NetBSD Problem Report #57836
From www@netbsd.org Thu Jan 11 20:00:00 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id B52751A9238
for <gnats-bugs@gnats.NetBSD.org>; Thu, 11 Jan 2024 20:00:00 +0000 (UTC)
Message-Id: <20240111195959.5469D1A9239@mollari.NetBSD.org>
Date: Thu, 11 Jan 2024 19:59:59 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: iwm(4) detach panic: TAILQ_* back 0xffffbd0091e99038 /home/riastradh/netbsd/current/src/sys/kern/subr_evcnt.c:212
X-Send-Pr-Version: www-1.0
>Number: 57836
>Category: kern
>Synopsis: iwm(4) detach panic: TAILQ_* back 0xffffbd0091e99038 /home/riastradh/netbsd/current/src/sys/kern/subr_evcnt.c:212
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Jan 11 20:00:01 +0000 2024
>Originator: Taylor R Campbell
>Release: current as of 2022-09-23
>Organization:
The NetBSDetach Foundation
>Environment:
>Description:
iwm(4) was acting up spewing unhandled firmware response messages like:
[ 2024070.294426] iwm0: autoconfiguration error: unhandled firmware response 0xffff 0xff/0x80 rx ring 127[255]
[ 2024070.394425] iwm0: autoconfiguration error: unhandled firmware response 0x9005 0x5/0xd0a04180 rx ring 59[10]
(This is a bug in its own right, of course.)
ifconfig down/up and restarting wpa_supplicant didn't take it out of this state, so I thought I'd try detach and reattach. But upon `drvctl -d iwm0', the system panicked with:
[ 2024199.235937] panic: TAILQ_* back 0xffffbd0091e99038 /home/riastradh/netbsd/current/src/sys/kern/subr_evcnt.c:212
[ 2024199.235937] cpu0: Begin traceback...
[ 2024199.235937] vpanic() at netbsd:vpanic+0x183
[ 2024199.235937] panic() at netbsd:panic+0x3c
[ 2024199.235937] evcnt_detach() at netbsd:evcnt_detach+0xa9
[ 2024199.235937] intr_free_io_intrsource_direct() at netbsd:intr_free_io_intrsource_direct+0xb1
[ 2024199.235937] pci_msi_free_vectors() at netbsd:pci_msi_free_vectors+0x5d
[ 2024199.235937] x86_pci_msi_release() at netbsd:x86_pci_msi_release+0x40
[ 2024199.235937] iwm_detach() at netbsd:iwm_detach+0x303
[ 2024199.245937] config_detach_release() at netbsd:config_detach_release+0x1f4
[ 2024199.245937] drvctl_ioctl() at netbsd:drvctl_ioctl+0x306
[ 2024199.245937] sys_ioctl() at netbsd:sys_ioctl+0x56d
[ 2024199.245937] syscall() at netbsd:syscall+0x196
(gdb) bt
#0 0xffffffff80239b25 in cpu_reboot (howto=howto@entry=260,
bootstr=bootstr@entry=0x0)
at /home/riastradh/netbsd/current/src/sys/arch/amd64/amd64/machdep.c:721
#1 0xffffffff80ddcf2f in kern_reboot (howto=howto@entry=260,
bootstr=bootstr@entry=0x0)
at /home/riastradh/netbsd/current/src/sys/kern/kern_reboot.c:73
#2 0xffffffff80e246ed in vpanic (
fmt=fmt@entry=0xffffffff81399587 "TAILQ_* back %p %s:%d",
ap=ap@entry=0xffffbd10a08e1c08)
at /home/riastradh/netbsd/current/src/sys/kern/subr_prf.c:293
#3 0xffffffff80e247c2 in panic (
fmt=fmt@entry=0xffffffff81399587 "TAILQ_* back %p %s:%d")
at /home/riastradh/netbsd/current/src/sys/kern/subr_prf.c:210
#4 0xffffffff80e1165c in evcnt_detach (ev=0xffffbd0091e99038)
at /home/riastradh/netbsd/current/src/sys/kern/subr_evcnt.c:212
#5 0xffffffff80590a6b in intr_free_io_intrsource_direct (
isp=0xffffbd0091e91000)
at /home/riastradh/netbsd/current/src/sys/arch/x86/x86/intr.c:402
#6 0xffffffff80592216 in intr_free_io_intrsource (intrid=<optimized out>)
at /home/riastradh/netbsd/current/src/sys/arch/x86/x86/intr.c:435
#7 0xffffffff805b486d in pci_msi_free_vectors (
msi_pic=msi_pic@entry=0xffffdffd56f0a340,
pihs=pihs@entry=0xffffe00c53f86180, count=count@entry=1)
at /home/riastradh/netbsd/current/src/sys/arch/x86/pci/pci_msi_machdep.c:144
#8 0xffffffff805b4bc5 in x86_pci_msi_release_internal (count=1,
pihs=0xffffe00c53f86180)
at /home/riastradh/netbsd/current/src/sys/arch/x86/pci/pci_msi_machdep.c:348
#9 x86_pci_msi_release (pc=<optimized out>, pihs=0xffffe00c53f86180, count=1)
