From nobody Thu Nov 9 22:04:37 2023 X-Original-To: wireless@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SRGG002W1z50lhy for ; Thu, 9 Nov 2023 22:04:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SRGFz65gZz4J2C for ; Thu, 9 Nov 2023 22:04:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1699567479; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8kttc8q/bSapfMcSz6djp198ypt2FeV/VzpdkbYGS30=; b=h24o2hHcDNRzOiQiYhnhYJfue+pfw+sbqpaxNrXL9nnALV0H0dz7g+HYbNdJbVjq5VDNXE KXmWxgvKa+cKVqi4PgQa6ZMjw/7LyPwtPW3TW0yamj64XhtXYtrizWkX39SYbSbObBPt0I KcakEkyi4MPolFAfnlsZJ1zCT5CPcJK1L2h+g+cFCDUOzgKWFJyS7wvtn7e6lDo9djciad P0qQ/P52eg8ZS2csdzEEY2eaN7ZB+D0cr/42c8QCQq7n7U2iNvz9kIu6Jho0w/mRFRlplQ WOS+oIq5F3gDJ5Vqhx7LA8AUWR2nZfiio2RvH3xmwxse5TVYHkc/M5CrTK61Pw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1699567479; a=rsa-sha256; cv=none; b=DnZrTu6x3zjeaqTZzLdXeCflxEyrzqqK54hOZvADLHtl9WpkBWd9ZS69RfoQikcmSBzGbJ bU6vHh+6PLSm4+5MqPEC0LKdrPXidilrOoz6zffIM5LfNZ46iLvTETHcNeD/Hr6GEEmya2 QnIm40SI5Zd2cu0fu3tRzrPxdRCML5elgSAIAFZhRAMZo6sacVuBUms8VNji79M2qW8sGd 9qy7sFSDvHh3p0uF4+RPmznfjVRgPd047SmKFHlrOtz4y43XG8ipXHOHMKyrSSLj1by7G7 h+KHe3LuFk/FIFksKPdrMI+9R1+wvq9exRK51WIYCcG+s2bF+SQoZZk2RMbblA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SRGFz59XkzYMT for ; Thu, 9 Nov 2023 22:04:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3A9M4dKJ062604 for ; Thu, 9 Nov 2023 22:04:39 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3A9M4dYc062602 for wireless@FreeBSD.org; Thu, 9 Nov 2023 22:04:39 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: wireless@FreeBSD.org Subject: [Bug 271979] bsdinstall(8): iwlwifi(4): system crash when authenticating for Wi-Fi: panic: lkpi_sta_auth_to_scan: lsta 0x... state not NONE: 0, nstate 1 arg 1 Date: Thu, 09 Nov 2023 22:04:37 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: crash, install, needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: cc@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bz@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussions List-Archive: https://lists.freebsd.org/archives/freebsd-wireless List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-wireless@freebsd.org X-BeenThere: freebsd-wireless@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D271979 Cheng Cui changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cc@FreeBSD.org --- Comment #28 from Cheng Cui --- Hit this panic in main with a patch to newstate-logging. cc@n1_iwl_vm:~ % uname -a FreeBSD n1_iwl_vm 15.0-CURRENT FreeBSD 15.0-CURRENT #1 main-f7d16a627-dirty: Thu Nov 9 16:03:11 EST 2023=20=20=20=20 cc@n1_iwl_vm:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 cc@n1_iwl_vm:~ %=20 The reproduce method is just reboot with the following rc.conf setup. /etc/rc.conf wlans_iwlwifi0=3D"wlan0" ifconfig_wlan0=3D"WPA SYNCDHCP" create_args_wlan0=3D"country US regdomain fcc" wlandebug_wlan0=3D"+state " /boot/loader.conf boot_verbose=3D"YES" kern.msgbufsize=3D1146880 console prints before panic: ... iwlwifi0: Detected crf-id 0x3617, cnv-id 0x100530 wfpm id 0x80000000 iwlwifi0: PCI dev 2723/0084, rev=3D0x340, rfid=3D0x10a100 firmware: 'iwlwifi-cc-a0-77.ucode' version 77: 1366144 bytes loaded at 0xffffffff826a5000 iwlwifi0: successfully loaded firmware image 'iwlwifi-cc-a0-77.ucode' iwlwifi0: api flags index 2 larger than supported by driver iwlwifi0: TLV_FW_FSEQ_VERSION: FSEQ Version: 89.3.35.37 iwl-debug-yoyo.bin: could not load firmware image, error 2 iwl-debug-yoyo.bin: could not load firmware image, error 2 iwl-debug-yoyo_bin: could not load firmware image, error 2 iwl_debug_yoyo_bin: could not load firmware image, error 2 iwlwifi0: loaded firmware version 77.2df8986f.0 cc-a0-77.ucode op_mode iwlm= vm iwlwifi0: Detected Intel(R) Wi-Fi 6 AX200 160MHz, REV=3D0x340 iwlwifi0: Detected RF HR B3, rfid=3D0x10a100 iwlwifi0: base HW address: e0:2e:0b:92:e5:82 iwlwifi0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps