[Bug 268565] panic after "killall wpa_supplicant" followed by "/etc/rc.d/netif start" with rtw880

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 268565] [patch] panic after "killall wpa_supplicant" followed by "/etc/rc.d/netif start" with rtw880"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 12 Jan 2023 12:42:05 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268565

--- Comment #8 from Mikhail Pchelin <misha@freebsd.org> ---
(In reply to Bjoern A. Zeeb from comment #6)

Thanks for taking this.

My patch albeit fixes the panic, but with this simple test scenario:

while true; do killall wpa_supplicant && /etc/rc.d/netif start && sleep 5; done

sometimes (it needs like 10-15 mins) I see crashes

like this one:

(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:59
#1  dump_savectx () at /usr/src/sys/kern/kern_shutdown.c:405
#2  0xffffffff80bee818 in dumpsys (di=0x0) at
/usr/src/sys/x86/include/dump.h:87
#3  doadump (textdump=textdump@entry=0) at
/usr/src/sys/kern/kern_shutdown.c:434
#4  0xffffffff804b519a in db_dump (dummy=<optimized out>, dummy2=<unavailable>,
dummy3=<unavailable>, dummy4=<unavailable>) at
/usr/src/sys/ddb/db_command.c:593
#5  0xffffffff804b4fa0 in db_command (last_cmdp=<optimized out>,
cmd_table=<optimized out>, dopager=true) at /usr/src/sys/ddb/db_command.c:506
#6  0xffffffff804b4c6d in db_command_loop () at
/usr/src/sys/ddb/db_command.c:553
#7  0xffffffff804b8306 in db_trap (type=<optimized out>, code=<optimized out>)
at /usr/src/sys/ddb/db_main.c:270
#8  0xffffffff80c3ddee in kdb_trap (type=type@entry=3, code=<unavailable>,
code@entry=0, tf=tf@entry=0xfffffe00c2228a20) at
/usr/src/sys/kern/subr_kdb.c:745
#9  0xffffffff810d27f7 in trap (frame=0xfffffe00c2228a20) at
/usr/src/sys/amd64/amd64/trap.c:611
#10 <signal handler called>
#11 kdb_enter (why=<optimized out>, msg=<optimized out>) at
/usr/src/sys/kern/subr_kdb.c:509
#12 0xffffffff80bee9c2 in vpanic (fmt=<optimized out>,
ap=ap@entry=0xfffffe00c2228b70) at /usr/src/sys/kern/kern_shutdown.c:967
#13 0xffffffff80bee763 in panic (fmt=0xffffffff81e8ff30 <cnputs_mtx>
"K\206)\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:903
#14 0xffffffff810d2c89 in trap_fatal (frame=0xfffffe00c2228c60, eva=0) at
/usr/src/sys/amd64/amd64/trap.c:955
#15 0xffffffff810d2d3b in trap_pfault (frame=0xfffffe00c2228c60,
usermode=false, signo=<optimized out>, ucode=<optimized out>) at
/usr/src/sys/amd64/amd64/trap.c:763
#16 <signal handler called>
#17 0xffffffff80e5d94b in lkpi_lsta_remove (lsta=lsta@entry=0xfffff800889fcc00,
lvif=0xfffffe013e35e000) at
/usr/src/sys/compat/linuxkpi/common/src/linux_80211.c:174
#18 0xffffffff80e5bd4b in lkpi_ic_node_free (ni=0xfffffe0140eb9000) at
/usr/src/sys/compat/linuxkpi/common/src/linux_80211.c:2982
#19 0xffffffff80e5e606 in lkpi_ieee80211_free_skb_mbuf (p=0xfffff800421ee500)
at /usr/src/sys/compat/linuxkpi/common/src/linux_80211.c:4428
#20 0xffffffff80e734f6 in linuxkpi_kfree_skb (skb=0xfffffe0140907000) at
/usr/src/sys/compat/linuxkpi/common/src/linux_skbuff.c:236
#21 0xffffffff83b207f2 in ?? ()
#22 0x0000000000000000 in ?? ()


or this one:

