Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 30 Oct 2020 14:28:01 -0400
From:      Aaron H Farias Martinez <timido@ubuntu.com>
To:        current@freebsd.org
Subject:   Re: "panic: page fault" in iwn signal handler(?) at r367127
Message-ID:  <2b94dc4b39d33108e089762b57f16dc03f7e1ce9.camel@ubuntu.com>
In-Reply-To: <20201030123744.GT1430@albert.catwhisker.org>
References:  <20201030123744.GT1430@albert.catwhisker.org>

next in thread | previous in thread | raw e-mail | index | archive | help

--=-tPUOQDJra8a/u1l7EqVw
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Fri, 2020-10-30 at 05:37 -0700, David Wolfskill wrote:
> I've copied the dump and core.txt files to
> http://www.catwhisker.org/~david/FreeBSD/head/r367127/
>=20
> Here's a copy/paste of the stack trace (from the core.txt.3 file):
> p 12: page fault while in kernel mode
> cpuid =3D 4; apic id =3D 04
> fault virtual address =3D 0xfffff80840000000
> fault code=C2=A0 =3D supervisor read data, page not present
> instruction pointer =3D 0x20:0xffffffff80495f03
> stack pointer=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =3D 0x0:0xf=
fffffff8241d748
> frame pointer=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =3D 0x0:0xf=
fffffff8241d7a0
> code segment=C2=A0 =3D base 0x0, limit 0xfffff, type 0x1b
> =C2=A0=C2=A0 =3D DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags =3D interrupt enabled, resume, IOPL =3D 0
> current process=C2=A0 =3D 12 (irq36: iwn0)
> trap number=C2=A0 =3D 12
> panic: page fault
> cpuid =3D 4
> time =3D 1604056852
> KDB: stack backtrace:
> db_trace_self_wrapper() at 0xffffffff804a69db =3D
> db_trace_self_wrapper+0x2b/frame 0xffffffff8241d3f0
> vpanic() at 0xffffffff80baf802 =3D vpanic+0x182/frame
> 0xffffffff8241d440
> panic() at 0xffffffff80baf5c3 =3D panic+0x43/frame 0xffffffff8241d4a0
> trap_fatal() at 0xffffffff8102c2f7 =3D trap_fatal+0x387/frame
> 0xffffffff8241d500
> trap_pfault() at 0xffffffff8102c397 =3D trap_pfault+0x97/frame
> 0xffffffff8241d560
> trap() at 0xffffffff8102b98b =3D trap+0x2ab/frame 0xffffffff8241d670
> calltrap() at 0xffffffff80fffa08 =3D calltrap+0x8/frame
> 0xffffffff8241d670
> --- trap 0xc, rip =3D 0xffffffff80495f03, rsp =3D 0xffffffff8241d748, rbp
> =3D 0xffffffff8241d7a0 ---
> rijndaelEncrypt() at 0xffffffff80495f03 =3D rijndaelEncrypt+0x233/frame
> 0xffffffff8241d7a0
> ccmp_decap() at 0xffffffff80d08bc1 =3D ccmp_decap+0x421/frame
> 0xffffffff8241d8b0
> ieee80211_crypto_decap() at 0xffffffff80d07955 =3D
> ieee80211_crypto_decap+0x125/frame 0xffffffff8241d900
> sta_input() at 0xffffffff80d41dec =3D sta_input+0x43c/frame
> 0xffffffff8241d9a0
> iwn_notif_intr() at 0xffffffff8069949c =3D iwn_notif_intr+0x137c/frame
