Re: uvm_fault with bwi on i386 when scanning or bringing up.

[Michael]

On 23 February 2015 at 03:45, Stefan Sperling <s...@stsp.name> wrote:
> On Sun, Feb 22, 2015 at 11:11:50PM -0330, Michael wrote:
>> > So it's running into a NULL pointer but it's still unclear where and why.
>> > Perhaps it's an unchecked allocation failure, perhaps some other problem.
>> >
>> > Are you comfortable with adding some debug printf to see which function in
>> > bwi is the last called one before the crash? Would you need help with that?
>>
>> Yes, I can add in some debugging if you could tell me how/where it is needed.
>> I see in the later emails no-one else seems to have this issue so if
>> it is just specific to my systems then I can do some further tests as
>> needed.
>
> Given what miod said the interrupt handler (bwi_intr) might be a good
> plaec to start.
>
> Though perhaps that is not even reached? Do you get any call to bwi_intr?
> I don't know where to start debugging ioapic issues.
>
> Index: bwi.c
> ===================================================================
> RCS file: /cvs/src/sys/dev/ic/bwi.c,v
> retrieving revision 1.116
> diff -u -p -r1.116 bwi.c
> --- bwi.c       10 Feb 2015 23:25:46 -0000      1.116
> +++ bwi.c       23 Feb 2015 07:11:19 -0000
> @@ -73,8 +73,9 @@
>
>  #include <uvm/uvm_extern.h>
>
> +#define BWI_DEBUG
>  #ifdef BWI_DEBUG
> -int bwi_debug = 1;
> +int bwi_debug = 2;
>  #define DPRINTF(l, x...)       do { if ((l) <= bwi_debug) printf(x); } while 
> (0)
>  #else
>  #define DPRINTF(l, x...)
> @@ -578,6 +579,7 @@ bwi_intr(void *xsc)
>         uint32_t txrx_intr_status[BWI_TXRX_NRING];
>         int i, txrx_error, tx = 0, rx_data = -1;
>
> +       printf("%s\n", __func__);
>         if ((ifp->if_flags & IFF_RUNNING) == 0)
>                 return (0);
>

Ok, so patched as requested, recompiled the kernel. Including the
command itself, a new dmesg as it has some new information, the ps,
trace and show registers outputs.
Let me know if you need anything further.
----
command
sudo ifconfig bwi0 scan
bwi0: flags=8802bwi0: bwi_init_statechg
bwi0: bwi_stop
bwi0: bwi_power_on
<BROADCAST,SIMPLbwi0: bbp atten: 0, rf atten: 3, ctrl1: 2, ctrl2: 65535
bwi0: bus rev 0
bwi0: MAC is disabled
bwi0: MAC was already disabled
EX,MULTICAST> mtbwi0: PHY is linked
bwi0: bus rev 0
u 1500
        bwi0: PHY is unlinked
lladdr 00:90:4b:72:9f:fd
      bwi0: RF calibration value: 0x003e
  priority: 4
 bwi0: bwi_rf_lo_update_11g
       groups: wlan
        media: IEEE802.11 autoselect
        status: no network
        ieee80211: nwid "bwi0: bus rev 0
"
bwi0: PHY is linked
bwi0: loaded firmware file ucode4.fw
bwi0: loaded firmware file pcm4.fw
bwi0: loaded firmware file b0g0initvals2.fw
bwi0: firmware rev 0x0127, patch level 0x000e
bwi0: IV count 438
bwi0: base tssi 50
bwi0: bwi_mac_set_ackrates
uvm_fault(0xd66bef30, 0x0, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at      0:uvm_fault(0xd66bef30, 0x0, 0, 1) -> e
      kernel: page fault trap, code=0
Stopped at      db_read_bytes+0x17:     movzbl  0(%esi,%ecx,1),%eax
----
dmesg post patch
OpenBSD 5.7-beta (GENERIC) #0: Mon Feb 23 14:11:44 NST 2015
    r...@lucy.my.domain:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Mobile Intel(R) Pentium(R) 4 - M CPU 2.00GHz ("GenuineIntel"
686-class) 2 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,CNXT-ID,PERF
real mem  = 804675584 (767MB)
avail mem = 779153408 (743MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 01/07/04, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev.
2.3 @ 0xf76a0 (62 entries)
bios0: vendor Dell Computer Corporation version "A13" date 01/07/2004
bios0: Dell Computer Corporation Latitude C840
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP
acpi0: wakeup devices LID_(S3) PBTN(S4) PCI0(S3) UAR1(S3) USB0(S1)
USB1(S1) USB2(S1) MODM(S3) PCIE(S3) MPCI(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (PCIE)
acpiprt3 at acpi0: bus -1 (MPCI)
acpicpu0 at acpi0acpicpu0: struck PSS entry, core frequency equals  last
acpicpu0: struck PSS entry, core frequency equals  last
acpicpu0: invalid _PSS length
: C2
acpipwrres0 at acpi0: PADA, resource for ADPT
acpitz0 at acpi0: critical temperature is 94 degC
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT0 not present
acpibat1 at acpi0: BAT1 not present
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: PBTN
acpibtn2 at acpi0: SBTN
acpidock0 at acpi0: GDCK not docked (0)
acpivideo0 at acpi0: VID_
bios0: ROM list: 0xc0000/0xf800 0xcf800/0x800!
