Kernel panics when Atheros card plugged in.

From: Patrick Bowen <pbowen_at_fastmail.fm>
Date: Sun, 01 Jan 2006 13:49:54 -0600
Hello and Happy New Year;

I just bought a D-Link DWL-G630 Wireless G Adapter for my laptop (Dell 
Latitude C-600), and it worked fine until I cvsup'ed last nights sources 
(12/31/05) and did canonical rebuild. Now the machine panics whenever I 
plug the card in.

sg1# uname -a
FreeBSD sg1.sgc.org 7.0-CURRENT FreeBSD 7.0-CURRENT #3: Sun Jan  1 
10:51:32 CST 2006     pbowen_at_sg1.sgc.org:/usr/obj/usr/src/sys/GENERIC  i386

I've included dmesg as attachment.

sg1# kgdb kernel.debug /var/crash/vmcore.0
[GDB will not be able to debug user-mode threads: 
/usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0xd6975000
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc04fc2a8
stack pointer           = 0x28:0xd4497748
frame pointer           = 0x28:0xd4497754
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 22 (cbb1)
panic: from debugger
cpuid = 0
Uptime: 40s
Dumping 511 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 511MB (130779 pages) 495 479 463 447 431 415 399 383 367 351 
335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 
31 15

#0  doadump () at pcpu.h:166
166             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) list *0xc04fc2a8
0xc04fc2a8 is in cardbus_read_tuple_mem (bus.h:225).
220                      bus_size_t offset)
221     {
222    
223             if (tag == I386_BUS_SPACE_IO)
224                     return (inb(handle + offset));
225             return (*(volatile u_int8_t *)(handle + offset));
226     }
227    
228     static __inline u_int16_t
229     bus_space_read_2(bus_space_tag_t tag, bus_space_handle_t handle,
(kgdb) bt
#0  doadump () at pcpu.h:166
#1  0xc06539f8 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
#2  0xc0653d0d in panic (fmt=0xc08493c3 "from debugger") at 
/usr/src/sys/kern/kern_shutdown.c:555
#3  0xc046a7c1 in db_panic (addr=-1068514648, have_addr=0, count=-1, 
modif=0xd4497518 "") at /usr/src/sys/ddb/db_command.c:435
#4  0xc046a758 in db_command (last_cmdp=0xc0933d84, cmd_table=0x0, 
aux_cmd_tablep=0xc08ad950, aux_cmd_tablep_end=0xc08ad96c)
    at /usr/src/sys/ddb/db_command.c:404
#5  0xc046a820 in db_command_loop () at /usr/src/sys/ddb/db_command.c:455
#6  0xc046c439 in db_trap (type=12, code=0) at 
/usr/src/sys/ddb/db_main.c:221
#7  0xc066e134 in kdb_trap (type=12, code=0, tf=0xd4497708) at 
/usr/src/sys/kern/subr_kdb.c:485
#8  0xc0813aac in trap_fatal (frame=0xd4497708, eva=3600240640) at 
/usr/src/sys/i386/i386/trap.c:853
#9  0xc08137ef in trap_pfault (frame=0xd4497708, usermode=0, 
eva=3600240640) at /usr/src/sys/i386/i386/trap.c:770
#10 0xc0813409 in trap (frame=
      {tf_fs = -1019150328, tf_es = -2013265880, tf_ds = -733413336, 
tf_edi = 20480, tf_esi = 1, tf_ebp = -733382828, tf_isp = -733382860, 
tf_ebx = -733382736,
 tf_edx = -694747136, tf_ecx = -694747136, tf_eax = 20480, tf_trapno = 
12, tf_err = 0, tf_eip = -1068514648, tf_cs = 32, tf_eflags = 590338, 
tf_esp = -73338273
2, tf_ss = -733382736}) at /usr/src/sys/i386/i386/trap.c:455
#11 0xc07ffb1a in calltrap () at /usr/src/sys/i386/i386/exception.s:137
#12 0xc04fc2a8 in cardbus_read_tuple_mem (cbdev=0xc341c180, 
res=0xd44977b0, start=20480, off=0xd44977b0, tupleid=0x5000, 
len=0xd44977b8,
    tupledata=0xd44977c4 "") at bus.h:224
#13 0xc04fc35e in cardbus_read_tuple (cbdev=0xc341c180, 
child=0xc37f6800, res=0xd6970000, start=20480, off=0xd44977b0, 
tupleid=0xd44977b4, len=0xd6970000,
    tupledata=0x5000 <Address 0x5000 out of bounds>) at 
/usr/src/sys/dev/cardbus/cardbus_cis.c:460
#14 0xc04fc9ec in cardbus_parse_cis (cbdev=0xc341c180, child=0xc37f6800, 
callbacks=0xd4497bf4, argp=0x0) at 
/usr/src/sys/dev/cardbus/cardbus_cis.c:647
#15 0xc04fcaa2 in cardbus_do_cis (cbdev=0xc341c180, child=0xc37f6800) at 
/usr/src/sys/dev/cardbus/cardbus_cis.c:693
#16 0xc04fb5e8 in cardbus_attach_card (cbdev=0xc341c180) at 
/usr/src/sys/dev/cardbus/cardbus.c:195
#17 0xc058a3ee in cbb_insert (sc=0xc33e0000) at card_if.h:82
#18 0xc058a21d in cbb_event_thread (arg=0xc33e0000) at 
/usr/src/sys/dev/pccbb/pccbb.c:507
#19 0xc063fd74 in fork_exit (callout=0xc058a0f4 <cbb_event_thread>, 
arg=0xc33e0000, frame=0xd4497d38) at /usr/src/sys/kern/kern_fork.c:790
#20 0xc07ffb7c in fork_trampoline () at 
/usr/src/sys/i386/i386/exception.s:198
(kgdb) q
sg1#

I'm not at the point where I can tell exactly what the problen is, but 
the "out of bounds" at #13 looks suspect to me.

