On 28/06/23(Wed) 15:47, Moritz Buhl wrote: > Dear bugs@, > > with the following snapshot I had two panics on my x270 recently.
This is a bug in iwm(4) suggesting a missing SPL protection. > sysctl kern.version > kern.version=OpenBSD 7.3-current (GENERIC.MP) #1256: Thu Jun 22 10:53:02 MDT > 2023 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > Below are transcribed pictures of my laptop screen. > > panic: rw_enter: vmmaplk locking against myself > Stopped at db_enter+0x14: popq %rbp > TID PID UID PRFLAGS PFLAGS CPU COMMAND > *258766 67401 1000 0x2100002 0x4000000 0K firefox > 465097 28019 0 0x14000 0x200 1 drmwq > db_enter () at db_enter+0x14 > panic(ffffffff820e78b0) at panic+0xc3 > rw_enter(fffffd87449a0f60,2) at rw_enter+0x26f > uvmfault_lookup(ffff800044cc3a30,0) at uvmfault_lookup+0x8a > uvm_fault_check(ffff800044cc3a30, ffff800044cc3a68,ffff800044cc3a90) at > uvm_fault_check+0x36 > uvm_fault(fffffd87449a0e78,ab6ed8ea000,0,1) at uvm_fault+0xfb > kpageflttrap(ffff800044cc3bb0, ab6ed8ea088) at kpageflttrap+0x171 > kerntrap(ffff800044cc3bb0) at kerntrap+0x95 > alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b > _rb_min(ffffffff823f89a8,ffff800000278060) at _rb_min+0x23 > ieee80211_clean_inactive_nodes(ffff800000277048,a) at > ieee80211_clean_inactive_nodes+0x4c Looks like a corruption in RB-tree used inside ieee80211_clean_inactive_nodes(). Since this is coming from interrupt handler it suggest a missing spl dance. > ieee80211_end_scan(ffff800000277048) at ieee80211_end_scan+0xc8 > iwm_rx_pkt(ffff800000277000,ffff8000002f6210,ffff800044cc3e10) at > iwm_rx_pkt+0x871 > iwm_notif_intr(ffff80000027700) at iwm_notif_intr+0xd3 > ent trace frame: 0xffff800044cc3eb0, count: 0 > https://www.openbsd.org/ddb.html describes the minimum info required in bugr > reports. Insufficient info makes it difficult to find and fix bugs. > ddb{0}> show reg > rdi 0 > rsi 0x14 > rbp 0xffff800044cc3720 > rbx 0 > rdx 0x20 > rcx 0x20 > rax 0x30 > r8 0 > r9 0 > r10 0xfff800044cc3528 > r11 0xbe1d4bcaa3793568 > r12 0xffffffff82481990 cpu_info_full_primary+0x2990 > r13 0xffff800044bbee04 > r14 0 > r15 0xffffffff820e78b0 cmd680_setup_channel.udma_tbl+0x67e3 > rip 0xffffffff81d55bc4 db_enter+0x14 > cs 0x8 > rflags 0x282 > rsp 0xffff800044cc3720 > ss 0x10 > db_enter+0x14: popq %rbp > > > the previous panic looked similar except that there was a panic > during that panic: > dbb{0}>bt > db_enter() at db_enter+0x14 > panic(ffffffff820a0212) at panic+0xc3 > __assert(ffffffff8211a18a,ffffffff820eab20,3f,ffffffff8215092f) at > __assert+0x29 > _kernel_lock() at _kernel_lock+0x10f > selwakeup(ffff8000019cc710) at selwakeup+0x15 > ptsstart(ffff8000019a6c00) at ptsstart+0x7d > tputchar(73,ffff8000019a6c00) at tputchar+0x88 > kputchar(73,5,0) at kputchar+0x8d > printf(ffffffff8214c975) at printf+0x74 > splassert_fail(0,7,ffffffff821069d9) at splassert_fail+0x46 > assertwaitok() at assertwaitok+0x40 > mi_switch() at mi_switch+0x44 > sleep_finish(ffff800022f4ec50,1) at sleep_finish+0x102 > msleep(ffff800003cb5410,ffff800003cb5418,0,ffffffff820b8504,3e8) at > msleep+0xcb > drm_atomic_helper_wait_for_flip_done(ffff800000257078,ffff8000039ea000) at > drm_atomic_helper_wait_for_flip_done+0xcf > intel_atomic_commit_tail(ffff8000039ea000) at intel_atomic_commit_tail+0xc26 > intel_atomic_commit(ffff800000257078,ffff8000039ea000,0) at > intel_atomic_commit+0x33d > drm_atomic_commit(ffff8000039ea000) at drm_atomic_commit+0xa7 > drm_client_modeset_commit_atomic(ffff8000012dee00,1,0) at > drm_client_modeset_commit_atomic+0x178 > drm_client_modeset_commit_locket(ffff8000012dee00) at > drm_client_modeset_commitlocked+0x59 > drm_fb_helper_restore_fbdev_mode_unlocked(ffff8000012dee00) at > drm_fb_helper_restore_fbdev_mode_unlocked+0x48 > intel_fbdev_restore_mode(ffff8000000257078) at intel_fbdev_restore_mode+0x37 > db_ktrap(4,0,ffff800022f4f130) at db_ktrap+0x30 > kerntrap(ffff800022f4130) at kerntrap+0xa8 > alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b > _rb_min(ffffffff8220f7b8,ffff800000278060) at rb_min+0x23 > ieee80211_clean_inactive_nodes(ffff800000277048,a) at > ieee80211_clean_inactive_nodes+0x4c > ieee80211_end_scan(ffff800000277048) at ieee80211_end_scan+0xc8 > iwm_rx_pkt(ffff800000277000,ffff8000002f6500,ffff800022f4f390) at > iwm_rx_pkt+0x871 > iwm_notif_intr(ffff800000277000) at iwm_notif_intr+0xd3 > intr_handler(ffff800022f4f490,ffff800000234e80) at intr_handler+0x72 > Xinter_ioapic_edge23_untramp(() at Xintr_ioapic_edge23_untramp+0x18f > acpicpu_idle() at acpicpu_idle+0x203 > sched_idle(ffffffff82464ff0) at sched_idle+0x280 > end trace frame: 0x0, count: -36 > ddb{0}> show panic > *cpu0: kernel diagnostic assertion "__mp_lock_held(&sched_lock, curcpu()) == > 0" failed: file "/usr/src/sys/kern/kerndlock.c" line 63 > ddb{0}> show reg > rdi 0 > rsi 0x14 > rbp 0xffff8000022f4e790 > rbx 0x1 > rdx 0xffff800025013000 > rcx 0x20 > rax 0x86 > r8 0x70000 acpi_pdirpa+0x5be63 > r9 0 > r10 0x1e00 __ALIGN_SIZE+0xe00 > r11 0xb540fa7f6b812bc3 > r12 0xffffffff82465990 cpu_info_full_primary+0x2990 > r13 0 > r14 0 > r15 0xffffffff820a0212 cmd0646_9_tim_udma+0x33643 > rip 0xffffffff818f8de4 db_enter+0x14 > rflags 0x8 > rsp 0xffff800022f4e790 > ss 0x10 > db_enter+0x14: popq %rbp > > mbuhl >