at /home/riastradh/netbsd/current/src/sys/arch/x86/pci/pci_msi_machdep.c:431
#10 0xffffffff803e1543 in iwm_detach (self=<optimized out>,
flags=<optimized out>)
at /home/riastradh/netbsd/current/src/sys/dev/pci/if_iwm.c:8351
#11 0xffffffff80e05d24 in config_detach_release (
dev=dev@entry=0xffffdffd5753e780, flags=flags@entry=0)
at /home/riastradh/netbsd/current/src/sys/kern/subr_autoconf.c:2148
#12 0xffffffff80e0629a in config_detach (dev=dev@entry=0xffffdffd5753e780,
flags=flags@entry=0)
at /home/riastradh/netbsd/current/src/sys/kern/subr_autoconf.c:2286
#13 0xffffffff80722181 in detachdevbyname (devname=0xffffbd10a08e1ee0 "iwm0")
at /home/riastradh/netbsd/current/src/sys/kern/kern_drvctl.c:287
#14 drvctl_ioctl (fp=0xffffdffd621de180, cmd=<optimized out>,
data=0xffffbd10a08e1ee0)
at /home/riastradh/netbsd/current/src/sys/kern/kern_drvctl.c:380
#15 0xffffffff80e36e95 in sys_ioctl (l=<optimized out>,
uap=0xffffbd10a08e2000, retval=<optimized out>)
at /home/riastradh/netbsd/current/src/sys/kern/sys_generic.c:675
#16 0xffffffff805a536e in sy_call (rval=0xffffbd10a08e1fb0,
uap=0xffffbd10a08e2000, l=0xffffe0033413e100,
sy=0xffffffff81886610 <sysent+1296>)
at /home/riastradh/netbsd/current/src/sys/sys/syscallvar.h:65
#17 sy_invoke (code=54, rval=0xffffbd10a08e1fb0, uap=0xffffbd10a08e2000,
l=0xffffe0033413e100, sy=0xffffffff81886610 <sysent+1296>)
at /home/riastradh/netbsd/current/src/sys/sys/syscallvar.h:94
#18 syscall (frame=0xffffbd10a08e2000)
at /home/riastradh/netbsd/current/src/sys/arch/x86/x86/syscall.c:138
#19 0xffffffff8021025d in handle_syscall ()
(gdb) fr 4
#4 0xffffffff80e1165c in evcnt_detach (ev=0xffffbd0091e99038)
at /home/riastradh/netbsd/current/src/sys/kern/subr_evcnt.c:212
212 TAILQ_REMOVE(&allevents, ev, ev_list);
(gdb) print *ev
$1 = {ev_count = 107765382, ev_list = {tqe_next = 0xffffbd0091ea2038,
tqe_prev = 0xffffbd0091d29040}, ev_type = 1 '\001',
ev_grouplen = 4 '\004', ev_namelen = 5 '\005', ev_pad1 = 0 '\000',
ev_parent = 0x0, ev_group = 0xffffdffd5751d724 "msi2",
ev_name = 0xffffbd0091e99088 "vec 0"}
(gdb) fr 5
#5 0xffffffff80590a6b in intr_free_io_intrsource_direct (
isp=0xffffbd0091e91000)
at /home/riastradh/netbsd/current/src/sys/arch/x86/x86/intr.c:402
402 evcnt_detach(&isp->is_evcnt);
(gdb) print *isp
$2 = {is_maxlevel = 0, is_pin = 0, is_handlers = 0x0,
is_pic = 0xffffdffd56f0a340, is_recurse = 0x0, is_resume = 0x0,
is_lwp = 0x0, ipl_evt_mask1 = 0, ipl_evt_mask2 = {0 <repeats 4096 times>},
is_evcnt = {ev_count = 107765382, ev_list = {tqe_next = 0xffffbd0091ea2038,
tqe_prev = 0xffffbd0091d29040}, ev_type = 1 '\001',
ev_grouplen = 4 '\004', ev_namelen = 5 '\005', ev_pad1 = 0 '\000',
ev_parent = 0x0, ev_group = 0xffffdffd5751d724 "msi2",
ev_name = 0xffffbd0091e99088 "vec 0"}, is_mask_count = 0,
is_distribute_pending = 0, is_flags = 0, is_type = 2, is_idtvec = 102,
is_minlevel = 8, is_evname = "vec 0", '\000' <repeats 26 times>,
is_intrid = "msi2 vec 0", '\000' <repeats 53 times>,
is_xname = "iwm0", '\000' <repeats 251 times>, is_active_cpu = 0,
is_saved_evcnt = 0xffffdffd5751d800, is_list = {
sqe_next = 0xffffbd0091e9a000}}
(gdb) fr 7
#7 0xffffffff805b486d in pci_msi_free_vectors (
msi_pic=msi_pic@entry=0xffffdffd56f0a340,
pihs=pihs@entry=0xffffe00c53f86180, count=count@entry=1)
at /home/riastradh/netbsd/current/src/sys/arch/x86/pci/pci_msi_machdep.c:144
144 intr_free_io_intrsource(intrstr);
(gdb) info locals
pih = <optimized out>
i = 0
intrstr = <optimized out>
intrstr_buf = "msi2 vec 0\000\201\377\377\377\377\020\245\360V\375\337\377\377@\344?T\f\340\377\377\377\377\377\377\377\377\377\377\000\035\216\240\020\275\377\377\247R[\200\377\377\377\377@\344?T\f\340\377\377"
>How-To-Repeat:
drvctl -d iwm0
>Fix:
Yes, please!
(It's possible this is already fixed but I don't see any obvious evidence of that in if_iwm.c,
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home