From owner-freebsd-bugs@FreeBSD.ORG Sun May 25 00:00:06 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A46D3106568D for ; Sun, 25 May 2008 00:00:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 99E3F8FC1B for ; Sun, 25 May 2008 00:00:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m4P006jK048121 for ; Sun, 25 May 2008 00:00:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m4P00617048116; Sun, 25 May 2008 00:00:06 GMT (envelope-from gnats) Resent-Date: Sun, 25 May 2008 00:00:06 GMT Resent-Message-Id: <200805250000.m4P00617048116@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Jonny Crook Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EF4F3106566B for ; Sat, 24 May 2008 23:57:24 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 02B808FC0A for ; Sat, 24 May 2008 23:57:25 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m4ONtrbg031464 for ; Sat, 24 May 2008 23:55:53 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.2/8.14.1/Submit) id m4ONtrta031463; Sat, 24 May 2008 23:55:53 GMT (envelope-from nobody) Message-Id: <200805242355.m4ONtrta031463@www.freebsd.org> Date: Sat, 24 May 2008 23:55:53 GMT From: Jonny Crook To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/123968: Rum driver causes kernel panic with WPA. X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 May 2008 00:00:06 -0000 >Number: 123968 >Category: kern >Synopsis: Rum driver causes kernel panic with WPA. >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun May 25 00:00:06 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Jonny Crook >Release: FreeBSD 7.0-RELEASE #0 >Organization: >Environment: >Description: Using a Ralink rt73 chipset USB wireless dongle with WPA causes a kernel panic after a few minutes of network activity, eg. downloading a file. /var/crash/info.2 : Dump header from device /dev/ad4s2b Architecture: i386 Architecture Version: 2 Dump Length: 113614848B (108 MB) Blocksize: 512 Dumptime: Sat May 24 23:33:45 2008 Hostname: Magic: FreeBSD Kernel Dump Version String: FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC Panic String: page fault Dump Parity: 3141769591 Bounds: 2 Dump Status: good kgdb on the dumped image: GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x12 fault code = supervisor read, page not present instruction pointer = 0x20:0xc06b9e7a stack pointer = 0x28:0xe45cebe4 frame pointer = 0x28:0xe45cebfc code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 23 (irq23: uhci0 ehci0) trap number = 12 panic: page fault cpuid = 0 Uptime: 3m47s Physical memory: 1011 MB Dumping 108 MB: 93 77 61 45 29 13 #0 doadump () at pcpu.h:195 in pcpu.h (kgdb) list *0xc06b9e7a 0xc06b9e7a is in rum_txeof (/usr/src/sys/dev/usb/if_rum.c:842). 837 { 838 struct rum_tx_data *data = priv; 839 struct rum_softc *sc = data->sc; 840 struct ifnet *ifp = sc->sc_ic.ic_ifp; 841 842 if (data->m->m_flags & M_TXCB) 843 ieee80211_process_callback(data->ni, data->m, 844 status == USBD_NORMAL_COMPLETION ? 0 : ETIMEDOUT ); 845 846 if (status != USBD_NORMAL_COMPLETION) { (kgdb) I'm very new to FreeBSD, I do not have the knowledge to create a patch. I hope the aforementioned information helps however! If any more information is needed, do ask. I can even upload the vmcore file, although it may contain sensitive information. Many thanks, Jonny. >How-To-Repeat: Use WPA supplicant, with WPA TKIP, authenticate with an AP, download a file over the wireless (or other network activity) and within minutes a kernel panic will occur. >Fix: >Release-Note: >Audit-Trail: >Unformatted: