Re: Panic in stable/14; current process: iwn0 net80211 taskq

Reply: David Wolfskill : "Re: Panic in stable/14; current process: iwn0 net80211 taskq"
In reply to: David Wolfskill : "Panic in stable/14; current process: iwn0 net80211 taskq"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Bjoern A. Zeeb <bz_at_FreeBSD.org>
Date: Wed, 05 Nov 2025 13:41:37 UTC
On Tue, 4 Nov 2025, David Wolfskill wrote:

> Files (vmcore.9 & core.txt.9) may be found at
> https://www.catwhisker.org/~david/FreeBSD/stable_14/ (along with
> compressed copies of them -- it's on the slow end of a residential ADSL
> connection).
>
> An extract from core.txt.9:
>
> Tue Nov  4 04:41:20 UTC 2025
>
> FreeBSD g1-120.catwhisker.org 14.3-STABLE FreeBSD 14.3-STABLE #587 stable/14-n272796-1955c8f6293f: Mon Nov  3 11:46:14 UTC 2025     root@g1-120.catwhisker.org:/common/S1/obj/usr/src/amd64.amd64/sys/CANARY  amd64
>
> panic: page fault
> ...
> Fatal trap 12: page fault while in kernel mode
> cpuid = 2; apic id = 02
> fault virtual address   = 0x10b8096c9dac
> fault code              = supervisor read data, page not present
> instruction pointer     = 0x20:0xffffffff80678a0b
> stack pointer           = 0x28:0xffffffff821afc00
> frame pointer           = 0x28:0xffffffff821afc30
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                        = DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 0 (iwn0 net80211 taskq)
> rdi: fffffe1093994000 rsi: fffffe10939943d8 rdx: ffffffff8118f420
> rcx: 0000000000000000  r8: 0000000000000001  r9: 00000000000000c0
> rax: 000010b88732c080 rbx: fffffe10939943d8 rbp: ffffffff821afc30
> r10: 000000000000420a r11: 0000000000002af8 r12: 0000000000000000
> r13: 0000000000000010 r14: ffffffff82394000 r15: 00000000581689b0
> trap number             = 12
> panic: page fault
> cpuid = 2
> time = 1762231101
> KDB: stack backtrace:
> #0 0xffffffff80ba2d5d at kdb_backtrace+0x5d
> #1 0xffffffff80b54261 at vpanic+0x161
> #2 0xffffffff80b540f3 at panic+0x43
> #3 0xffffffff8107ed60 at trap_pfault+0x3e0
> #4 0xffffffff81054dd8 at calltrap+0x8
> #5 0xffffffff80ccb421 at ieee80211_ht_node_cleanup+0xc1
> #6 0xffffffff80ce1661 at node_cleanup+0x161
> #7 0xffffffff80ce3cb3 at ieee80211_sta_leave+0x13
> #8 0xffffffff80cf75ff at sta_newstate+0x59f
> #9 0xffffffff80680f0c at iwn_newstate+0x6ec
> #10 0xffffffff80cee758 at ieee80211_newstate_cb+0x1f8
> #11 0xffffffff80bb8442 at taskqueue_run_locked+0x182
> #12 0xffffffff80bb9692 at taskqueue_thread_loop+0xc2
> #13 0xffffffff80b0bd21 at fork_exit+0x81
> #14 0xffffffff81055dfe at fork_trampoline+0xe
> Uptime: 12h52m25s
> ....

I can provoke those with non-iwn on other branches as well.
This is net80211 needing cleanup.

(also note: there's two code paths, one locked and one unlocked if I
do not misremember).  I hope I'll get to all that the next months.

It's funny that most poeple never experience these (and I often cannot
reproduce panics people experience).


> Some context: This is the first panic in stable/14 I've experienced
> in ... a long time.  It was on my "daily driver" laptop; I had set
> it up for this morning's updates (I track stable/14, head, and
> stable/15, and update all installed ports, daily on this laptop,
> as well as a build machine and a couple of other laptops).  The
> laptop itself is old (Dell shows that the machine with this service
> tag first shipped 17 Oct 2014), and made up of parts from several
> Dell Precision M4800s, and has recently started treating "poweroff"
> as "power cycle" for reasons that are not clear to me.
>
> When I get up, then, I expect to be able to check on the status of the
> most recent "git fetch", prepare for the next one (I have things set up
> to do 2 of them overnight -- a relic of how I used to do things with
> svn, which was a relic of how I used CVS (& CVSup), then start fetching
> distfiles while I build world....
>
> I was, therefore, rather surprised to see the xdm login banner when I
> arrived at my desk. :-}
>
> As the machine had been set up & left unattended, there wasn't much
> processing going on, and it appears to have come back up in time to do
> the daily backup to a mirror SSD successfully.
>
> And I expect to migrate from stable/14 to stable/15 shortly after 15.0
> is announced, so there may be less incentive (& interest) in poking at
> this one (than if it had happened in stable/15 or head -- or on a newer
> machine).
>
> Peace,
> david
>

-- 
Bjoern A. Zeeb                                                     r15:7