cpu0 at mainbus0: (uniprocessor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82845 Host" rev 0x04
intelagp0 at pchb0
agp0 at intelagp0: aperture at 0xe8000000, size 0x4000000
ppb0 at pci0 dev 1 function 0 "Intel 82845 AGP" rev 0x04
pci1 at ppb0 bus 1
1:0:0: mem address conflict 0x80000000/0x20000
vga1 at pci1 dev 0 function 0 "NVIDIA GeForce4 440 Go" rev 0xa3
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 29 function 0 "Intel 82801CA/CAM USB" rev 0x02: irq 11
uhci1 at pci0 dev 29 function 2 "Intel 82801CA/CAM USB" rev 0x02: irq 11
ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x42
pci2 at ppb1 bus 2
xl0 at pci2 dev 0 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq
11, address 00:0b:db:1e:b3:e4
exphy0 at xl0 phy 24: 3Com internal media interface
cbb0 at pci2 dev 1 function 0 "TI PCI4451 CardBus" rev 0x00: irq 11
cbb1 at pci2 dev 1 function 1 "TI PCI4451 CardBus" rev 0x00: irq 11
"TI PCI4451 FireWire" rev 0x00 at pci2 dev 1 function 2 not configured
bwi0 at pci2 dev 3 function 0 "Broadcom BCM4306" rev 0x02: irq 11
bwi0: bwi_power_on
bwi0: regwin: type 0x800, rev 2, vendor 0x4243
bwi0: BBP id 0x4306, BBP rev 0x2, BBP pkg 0
bwi0: nregwin 6, cap 0x0000002a
bwi0: regwin: type 0x812, rev 4, vendor 0x4243
bwi0: has TX stats
bwi0: regwin: type 0x80d, rev 1, vendor 0x4243
bwi0: regwin: type 0x807, rev 1, vendor 0x4243
bwi0: regwin: type 0x804, rev 7, vendor 0x4243
bwi0: regwin: type 0x812, rev 4, vendor 0x4243
bwi0: ignore second MAC
bwi0: bwi_power_on
bwi0: bus rev 0
bwi0: PCI is enabled
bwi0: card flags 0x000f
bwi0: 0th led, act 2, lowact 0
bwi0: 1th led, act 5, lowact 0
bwi0: 2th led, act 4, lowact 0
bwi0: 3th led, act 0, lowact 0
bwi0: MAC was already disabled
bwi0: PHY is linked
bwi0: PHY type 2, rev 1, ver 1
bwi0: RF manu 0x17f, type 0x2050, rev 2
bwi0: bus rev 0
bwi0: PHY is linked
bwi0: 30bit bus space
bwi0: max txpower from sprom: 57 dBm
bwi0: invalid antenna gain in sprom
bwi0: ant gain 8 dBm
bwi0: region/domain max txpower 76 dBm
bwi0: max txpower 57 dBm
bwi0: sprom idle tssi: 0x003e
bwi0: TSSI-TX power map:
71 71 70 70 70 70 70 69
69 69 69 69 68 68 68 67
67 67 66 66 66 66 65 65
65 64 64 64 63 63 63 62
61 61 61 60 59 59 58 57
57 55 55 54 53 52 51 50
49 48 47 44 43 42 39 37
35 32 29 26 22 18 14 8
bwi0: idle tssi0: 62
bwi0: bus rev 0
bwi0: bwi_power_off
bwi0: locale: 0
, address 00:90:4b:72:9f:fd
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 4 device 0 cacheline 0x8, lattimer 0x20
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 5 device 0 cacheline 0x8, lattimer 0x20
pcmcia1 at cardslot1
ichpcib0 at pci0 dev 31 function 0 "Intel 82801CAM LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801CAM IDE" rev 0x02: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0: <Hitachi HTS541680J9AT00>
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
atapiscsi0 at pciide0 channel 0 drive 1
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0: <SAMSUNG, CD-ROM SN-124, N102> ATAPI
5/cdrom removable
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
auich0 at pci0 dev 31 function 5 "Intel 82801CA/CAM AC97" rev 0x02:
irq 11, ICH3 AC97
ac97: codec id 0x4352595b (Cirrus Logic CS4205 rev 3)
ac97: codec features mic channel, tone, simulated stereo, bass boost,
20 bit DAC, 18 bit ADC, SRS 3D
audio0 at auich0
"Intel 82801CA/CAM Modem" rev 0x02 at pci0 dev 31 function 6 not configured
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb1 at uhci1: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pms0: ALPS Dualpoint, version 0x2222
wsmouse1 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on wd0a (baedea217d05b050.a) swap on wd0b dump on wd0b
Automatic boot in progress: starting file system checks.
