Re: HEAD/i386 r320212: three reproducible panics [see also bugzilla 220404 about a type of problem introduced in head -r329722 ]
On Friday 30 June 2017 22:45:39 Mark Millard wrote: > [Just for the 3rd backtrace example. . .] > > Oleg V. Nauman oleg at theweb.org.ua wrote on > Fri Jun 23 16:58:07 UTC 2017 : > > .. . . > > > __curthread () at ./machine/pcpu.h:225 > > 225 __asm("movl %%fs:%1,%0" : "=r" (td) > > (kgdb) #0 __curthread () at ./machine/pcpu.h:225 > > #1 doadump (textdump=-968633856) at ../../../kern/kern_shutdown.c:318 > > #2 0xc06e88c4 in kern_reboot (howto=) > > > > at ../../../kern/kern_shutdown.c:386 > > > > #3 0xc06e8c5b in vpanic (fmt=, > > > > ap=0xefd5c73c "\340\334\235\300\310\370\266\306\001") > > at ../../../kern/kern_shutdown.c:779 > > > > #4 0xc06e8b1b in panic (fmt=0xc092e18e "%s") > > > > at ../../../kern/kern_shutdown.c:710 > > > > #5 0xc08eed21 in trap_fatal (frame=0xefd5c878, eva=) > > > > at ../../../i386/i386/trap.c:978 > > > > #6 0xc08eea38 in trap (frame=) > > > > at ../../../i386/i386/trap.c:704 > > > > #7 > > #8 0xc6bcda1b in ?? () > > #9 0xc0770281 in unp_connect2 (so=, so2=, > > > > req=) at ../../../kern/uipc_usrreq.c:1497 > > > > #10 0xc076ff17 in unp_connectat (fd=, so=, > > > > nam=, td=) > > at ../../../kern/uipc_usrreq.c:1446 > > > > #11 0xc076d510 in unp_connect (so=0xc71c9400, nam=0xc662d500, > > > > td=) at ../../../kern/uipc_usrreq.c:1310 > > > > #12 uipc_connect (so=0xc71c9400, nam=0xc662d500, td=) > > > > at ../../../kern/uipc_usrreq.c:587 > > > > #13 0xc076a042 in kern_connectat (td=, dirfd=-100, > > > > fd=, sa=0xc662d500) at > > ../../../kern/uipc_syscalls.c:505 > > > > #14 0xc0769f49 in sys_connect (td=0xc6bcda18, uap=0xc6b6f988) > > > > at ../../../kern/uipc_syscalls.c:470 > > > > #15 0xc08ef679 in syscallenter (td=) > > > > at ../../../i386/i386/../../kern/subr_syscall.c:132 > > > > #16 syscall (frame=) at ../../../i386/i386/trap.c:1103 > > #17 > > #18 0x283a4747 in ?? () > > Backtrace stopped: Cannot access memory at address 0xbfbfe794 > > There are problems with a union having fields > that interfere with each other. The details of > the layout and interference likely vary from > TARGET_ARCH to TARGET_ARCH. This is from > new material added in head -r319722 and > involves /head/sys/sys/socketvar.h and > the new union in struct socket. > > See bugzilla 220404 and its analysis of a > repeatable crash on 32-bit powerpc for > head -r320482 (I'd made a large jump from > well before -r319722): > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220404 > > It also involves unp_connect2, unp_connect, > kern_connectat, sys_connect and is likely > involved. But different aliasing in the > union across architectures likely lead to > varying details for the behavior that results > from the bad handling of union use. Subscribed, thank you. > > === > Mark Millard > markmi at dsl-only.net ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: HEAD/i386 r320212: three reproducible panics [see also bugzilla 220404 about a type of problem introduced in head -r329722 ]
