Re: New iwlwifi firmware for testing in main

Reply: Bjoern A. Zeeb: "Re: New iwlwifi firmware for testing in main"
In reply to: Bjoern A. Zeeb: "Re: New iwlwifi firmware for testing in main"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Bakul Shah <bakul_at_iitbombay.org>
Date: Sun, 07 Aug 2022 23:42:24 UTC
On Aug 7, 2022, at 2:46 PM, Bjoern A. Zeeb <bz@FreeBSD.org> wrote:
> 
> On Tue, 2 Aug 2022, Bakul Shah wrote:
> 
>> Ok, I narrowed it down to a specific case. If I use
>> 
>> ifconfig_wlan0="WPA DHCP"
>> 
>> everything works. If I replace DHCP with a fixed address it panics as before.
> 
> That is interesting.  I'll try to repro that next week.
> 
>> Apparently this happens as soon as the device associates with an AP.
> 
> According to the log it didn't associate yet when the firmware crashed.
> Given this is a 9260 this looks like a bug we fixed about 6-ish weeks ago.
> 
> Is this a 14-CURRENT or an up-to-date stable/13?
> What's the branch and git hash?  (possible uname -v)

I just recompiled it.
$ uname -a
FreeBSD xxxx 14.0-CURRENT FreeBSD 14.0-CURRENT #11 main-n257169-7064c94a02af: Sun Aug  7 08:58:30 PDT 2022     root@xxxx:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64

in /etc/rc.conf changed
	ifconfig_wlan0="WPA DHCP"
to
	ifconfig_wlan0="WPA inet 192.168.123.45 netmask 255.255.255.0"

and
# service netif restart wlan0

made it crash:

Aug  7 09:36:29 xxxx dhclient[831]: My address (192.168.123.45) was deleted, dhclient exiting
Stopping wpa_supplicant.
Waiting for PIDS: 599.
Aug  7 09:36:29 fbsd14 dhclient[831]: connection closed
Aug  7 09:36:29 fbsd14 dhclient[831]: exiting.
Stopping Network: wlan0.
wlan0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 12:34:56:78:9a:bc
        groups: wlan
        ssid "" channel 10 (2457 MHz 11g)
        regdomain FCC country US authmode OPEN privacy OFF txpower 30 bmiss 7
        scanvalid 60 protmode CTS wme
        parent interface: iwlwifi0
        media: IEEE 802.11 Wireless Ethernet autoselect (autoselect)
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
iwlwifi0: iwl_trans_send_cmd bad state = 0
iwlwifi0: Failed to remove MAC context: -5


Fatal trap 9: general protection fault while in kernel mode
cpuid = 2; apic id = 02
instruction pointer     = 0x20:0xffffffff80bc52b9
stack pointer           = 0x28:0xfffffe009e7d8a10
frame pointer           = 0x28:0xfffffe009e7d8a50
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 5554 (ifconfig)
trap number             = 9
panic: general protection fault
cpuid = 2
time = 1659890189
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe009e7d8830
vpanic() at vpanic+0x151/frame 0xfffffe009e7d8880
panic() at panic+0x43/frame 0xfffffe009e7d88e0
trap_fatal() at trap_fatal+0x387/frame 0xfffffe009e7d8940
calltrap() at calltrap+0x8/frame 0xfffffe009e7d8940
--- trap 0x9, rip = 0xffffffff80bc52b9, rsp = 0xfffffe009e7d8a10, rbp = 0xfffffe009e7d8a50 ---
__mtx_lock_flags() at __mtx_lock_flags+0x49/frame 0xfffffe009e7d8a50
ieee80211_free_node() at ieee80211_free_node+0x34/frame 0xfffffe009e7d8a90
ieee80211_node_vdetach() at ieee80211_node_vdetach+0x2b/frame 0xfffffe009e7d8ab0
ieee80211_vap_detach() at ieee80211_vap_detach+0x60e/frame 0xfffffe009e7d8b00
lkpi_ic_vap_delete() at lkpi_ic_vap_delete+0xca/frame 0xfffffe009e7d8b40
if_clone_destroyif() at if_clone_destroyif+0x239/frame 0xfffffe009e7d8b90
if_clone_destroy() at if_clone_destroy+0x114/frame 0xfffffe009e7d8bd0
ifioctl() at ifioctl+0x741/frame 0xfffffe009e7d8cc0
kern_ioctl() at kern_ioctl+0x202/frame 0xfffffe009e7d8d30
sys_ioctl() at sys_ioctl+0x12a/frame 0xfffffe009e7d8e00
amd64_syscall() at amd64_syscall+0x12e/frame 0xfffffe009e7d8f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe009e7d8f30
--- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x3fadfe407ca, rsp = 0x3fadbfb3c58, rbp = 0x3fadbfb3c70 ---
KDB: enter: panic
[ thread pid 5554 tid 100122 ]
Stopped at      kdb_enter+0x32: movq    $0,0x12a2ed3(%rip)
db> bt
Tracing pid 5554 tid 100122 td 0xfffffe009ee6be40
kdb_enter() at kdb_enter+0x32/frame 0xfffffe009e7d8830
vpanic() at vpanic+0x182/frame 0xfffffe009e7d8880
panic() at panic+0x43/frame 0xfffffe009e7d88e0
trap_fatal() at trap_fatal+0x387/frame 0xfffffe009e7d8940
calltrap() at calltrap+0x8/frame 0xfffffe009e7d8940
--- trap 0x9, rip = 0xffffffff80bc52b9, rsp = 0xfffffe009e7d8a10, rbp = 0xfffffe009e7d8a50 ---
__mtx_lock_flags() at __mtx_lock_flags+0x49/frame 0xfffffe009e7d8a50
ieee80211_free_node() at ieee80211_free_node+0x34/frame 0xfffffe009e7d8a90
ieee80211_node_vdetach() at ieee80211_node_vdetach+0x2b/frame 0xfffffe009e7d8ab0
ieee80211_vap_detach() at ieee80211_vap_detach+0x60e/frame 0xfffffe009e7d8b00
lkpi_ic_vap_delete() at lkpi_ic_vap_delete+0xca/frame 0xfffffe009e7d8b40
if_clone_destroyif() at if_clone_destroyif+0x239/frame 0xfffffe009e7d8b90
if_clone_destroy() at if_clone_destroy+0x114/frame 0xfffffe009e7d8bd0
ifioctl() at ifioctl+0x741/frame 0xfffffe009e7d8cc0
kern_ioctl() at kern_ioctl+0x202/frame 0xfffffe009e7d8d30
sys_ioctl() at sys_ioctl+0x12a/frame 0xfffffe009e7d8e00
amd64_syscall() at amd64_syscall+0x12e/frame 0xfffffe009e7d8f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe009e7d8f30
--- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x3fadfe407ca, rsp = 0x3fadbfb3c58, rbp = 0x3fadbfb3c70 ---
db>