/dev/wd0a (baedea217d05b050.a): file system is clean; not checking
/dev/wd0k (baedea217d05b050.k): file system is clean; not checking
/dev/wd0d (baedea217d05b050.d): file system is clean; not checking
/dev/wd0f (baedea217d05b050.f): file system is clean; not checking
/dev/wd0g (baedea217d05b050.g): file system is clean; not checking
/dev/wd0h (baedea217d05b050.h): file system is clean; not checking
/dev/wd0j (baedea217d05b050.j): file system is clean; not checking
/dev/wd0i (baedea217d05b050.i): file system is clean; not checking
/dev/wd0e (baedea217d05b050.e): file system is clean; not checking
setting tty flags
pf enabled
machdep.allowaperture: 0 -> 2
starting network
xl0: no link ........... sleeping
starting early daemons: syslogd pflogd ntpd.
starting RPC daemons:.
savecore: no core dump
checking quotas: done.
clearing /tmp
kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd smtpd sndiod.
starting local daemons: apmd cron.
Mon Feb 23 20:08:00 NST 2015
----
ps
ddb> ps
   PID   PPID   PGRP    UID  S       FLAGS  WAIT          COMMAND
*15751   6373  15751      0  7         0x3                ifconfig
  6373      1   6373   1000  3        0x8b  pause         ksh
 29988      1  29988      0  3        0x83  ttyin         getty
 21973      1  21973      0  3        0x83  ttyin         getty
 31151      1  31151      0  3        0x83  ttyin         getty
 31150      1  31150      0  3        0x83  ttyin         getty
  3495      1   3495      0  3        0x83  ttyin         getty
  5849      1   5849      0  3        0x80  poll          cron
  2696      1   2696      0  3        0x80  kqread        apmd
 27980      1  27980     99  3        0x90  poll          sndiod
 14505   5216   5216     95  3        0x90  kqread        smtpd
  2738   5216   5216     95  3        0x90  kqread        smtpd
 16247   5216   5216     95  3        0x90  kqread        smtpd
 22397   5216   5216     95  3        0x90  kqread        smtpd
  8223   5216   5216     95  3        0x90  kqread        smtpd
 27875   5216   5216    103  3        0x90  kqread        smtpd
  5216      1   5216      0  3        0x80  kqread        smtpd
 16330      1  16330      0  3        0x80  select        sshd
 23218  13015  24791     83  3        0x90  poll          ntpd
 13015  24791  24791     83  3        0x90  poll          ntpd
 24791      1  24791      0  3        0x80  poll          ntpd
 26768  18260  18260     74  3        0x90  bpf           pflogd
 18260      1  18260      0  3        0x80  netio         pflogd
 13702  23332  23332     73  3        0x10  ffs_fsync     syslogd
 23332      1  23332      0  3        0x80  netio         syslogd
  1838      1   1838     77  3        0x90  poll          dhclient
 17668      1  17668      0  3        0x80  poll          dhclient
  5020      0      0      0  3     0x14200  pgzero        zerothread
 32641      0      0      0  3     0x14200  aiodoned      aiodoned
  1574      0      0      0  3     0x14200  syncer        update
  5861      0      0      0  3     0x14200  cleaner       cleaner
   726      0      0      0  3     0x14200  reaper        reaper
 23699      0      0      0  3     0x14200  pgdaemon      pagedaemon
 16117      0      0      0  3     0x14200  bored         crypto
 18852      0      0      0  3     0x14200  pftm          pfpurge
  1243      0      0      0  3     0x14200  usbtsk        usbtask
 23134      0      0      0  3     0x14200  usbatsk       usbatsk
 23539      0      0      0  3  0x40014200  acpi0         acpi0
 23279      0      0      0  3     0x14200  bored         systqmp
 15419      0      0      0  3     0x14200  bored         systq
 24372      0      0      0  3  0x40014200                idle0
 29795      0      0      0  3     0x14200  kmalloc       kmthread
     1      0      1      0  3        0x82  wait          init
     0     -1      0      0  3     0x10200  scheduler     swapper
----
show registers
ddb> show registers
ds                  0x10
es                  0x10
fs                  0x20
gs                     0
edi           0xf5405ae0
esi                    0
ebp           0xf5405ac4
ebx                  0x1
edx           0xf5405ae0
ecx                    0
eax                    0
eip           0xd055b087        db_read_bytes+0x17
cs                   0x8
eflags          0x210246
esp           0xf5405aac
ss                  0x10
db_read_bytes+0x17:     movzbl  0(%esi,%ecx,1),%eax
----
trace
ddb> trace
db_read_bytes(0,1,f5405ae0,0,f5405af0) at db_read_bytes+0x17
db_get_value(0,1,0,0,d09e2e5a) at db_get_value+0x38
db_disasm(0,0,d03cd090,d03cd0b5,d09b7eb8,f5405bb0,0,0,f5405bb0) at db_disasm+0x
31
db_print_loc_and_inst(0,f5405bc8,f5405bd4,d03cd0b5,d09e2e4b) at db_print_loc_an
d_inst+0x3e
db_trap(6,0,58,0,f5405c10) at db_trap+0x89
kdb_trap(6,0,f5405c80,1,e) at kdb_trap+0xcc
trap() at trap+0x2e5
--- trap (number 0) ---
Bad frame pointer: 0xd1ae4000
0:
----