iwlwifi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps iwlwifi0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps pci0: driver added wlan0: bpf attached wlan0: bpf attached wlan0: Ethernet address: e0:2e:0b:92:e5:82 net.wlan.0.debug: 0x0 =3D> 0x80000 Created wlan(4) interfaces: wlan0. lo0: link state changed to UP vtnet0: link state changed to UP Starting dhclient. DHCPREQUEST on vtnet0 to 255.255.255.255 port 67 DHCPACK from 192.168.1.1 Bogus Host Name option 12: n1_iwl_vm (n1_iwl_vm) bound to 192.168.1.154 -- renewal in 21600 seconds. Starting wpa_supplicant. wlan0: start running, 0 vaps running wlan0: ieee80211_start_locked: up parent iwlwifi0 wlan0: start running, 1 vaps running wlan0: ieee80211_new_state_locked:2746: starting state update INIT -> INIT (SCAN) wlan0: ieee80211_new_state_locked: INIT -> SCAN (arg 0) (nrunning 0 nscanni= ng 0) wlan0: ieee80211_newstate_cb:2517: running state update INIT -> SCAN (1) wlan0: ieee80211_newstate_cb: INIT -> SCAN arg 0 wlan0: sta_newstate: INIT -> SCAN (0) Starting dhclient. wlan0: no link .....wlan0: ieee80211_new_state_locked:2746: starting state update SCAN -> SCAN (AUTH) wlan0: ieee80211_new_state_locked: SCAN -> AUTH (arg 192) (nrunning 0 nscan= ning 0) wlan0: ieee80211_newstate_cb:2517: running state update SCAN -> AUTH (1) wlan0: ieee80211_newstate_cb: SCAN -> AUTH arg 192 wlan0: [f4:69:42:57:3f:0e] station assoc via MLME wlan0: ieee80211_new_state_locked:2731: pending SCAN -> AUTH (now to AUTH) transition lost wlan0: ieee80211_new_state_locked:2746: starting state update SCAN -> AUTH (AUTH) wlan0: ieee80211_new_state_locked: SCAN -> AUTH (arg 192) (nrunning 0 nscan= ning 0) wlan0: sta_newstate: SCAN -> AUTH (192) wlan0: ieee80211_newstate_cb:2517: running state update AUTH -> AUTH (1) wlan0: ieee80211_newstate_cb: AUTH -> AUTH arg 192 Invalid TXQ idiwl_mvm_tx_mpdu:1204: fc 0x00b0 tid 8 txq_id 65535 mvm 0xfffffe00b1250408 skb 0xfffff80007865800 { len 30 } info 0xfffffe00745dcce8 sta 0xfffff80005760880 (if you see this please report to PR 274382) wlan0: ni 0xfffffe00b15bf000 vap 0xfffffe00b12e0010 mode STA state AUTH m 0xfffff800078b1b00 status 4543576 wlan0: ni 0xfffffe00b15bf000 mode STA state AUTH arg 0x2 status 4543576 wlan0: sta_newstate: AUTH -> AUTH (192) wlan0: ni 0xfffffe00b15bf000 vap 0xfffffe00b12e0010 mode STA state AUTH m 0xfffff8000773cb00 status 1 wlan0: ni 0xfffffe00b15bf000 mode STA state AUTH arg 0x2 status 1 wlan0: vap 0xfffffe00b12e0010 mode STA state AUTH flags 0x2400 & 0x80 wlan0: ieee80211_new_state_locked:2746: starting state update AUTH -> AUTH (SCAN) wlan0: ieee80211_new_state_locked: AUTH -> SCAN (arg 1) (nrunning 0 nscanni= ng 0) wlan0: ieee80211_newstate_cb:2517: running state update AUTH -> SCAN (1) wlan0: ieee80211_newstate_cb: AUTH -> SCAN arg 1 panic: lkpi_sta_auth_to_scan: lsta 0xfffff80007756800 state not NONE: 0, ns= tate 1 arg 1 cpuid =3D 6 time =3D 1699566558 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00b0eb5= b70 vpanic() at vpanic+0x132/frame 0xfffffe00b0eb5ca0 panic() at panic+0x43/frame 0xfffffe00b0eb5d00 lkpi_sta_auth_to_scan() at lkpi_sta_auth_to_scan+0x2c8/frame 0xfffffe00b0eb= 5d80 lkpi_iv_newstate() at lkpi_iv_newstate+0x253/frame 0xfffffe00b0eb5df0 ieee80211_newstate_cb() at ieee80211_newstate_cb+0x226/frame 0xfffffe00b0eb= 5e40 taskqueue_run_locked() at taskqueue_run_locked+0xab/frame 0xfffffe00b0eb5ec0 taskqueue_thread_loop() at taskqueue_thread_loop+0xd3/frame 0xfffffe00b0eb5= ef0 fork_exit() at fork_exit+0x82/frame 0xfffffe00b0eb5f30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00b0eb5f30 --- trap 0, rip =3D 0, rsp =3D 0, rbp =3D 0 --- KDB: enter: panic [ thread pid 0 tid 100168 ] Stopped at kdb_enter+0x32: movq $0,0xe2aee3(%rip) db> dump Dumping 362 out of 6111 MB:..5%..14%..23%..31%..45%..53%..62%..71%..84%..93% Dump complete db> --=20 You are receiving this mail because: You are on the CC list for the bug.=