> 0xffffffff8241dab0
> iwn_intr() at 0xffffffff8068f4f8 =3D iwn_intr+0x2b8/frame
> 0xffffffff8241db20
> ithread_loop() at 0xffffffff80b6dbb9 =3D ithread_loop+0x279/frame
> 0xffffffff8241dbb0
> fork_exit() at 0xffffffff80b6a690 =3D fork_exit+0x80/frame
> 0xffffffff8241dbf0
> fork_trampoline() at 0xffffffff81000a5e =3D fork_trampoline+0xe/frame
> 0xffffffff8241dbf0
> --- trap 0, rip =3D 0, rsp =3D 0, rbp =3D 0 ---
> KDB: enter: panic
>=20
> __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
> 55=C2=A0 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(struct pc=
pu,
> (kgdb) #0=C2=A0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:5=
5
> #1=C2=A0 doadump (textdump=3D0) at /usr/src/sys/kern/kern_shutdown.c:394
> #2=C2=A0 0xffffffff804a3cea in db_dump (dummy=3D<optimized out>,=20
> =C2=A0=C2=A0=C2=A0 dummy2=3D<optimized out>, dummy3=3D<unavailable>,
> dummy4=3D<unavailable>)
> =C2=A0=C2=A0=C2=A0 at /usr/src/sys/ddb/db_command.c:575
> #3=C2=A0 0xffffffff804a3ab0 in db_command (last_cmdp=3D<optimized out>,=
=20
> =C2=A0=C2=A0=C2=A0 cmd_table=3D<optimized out>, dopager=3D1) at
> /usr/src/sys/ddb/db_command.c:482
> #4=C2=A0 0xffffffff804a380d in db_command_loop ()
> =C2=A0=C2=A0=C2=A0 at /usr/src/sys/ddb/db_command.c:535
> #5=C2=A0 0xffffffff804a6b26 in db_trap (type=3D<optimized out>,
> code=3D<optimized out>)
> =C2=A0=C2=A0=C2=A0 at /usr/src/sys/ddb/db_main.c:270
> #6=C2=A0 0xffffffff80bfb5c4 in kdb_trap (type=3D3, code=3D0, tf=3D<optimi=
zed
> out>)
> =C2=A0=C2=A0=C2=A0 at /usr/src/sys/kern/subr_kdb.c:699
> #7=C2=A0 0xffffffff8102be9e in trap (frame=3D0xffffffff8241d320)
> =C2=A0=C2=A0=C2=A0 at /usr/src/sys/amd64/amd64/trap.c:576
> #8=C2=A0 <signal handler called>
> #9=C2=A0 kdb_enter (why=3D0xffffffff8120d701 "panic", msg=3D<optimized ou=
t>)
> =C2=A0=C2=A0=C2=A0 at /usr/src/sys/kern/subr_kdb.c:486
> #10 0xffffffff80baf81e in vpanic (fmt=3D<optimized out>, ap=3D<optimized
> out>)
> =C2=A0=C2=A0=C2=A0 at /usr/src/sys/kern/kern_shutdown.c:901
> #11 0xffffffff80baf5c3 in panic (
> =C2=A0=C2=A0=C2=A0 fmt=3D0xffffffff81c79aa8 <cnputs_mtx>
> "\362\357\034\201\377\377\377\377")
> =C2=A0=C2=A0=C2=A0 at /usr/src/sys/kern/kern_shutdown.c:838
> #12 0xffffffff8102c2f7 in trap_fatal (frame=3D0xffffffff8241d680,=20
> =C2=A0=C2=A0=C2=A0 eva=3D18446735313050009600) at /usr/src/sys/amd64/amd6=
4/trap.c:915
> #13 0xffffffff8102c397 in trap_pfault (frame=3D0xffffffff8241d680,=20
> =C2=A0=C2=A0=C2=A0 usermode=3D<optimized out>, signo=3D<optimized out>, u=
code=3D<optimized
> out>)
> =C2=A0=C2=A0=C2=A0 at /usr/src/sys/amd64/amd64/trap.c:732
> #14 0xffffffff8102b98b in trap (frame=3D0xffffffff8241d680)
> =C2=A0=C2=A0=C2=A0 at /usr/src/sys/amd64/amd64/trap.c:398
> #15 <signal handler called>
