rtw89 crash on 15-stable

Reply: Bjoern A. Zeeb: "Re: rtw89 crash on 15-stable"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Tilman_Keskinöz <arved_at_FreeBSD.org>
Date: Tue, 28 Oct 2025 13:30:07 UTC
Hi,

I am running
FreeBSD lenovo 15.0-STABLE FreeBSD 15.0-STABLE 
stable/15-n280829-51d5e8c8ca0f GENERIC amd64

and got the following crash:

#0 __curthread() at /usr/src/sys/amd64/include/pcpu_aux.h:57
#1 doadump(textdump=<optimized out>) at 
/usr/src/sys/kern/kern_shutdown.c:399
#2 0xffffffff83d86ee0in vt_drmfb_postswitch() from /boot/modules/drm.ko
#3 0xffffffff809afac5in vt_window_switch(vw=vw@entry=0xffffffff818a37e8 
<vt_conswindow>)
    at /usr/src/sys/dev/vt/vt_core.c:626
#4 0xffffffff809b0ebfin vtterm_cngrab(tm=<unavailable>,
tm@entry=<error reading variable: value is not available>) at 
/usr/src/sys/dev/vt/vt_core.c:2059
#5 0xffffffff80b022a6in cngrab() at /usr/src/sys/kern/kern_cons.c:407
#6 0xffffffff80b7364ein vpanic(fmt=0xffffffff811d3167 "%s", 
ap=ap@entry=0xfffffe00cacd2bb0)
    at /usr/src/sys/kern/kern_shutdown.c:946
#7 0xffffffff80b73563in panic(fmt=<unavailable>) at 
/usr/src/sys/kern/kern_shutdown.c:887
#8 0xffffffff8107bf69in trap_fatal(frame=<optimized out>, eva=<optimized 
out>)
    at /usr/src/sys/amd64/amd64/trap.c:969
#9 0xffffffff8107bf69in trap_pfault(frame=0xfffffe00cacd2c30, 
usermode=false, signo=<optimized out>,
ucode=<optimized out>)
#10 <signal handler called>
#11 0xffffffff80de9483in 
linuxkpi_ieee80211_next_txq(hw=hw@entry=0xfffffe01217a44c0, 
ac=ac@entry=2 '\002')
    at /usr/src/sys/compat/linuxkpi/common/src/linux_80211.c:8652
#12 0xffffffff83e05f66in ieee80211_next_txq(hw=0xfffffe01217a44c0, ac=2 
'\002')
    at /usr/src/sys/compat/linuxkpi/common/include/net/mac80211.h:1425
#13 rtw89_core_txq_schedule(rtwdev=0xfffffe01217a4580, ac=2 '\002', 
reinvoke=<optimized out>)
    at /usr/src/sys/contrib/dev/rtw89/core.c:3170
#14 rtw89_core_txq_work(w=<optimized out>) at 
/usr/src/sys/contrib/dev/rtw89/core.c:3215
#15 0xffffffff80e09d44in linux_work_fn(context=0xfffffe01217a4f70, 
pending=<optimized out>)
    at /usr/src/sys/compat/linuxkpi/common/src/linux_work.c:308
#16 0xffffffff80bd6f12in 
taskqueue_run_locked(queue=queue@entry=0xfffff80001d95400)
    at /usr/src/sys/kern/subr_taskqueue.c:517
#17 0xffffffff80bd80e2in 
taskqueue_thread_loop(arg=arg@entry=0xfffff8000174b580)
    at /usr/src/sys/kern/subr_taskqueue.c:829
#18 0xffffffff80b299fbin fork_exit(callout=0xffffffff80bd8020 
<taskqueue_thread_loop>,
arg=0xfffff8000174b580, frame=0xfffffe00cacd2f40) at 
/usr/src/sys/kern/kern_fork.c:1153
#19 <signal handler called>

(kgdb) fr 11
#11 0xffffffff80de9483in 
linuxkpi_ieee80211_next_txq(hw=hw@entry=0xfffffe01217a44c0, 
ac=ac@entry=2 '\002')
    at /usr/src/sys/compat/linuxkpi/common/src/linux_80211.c:8652
8652TAILQ_REMOVE(&lhw->scheduled_txqs[ac],ltxq,txq_entry);
(kgdb) p lhw
$1= (struct lkpi_hw *) 0xfffffe01217a4240
(kgdb) p ac
$2= 2 '\002'
(kgdb) p ltxq
$3= (struct lkpi_txq *) 0xfffff801b5563700
(kgdb) p txq_entry
No symbol "txq_entry" in current context.
(kgdb) p lhw->scheduled_txqs[ac]
$4= {tqh_first= 0xfffff801b5563700, tqh_last= 0x0}
(kgdb)