Can anyone tell me whats going wrong here?

Thanks,
Patrick

Copyright (c) 1992-2006 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD 7.0-CURRENT #3: Sun Jan  1 10:51:32 CST 2006
    pbowen_at_sg1.sgc.org:/usr/obj/usr/src/sys/GENERIC
WARNING: WITNESS option enabled, expect reduced performance.
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel Pentium III (751.71-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x68a  Stepping = 10
  Features=0x383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
real memory  = 536719360 (511 MB)
avail memory = 515596288 (491 MB)
ath_hal: 0.9.14.9 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413)
npx0: [FAST]
npx0: <math processor> on motherboard
npx0: INT 16 interface
acpi0: <DELL CPi R  > on motherboard
Timecounter "ACPI-safe" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
cpu0: <ACPI CPU> on acpi0
acpi_acad0: <AC Adapter> on acpi0
battery0: <ACPI Control Method Battery> on acpi0
battery1: <ACPI Control Method Battery> on acpi0
acpi_lid0: <Control Method Lid Switch> on acpi0
acpi_button0: <Power Button> on acpi0
acpi_button1: <Sleep Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
agp0: <Intel 82443BX (440 BX) host to PCI bridge> on hostb0
pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0
pci1: <ACPI PCI bus> on pcib1
vgapci0: <VGA-compatible display> port 0xec00-0xecff mem 0xf8000000-0xfbffffff,0xfdffc000-0xfdffffff irq 11 at device 0.0 on pci1
cbb0: <TI1420 PCI-CardBus Bridge> at device 3.0 on pci0
cardbus0: <CardBus bus> on cbb0
pccard0: <16-bit PCCard bus> on cbb0
cbb1: <TI1420 PCI-CardBus Bridge> at device 3.1 on pci0
cardbus1: <CardBus bus> on cbb1
pccard1: <16-bit PCCard bus> on cbb1
isab0: <PCI-ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel PIIX4 UDMA33 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x860-0x86f at device 7.1 on pci0
ata0: <ATA channel 0> on atapci0
ata1: <ATA channel 1> on atapci0
uhci0: <Intel 82371AB/EB (PIIX4) USB controller> port 0xdce0-0xdcff irq 11 at device 7.2 on pci0
uhci0: [GIANT-LOCKED]
usb0: <Intel 82371AB/EB (PIIX4) USB controller> on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
pci0: <bridge> at device 7.3 (no driver attached)
pcm0: <ESS Technology Maestro3> port 0xd800-0xd8ff mem 0xf3ffe000-0xf3ffffff irq 5 at device 8.0 on pci0
pcm0: <SigmaTel STAC9721/23 AC97 Codec>
xl0: <3Com 3c556 Fast Etherlink XL> port 0xd400-0xd4ff mem 0xf3ffdc00-0xf3ffdc7f,0xf3ffd800-0xf3ffd87f irq 11 at device 16.0 on pci0
miibus0: <MII bus> on xl0
tdkphy0: <TDK 78Q2120 media interface> on miibus0
tdkphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
xl0: Ethernet address: 00:04:76:48:c7:b2
pci0: <simple comms> at device 16.1 (no driver attached)
acpi_tz0: <Thermal Zone> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: model Generic PS/2 mouse, device ID 0
fdc0: <floppy drive controller (FDE)> port 0x3f2-0x3f5,0x3f7 irq 6 drq 2 on acpi0
fdc0: [FAST]
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A
ppc0: <ECP parallel printer port> port 0x378-0x37f,0x778-0x77b irq 7 drq 3 on acpi0
ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/8 bytes threshold
ppbus0: <Parallel port bus> on ppc0
ppi0: <Parallel I/O> on ppbus0
plip0: <PLIP network interface> on ppbus0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
pmtimer0 on isa0
orm0: <ISA Option ROM> at iomem 0xc0000-0xcffff pnpid ORM0000 on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 751707939 Hz quality 800
Timecounters tick every 1.000 msec
ad0: 19077MB <FUJITSU MHS2020AT E 8307> at ata0-master UDMA33
acd0: CDRW <HL-DT-ST CD-RW GCE-8080N/2.06> at ata1-master PIO4
Trying to mount root from ufs:/dev/ad0s2a
WARNING: / was not properly dismounted
WARNING: /tmp was not properly dismounted
WARNING: /usr was not properly dismounted
WARNING: /var was not properly dismounted
wi0: <SMC SMC2532W-B EliteConnect Wireless Adapter> at port 0x100-0x13f irq 11 function 0 config 1 on pccard0
wi0: using RF:PRISM2.5 MAC:ISL3873
wi0: Intersil Firmware: Primary (1.1.0), Station (1.4.9)
wi0: Ethernet address: 00:04:e2:80:34:be
Received on Sun Jan 01 2006 - 18:50:08 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:50 UTC