215025 – Panic in arptimer

Bug 215025 - Panic in arptimer

Summary: Panic in arptimer

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	wireless (show other bugs)
Version:	11.0-STABLE
Hardware:	amd64 Any

Importance:	--- Affects Only Me
Assignee:	freebsd-wireless (Nobody)

URL:
Keywords:	regression

Depends on:
Blocks:

Reported:	2016-12-03 13:12 UTC by boris.astardzhiev
Modified:	2018-01-26 07:49 UTC (History)
CC List:	1 user (show)

See Also:	209682

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description boris.astardzhiev 2016-12-03 13:12:58 UTC

Hello,

Ever since after upgrading to releng/11 I've been experiencing issues with my ThinkPad R500's Intel wireless card which in fact used to work flawlessly in 10.x. Basically I'm unable to associate or rather it happens to associate pretty slowly - 10+ minutes. Here's the card as reported by pciconf:

iwn0@pci0:3:0:0:	class=0x028000 card=0x12118086 chip=0x42378086 rev=0x00 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'PRO/Wireless 5100 AGN [Shiloh] Network Connection'
    class      = network

After upgrading to stable/11 due to unrelated reasons - commit 763ff62bcd42458bcc338e1ee34bd76e46f1a393 I experienced the following panic which I think is related to my wireless card:

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:


Fatal trap 9: general protection fault while in kernel mode
cpuid = 0; apic id = 00
instruction pointer	= 0x20:0xffffffff80c4d014
stack pointer	        = 0x28:0xfffffe01165ed9b0
frame pointer	        = 0x28:0xfffffe01165eda20
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 12 (swi4: clock (0))
trap number		= 9
panic: general protection fault
cpuid = 0
KDB: stack backtrace:
#0 0xffffffff80b26b57 at kdb_backtrace+0x67
#1 0xffffffff80adbaa2 at vpanic+0x182
#2 0xffffffff80adb913 at panic+0x43
#3 0xffffffff80fa6f71 at trap_fatal+0x331
#4 0xffffffff80fa6c11 at trap+0x721
#5 0xffffffff80f896c1 at calltrap+0x8
#6 0xffffffff80af5b4a at softclock_call_cc+0x18a
#7 0xffffffff80af60c4 at softclock+0x94
#8 0xffffffff80a95a4f at intr_event_execute_handlers+0x20f
#9 0xffffffff80a95cb6 at ithread_loop+0xc6
#10 0xffffffff80a92695 at fork_exit+0x85
#11 0xffffffff80f89bfe at fork_trampoline+0xe
Uptime: 3m38s
Dumping 343 out of 3993 MB:..5%..14%..24%..33%..42%..52%..61%..75%..84%..94%