> #16 rijndaelEncrypt (rk=3D<optimized out>, Nr=3D<optimized out>,=20
> =C2=A0=C2=A0=C2=A0 pt=3D<optimized out>,=20
> =C2=A0=C2=A0=C2=A0 ct=3D0xffffffff8241d830
> "\277\243\ff\211\335\330\v5\234\035{\210\330\320\327Fe\235>\226\026\0
> 25c\266n\325\305\205]\251%\001\002\004\030\326!\"\037")
> =C2=A0=C2=A0=C2=A0 at /usr/src/sys/crypto/rijndael/rijndael-alg-fst.c:100=
0
> #17 0xffffffff80d08bc1 in ccmp_decrypt (key=3D0xfffffe106978a160,
> pn=3D25627,=20
> =C2=A0=C2=A0=C2=A0 m=3D0xfffff8010ffc9b00, hdrlen=3D<optimized out>)
> =C2=A0=C2=A0=C2=A0 at /usr/src/sys/net80211/ieee80211_crypto_ccmp.c:623
> #18 ccmp_decap (k=3D<optimized out>, m=3D<optimized out>,
> hdrlen=3D<optimized out>)
> =C2=A0=C2=A0=C2=A0 at /usr/src/sys/net80211/ieee80211_crypto_ccmp.c:284
> #19 0xffffffff80d07955 in ieee80211_crypto_decap (ni=3D<optimized out>,
> =C2=A0=C2=A0=C2=A0 m=3D0xfffff8010ffc9b00, hdrlen=3D26, key=3D0xffffffff8=
241d920)
> =C2=A0=C2=A0=C2=A0 at /usr/src/sys/net80211/ieee80211_crypto.c:684
> #20 0xffffffff80d41dec in sta_input (ni=3D<optimized out>,=20
> =C2=A0=C2=A0=C2=A0 m=3D0xfffff8010ffc9b00, rxs=3D<optimized out>, rssi=3D=
<optimized out>,=20
> =C2=A0=C2=A0=C2=A0 nf=3D<optimized out>) at /usr/src/sys/net80211/ieee802=
11_sta.c:773
> #21 0xffffffff8069949c in iwn_rx_done (sc=3D0xfffffe1033319000,=20
> =C2=A0=C2=A0=C2=A0 desc=3D<optimized out>, data=3D<optimized out>)
> =C2=A0=C2=A0=C2=A0 at /usr/src/sys/dev/iwn/if_iwn.c:3191
> #22 iwn_notif_intr (sc=3D<optimized out>) at
> /usr/src/sys/dev/iwn/if_iwn.c:4018
> #23 0xffffffff8068f4f8 in iwn_intr (arg=3D0xfffffe1033319000)
> =C2=A0=C2=A0=C2=A0 at /usr/src/sys/dev/iwn/if_iwn.c:4337
> #24 0xffffffff80b6dbb9 in intr_event_execute_handlers (p=3D<optimized
> out>,=20
> =C2=A0=C2=A0=C2=A0 ie=3D0xfffff8000c52b300) at /usr/src/sys/kern/kern_int=
r.c:1168
> #25 ithread_execute_handlers (p=3D<optimized out>,
> ie=3D0xfffff8000c52b300)
> =C2=A0=C2=A0=C2=A0 at /usr/src/sys/kern/kern_intr.c:1181
> #26 ithread_loop (arg=3D<optimized out>) at
> /usr/src/sys/kern/kern_intr.c:1269
> #27 0xffffffff80b6a690 in fork_exit (
> =C2=A0=C2=A0=C2=A0 callout=3D0xffffffff80b6d940 <ithread_loop>,
> arg=3D0xfffff8000d18ef00,=20
> =C2=A0=C2=A0=C2=A0 frame=3D0xffffffff8241dc00) at /usr/src/sys/kern/kern_=
fork.c:1052
> #28 <signal handler called>
> (kgdb)=20
>=20
>=20
> This happened while my laptop was running:
> FreeBSD g1-55.catwhisker.org 13.0-CURRENT FreeBSD 13.0-CURRENT #43
> r367127M/367127: Thu Oct 29 05:52:40 PDT 2020=C2=A0=C2=A0=C2=A0=C2=A0
> root@g1-55.catwhisker.org:/common/S4/obj/usr/src/amd64.amd64/sys/CANA
> RY=C2=A0 amd64 1300123 1300123
>=20
> during the "make buildkernel" phase of an in-place source update to
> r367160.
