283399 – iwlwifi: panic: general protection fault

Bug 283399 - iwlwifi: panic: general protection fault

Summary: iwlwifi: panic: general protection fault

Status:	Closed DUPLICATE of bug 280546

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	wireless (show other bugs)
Version:	15.0-CURRENT
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	freebsd-wireless (Nobody)

URL:
Keywords:	crash

Depends on:
Blocks:	iwlwifi
	Show dependency tree / graph

Reported:	2024-12-18 13:17 UTC by Edward Tomasz Napierala
Modified:	2024-12-18 17:49 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Edward Tomasz Napierala freebsd_committer

2024-12-18 13:17:36 UTC

iwlwifi0: lkpi_iv_newstate: unsupported state transition 5 (RUN) -> 6 (CSA)
iwlwifi0: linuxkpi_ieee80211_beacon_loss: vif 0xfffffe00fc126e80 vap 0xfffffe00fc126010 state RUN
iwlwifi0: linuxkpi_ieee80211_beacon_loss: vif 0xfffffe00fc126e80 vap 0xfffffe00fc126010 state RUN
wlan0: link state changed to DOWN
Dec 18 04:34:23 pustak wpa_supplicant[1117]: ioctl[SIOCS80211, op=103, val=0, arg_len=128]: Operation now in progress


Fatal trap 9: general protection fault while in kernel mode
cpuid = 2; apic id = 02
instruction pointer     = 0x20:0xffffffff83d47ee6
stack pointer           = 0x28:0xfffffe00d7892c70
frame pointer           = 0x28:0xfffffe00d7892cc0
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (linuxkpi_short_wq_1)
rdi: fffffe00fbdc3538 rsi: fffffe00d7892c38 rdx: ffffffff811b5a4a
rcx: fffff8001b3dce40  r8: 0000000000000001  r9: ffffffffffffffff
rax: deadc0dedeadc0de rbx: fffffe00fc126e80 rbp: fffffe00d7892cc0
r10: ffffffff81c514f0 r11: 0000000000000001 r12: fffffe00fc127618
r13: 0000000000000000 r14: fffffe00d7892d10 r15: fffffe00fbdc3508
trap number             = 9
panic: general protection fault
cpuid = 2
time = 1734496463
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00d78929b0
vpanic() at vpanic+0x136/frame 0xfffffe00d7892ae0
panic() at panic+0x43/frame 0xfffffe00d7892b40
trap_fatal() at trap_fatal+0x40b/frame 0xfffffe00d7892ba0
calltrap() at calltrap+0x8/frame 0xfffffe00d7892ba0
--- trap 0x9, rip = 0xffffffff83d47ee6, rsp = 0xfffffe00d7892c70, rbp = 0xfffffe00d7892cc0 ---
iwl_mvm_bt_notif_iterator() at iwl_mvm_bt_notif_iterator+0xe6/frame 0xfffffe00d7892cc0
linuxkpi_ieee80211_iterate_interfaces() at linuxkpi_ieee80211_iterate_interfaces+0x84/frame 0xfffffe00d7892d00
iwl_mvm_bt_coex_notif_handle() at iwl_mvm_bt_coex_notif_handle+0x7c/frame 0xfffffe00d7892d60
iwl_mvm_async_handlers_by_context() at iwl_mvm_async_handlers_by_context+0x130/frame 0xfffffe00d7892db0
lkpi_wiphy_work() at lkpi_wiphy_work+0x108/frame 0xfffffe00d7892df0
linux_work_fn() at linux_work_fn+0xe3/frame 0xfffffe00d7892e40
taskqueue_run_locked() at taskqueue_run_locked+0x1c2/frame 0xfffffe00d7892ec0
taskqueue_thread_loop() at taskqueue_thread_loop+0xd3/frame 0xfffffe00d7892ef0
fork_exit() at fork_exit+0x82/frame 0xfffffe00d7892f30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00d7892f30
--- trap 0x85de60ac, rip = 0xa6bb4f9ddb5e1766, rsp = 0xc1462840bc8370bb, rbp = 0xc9486a1c6a6a8f08 ---
Uptime: 11h49m54s


Here's the backtrace:

