Date: Mon, 20 Mar 2006 22:17:56 +0100 From: Arnaud LACOMBE <lists-freebsd@sigfpe.info> To: freebsd-current@freebsd.org Subject: ral(4) crashed the kernel Message-ID: <20060320211756.GA87266@aries.rezid.net>
next in thread | raw e-mail | index | archive | help
Hi, I bought two week ago a D-Link DWL-G630 wireless card for my laptop hoping it would be supported by -current. The card is based on a ralink chipset, here is the full dmesg: cardbus0: CIS pointer is 0x601 cardbus0: CIS in BAR 0x10 cardbus0: Expecting link target, got 0x0 ral0: <Ralink Technology RT2561> mem 0x88000000-0x88007fff at device 0.0 on cardbus0 ral0: MAC/BBP RT2661B, RF RT2527 ral0: Ethernet address: 00:xx:xx:xx:xx:xx [NdA: the CIS information are not really long compared to other cardbus I use] As you can see, the ral(4) device attach correctly, then, I played with ifconfig' option and the crash occured when I launched the following command: # ifconfig ral0 media OFDM24 (the crash also occured before when I specified 'OFDM54') After the computer rebooted, I got the following crash dump: kdb_backtrace(1,c19dd8d0,c,c19de1b0,c8378c3c) at kdb_backtrace+0x29 witness_warn(5,0,c08bc752) at witness_warn+0x192 trap(c0680008,c09a0028,28,c1ab5400,0) at trap+0x108 calltrap() at calltrap+0x5 --- trap 0xc, eip = 0xc06f003d, esp = 0xc8378c84, ebp = 0xc8378c90 --- ieee80211_free_node(0,c1bde004,c1bde000,1,0) at ieee80211_free_node+0x9 rt2661_tx_intr(c1bde000) at rt2661_tx_intr+0x10d rt2661_intr(c1bde000,c1c61440,c8378cec,c0651336,c1a055c0) at rt2661_intr+0x17e cbb_func_intr(c1a055c0) at cbb_func_intr+0x45 ithread_execute_handlers(c19dd8d0,c192f880) at ithread_execute_handlers+0xea ithread_loop(c19e80c0,c8378d38) at ithread_loop+0x67 fork_exit(c0651408,c19e80c0,c8378d38) at fork_exit+0xa4 fork_trampoline() at fork_trampoline+0x8 --- trap 0x1, eip = 0, esp = 0xc8378d6c, ebp = 0 --- Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x4 fault code = supervisor read, page not present instruction pointer = 0x20:0xc06f003d stack pointer = 0x28:0xc8378c84 frame pointer = 0x28:0xc8378c90 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 19 (irq10: cbb0 ral0+) panic: from debugger a backtrace gives me the following: (kgdb) bt #0 doadump () at pcpu.h:166 #1 0xc0664b8c in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:402 #2 0xc0664ea1 in panic (fmt=0xc085dcdf "from debugger") at /usr/src/sys/kern/kern_shutdown.c:558 #3 0xc046bc41 in db_panic (addr=-1066467267, have_addr=0, count=-1, modif=0xc8378a8c "") at /usr/src/sys/ddb/db_command.c:426 #4 0xc046bbd8 in db_command (last_cmdp=0xc0949a84, cmd_table=0x0) at /usr/src/sys/ddb/db_command.c:395 #5 0xc046bc96 in db_command_loop () at /usr/src/sys/ddb/db_command.c:446 #6 0xc046d8ad in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:221 #7 0xc067f7e8 in kdb_trap (type=12, code=0, tf=0xc8378c44) at /usr/src/sys/kern/subr_kdb.c:485 #8 0xc0821278 in trap_fatal (frame=0xc8378c44, eva=4) at /usr/src/sys/i386/i386/trap.c:861 #9 0xc08208ff in trap (frame= {tf_fs = -1066926072, tf_es = -1063649240, tf_ds = 40, tf_edi = -1045736448, tf_esi = 0, tf_ebp = -935883632, tf_isp = -935883664, tf_ebx = -1044517792, tf_edx = 0, tf_ecx = 3329, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1066467267, tf_cs = 32, tf_eflags = 66054, tf_esp = -1044517792, tf_ss = -1046534116}) at /usr/src/sys/i386/i386/trap.c:279 #10 0xc080d21a in calltrap () at /usr/src/sys/i386/i386/exception.s:137 #11 0xc06f003d in ieee80211_free_node (ni=0x0) at /usr/src/sys/net80211/ieee80211_node.c:1600 #12 0xc05addf1 in rt2661_tx_intr (sc=0xc1bde000) at /usr/src/sys/dev/ral/rt2661.c:996 #13 0xc05ae46a in rt2661_intr (arg=0xc1bde000) at /usr/src/sys/dev/ral/rt2661.c:1245 #14 0xc059562d in cbb_func_intr (arg=0xc1a055c0) at /usr/src/sys/dev/pccbb/pccbb.c:644 #15 0xc0651336 in ithread_execute_handlers (p=0xc19dd8d0, ie=0xc192f880) at /usr/src/sys/kern/kern_intr.c:662 #16 0xc065146f in ithread_loop (arg=0xc19e80c0) at /usr/src/sys/kern/kern_intr.c:745 #17 0xc06505fc in fork_exit (callout=0xc0651408 <ithread_loop>, arg=0xc19e80c0, frame=0xc8378d38) at /usr/src/sys/kern/kern_fork.c:802 #18 0xc080d27c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:198 The crash seems to be triggered at the beginning of ieee80211_free_node() in /usr/src/sys/net80211/ieee80211_node.c which is called from rt2661_tx_intri() with ni = NULL. 1594 void 1595 #ifdef IEEE80211_DEBUG_REFCNT 1596 ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line) 1597 #else 1598 ieee80211_free_node(struct ieee80211_node *ni) 1599 #endif 1600 { 1601 struct ieee80211_node_table *nt = ni->ni_table; 1602 I can provided a crash dump if needed. Arnaud ps: could you please add me in CC: when you reply, I didn't follow freebsd-current@... by now.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060320211756.GA87266>