Date: Wed, 22 Nov 2023 06:41:19 +0000 From: bugzilla-noreply@freebsd.org To: wireless@FreeBSD.org Subject: [Bug 275255] iwlwifi: panic after iwlwifi0: lkpi_iv_newstate: error -5 during state transition 5 (RUN) -> 0 (INIT) Message-ID: <bug-275255-21060@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275255 Bug ID: 275255 Summary: iwlwifi: panic after iwlwifi0: lkpi_iv_newstate: error -5 during state transition 5 (RUN) -> 0 (INIT) Product: Base System Version: CURRENT Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: wireless Assignee: wireless@FreeBSD.org Reporter: delphij@FreeBSD.org (This is a laptop running with fresh -CURRENT; the device was: iwlwifi0: <iwlwifi> mem 0xecc00000-0xecc01fff at device 0.0 on pci3 iwlwifi0: Detected crf-id 0xbadcafe, cnv-id 0x10 wfpm id 0x80000000 iwlwifi0: PCI dev 24fd/0010, rev=3D0x230, rfid=3D0xd55555d5 iwlwifi0: successfully loaded firmware image 'iwlwifi-8265-36.ucode' iwlwifi0: loaded firmware version 36.ca7b901d.0 8265-36.ucode op_mode iwlmvm iwlwifi0: Detected Intel(R) Dual Band Wireless AC 8265, REV=3D0x230 The kernel is built with WITNESS / INVARIANT enabled. It seems that the 802.11 stack was trying to transit from RUN to INIT, and = the driver returned -EIO because firmware told it that ADD_STA_MODIFY_NON_EXISTING_STA (=3D0x8) in iwl_mvm_drain_sta(). ) Tue Nov 21 22:33:33 PST 2023 FreeBSD p51.home.us.delphij.net 15.0-CURRENT FreeBSD 15.0-CURRENT #1 main-n266520-f930dac6d584: Mon Nov 20 15:48:41 PST 2023=20=20=20=20 delphij@p51.home.us.delphij.net:/usr/obj/usr/src/amd64.amd64/sys/GENERIC a= md64 panic: INIT state change failed GNU gdb (GDB) 13.2 [GDB v13.2 for FreeBSD] Copyright (C) 2023 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.htm= l> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-portbld-freebsd15.0". Type "show configuration" for configuration details. For bug reporting instructions, please see: <https://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /boot/kernel/kernel... Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug... Unread portion of the kernel message buffer: iwlwifi0: linuxkpi_ieee80211_connection_loss: vif 0xfffffe01773abc80 vap 0xfffffe01773ab010 state RUN <6>wlan0: link state changed to DOWN <118>Nov 21 22:32:11 p51 wpa_supplicant[423]: ioctl[SIOCS80211, op=3D20, va= l=3D0, arg_len=3D7]: Can't assign requested address iwlwifi0: Couldn't drain frames for staid 0, status 0x8 iwlwifi0: lkpi_sta_run_to_init:1954: mo_sta_state(NOTEXIST) failed: -5 iwlwifi0: lkpi_iv_newstate: error -5 during state transition 5 (RUN) -> 0 (INIT) Dumping 2446 out of 32422 MB: (CTRL-C to abort) (CTRL-C to abort) ..1% (CT= RL-C to abort) (CTRL-C to abort) (CTRL-C to abort) ..11%..21%..31%..41%..51%..61%..71%..81%..91% __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57 57 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru= ct pcpu, (kgdb) #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57 td =3D <optimized out> #1 doadump (textdump=3D0) at /usr/src/sys/kern/kern_shutdown.c:405 error =3D 0 coredump =3D <optimized out> #2 0xffffffff85dee143 in vt_kms_postswitch () from /boot/modules/drm.ko No symbol table info available. #3 0xffffffff8099ac81 in vt_window_switch (vw=3D0xfffff8000233bd80,=20 vw@entry=3D0xffffffff816a9c98 <vt_conswindow>) at /usr/src/sys/dev/vt/vt_core.c:612 vd =3D 0xffffffff816a9de8 <vt_consdev> curvw =3D 0xfffff80006dfcd80 kbd =3D <optimized out> #4 0xffffffff8099bfdf in vtterm_cngrab (tm=3D<unavailable>,=20 tm@entry=3D<error reading variable: value is not available>) at /usr/src/sys/dev/vt/vt_core.c:1863 vw =3D 0xffffffff816a9c98 <vt_conswindow> vd =3D 0xffffffff816a9de8 <vt_consdev> #5 0xffffffff80aeb106 in cngrab () at /usr/src/sys/kern/kern_cons.c:385 cnd =3D 0xffffffff8196d7e0 <cn_devtab> cn =3D <unavailable> #6 0xffffffff80b5bd7f in vpanic ( fmt=3D0xffffffff8120c4c9 "INIT state change failed",=20 ap=3Dap@entry=3D0xffffffff82761dd0) at /usr/src/sys/kern/kern_shutdown.= c:942 buf =3D "INIT state change failed", '\000' <repeats 231 times> __pc =3D <optimized out> __pc =3D <optimized out> __pc =3D <optimized out> other_cpus =3D {__bits =3D {127, 0 <repeats 15 times>}} td =3D 0xfffff80001f31000 bootopt =3D 256 newpanic =3D <optimized out> #7 0xffffffff80b5bbf3 in panic (fmt=3D<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:894 ap =3D {{gp_offset =3D 8, fp_offset =3D 48,=20 overflow_arg_area =3D 0xffffffff82761e00,=20 reg_save_area =3D 0xffffffff82761da0}} #8 0xffffffff80d104e1 in ieee80211_newstate_cb (xvap=3D0xfffffe01773ab010,= =20 npending=3D<optimized out>) at /usr/src/sys/net80211/ieee80211_proto.c:= 2552 vap =3D 0xfffffe01773ab010 ic =3D <optimized out> arg =3D 0 ostate =3D IEEE80211_S_RUN rc =3D -5 nstate =3D <optimized out> #9 0xffffffff80bc1f8b in taskqueue_run_locked ( queue=3Dqueue@entry=3D0xfffff800028c6000) at /usr/src/sys/kern/subr_taskqueue.c:512 et =3D {et_link =3D {tqe_next =3D 0x0, tqe_prev =3D 0x8},=20 et_td =3D 0xffffffff811ba967, et_section =3D {bucket =3D 0},=20 et_old_priority =3D 0 '\000'} tb =3D {tb_running =3D 0xfffffe01773ab320, tb_seq =3D 25,=20 tb_canceling =3D false, tb_link =3D {le_next =3D 0x0,=20 le_prev =3D 0xfffff800028c6010}} in_net_epoch =3D false task =3D 0xfffffe01773ab320 pending =3D 1 #10 0xffffffff80bc3043 in taskqueue_thread_loop ( arg=3Darg@entry=3D0xfffffe0176a55110) at /usr/src/sys/kern/subr_taskqueue.c:824 tqp =3D <optimized out> tq =3D 0xfffff800028c6000 #11 0xffffffff80b11372 in fork_exit ( callout=3D0xffffffff80bc2f70 <taskqueue_thread_loop>,=20 arg=3D0xfffffe0176a55110, frame=3D0xffffffff82761f40) at /usr/src/sys/kern/kern_fork.c:1160 __pc =3D <optimized out> __pc =3D <optimized out> td =3D 0xfffff80001f31000 p =3D 0xffffffff8196c4c0 <proc0> dtd =3D <optimized out> #12 <signal handler called> No locals. #13 0x00001dd895cec5ba in ?? () No symbol table info available. Backtrace stopped: Cannot access memory at address 0x1dd89daf8f48 (kgdb) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-275255-21060>