Reading symbols from /boot/kernel/linux.ko...Reading symbols from /usr/lib/debug//boot/kernel/linux.ko.debug...done.
done.
Loaded symbols for /boot/kernel/linux.ko
Reading symbols from /boot/kernel/linux_common.ko...Reading symbols from /usr/lib/debug//boot/kernel/linux_common.ko.debug...done.
done.
Loaded symbols for /boot/kernel/linux_common.ko
Reading symbols from /boot/kernel/fuse.ko...Reading symbols from /usr/lib/debug//boot/kernel/fuse.ko.debug...done.
done.
Loaded symbols for /boot/kernel/fuse.ko
Reading symbols from /boot/kernel/linprocfs.ko...Reading symbols from /usr/lib/debug//boot/kernel/linprocfs.ko.debug...done.
done.
Loaded symbols for /boot/kernel/linprocfs.ko
Reading symbols from /boot/kernel/ums.ko...Reading symbols from /usr/lib/debug//boot/kernel/ums.ko.debug...done.
done.
Loaded symbols for /boot/kernel/ums.ko
Reading symbols from /boot/kernel/linux64.ko...Reading symbols from /usr/lib/debug//boot/kernel/linux64.ko.debug...done.
done.
Loaded symbols for /boot/kernel/linux64.ko
Reading symbols from /boot/kernel/radeonkms.ko...Reading symbols from /usr/lib/debug//boot/kernel/radeonkms.ko.debug...done.
done.
Loaded symbols for /boot/kernel/radeonkms.ko
Reading symbols from /boot/kernel/drm2.ko...Reading symbols from /usr/lib/debug//boot/kernel/drm2.ko.debug...done.
done.
Loaded symbols for /boot/kernel/drm2.ko
Reading symbols from /boot/kernel/iicbus.ko...Reading symbols from /usr/lib/debug//boot/kernel/iicbus.ko.debug...done.
done.
Loaded symbols for /boot/kernel/iicbus.ko
Reading symbols from /boot/kernel/iic.ko...Reading symbols from /usr/lib/debug//boot/kernel/iic.ko.debug...done.
done.
Loaded symbols for /boot/kernel/iic.ko
Reading symbols from /boot/kernel/iicbb.ko...Reading symbols from /usr/lib/debug//boot/kernel/iicbb.ko.debug...done.
done.
Loaded symbols for /boot/kernel/iicbb.ko
Reading symbols from /boot/kernel/radeonkmsfw_RV620_pfp.ko...Reading symbols from /usr/lib/debug//boot/kernel/radeonkmsfw_RV620_pfp.ko.debug...done.
done.
Loaded symbols for /boot/kernel/radeonkmsfw_RV620_pfp.ko
Reading symbols from /boot/kernel/radeonkmsfw_RV620_me.ko...Reading symbols from /usr/lib/debug//boot/kernel/radeonkmsfw_RV620_me.ko.debug...done.
done.
Loaded symbols for /boot/kernel/radeonkmsfw_RV620_me.ko
Reading symbols from /boot/kernel/radeonkmsfw_R600_rlc.ko...Reading symbols from /usr/lib/debug//boot/kernel/radeonkmsfw_R600_rlc.ko.debug...done.
done.
Loaded symbols for /boot/kernel/radeonkmsfw_R600_rlc.ko
#0  doadump (textdump=<value optimized out>) at pcpu.h:222
222		__asm("movq %%gs:%1,%0" : "=r" (td)
(kgdb) bt
#0  doadump (textdump=<value optimized out>) at pcpu.h:222
#1  0xffffffff80adb529 in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff80adbadb in vpanic (fmt=<value optimized out>, ap=<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:759
#3  0xffffffff80adb913 in panic (fmt=0x0) at /usr/src/sys/kern/kern_shutdown.c:690
#4  0xffffffff80fa6f71 in trap_fatal (frame=0xfffffe01165ed8f0, eva=0) at /usr/src/sys/amd64/amd64/trap.c:801
#5  0xffffffff80fa6c11 in trap (frame=0xfffffe01165ed8f0) at /usr/src/sys/amd64/amd64/trap.c:198
#6  0xffffffff80f896c1 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:236
#7  0xffffffff80c4d014 in arptimer (arg=<value optimized out>) at /usr/src/sys/netinet/if_ether.c:287
#8  0xffffffff80af5b4a in softclock_call_cc (c=<value optimized out>, cc=<value optimized out>, direct=<value optimized out>) at /usr/src/sys/kern/kern_timeout.c:729
#9  0xffffffff80af60c4 in softclock (arg=<value optimized out>) at /usr/src/sys/kern/kern_timeout.c:867
#10 0xffffffff80a95a4f in intr_event_execute_handlers (p=<value optimized out>, ie=<value optimized out>) at /usr/src/sys/kern/kern_intr.c:1262
#11 0xffffffff80a95cb6 in ithread_loop (arg=<value optimized out>) at /usr/src/sys/kern/kern_intr.c:1275
#12 0xffffffff80a92695 in fork_exit (callout=0xffffffff80a95bf0 <ithread_loop>, arg=0xfffff80003948b80, frame=0xfffffe01165edc00)
    at /usr/src/sys/kern/kern_fork.c:1040
#13 0xffffffff80f89bfe in fork_trampoline () at /usr/src/sys/amd64/amd64/exception.S:611
#14 0x0000000000000000 in ?? ()
Current language:  auto; currently minimal
(kgdb) frame 7
#7  0xffffffff80c4d014 in arptimer (arg=<value optimized out>) at /usr/src/sys/netinet/if_ether.c:287
287		IF_AFDATA_LOCK(ifp);
(kgdb) print ifp
$1 = (struct ifnet *) 0x7fffffffffffffff

kldstat:
 1   54 0xffffffff80200000 1fbbf10  kernel
 2    1 0xffffffff821bd000 9b220    linux.ko
 3    4 0xffffffff82259000 dc90     linux_common.ko
 4    1 0xffffffff82267000 1a5a0    fuse.ko
 5    1 0xffffffff82421000 aa40     linprocfs.ko
 6    1 0xffffffff8242c000 3799     ums.ko
 7    1 0xffffffff82430000 384db    linux64.ko
 8    1 0xffffffff82469000 e85ec    radeonkms.ko
 9    1 0xffffffff82552000 495af    drm2.ko
10    4 0xffffffff8259c000 265a     iicbus.ko
11    1 0xffffffff8259f000 1c78     iic.ko
12    1 0xffffffff825a1000 1e25     iicbb.ko
13    1 0xffffffff825a3000 103b     radeonkmsfw_RV620_pfp.ko
14    1 0xffffffff825a5000 5b3b     radeonkmsfw_RV620_me.ko
15    1 0xffffffff825ab000 1337     radeonkmsfw_R600_rlc.ko

