[Bug 273250] iwm0 panics on FreeBSD 14.0-CURRENT #0 main-n261772-3a3c9242739e

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 20 Aug 2023 21:32:54 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273250

            Bug ID: 273250
           Summary: iwm0 panics on FreeBSD 14.0-CURRENT #0
                    main-n261772-3a3c9242739e
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: wireless
          Assignee: wireless@FreeBSD.org
          Reporter: vidwer+fbsdbugs@gmail.com

An excerpt from /var/crash/core.txt.0:

iwm0: iwm_bring_down_firmware: Failed to remove station: 35
iwm0: iwm_mac_ctxt_send_cmd: Failed to send MAC context (action:2): 35
iwm0: iwm_bring_down_firmware: Failed to change mac context: 35
iwm0: Failed to remove station. Id=0
iwm0: iwm_bring_down_firmware: Failed to remove station id: 35
iwm0: iwm_update_quotas: Failed to send quota: 35
iwm0: iwm_bring_down_firmware: Failed to update PHY quota: 35


Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 13
fault virtual address   = 0xfffff80280000000
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff804a669e
stack pointer           = 0x28:0xfffffe008e50e970
frame pointer           = 0x28:0xfffffe008e50e9c0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 12 (irq27: iwm0)
rdi:         cb19a6d2 rsi:               a2 rdx:         18f2e93d
rcx:         8dc4fc2c  r8:               ea  r9: fffff80280000004
rax:         14d77bdf rbx:          5c268c7 rbp: fffffe008e50e9c0
r10:               5d r11:               a4 r12:               63
r13:               93 r14:               46 r15:             a71c
trap number             = 12
panic: page fault
cpuid = 3
time = 1692562496
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe008e50e730
vpanic() at vpanic+0x152/frame 0xfffffe008e50e780
panic() at panic+0x43/frame 0xfffffe008e50e7e0
trap_fatal() at trap_fatal+0x409/frame 0xfffffe008e50e840
trap_pfault() at trap_pfault+0xab/frame 0xfffffe008e50e8a0
calltrap() at calltrap+0x8/frame 0xfffffe008e50e8a0
--- trap 0xc, rip = 0xffffffff804a669e, rsp = 0xfffffe008e50e970, rbp =
0xfffffe008e50e9c0 ---
rijndaelEncrypt() at rijndaelEncrypt+0x21e/frame 0xfffffe008e50e9c0
ccmp_decap() at ccmp_decap+0x427/frame 0xfffffe008e50ead0
ieee80211_crypto_decap() at ieee80211_crypto_decap+0x120/frame
0xfffffe008e50eb20
sta_input() at sta_input+0x565/frame 0xfffffe008e50ebd0
ieee80211_input_mimo() at ieee80211_input_mimo+0x203/frame 0xfffffe008e50ec80
iwm_rx_mpdu() at iwm_rx_mpdu+0x70b/frame 0xfffffe008e50ed60
iwm_intr() at iwm_intr+0xd52/frame 0xfffffe008e50ee60
ithread_loop() at ithread_loop+0x276/frame 0xfffffe008e50eef0
fork_exit() at fork_exit+0x80/frame 0xfffffe008e50ef30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe008e50ef30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:59
warning: Source file is more recent than executable.
59              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct
pcpu,
(kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:59
#1  doadump (textdump=textdump@entry=0)
    at /usr/src/sys/kern/kern_shutdown.c:407
#2  0xffffffff804b376a in db_dump (dummy=<optimized out>, 
    dummy2=<optimized out>, dummy3=<optimized out>, dummy4=<optimized out>)
    at /usr/src/sys/ddb/db_command.c:593
#3  0xffffffff804b356d in db_command (last_cmdp=<optimized out>, 
    cmd_table=<optimized out>, dopager=true)
    at /usr/src/sys/ddb/db_command.c:506
#4  0xffffffff804b323d in db_command_loop ()
    at /usr/src/sys/ddb/db_command.c:553
#5  0xffffffff804b68f6 in db_trap (type=<optimized out>, code=<optimized out>)
    at /usr/src/sys/ddb/db_main.c:270
#6  0xffffffff80c3ccee in kdb_trap (type=type@entry=3, code=code@entry=0, 
    tf=tf@entry=0xfffffe008e50e670) at /usr/src/sys/kern/subr_kdb.c:745
#7  0xffffffff810e26a6 in trap (frame=0xfffffe008e50e670)
