Re: New iwlwifi firmware for testing in main

Tomoaki AOKI Tue, 16 Aug 2022 06:17:30 -0700

On Mon, 8 Aug 2022 13:29:25 +0200
"J.R. Oldroyd" <f...@opal.com> wrote:


> On Mon, 8 Aug 2022 02:46:25 +0000 (UTC) "Bjoern A. Zeeb" <b...@freebsd.org> 
> wrote:
> >
> > 
> > Thanks for confirming this!
> > 
> 
> Björn,
> 
> Back on 7/13 at 09:33 UTC, I sent you an email also showing a panic.
> It may be similar as it also involves lkpi_sta_auth_to_scan() and then
> lkpi_lsta_remove().
> 
> In my case, it was triggered by doing:
>       ifconfig wlan0 down up
> on an already-associated interface with an address from DHCP.
> 
> This is on the 8265.
> 
> Here's the backtrace again...
> 
>       -jr
> 
> 
> (kgdb) bt
> ^M#0  __curthread () at /usr/src-13stb/sys/amd64/include/pcpu_aux.h:55
> #1  dump_savectx () at ../../../kern/kern_shutdown.c:394
> #2  0xffffffff80c245e8 in dumpsys (di=0x0) at 
> /usr/src-13stb/sys/x86/include/dump.h:87
> #3  doadump (textdump=<optimized out>) at ../../../kern/kern_shutdown.c:423
> #4  kern_reboot (howto=260) at ../../../kern/kern_shutdown.c:497
> #5  0xffffffff80c24a4e in vpanic (fmt=<optimized out>, 
> ap=ap@entry=0xfffffe00c701db50) at ../../../kern/kern_shutdown.c:930
> #6  0xffffffff80c24883 in panic (fmt=<unavailable>) at 
> ../../../kern/kern_shutdown.c:854
> #7  0xffffffff810ba005 in trap_fatal (frame=0xfffffe00c701dc40, eva=0) at 
> ../../../amd64/amd64/trap.c:940
> #8  0xffffffff810ba05f in trap_pfault (frame=0xfffffe00c701dc40, 
> usermode=false, signo=<optimized out>, ucode=<optimized out>) at 
> ../../../amd64/amd64/trap.c:759
> #9  <signal handler called>
> #10 0xffffffff80e60d3c in lkpi_lsta_remove (lsta=0xfffff80061658000, 
> lsta@entry=0xfffffe00cca06000, lvif=lvif@entry=0xfffffe00cca06000) at 
> ../../../compat/linuxkpi/common/src/linux_80211.c:177
> #11 0xffffffff80e5c674 in lkpi_sta_auth_to_scan (vap=0xfffffe00cca06010, 
> nstate=<optimized out>, arg=<optimized out>) at 
> ../../../compat/linuxkpi/common/src/linux_80211.c:1128
> #12 0xffffffff80e61938 in lkpi_iv_newstate (vap=0xfffffe00cca06010, 
> nstate=IEEE80211_S_SCAN, arg=<optimized out>) at 
> ../../../compat/linuxkpi/common/src/linux_80211.c:1983
> #13 0xffffffff80da733a in ieee80211_newstate_cb (xvap=0xfffffe00cca06010, 
> npending=<optimized out>) at ../../../net80211/ieee80211_proto.c:2555
> #14 0xffffffff80c866a1 in taskqueue_run_locked 
> (queue=queue@entry=0xfffff80009cf3200) at ../../../kern/subr_taskqueue.c:514
> #15 0xffffffff80c879c2 in taskqueue_thread_loop (arg=<optimized out>, 
> arg@entry=0xfffffe00c8eaa110) at ../../../kern/subr_taskqueue.c:826
> #16 0xffffffff80be0d1e in fork_exit (callout=0xffffffff80c87900 
> <taskqueue_thread_loop>, arg=0xfffffe00c8eaa110, frame=0xfffffe00c701df40) at 
> ../../../kern/kern_fork.c:1105
> #17 <signal handler called>
> #18 0x0276000000000000 in ?? ()

I've bitten similar, but maybe not the same crash.
Happenes when:

 *Successfully associated on boot, switch to wired (em0) connection,
  then switch again to iwlwifi. Not always, so maybe racy.

 *Wired and wireless connection is on the same network, using AP.


On stable/13 cherry-picking all (I think) 802.11 related commits by bz@
silently reboots.
On main at git 038405f32f71ad8ba0280ae066417f986ede79db entered kdb,
showing trap12. So I could take photos.

Please see attached (typed up reading photo) for detail.

Note that main at git 258828d03b9f8414043c112fab97e9e9730560dc showed
the same behaviour.  The addresses are different, but functions on bt
are the same.


-- 
Tomoaki AOKI    <junch...@dec.sakura.ne.jp>

Additional parameter is

Stopping already running upa_supplicant...
No matching processes were found
Restarting network interfaces...
iwlwifi0: iwl trans_send_cmd bad state = 0
iwlwifi0: Failed to synchronize multicast groups update
wpa_supplicant not running? (check /var/run/wpa_supplicant/wiano.pid).
Stopping Network: lo0 em0 wlan0.
lo0: flags=8048 <LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM IPV6>
        groups: 10
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
em0: flags=8c22<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric o mtu 4362
        options 
481049b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUH,LRO,VLAN_HWFILTER,NOMAP>
        ether **:**:**:**:**:**
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO LINKLOCAL>
wlan0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 10 mtu 1500
        ether **:**:**:**:**:**
        groups: wlan
        ssid "" channel 36 (5180 MHz 11a)
        regdomain JAPAN country JP authmode OPEN privacy OFF txpower 23
        bmiss 7 mcastrate 6 mgmtrate 6 scanvalid 60 wme
        parent interface: iwlwifi0
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11a
        status: no carrier
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
iwlwifi0: iwl_trans_send_cmd bad state = 0
iwlwifi0: Failed to remove MAC context: -5