And some dmesg on boot:
Dec  3 14:29:42 boris-fbsd kernel: wlan0: Ethernet address: 00:21:6b:59:b0:fa
Dec  3 14:29:42 boris-fbsd kernel: bge0: link state changed to DOWN
Dec  3 14:29:42 boris-fbsd kernel: iwn0: iwn_read_firmware: ucode rev=0x08530501
Dec  3 14:29:42 boris-fbsd kernel: wlan0: link state changed to UP
Dec  3 14:29:42 boris-fbsd kernel: wlan0: link state changed to DOWN
Dec  3 14:29:42 boris-fbsd kernel: iwn0: device timeout
Dec  3 14:29:42 boris-fbsd kernel: iwn0: iwn_read_firmware: ucode rev=0x08530501
Dec  3 14:29:42 boris-fbsd kernel: wlan0: link state changed to UP
Dec  3 14:29:42 boris-fbsd kernel: wlan0: link state changed to DOWN
Dec  3 14:29:42 boris-fbsd kernel: iwn0: scan timeout
Dec  3 14:29:42 boris-fbsd kernel: iwn0: iwn_read_firmware: ucode rev=0x08530501
Dec  3 14:29:42 boris-fbsd kernel: wlan0: link state changed to UP
Dec  3 14:29:42 boris-fbsd kernel: iwn0: iwn_intr: fatal firmware error
Dec  3 14:29:42 boris-fbsd kernel: firmware error log:
Dec  3 14:29:42 boris-fbsd kernel: error type      = "BAD_COMMAND" (0x00000007)
Dec  3 14:29:42 boris-fbsd kernel: program counter = 0x0000275C
Dec  3 14:29:42 boris-fbsd kernel: source line     = 0x00000428
Dec  3 14:29:42 boris-fbsd kernel: error data      = 0x0000000000000000
Dec  3 14:29:42 boris-fbsd kernel: branch link     = 0x0000275A0000275A
Dec  3 14:29:42 boris-fbsd kernel: interrupt link  = 0x0000091600000000
Dec  3 14:29:42 boris-fbsd kernel: time            = 15468
Dec  3 14:29:42 boris-fbsd kernel: driver status:
Dec  3 14:29:42 boris-fbsd kernel: tx ring  0: qid=0  cur=0   queued=0  
Dec  3 14:29:42 boris-fbsd kernel: tx ring  1: qid=1  cur=0   queued=0  
Dec  3 14:29:42 boris-fbsd kernel: tx ring  2: qid=2  cur=0   queued=0  
Dec  3 14:29:42 boris-fbsd kernel: tx ring  3: qid=3  cur=2   queued=0  
Dec  3 14:29:42 boris-fbsd kernel: tx ring  4: qid=4  cur=0   queued=0  
Dec  3 14:29:42 boris-fbsd kernel: tx ring  5: qid=5  cur=0   queued=0  
Dec  3 14:29:42 boris-fbsd kernel: tx ring  6: qid=6  cur=0   queued=0  
Dec  3 14:29:42 boris-fbsd kernel: tx ring  7: qid=7  cur=0   queued=0  
Dec  3 14:29:42 boris-fbsd kernel: tx ring  8: qid=8  cur=0   queued=0  
Dec  3 14:29:42 boris-fbsd kernel: tx ring  9: qid=9  cur=64  queued=0  
Dec  3 14:29:42 boris-fbsd kernel: tx ring 10: qid=10 cur=0   queued=0  
Dec  3 14:29:42 boris-fbsd kernel: tx ring 11: qid=11 cur=0   queued=0  
Dec  3 14:29:42 boris-fbsd kernel: tx ring 12: qid=12 cur=0   queued=0  
Dec  3 14:29:42 boris-fbsd kernel: tx ring 13: qid=13 cur=0   queued=0  
Dec  3 14:29:42 boris-fbsd kernel: tx ring 14: qid=14 cur=0   queued=0  
Dec  3 14:29:42 boris-fbsd kernel: tx ring 15: qid=15 cur=0   queued=0  
Dec  3 14:29:42 boris-fbsd kernel: tx ring 16: qid=16 cur=0   queued=0  
Dec  3 14:29:42 boris-fbsd kernel: tx ring 17: qid=17 cur=0   queued=0  
Dec  3 14:29:42 boris-fbsd kernel: tx ring 18: qid=18 cur=0   queued=0  
Dec  3 14:29:42 boris-fbsd kernel: tx ring 19: qid=19 cur=0   queued=0  
Dec  3 14:29:42 boris-fbsd kernel: rx ring: cur=5
Dec  3 14:29:42 boris-fbsd kernel: iwn0: iwn_panicked: controller panicked, iv_state = 5; restarting
Dec  3 14:29:42 boris-fbsd kernel: wlan0: link state changed to DOWN
Dec  3 14:29:42 boris-fbsd kernel: iwn0: iwn_read_firmware: ucode rev=0x08530501
Dec  3 14:29:42 boris-fbsd kernel: wlan0: link state changed to UP
Dec  3 14:29:42 boris-fbsd kernel: wlan0: link state changed to DOWN

I triggered the panic by issuing several times /etc/rc.d/netif restart

Regards,
Boris

Comment 1 Hans Petter Selasky freebsd_committer

2018-01-26 07:49:19 UTC

Does this patch fix the issue:

https://reviews.freebsd.org/D4605

--HPS