>=20
> As often happens while I'm running head, there was an "iwn firmware
> panic" (see, e.g.,
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214435); record of
> it
> may be found in /var/log/messages, starting around:
>=20
> <2>1 2020-10-30T11:05:07.327958+00:00 g1-55.catwhisker.org kernel - -
> - Expensive timeout(9) function:
> 0xffffffff80d8d2f0(0xfffffe1067a408f0) 0.840172647 s
> <2>1 2020-10-30T11:07:36.367805+00:00 g1-55.catwhisker.org kernel - -
> - iwn0: iwn_intr: fatal firmware error
> <2>1 2020-10-30T11:07:36.367830+00:00 g1-55.catwhisker.org kernel - -
> - firmware error log:
> <2>1 2020-10-30T11:07:36.367839+00:00 g1-55.catwhisker.org kernel - -
> -=C2=A0=C2=A0 error type=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =3D "UNKNOWN" (0x0=
000001D)
>=20
>=20
> and the "WiFi" LED on the laptop went dark.=C2=A0 As I was trying to do
> some work on another machine (while logged in to that machine from
> the
> laptop), the loss of connectivity was ... disruptive.=C2=A0 While I was
> mildly gratified that (this time) the "make buildkernel" appeared to
> be
> proceeding despite the iwn(4) issue(s), I also wanted to get back to
> what I was doing.
>=20
> So after a few minutes -- when it became apparent that the link
> wasn't
> being recovered on its own -- I switched from X11 to vty1 (to leave
> vty0
> for console messages), logged in as root, and issued:
>=20
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0service netif restart wla=
n0
>=20
> after a couple of minutes (during which the "make buildkernel" was
> continuing), the "service netif restart wlan0" had not yet completed,
> so
> I sent it a SIGNIFO (via ^T), and (as I recall), it indocated that
> the
> process was invoking ifconfig, and there was some mention of a
> function
> whose name included "epoch".
>=20
> I resumed waiting; after another minute or so, I trued ^T again, and
> there appeared to be no progress.
>=20
> After waiting another 30 seconds or so, I tried to bail out via ^C;
> that
> appeared to be ineffective.=C2=A0 So after waiting another 10 - 15 second=
s
> or
> so, I tried backgrounding (^Z), followed by "kill %1".
>=20
> It was shortly after that the panic occurred.=C2=A0 Which may well -- to
> some
> extent -- have been self-inflicted.=C2=A0 That said, the iwn firmware
> panics
> are not something I can control (as far as I know -- please let me
> know
> how I can control them if I'm incoorrect on that score).=C2=A0 For that
> matter, I have no particular attachment to this NIC -- I'm open to a
> suggestion for any NIC with the same (miniPCI) form factor that will
> work well with FreeBSD.
>=20
> Peace,
> david

I got the same issue.

--=-tPUOQDJra8a/u1l7EqVw
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEHG6L9rsswhVpZfW0syGtfDj30pgFAl+cWzEACgkQsyGtfDj3
0pgnHQgAni3xqR5rvaGn/T7M7LH82LAsgpTcJWbPrqIa3sTBiyQJLvubapHySdqA
TSP9PH8RzYc7YqfALp3iUmfsxwDAX8nG3Ha+g5rG1/MgeuaIEcXMmqE6+o8bO/uV
XhG6+V4w6D+bpaYmi1yHy92AbuiUfQEPWxGpc3neMUj5oYezCLzUI8zeN3g4kge+
/4eN0UwF8Fn604phjApSJB3KTmKNmWaqoUnT54pjsQLdoKvOWKB/8fBCQGkIFdxb
xZbH8owF4fW336aKMOnRHgan+44tvGmfCGyVbk8URdNNmHnx/IPSUWbxR24yt99C
SlJ6kz/oZlSr5N0Iqc5CakrtqFKplA==
=Ai3w
-----END PGP SIGNATURE-----

--=-tPUOQDJra8a/u1l7EqVw--




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2b94dc4b39d33108e089762b57f16dc03f7e1ce9.camel>