a6c,805e000,2,d9753a70,d9753a60,d9753a64,d9753a47,d9753a48) at vm_map_lookup+0x28
> vm_fault(c32cbde0,805e000,2,8,c34ee180,...) at vm_fault+0x65
> trap_pfault(d9753b34,0,805e000) at trap_pfault+0xce
> trap(c07b0008,28,c0730028,805e000,c334f400,...) at trap+0x319
> calltrap() at calltrap+0x5
> --- trap 0xc, eip = 0xc06e8056, esp = 0xd9753b74, ebp = 0xd9753bac ---
> generic_copyout(c34c8c00,c3726400,c34cab30,c0286938,0,...) at generic_copyout+0x36
> ieee80211_ioctl(c34ca230,c0286938,c3726400) at ieee80211_ioctl+0xc1
> ath_ioctl(c34c8c00,c0286938,c3726400) at ath_ioctl+0x190
> ifhwioctl(c0286938,c34c8c00,c3726400,c34ee180) at ifhwioctl+0xa40
> ifioctl(c355e000,c0286938,c3726400,c34ee180,0,...) at ifioctl+0xc3
> soo_ioctl(c3516ab0,c0286938,c3726400,c3748480,c34ee180) at soo_ioctl+0x2db
> ioctl(c34ee180,d9753d04) at ioctl+0x396
> syscall(3b,3b,3b,805d028,0,...) at syscall+0x22f
> Xint0x80_syscall() at Xint0x80_syscall+0x1f
> --- syscall (54, FreeBSD ELF32, ioctl), eip = 0x28149787, esp = 0xbfbfe2fc, ebp = 0xbfbfe328 ---
> KDB: enter: witness_checkorder
> panic: from debugger
> KDB: stack backtrace:
> Uptime: 1m1s
> Dumping 511 MB (2 chunks)
>   chunk 0: 1MB (159 pages) ... ok
>   chunk 1: 511MB (130786 pages) 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15
> 
> #0  doadump () at pcpu.h:165
> 165	pcpu.h: No such file or directory.
> 	in pcpu.h
> (kgdb) quit
> mobile:root[157] exit
> exit
> 
> Script done on Thu Apr 26 16:38:51 2007

Age old issue: the driver calls into the net80211 layer holding it's
softc lock but net80211 calls copyout and if that faults copying data to
user mode then you'll blow up.  I've proposed a solution but noone's
responded so it remains.

	Sam

More information about the freebsd-stable mailing list