[Just for the 3rd backtrace example. . .] Oleg V. Nauman oleg at theweb.org.ua wrote on Fri Jun 23 16:58:07 UTC 2017 : . . . > __curthread () at ./machine/pcpu.h:225 > 225 __asm("movl %%fs:%1,%0" : "=r" (td) > (kgdb) #0 __curthread () at ./machine/pcpu.h:225 > #1 doadump (textdump=-968633856) at ../../../kern/kern_shutdown.c:318 > #2 0xc06e88c4 in kern_reboot (howto=) > at ../../../kern/kern_shutdown.c:386 > #3 0xc06e8c5b in vpanic (fmt=, > ap=0xefd5c73c "\340\334\235\300\310\370\266\306\001") > at ../../../kern/kern_shutdown.c:779 > #4 0xc06e8b1b in panic (fmt=0xc092e18e "%s") > at ../../../kern/kern_shutdown.c:710 > #5 0xc08eed21 in trap_fatal (frame=0xefd5c878, eva=) > at ../../../i386/i386/trap.c:978 > #6 0xc08eea38 in trap (frame=) > at ../../../i386/i386/trap.c:704 > #7 > #8 0xc6bcda1b in ?? () > #9 0xc0770281 in unp_connect2 (so=, so2=, > req=) at ../../../kern/uipc_usrreq.c:1497 > #10 0xc076ff17 in unp_connectat (fd=, so=, > nam=, td=) > at ../../../kern/uipc_usrreq.c:1446 > #11 0xc076d510 in unp_connect (so=0xc71c9400, nam=0xc662d500, > td=) at ../../../kern/uipc_usrreq.c:1310 > #12 uipc_connect (so=0xc71c9400, nam=0xc662d500, td=) > at ../../../kern/uipc_usrreq.c:587 > #13 0xc076a042 in kern_connectat (td=, dirfd=-100, > fd=, sa=0xc662d500) at ../../../kern/uipc_syscalls.c:505 > #14 0xc0769f49 in sys_connect (td=0xc6bcda18, uap=0xc6b6f988) > at ../../../kern/uipc_syscalls.c:470 > #15 0xc08ef679 in syscallenter (td=) > at ../../../i386/i386/../../kern/subr_syscall.c:132 > #16 syscall (frame=) at ../../../i386/i386/trap.c:1103 > #17 > #18 0x283a4747 in ?? () > Backtrace stopped: Cannot access memory at address 0xbfbfe794 There are problems with a union having fields that interfere with each other. The details of the layout and interference likely vary from TARGET_ARCH to TARGET_ARCH. This is from new material added in head -r319722 and involves /head/sys/sys/socketvar.h and the new union in struct socket. See bugzilla 220404 and its analysis of a repeatable crash on 32-bit powerpc for head -r320482 (I'd made a large jump from well before -r319722): https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220404 It also involves unp_connect2, unp_connect, kern_connectat, sys_connect and is likely involved. But different aliasing in the union across architectures likely lead to varying details for the behavior that results from the bad handling of union use. === Mark Millard markmi at dsl-only.net ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: HEAD/i386 r320212: three reproducible panics
On Friday 30 June 2017 12:44:37 Hans Petter Selasky wrote: Hello Hans, > On 06/30/17 11:01, Oleg V. Nauman wrote: > > On Friday 23 June 2017 19:42:55 Oleg V. Nauman wrote: > >> a) Panic on shutdown: > >> Fatal trap 1: privileged instruction fault while in kernel mode > >> cpuid = 1; apic id = 01 > >> instruction pointer = 0x20:0xc6be2023 > >> stack pointer = 0x28:0xe13c39f4 > >> frame pointer = 0x28:0xe13c3a20 > >> code segment = base 0x0, limit 0xf, type 0x1b > >> > >> = DPL 0, pres 1, def32 1, gran 1 > >> > >> processor eflags = interrupt enabled, resume, IOPL = 0 > >> current process = 11 (swi1: netisr 0) > >> trap number= 1 > >> panic: privileged instruction fault > >> cpuid = 1 > >> time = 1498206262 > >> Uptime: 6m19s > >> > >> The trace is: > >> __curthread () at ./machine/pcpu.h:225 > >> 225 __asm("movl %%fs:%1,%0" : "=r" (td) > >> (kgdb) #0 __curthread () at ./machine/pcpu.h:225 > >> #1 doadump (textdump=-968633472) at ../../../kern/kern_shutdown.c:318 > >> #2 0xc06e88c4 in kern_reboot (howto=) > >> > >> at ../../../kern/kern_shutdown.c:386 > >> > >> #3 0xc06e8c5b in vpanic (fmt=, > >> > >> ap=0xe13c3874 "}\334\235\300H\254 \306\001") > >> at ../../../kern/kern_shutdown.c:779 > >> > >> #4 0xc06e8b1b in panic (fmt=0xc092e18e "%s") > >> > >> at ../../../kern/kern_shutdown.c:710 > >> > >> #5 0xc08eed21 in trap_fatal (frame=0xe13c39b4, eva=) > >> > >> at ../../../i386/i386/trap.c:978 > >> > >> #6 0xc08eea38 in trap (frame=) > >> > >> at ../../../i386/i386/trap.c:704 > >> > >> #7 > >> #8 0xc6be2023 in ?? () > >> #9 0xc082ed53 in tcp_do_segment (m=, th=, > >> > >> so=, tp=, drop_hdrlen=, > >> tlen=, iptos=, > >> ti_locked= >> 0x1>) > >> > >> at ../../../netinet/tcp_input.c:2444 > >> #10 0xc082c181 in tcp_input (mp=, offp=, > >> > >> proto=) at ../../../netinet/tcp_input.c:1191 > >> > >> #11 0xc0820878 in ip_input (m=0x0) at ../../../netinet/ip_input.c:823 > >> #12 0xc07d5d0f in netisr_process_workstream_proto (nwsp=, > >> > >> proto=) at ../../../net/netisr.c:899 > >> > >> #13 swi_net (arg=) at ../../../net/netisr.c:946 > >> #14 0xc06bb3c5 in intr_event_execute_handlers (p=0x109, ie= >> out>) > >> > >> at ../../../kern/kern_intr.c:1336 > >> > >> #15 0xc06bb5f0 in ithread_execute_handlers (ie=, > >> > >> p=) at ../../../kern/kern_intr.c:1349 > >> > >> #16 ithread_loop (arg=0xc60e6d00) at ../../../kern/kern_intr.c:1430 > >> #17 0xc06b8a76 in fork_exit (callout=0xc06bb560 , > >> > >> arg=, frame=) > >> at ../../../kern/kern_fork.c:1038 > >> > >> #18 > >> (kgdb) > >> > > Interesting enough that panic triggered by named shutdown ( well, 'rndc > > > > flush' is triggering this panic too ) > > > > rndc calling isc__app_ctxrun function and finally panics the system: > > lib/isc/unix/app.c --- > > > > return (ISC_R_UNEXPECTED); > > > > } > > > > #ifndef HAVE_UNIXWARE_SIGWAIT > > > > result = sigwait(, ); <--- panic > > if (result == 0) { > > > > > > > > variables are set to: > > sset= {__bits = {16387, 0, 0, 0}} > > sig = 134533280 > > Here: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220358 Subscribed && updated. > > Try to turn off hyperthreading to get a more sensible panic. Done. > > Migh-t look like an issue with 32-bit systems and iflib. I do not know if this related to iflib ; iflib functions were not mentioned in backtraces. > > --HPS -- Науман Олег ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: HEAD/i386 r320212: three reproducible panics
On 06/30/17 11:01, Oleg V. Nauman wrote: On Friday 23 June 2017 19:42:55 Oleg V. Nauman wrote: a) Panic on shutdown: Fatal trap 1: privileged instruction fault while in kernel mode cpuid = 1; apic id = 01 instruction pointer = 0x20:0xc6be2023 stack pointer = 0x28:0xe13c39f4 frame pointer = 0x28:0xe13c3a20 code segment = base 0x0, limit 0xf, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 11 (swi1: netisr 0) trap number= 1 panic: privileged instruction fault cpuid = 1 time = 1498206262 Uptime: 6m19s The trace is: __curthread () at ./machine/pcpu.h:225 225 __asm("movl %%fs:%1,%0" : "=r" (td) (kgdb) #0 __curthread () at ./machine/pcpu.h:225 #1 doadump (textdump=-968633472) at ../../../kern/kern_shutdown.c:318 #2 0xc06e88c4 in kern_reboot (howto=) at ../../../kern/kern_shutdown.c:386 #3 0xc06e8c5b in vpanic (fmt=, ap=0xe13c3874 "}\334\235\300H\254 \306\001") at ../../../kern/kern_shutdown.c:779 #4 0xc06e8b1b in panic (fmt=0xc092e18e "%s") at ../../../kern/kern_shutdown.c:710 #5 0xc08eed21 in trap_fatal (frame=0xe13c39b4, eva=) at ../../../i386/i386/trap.c:978 #6 0xc08eea38 in trap (frame=) at ../../../i386/i386/trap.c:704 #7 #8 0xc6be2023 in ?? () #9 0xc082ed53 in tcp_do_segment (m=, th=, so=, tp=, drop_hdrlen=, tlen=, iptos=, ti_locked=) at ../../../netinet/tcp_input.c:2444 #10 0xc082c181 in tcp_input (mp=, offp=, proto=) at ../../../netinet/tcp_input.c:1191 #11 0xc0820878 in ip_input (m=0x0) at ../../../netinet/ip_input.c:823 #12 0xc07d5d0f in netisr_process_workstream_proto (nwsp=, proto=) at ../../../net/netisr.c:899 #13 swi_net (arg=) at ../../../net/netisr.c:946 #14 0xc06bb3c5 in intr_event_execute_handlers (p=0x109, ie=) at ../../../kern/kern_intr.c:1336 #15 0xc06bb5f0 in ithread_execute_handlers (ie=, p=) at ../../../kern/kern_intr.c:1349 #16 ithread_loop (arg=0xc60e6d00) at ../../../kern/kern_intr.c:1430 #17 0xc06b8a76 in fork_exit (callout=0xc06bb560 , arg=, frame=) at ../../../kern/kern_fork.c:1038 #18 (kgdb) Interesting enough that panic triggered by named shutdown ( well, 'rndc flush' is triggering this panic too ) rndc calling isc__app_ctxrun function and finally panics the system: lib/isc/unix/app.c --- return (ISC_R_UNEXPECTED); } #ifndef HAVE_UNIXWARE_SIGWAIT result = sigwait(, ); <--- panic if (result == 0) { variables are set to: sset= {__bits = {16387, 0, 0, 0}} sig = 134533280 Here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220358 Try to turn off hyperthreading to get a more sensible panic. Might look like an issue with 32-bit systems and iflib. --HPS ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: HEAD/i386 r320212: three reproducible panics
On Friday 23 June 2017 19:42:55 Oleg V. Nauman wrote: > a) Panic on shutdown: > > > Fatal trap 1: privileged instruction fault while in kernel mode > cpuid = 1; apic id = 01 > instruction pointer = 0x20:0xc6be2023 > stack pointer = 0x28:0xe13c39f4 > frame pointer = 0x28:0xe13c3a20 > code segment = base 0x0, limit 0xf, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 11 (swi1: netisr 0) > trap number= 1 > panic: privileged instruction fault > cpuid = 1 > time = 1498206262 > Uptime: 6m19s > > The trace is: > > __curthread () at ./machine/pcpu.h:225 > 225 __asm("movl %%fs:%1,%0" : "=r" (td) > (kgdb) #0 __curthread () at ./machine/pcpu.h:225 > #1 doadump (textdump=-968633472) at ../../../kern/kern_shutdown.c:318 > #2 0xc06e88c4 in kern_reboot (howto=) > at ../../../kern/kern_shutdown.c:386 > #3 0xc06e8c5b in vpanic (fmt=, > ap=0xe13c3874 "}\334\235\300H\254 \306\001") > at ../../../kern/kern_shutdown.c:779 > #4 0xc06e8b1b in panic (fmt=0xc092e18e "%s") > at ../../../kern/kern_shutdown.c:710 > #5 0xc08eed21 in trap_fatal (frame=0xe13c39b4, eva=) > at ../../../i386/i386/trap.c:978 > #6 0xc08eea38 in trap (frame=) > at ../../../i386/i386/trap.c:704 > #7 > #8 0xc6be2023 in ?? () > #9 0xc082ed53 in tcp_do_segment (m=, th=, > so=, tp=, drop_hdrlen=, > tlen=, iptos=, > ti_locked=) > at ../../../netinet/tcp_input.c:2444 > #10 0xc082c181 in tcp_input (mp=, offp=, > proto=) at ../../../netinet/tcp_input.c:1191 > #11 0xc0820878 in ip_input (m=0x0) at ../../../netinet/ip_input.c:823 > #12 0xc07d5d0f in netisr_process_workstream_proto (nwsp=, > proto=) at ../../../net/netisr.c:899 > #13 swi_net (arg=) at ../../../net/netisr.c:946 > #14 0xc06bb3c5 in intr_event_execute_handlers (p=0x109, ie=) > at ../../../kern/kern_intr.c:1336 > #15 0xc06bb5f0 in ithread_execute_handlers (ie=, > p=) at ../../../kern/kern_intr.c:1349 > #16 ithread_loop (arg=0xc60e6d00) at ../../../kern/kern_intr.c:1430 > #17 0xc06b8a76 in fork_exit (callout=0xc06bb560 , > arg=, frame=) > at ../../../kern/kern_fork.c:1038 > #18 > (kgdb) Interesting enough that panic triggered by named shutdown ( well, 'rndc flush' is triggering this panic too ) rndc calling isc__app_ctxrun function and finally panics the system: lib/isc/unix/app.c --- return (ISC_R_UNEXPECTED); } #ifndef HAVE_UNIXWARE_SIGWAIT result = sigwait(, ); <--- panic if (result == 0) { variables are set to: sset= {__bits = {16387, 0, 0, 0}} sig = 134533280 ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: HEAD/i386 r320212: three reproducible panics
On 06/23/17 12:42, Oleg V. Nauman wrote: a) Panic on shutdown: Fatal trap 1: privileged instruction fault while in kernel mode cpuid = 1; apic id = 01 instruction pointer = 0x20:0xc6be2023 stack pointer = 0x28:0xe13c39f4 frame pointer = 0x28:0xe13c3a20 code segment = base 0x0, limit 0xf, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 11 (swi1: netisr 0) trap number= 1 panic: privileged instruction fault cpuid = 1 time = 1498206262 Uptime: 6m19s I can't get my last remaining i386 to either finish booting or stay up long enough for the VPN to allow access (it's remote :-(). I'm stuck at SVN r319640. Crash dumps list a "double fault", "general protection fault" or "page fault" in kernel mode. Fortunately, it does get far enough to remove /boot/nextboot.conf so it does fall back to a working kernel .. imb ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
HEAD/i386 r320212: three reproducible panics
a) Panic on shutdown: Fatal trap 1: privileged instruction fault while in kernel mode cpuid = 1; apic id = 01 instruction pointer = 0x20:0xc6be2023 stack pointer = 0x28:0xe13c39f4 frame pointer = 0x28:0xe13c3a20 code segment = base 0x0, limit 0xf, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 11 (swi1: netisr 0) trap number= 1 panic: privileged instruction fault cpuid = 1 time = 1498206262 Uptime: 6m19s The trace is: __curthread () at ./machine/pcpu.h:225 225 __asm("movl %%fs:%1,%0" : "=r" (td) (kgdb) #0 __curthread () at ./machine/pcpu.h:225 #1 doadump (textdump=-968633472) at ../../../kern/kern_shutdown.c:318 #2 0xc06e88c4 in kern_reboot (howto=) at ../../../kern/kern_shutdown.c:386 #3 0xc06e8c5b in vpanic (fmt=, ap=0xe13c3874 "}\334\235\300H\254 \306\001") at ../../../kern/kern_shutdown.c:779 #4 0xc06e8b1b in panic (fmt=0xc092e18e "%s") at ../../../kern/kern_shutdown.c:710 #5 0xc08eed21 in trap_fatal (frame=0xe13c39b4, eva=) at ../../../i386/i386/trap.c:978 #6 0xc08eea38 in trap (frame=) at ../../../i386/i386/trap.c:704 #7 #8 0xc6be2023 in ?? () #9 0xc082ed53 in tcp_do_segment (m=, th=, so=, tp=, drop_hdrlen=, tlen=, iptos=, ti_locked=) at ../../../netinet/tcp_input.c:2444 #10 0xc082c181 in tcp_input (mp=, offp=, proto=) at ../../../netinet/tcp_input.c:1191 #11 0xc0820878 in ip_input (m=0x0) at ../../../netinet/ip_input.c:823 #12 0xc07d5d0f in netisr_process_workstream_proto (nwsp=, proto=) at ../../../net/netisr.c:899 #13 swi_net (arg=) at ../../../net/netisr.c:946 #14 0xc06bb3c5 in intr_event_execute_handlers (p=0x109, ie=) at ../../../kern/kern_intr.c:1336 #15 0xc06bb5f0 in ithread_execute_handlers (ie=, p=) at ../../../kern/kern_intr.c:1349 #16 ithread_loop (arg=0xc60e6d00) at ../../../kern/kern_intr.c:1430 #17 0xc06b8a76 in fork_exit (callout=0xc06bb560 , arg=, frame=) at ../../../kern/kern_fork.c:1038 #18 (kgdb) b) Panic on accepting incoming SSH connection: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0xa4c6f47f fault code = supervisor read, page not present instruction pointer = 0x20:0xc6bd0418 stack pointer = 0x28:0xea66b6a4 frame pointer = 0x28:0xea66b6d0 code segment = base 0x0, limit 0xf, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 0 (ath0 taskq) trap number= 12 panic: page fault cpuid = 0 time = 1498233591 Uptime: 1m2s The trace is: __curthread () at ./machine/pcpu.h:225 225 __asm("movl %%fs:%1,%0" : "=r" (td) (kgdb) #0 __curthread () at ./machine/pcpu.h:225 #1 doadump (textdump=-968633856) at ../../../kern/kern_shutdown.c:318 #2 0xc06e88c4 in kern_reboot (howto=) at ../../../kern/kern_shutdown.c:386 #3 0xc06e8c5b in vpanic (fmt=, ap=0xea66b504 "\353\334\235\300H) at ../../../i386/i386/trap.c:978 #6 0xc08eee5d in trap_pfault (frame=0xea66b664, usermode=0, eva=) at ../../../i386/i386/trap.c:786 #7 0xc08ee48e in trap (frame=) at ../../../i386/i386/trap.c:512 #8 #9 0xc6bd0418 in ?? () #10 0xc082ed53 in tcp_do_segment (m=, th=, so=, tp=, drop_hdrlen=, tlen=, iptos=, ti_locked=) at ../../../netinet/tcp_input.c:2444 #11 0xc082c181 in tcp_input (mp=, offp=, proto=) at ../../../netinet/tcp_input.c:1191 #12 0xc0820878 in ip_input (m=0x0) at ../../../netinet/ip_input.c:823 #13 0xc07d55bb in netisr_dispatch_src (proto=, source=, m=0xc6bd0418) at ../../../net/netisr.c:1120 #14 0xc07d5880 in netisr_dispatch (proto=1, m=0xc6cc6000) at ../../../net/netisr.c:1211 #15 0xc07c7292 in ether_demux (ifp=0xc6860800, m=0x0) at ../../../net/if_ethersubr.c:848 #16 0xc07c7f20 in ether_input_internal (ifp=0xc6860800, m=0xc6bd0418) at ../../../net/if_ethersubr.c:637 #17 ether_nh_input (m=) at ../../../net/if_ethersubr.c:667 #18 0xc07d55bb in netisr_dispatch_src (proto=, source=, m=0xc6bd0418) at ../../../net/netisr.c:1120 #19 0xc07d5880 in netisr_dispatch (proto=5, m=0xc6cc6000) at ../../../net/netisr.c:1211 #20 0xc07c751a in ether_input (ifp=0xc6860800, m=0x0) at ../../../net/if_ethersubr.c:757 #21 0xc07efc2e in ieee80211_deliver_data (vap=0xc6a97000, ni=, m=0xc6cc6000) at ../../../net80211/ieee80211_input.c:291 #22 0xc08070e5 in sta_input (ni=, m=0xc6cc6000, rxs=, rssi=, nf=) at ../../../net80211/ieee80211_sta.c:891 #23 0xc07ef824 in ieee80211_input_mimo (ni=0x0, m=) at ../../../net80211/ieee80211_input.c:99 #24 0xc053439a in ath_rx_pkt (sc=, rs=, status=, tsf=, nf=, qtype=, bf=, m=) at ../../../dev/ath/if_ath_rx.c:950 #25 0xc05350f5 in ath_rx_proc (sc=0xc63f9000, resched=1) at ../../../dev/ath/if_ath_rx.c:1150 #26 0xc07359cc in taskqueue_run_locked (queue=0xc63d3b80) at ../../../kern/subr_taskqueue.c:454 #27 0xc07368b7 in