Fatal trap 12: page fault while in kernel mode
cpuid = 3: apic id = 03
fault virtual address   = 0x448
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff80bf5cbd
stack pointer           = 0x28:0xfffffe0159326980
frame pointer           = 0x28:0xfffffe0159326a00
code segment            = base 0x0, limit Oxfffff, type Ox1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 6642 (ifconfig)
trap number             = 12
panic: page fault
cpuld = 3
time 1659199297
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame Oxfffffe0159326740
vpanic() at vpanic+0x151/frame 0xfffffe0159326790
panic() at panic+0x43/frame 0xfffffe01593267f0
trap_fatal() at trap_fatal+0x387/frame 0xfffffe0159326850
trap_pfault() at trap_pfault+0x4f/frame 0xfffffe01593268b0
calltrap() at calltrap+0x8/frame 0xfffffe01593268b0
--- trap Oxc, rip = 0xffffffff80bf5cbd, rsp = 0xfffffe0159326980, rbp = 
0xfffffe0159326a00 ---
__mtx_lock_sleep() at __mtx_lock_sleep+0xcd/frame 0xfffffe0159326a00
ieee80211_node_psq_drain() at ieee80211_node_psq_drain+0xf3/frame 
0xfffffe0159326a50
node_cleanup() at node_cleanup+0x65/frame 0xfffffe0159326880
node_free() at node_free+0x30/frame 0xfffffe0159326aa0
ieee80211_node_vdetach() at ieee80211_node_vdetach+0x2b/frame 0xfffffe0159326aco
ieee80211_vap_detach() at ieee80211_vap_detach+0x40e/frame 0xfffffe0159326b00
lkpi_ic_vap_delete() at lkpi_ic_vap_delete+0xb5/frame 0xfffffe0159326b40
if_clone_destroyif() at if_clone_destroyif+0x1cb/frame 0xfffffe0159326b80
if_clone_destroy() at if_clone_destroy+0xd7/frame 0xfffffe0159326bc0
ifioctl() at ifioctl+0x6ef/frame Oxfffffe0159326cc0
kern_ioctl() at kern_ioct1+0x273/frame Oxfffffe0159326d30
sys_ioctl() at sys_ioctl+0x100/frame Oxfffffe0159326e00
amd64_syscall() at amd64_syscall+0x117/frame 0xfffffe0159326f30
fast_syscal1_common() at fast_syscall_common+0xf8/frame 0xfffffe0159326f30
--- syscall (54. FreeBSD ELF64, sys_ioctl), rip = 0x24d95d631aca, rsp = 
0x24d95a0defa8, rbp = 0x24d95a0defc0 ---
KDB: enter: panic
[ thread pid 6642 tid 100601 ]
Stopped at      kdb_enter+0x32: movq    $0,0x106e483(%rip)
db> bt
Tracing pid 6642 tid 100601 td 0xfffffe015a271000
kdb_enter() at kdb_enter+0x32/frame 0xfffffe0159326740
vpanic() at vpanic+0x182/frame Oxfffffe0159326790
panic() at panic+0x43/frame Oxfffffe01593267f0
trap_fatal() at trap_fatal+0x387/frame 0xfffffe0159326850
trap_pfault() at trap_pfault+0x4f/frame 0xfffffe01593268b0
calltrap() at calltrap+0x8/frame 0xfffffe01593268b0
--- trap 0xc, rip = 0xffffffff80bf5cbd. rsp = 0xfffffe0159326980, rbp = 
0xfffffe0159326a00 ---
__mtx_lock_sleep() at __mtx_lock_sleep+0xcd/frame 0xfffffe0159326a00
ieee80211_node_psq_drain() at ieee80211_node_psq_drain+0xf3/frame 
0xfffffe0159326a50
node_cleanup() at node_cleanup+0x65/frame Oxfffffe0159326a80
node_free() at node_free+0x30/frame 0xfffffe0159326aa0
ieee80211_node_vdetach() at ieee80211_node_vdetach+0x2b/frame 0xfffffe0159326ac0
ieee80211_vap_detach() at ieee80211_vap_detach+0x40e/frame 0xfffffe0159326b00
lkpi_ic_vap_delete() at lkpi_ic_vap_delete+0xb5/frame Oxfffffe0159326b40
if_clone_destroyif() at if_clone_destroyif+0x1cb/frame 0xfffffe0159326b80
if_clone_destroy() at if_clone_destroy+0xd7/frame Oxfffffe0159326bc0
ifioctl() at ifioct1+0x6ef/frame 0xfffffe0159326cc0
kern_ioctl() at kern_ioct1+0x273/frame oxfffffe0159326d30
sys_ioctl() at sys_ioctl+0x100/frame 0xfffffe0159326e00
amd64_syscall() at amd64_syscall+0x117/frame oxfffffe0159326f30
fast_syscall_common() at fast_syscall_common+0xf8/frame oxfffffe0159326f30
--- syscall (54, FreeBSD ELF64, sys_ioct1), rip = 0x24d95d631aca, rsp = 
0x24d95a0defa8, rbp = 0x24d95a0defc0 ---
db>

Re: New iwlwifi firmware for testing in main

Reply via email to