#6  <signal handler called>
No locals.
#7  0xffffffff83d47ee6 in iwl_mvm_bt_notif_per_link (mvm=0xfffffe00fbdc3508,
    vif=0xfffffe00fc126e80, data=0xfffffe00d7892d10, link_id=0)
    at /usr/home/trasz/git/freebsd-src/sys/contrib/dev/iwlwifi/mvm/coex.c:359
        mvmvif = 0xfffffe00fc1272c0
        link_info = 0xfffffe00fc127618
        smps_mode = IEEE80211_SMPS_AUTOMATIC
        link_conf = <optimized out>
        chanctx_conf = 0xfffff8001b3dce40
        min_ag_for_static_smps = <optimized out>
        bt_activity_grading = <optimized out>
        ave_rssi = <optimized out>
        __lock = <optimized out>
        __var = <optimized out>
        __var = <optimized out>
#8  iwl_mvm_bt_notif_iterator (_data=_data@entry=0xfffffe00d7892d10,
    mac=<optimized out>, vif=vif@entry=0xfffffe00fc126e80)
    at /usr/home/trasz/git/freebsd-src/sys/contrib/dev/iwlwifi/mvm/coex.c:509
        mvmvif = 0xfffffe00fc1272c0
        data = 0xfffffe00d7892d10
        mvm = 0xfffffe00fbdc3508
        link_id = 0
#9  0xffffffff80de6414 in linuxkpi_ieee80211_iterate_interfaces (
    hw=<optimized out>,
    flags=flags@entry=(IEEE80211_IFACE_ITER_NORMAL | IEEE80211_IFACE_ITER_ACTIVE | IEEE80211_IFACE_ITER__ATOMIC),
    iterfunc=0xffffffff83d47e00 <iwl_mvm_bt_notif_iterator>,
    arg=arg@entry=0xfffffe00d7892d10)
    at /usr/home/trasz/git/freebsd-src/sys/compat/linuxkpi/common/src/linux_80211.c:5053
        vap = 0xfffffe00fc126010
        lhw = 0xfffffe00fbdc3200
        lvif = <optimized out>
        vif = 0xffffffff811b5a4a
        active = <optimized out>
        atomic = <optimized out>
        nin_drv = <optimized out>
#10 0xffffffff83d476ac in ieee80211_iterate_active_interfaces_atomic (
    hw=0xfffffe00fbdc3538,
    flags=(IEEE80211_IFACE_ITER_NORMAL | IEEE80211_IFACE_ITER_ACTIVE | IEEE80211_IFACE_ITER__ATOMIC), arg=0xfffffe00d7892d10, iterfunc=<optimized out>)
    at /usr/home/trasz/git/freebsd-src/sys/compat/linuxkpi/common/include/net/mac80211.h:1470
No locals.
#11 iwl_mvm_bt_coex_notif_handle (mvm=0xfffffe00fbdc3508)
    at /usr/home/trasz/git/freebsd-src/sys/contrib/dev/iwlwifi/mvm/coex.c:526
        data = {notif = 0xfffffe00fbdc5568, mvm = 0xfffffe00fbdc3508,
          primary = 0x0, secondary = 0x0, primary_ll = false,
          primary_load = 0 '\000', secondary_load = 0 '\000'}
        cmd = {bt_primary_ci = 0, primary_ch_phy_id = 0, bt_secondary_ci = 0,
          secondary_ch_phy_id = 0}
        ci_bw_idx = <optimized out>
#12 0xffffffff83d61af0 in iwl_mvm_async_handlers_by_context (
    mvm=0xfffffe00fbdc3508, contexts=<optimized out>)
    at /usr/home/trasz/git/freebsd-src/sys/contrib/dev/iwlwifi/mvm/ops.c:1663
        local_list = {next = 0xfffff8030a350b40, prev = 0xfffff8031528d8c0}
        entry = 0xfffff8030a350b40
        tmp = <optimized out>
#13 0xffffffff80de7738 in lkpi_wiphy_work (work=0xfffffe00fbdc3008)
    at /usr/home/trasz/git/freebsd-src/sys/compat/linuxkpi/common/src/linux_80211.c:5559
        lwiphy = <optimized out>
        wiphy = 0xfffffe00fbdc3080
        wk = 0xfffffe00fbdc35c0
#14 0xffffffff80e058d3 in linux_work_fn (context=0xfffffe00fbdc3008,
    pending=<optimized out>)
    at /usr/home/trasz/git/freebsd-src/sys/compat/linuxkpi/common/src/linux_work.c:301
        states = "\000\003\003\000\003"
        exec = {entry = {tqe_next = 0x0, tqe_prev = 0xfffff800014f0de8},
          target = 0xfffffe00fbdc3008}
        task = 0xfffff8001b435dc8
        work = 0xfffffe00fbdc3008
        wq = 0xfffff800014f0dc0
#15 0xffffffff80bbb152 in taskqueue_run_locked (
    queue=queue@entry=0xfffff80001278d00)
    at /usr/home/trasz/git/freebsd-src/sys/kern/subr_taskqueue.c:517
        et = {et_link = {tqe_next = 0x0, tqe_prev = 0xfffff800014f0dc0},
          et_td = 0x0, et_section = {bucket = 65052672},
          et_old_priority = 1 '\001'}
        tb = {tb_running = 0xfffffe00fbdc3008, tb_seq = 11048276,
          tb_canceling = false, tb_link = {le_next = 0x0,
            le_prev = 0xfffff80001278d10}}
        in_net_epoch = false
        pending = 1
        task = <optimized out>
#16 0xffffffff80bbc083 in taskqueue_thread_loop (
    arg=arg@entry=0xfffff800014f0dc0)
    at /usr/home/trasz/git/freebsd-src/sys/kern/subr_taskqueue.c:829
        tqp = <optimized out>
        tq = 0xfffff80001278d00

Comment 1 Bjoern A. Zeeb freebsd_committer

2024-12-18 17:49:51 UTC

Hi trasz, we already have a PR for this.  Given you have more information can we discuss it there, especially if you can reproduce it?

*** This bug has been marked as a duplicate of bug 280546 ***