[Bug 275710] iwlwifi: linuxkpi_ieee80211_tx_dequeue() page fault while in kernel mode

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 275710] iwlwifi: linuxkpi_ieee80211_tx_dequeue() page fault while in kernel mode"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 275710] iwlwifi: linuxkpi_ieee80211_tx_dequeue() page fault while in kernel mode"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 275710] iwlwifi: linuxkpi_ieee80211_tx_dequeue() page fault while in kernel mode"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 11 Dec 2023 23:13:46 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275710

            Bug ID: 275710
           Summary: iwlwifi: linuxkpi_ieee80211_tx_dequeue() page fault
                    while in kernel mode
           Product: Base System
           Version: 15.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: cc@FreeBSD.org

Crashed while doing UDP test via iperf3:

root@n1_iwl_vm:~ # iperf3 -B 192.168.0.190 -c 192.168.0.169 -V -t 10 -i 1 --udp
--length 16 --bitrate 5m
iperf 3.15
FreeBSD n1_iwl_vm 15.0-CURRENT FreeBSD 15.0-CURRENT #21 main-7df526eb10: Mon
Dec 11 14:39:56 EST 2023    
root@n1_iwl_vm:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64
Control connection MSS 1460
Time: Mon, 11 Dec 2023 23:04:02 UTC
Connecting to host 192.168.0.169, port 5201
      Cookie: mjfz4h377cfl7oddwdzwz6dbbxysqaidl2rq
      Target Bitrate: 5000000
[  5] local 192.168.0.190 port 22727 connected to 192.168.0.169 port 5201
Starting Test: protocol: UDP, 1 streams, 16 byte blocks, omitting 0 seconds, 10
second test, tos 0
[ ID] Interval           Transfer     Bitrate         Total Datagrams
[  5]   0.00-1.00   sec   610 KBytes  5.00 Mbits/sec  39038  


Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address   = 0x8
fault code              = supervisor write data, page not present
instruction pointer     = 0x20:0xffffffff80dd9e11
stack pointer           = 0x0:0xfffffe007ebeea70
frame pointer           = 0x0:0xfffffe007ebeea70
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (ndev napi taskq)
rdi: fffffe00805f9380 rsi: fffff800057b7400 rdx: fffff800057b7418
rcx: fffff8017b795000  r8: ffffffff8268a3ab  r9: 0000000000000460
rax: 0000000000000000 rbx: fffff800057b7480 rbp: fffffe007ebeea70
r10: 0000000000000000 r11: 0000000000000062 r12: fffff8017b796000
r13: fffffe00805f9440 r14: fffffe00805f9380 r15: fffffe00805f9448
trap number             = 12
panic: page fault
cpuid = 1
time = 1702335843
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe007ebee740
vpanic() at vpanic+0x132/frame 0xfffffe007ebee870
panic() at panic+0x43/frame 0xfffffe007ebee8d0
trap_fatal() at trap_fatal+0x40c/frame 0xfffffe007ebee930
trap_pfault() at trap_pfault+0xae/frame 0xfffffe007ebee9a0
calltrap() at calltrap+0x8/frame 0xfffffe007ebee9a0
--- trap 0xc, rip = 0xffffffff80dd9e11, rsp = 0xfffffe007ebeea70, rbp =
0xfffffe007ebeea70 ---
linuxkpi_ieee80211_tx_dequeue() at linuxkpi_ieee80211_tx_dequeue+0x51/frame
0xfffffe007ebeea70
iwl_mvm_mac_itxq_xmit() at iwl_mvm_mac_itxq_xmit+0xc2/frame 0xfffffe007ebeeac0
iwl_mvm_queue_state_change() at iwl_mvm_queue_state_change+0x1ef/frame
0xfffffe007ebeeb10
iwl_txq_reclaim() at iwl_txq_reclaim+0x7ef/frame 0xfffffe007ebeebd0
iwl_mvm_rx_tx_cmd() at iwl_mvm_rx_tx_cmd+0x14e/frame 0xfffffe007ebeeca0
iwl_mvm_rx_common() at iwl_mvm_rx_common+0x1dc/frame 0xfffffe007ebeece0
iwl_pcie_rx_handle() at iwl_pcie_rx_handle+0x47f/frame 0xfffffe007ebeede0
iwl_pcie_napi_poll_msix() at iwl_pcie_napi_poll_msix+0x2d/frame
0xfffffe007ebeee20
lkpi_napi_task() at lkpi_napi_task+0x1f/frame 0xfffffe007ebeee40
taskqueue_run_locked() at taskqueue_run_locked+0xab/frame 0xfffffe007ebeeec0
taskqueue_thread_loop() at taskqueue_thread_loop+0xd3/frame 0xfffffe007ebeeef0
fork_exit() at fork_exit+0x82/frame 0xfffffe007ebeef30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe007ebeef30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 0 tid 100190 ]
Stopped at      kdb_enter+0x32: movq    $0,0xe3c023(%rip)
db> dump
Dumping 516 out of 6111 MB:..4%..13%..22%..31%..41%..53%..62%..72%..81%..93%
Dump complete
db>

-- 
You are receiving this mail because:
You are the assignee for the bug.