    at /usr/src/sys/amd64/amd64/trap.c:610
#8  <signal handler called>
#9  kdb_enter (why=<optimized out>, msg=<optimized out>)
    at /usr/src/sys/kern/subr_kdb.c:509
#10 0xffffffff80bee153 in vpanic (fmt=<optimized out>, 
    ap=ap@entry=0xfffffe008e50e7c0) at /usr/src/sys/kern/kern_shutdown.c:960
#11 0xffffffff80bedf13 in panic (
    fmt=0xffffffff81e852f0 <cnputs_mtx> "q\247\035\201\377\377\377\377")
    at /usr/src/sys/kern/kern_shutdown.c:896
#12 0xffffffff810e2b39 in trap_fatal (frame=0xfffffe008e50e8b0, 
    eva=18446735288353947648) at /usr/src/sys/amd64/amd64/trap.c:954
#13 0xffffffff810e2beb in trap_pfault (frame=0xfffffe008e50e8b0, 
    usermode=false, signo=<optimized out>, ucode=<optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:762
#14 <signal handler called>
#15 rijndaelEncrypt (rk=0xfffff8027ffffff8, Nr=<optimized out>, 
    pt=pt@entry=0xfffffe008e50ea50 "\024\202\372ɀ\232s6
>\244]\350\247\317Gb[~nRõ\234\061U\037\ng\020\327\\\001\003\304\353\071R\240\262", 
    ct=ct@entry=0xfffffe008e50ea50 "\024\202\372ɀ\232s6
>\244]\350\247\317Gb[~nRõ\234\061U\037\ng\020\327\\\001\003\304\353\071R\240\262")
    at /usr/src/sys/crypto/rijndael/rijndael-alg-fst.c:1000
#16 0xffffffff804a7c77 in rijndael_encrypt (ctx=ctx@entry=0xfffff8010de2e410, 
    src=0x18f2e93d <error: Cannot access memory at address 0x18f2e93d>, 
    src@entry=0xfffffe008e50ea50 "\024\202\372ɀ\232s6
>\244]\350\247\317Gb[~nRõ\234\061U\037\ng\020\327\\\001\003\304\353\071R\240\262", 
    dst=0x8dc4fc2c <error: Cannot access memory at address 0x8dc4fc2c>, 
    dst@entry=0xfffffe008e50ea50 "\024\202\372ɀ\232s6
>\244]\350\247\317Gb[~nRõ\234\061U\037\ng\020\327\\\001\003\304\353\071R\240\262")
    at /usr/src/sys/crypto/rijndael/rijndael-api.c:58
#17 0xffffffff80d67257 in ccmp_decrypt (key=0xfffffe00c99ad160, pn=2686165, 
    m=0xfffff80014937700, hdrlen=<optimized out>)
    at /usr/src/sys/net80211/ieee80211_crypto_ccmp.c:623
#18 ccmp_decap (k=0xfffffe00c99ad160, m=0xfffff80014937700, 
    hdrlen=<optimized out>)
    at /usr/src/sys/net80211/ieee80211_crypto_ccmp.c:284
#19 0xffffffff80d661e0 in ieee80211_crypto_decap (
    ni=ni@entry=0xfffffe00c99ad000, m=m@entry=0xfffff80014937700, hdrlen=26, 
    key=key@entry=0xfffffe008e50eb60)
    at /usr/src/sys/net80211/ieee80211_crypto.c:684
#20 0xffffffff80da1d15 in sta_input (ni=0xfffffe00c99ad000, 
    m=0xfffff80014937700, rxs=<optimized out>, rssi=<optimized out>, 
    nf=<optimized out>) at /usr/src/sys/net80211/ieee80211_sta.c:782
#21 0xffffffff80d7c9e3 in ieee80211_input_mimo (
    ni=ni@entry=0xfffffe00c99ad000, m=m@entry=0xfffff80014937700)
    at /usr/src/sys/net80211/ieee80211_input.c:102
#22 0xffffffff82fa8c1b in iwm_rx_mpdu (sc=sc@entry=0xfffffe00c5428000, 
    m=0xfffff80014937700, offset=offset@entry=2304, stolen=<optimized out>)
    at /usr/src/sys/dev/iwm/if_iwm.c:3404
#23 0xffffffff82fa73e2 in iwm_handle_rxb (m=0xfffff8019aa24d00, 
    sc=<optimized out>) at /usr/src/sys/dev/iwm/if_iwm.c:5333
#24 iwm_notif_intr (sc=<optimized out>) at /usr/src/sys/dev/iwm/if_iwm.c:5612
#25 iwm_intr (arg=<optimized out>) at /usr/src/sys/dev/iwm/if_iwm.c:5757
#26 0xffffffff80ba8126 in intr_event_execute_handlers (ie=0xfffff80003c23200, 
    p=<optimized out>) at /usr/src/sys/kern/kern_intr.c:1207
#27 ithread_execute_handlers (ie=0xfffff80003c23200, p=<optimized out>)
    at /usr/src/sys/kern/kern_intr.c:1220
#28 ithread_loop (arg=arg@entry=0xfffff80003981480)
    at /usr/src/sys/kern/kern_intr.c:1308
#29 0xffffffff80ba45c0 in fork_exit (
    callout=0xffffffff80ba7eb0 <ithread_loop>, arg=0xfffff80003981480, 
    frame=0xfffffe008e50ef40) at /usr/src/sys/kern/kern_fork.c:1102
#30 <signal handler called>
(kgdb)

-- 
You are receiving this mail because:
You are the assignee for the bug.