(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:59
#1  dump_savectx () at /usr/src/sys/kern/kern_shutdown.c:405
#2  0xffffffff80bee818 in dumpsys (di=0x0) at
/usr/src/sys/x86/include/dump.h:87
#3  doadump (textdump=textdump@entry=0) at
/usr/src/sys/kern/kern_shutdown.c:434
#4  0xffffffff804b519a in db_dump (dummy=<optimized out>, dummy2=<unavailable>,
dummy3=<unavailable>, dummy4=<unavailable>) at
/usr/src/sys/ddb/db_command.c:593
#5  0xffffffff804b4fa0 in db_command (last_cmdp=<optimized out>,
cmd_table=<optimized out>, dopager=true) at /usr/src/sys/ddb/db_command.c:506
#6  0xffffffff804b4c6d in db_command_loop () at
/usr/src/sys/ddb/db_command.c:553
#7  0xffffffff804b8306 in db_trap (type=<optimized out>, code=<optimized out>)
at /usr/src/sys/ddb/db_main.c:270
#8  0xffffffff80c3ddee in kdb_trap (type=type@entry=3, code=<unavailable>,
code@entry=0, tf=tf@entry=0xfffffe0132e81660) at
/usr/src/sys/kern/subr_kdb.c:745
#9  0xffffffff810d27f7 in trap (frame=0xfffffe0132e81660) at
/usr/src/sys/amd64/amd64/trap.c:611
#10 <signal handler called>
#11 kdb_enter (why=<optimized out>, msg=<optimized out>) at
/usr/src/sys/kern/subr_kdb.c:509
#12 0xffffffff80bee9c2 in vpanic (fmt=<optimized out>,
ap=ap@entry=0xfffffe0132e817b0) at /usr/src/sys/kern/kern_shutdown.c:967
#13 0xffffffff80bee763 in panic (fmt=0xffffffff81e8ff30 <cnputs_mtx>
"K\206)\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:903
#14 0xffffffff810d2c89 in trap_fatal (frame=0xfffffe0132e818a0, eva=0) at
/usr/src/sys/amd64/amd64/trap.c:955
#15 0xffffffff810d2d3b in trap_pfault (frame=0xfffffe0132e818a0,
usermode=false, signo=<optimized out>, ucode=<optimized out>) at
/usr/src/sys/amd64/amd64/trap.c:763
#16 <signal handler called>
#17 0xffffffff80e5d94b in lkpi_lsta_remove (lsta=lsta@entry=0xfffff800089f8c00,
lvif=0xfffffe013201c000) at
/usr/src/sys/compat/linuxkpi/common/src/linux_80211.c:174
#18 0xffffffff80e5bd4b in lkpi_ic_node_free (ni=0xfffffe0133437000) at
/usr/src/sys/compat/linuxkpi/common/src/linux_80211.c:2982
#19 0xffffffff80d8d448 in ieee80211_sta_join1
(selbs=selbs@entry=0xfffffe013343f000) at
/usr/src/sys/net80211/ieee80211_node.c:870
#20 0xffffffff80d8e35c in ieee80211_sta_join (vap=vap@entry=0xfffffe013201c010,
chan=<optimized out>, se=<optimized out>) at
/usr/src/sys/net80211/ieee80211_node.c:1046
#21 0xffffffff80d82247 in setmlme_assoc_sta (vap=0xfffffe013201c010,
mac=0xfffffe0132e81a94 "\344\312\022\231}\375MGTS_GPON_8D02",
ssid_len=<optimized out>, ssid=<optimized out>) at
/usr/src/sys/net80211/ieee80211_ioctl.c:1576
#22 ieee80211_ioctl_setmlme (vap=vap@entry=0xfffffe013201c010,
ireq=ireq@entry=0xfffffe0132e81d50) at
/usr/src/sys/net80211/ieee80211_ioctl.c:1633
#23 0xffffffff80d7fca8 in ieee80211_ioctl_set80211
(vap=vap@entry=0xfffffe013201c010, cmd=<optimized out>,
ireq=ireq@entry=0xfffffe0132e81d50) at
/usr/src/sys/net80211/ieee80211_ioctl.c:2953
#24 0xffffffff80d7e82b in ieee80211_ioctl (ifp=0xfffff80034b50800,
cmd=2149607914, data=0xfffffe0132e81d50 "wlan0") at
/usr/src/sys/net80211/ieee80211_ioctl.c:3633
#25 0xffffffff80d1e504 in ifioctl (so=0xfffff8003490e780, cmd=2149607914,
data=<optimized out>, td=0xfffffe01327e7740) at /usr/src/sys/net/if.c:3161
#26 0xffffffff80c66bc2 in fo_ioctl (fp=0xfffff8006452a9b0, com=2149607914,
data=0x24b, active_cred=0x10000, td=<optimized out>) at
/usr/src/sys/sys/file.h:367
#27 kern_ioctl (td=td@entry=0xfffffe01327e7740, fd=<optimized out>,
com=com@entry=2149607914, data=0x24b <error: Cannot access memory at address
0x24b>, data@entry=0xfffffe0132e81d50 "wlan0") at
/usr/src/sys/kern/sys_generic.c:807
#28 0xffffffff80c6690a in sys_ioctl (td=0xfffffe01327e7740,
uap=0xfffffe01327e7b38) at /usr/src/sys/kern/sys_generic.c:715
#29 0xffffffff810d363e in syscallenter (td=<optimized out>) at
/usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:190
#30 amd64_syscall (td=0xfffffe01327e7740, traced=0) at
/usr/src/sys/amd64/amd64/trap.c:1200
#31 <signal handler called>
#32 0x00002d35fbf8a95a in ?? ()

Currently I'm not sure whether it's because of the patch or it's different
issue.

-- 
You are receiving this mail because:
You are on the CC list for the bug.