On Fri, 18 Jul 2025, Andrea Venturoli wrote:
Attempt in replying II; I think my previous email did not make it out
as drm paniced as I was trying to send.
Also what's /usr/src/sys/compat/linuxkpi/common/src/linux_80211.c:2364
for you (a few lines before/after maybe as well)?
It's in lkpi_sta_auth_to_scan:
lhw = vap->iv_ic->ic_softc;
hw = LHW_TO_HW(lhw);
lvif = VAP_TO_LVIF(vap);
vif = LVIF_TO_VIF(lvif);
LKPI_80211_LVIF_LOCK(lvif);
#ifdef LINUXKPI_DEBUG_80211
/* XXX-BZ KASSERT later; state going down so no action. */
if (lvif->lvif_bss == NULL)
ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p
lvif_bss %p "
"lvif_bss->ni %p synched %d\n", __func__, __LINE__,
lvif, vap, vap->iv_bss, lvif->lvif_bss,
(lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
lvif->lvif_bss_synched);
#endif
lsta = lvif->lvif_bss;
LKPI_80211_LVIF_UNLOCK(lvif);
KASSERT(lsta != NULL && lsta->ni != NULL, ("%s: lsta %p ni %p "
"lvif %p vap %p\n", __func__,
lsta, (lsta != NULL) ? lsta->ni : NULL, lvif, vap));
=> ni = lsta->ni; /* Reference held for lvif_bss. */
sta = LSTA_TO_STA(lsta);
In fact lsta is NULL!
Probably the previous KASSERT would have caught this, if I had INVARIANTS
enabled.
It should not happen; but that said I had this two days ago in a
different function; I wonder what invariants have changed that we
suddenly see this again?
Also if you have a core.txt, can you check the kernel message buffer if
there was a firmware crash before this and the panic is a secondary
issue?
Maybe so, if that's what the following means:
iwlwifi0: linuxkpi_ieee80211_beacon_loss: vif 0xfffffe00ad4e5ec0 vap
0xfffffe00ad4e5010 state RUN
iwlwifi0: linuxkpi_ieee80211_beacon_loss: vif 0xfffffe00ad4e5ec0 vap
0xfffffe00ad4e5010 state RUN
wlan0: link state changed to DOWN
wlan0: link state changed to UP
wlan0: link state changed to DOWN
iwlwifi0: Microcode SW error detected. Restarting 0x2000000.
iwlwifi0: Start IWL Error Log Dump:
iwlwifi0: Transport status: 0x0000004B, valid: 6
iwlwifi0: Loaded firmware version: 46.7e3e4b69.0 9000-pu-b0-jf-b0-46.ucode
iwlwifi0: 0x000021A0 | ADVANCED_SYSASSERT iwlwifi0: 0x00A0A200 |
trm_hw_status0
iwlwifi0: 0x00000000 | trm_hw_status1
iwlwifi0: 0x004897FA | branchlink2
iwlwifi0: 0x0047905E | interruptlink1
iwlwifi0: 0x00000000 | interruptlink2
iwlwifi0: 0x00000020 | data1
iwlwifi0: 0x00000000 | data2
iwlwifi0: 0x00000000 | data3
iwlwifi0: 0x00410621 | beacon time
iwlwifi0: 0x031B0C7D | tsf low
iwlwifi0: 0x00000000 | tsf hi
iwlwifi0: 0x00000000 | time gp1
iwlwifi0: 0x3E308AED | time gp2
iwlwifi0: 0x00000001 | uCode revision type
iwlwifi0: 0x0000002E | uCode version major
iwlwifi0: 0x7E3E4B69 | uCode version minor
iwlwifi0: 0x00000312 | hw version
iwlwifi0: 0x00C89002 | board version
iwlwifi0: 0x80F6FC28 | hcmd
iwlwifi0: 0x24022080 | isr0
iwlwifi0: 0x01000000 | isr1
iwlwifi0: 0x08201802 | isr2
iwlwifi0: 0x004140C0 | isr3
iwlwifi0: 0x00000000 | isr4
iwlwifi0: 0x00B0019F | last cmd Id
iwlwifi0: 0x0001B822 | wait_event
iwlwifi0: 0x000000C0 | l2p_control
iwlwifi0: 0x00018014 | l2p_duration
iwlwifi0: 0x0000003F | l2p_mhvalid
iwlwifi0: 0x00000000 | l2p_addr_match
iwlwifi0: 0x0000000D | lmpm_pmg_sel
iwlwifi0: 0x28021135 | timestamp
iwlwifi0: 0x0000D0F4 | flow_handler
iwlwifi0: Start IWL Error Log Dump:
iwlwifi0: Transport status: 0x0000004B, valid: 7
iwlwifi0: 0x20000070 | NMI_INTERRUPT_LMAC_FATAL
iwlwifi0: 0x00000000 | umac branchlink1
iwlwifi0: 0xC0088A3A | umac branchlink2
iwlwifi0: 0x0101B658 | umac interruptlink1
iwlwifi0: 0xC0085194 | umac interruptlink2
iwlwifi0: 0x00000800 | umac data1
iwlwifi0: 0xC0085194 | umac data2
iwlwifi0: 0xDEADBEEF | umac data3
iwlwifi0: 0x0000002E | umac major
iwlwifi0: 0x7E3E4B69 | umac minor
iwlwifi0: 0x3E308B06 | frame pointer
iwlwifi0: 0xC0887584 | stack pointer
iwlwifi0: 0x00B10118 | last host cmd
STA_ADD failed; that could explain why there is no lsta.
I have a lot of debugging in the Hardware restart handler locally; maybe
I should upstream that but it'll overflow the message buffer of most
people so likely not useful.
Maybe we should for 15-ish implement a hardware restart finally.
Likely to take things down and free them and restart, rather than
feeding state back into firmware...
None of this of course ansers the question why the STA_ADD failed.
My bet is, it's another race against net80211 and fixinf net80211 for
good is probably the only real option...
iwlwifi0: 0x00000000 | isr status reg
iwlwifi0: IML/ROM dump:
iwlwifi0: 0x00002323 | IML/ROM error/state
iwlwifi0: 0x00000003 | IML/ROM data1
iwlwifi0: Fseq Registers:
iwlwifi0: 0x2687AE10 | FSEQ_ERROR_CODE
iwlwifi0: 0x00000000 | FSEQ_TOP_INIT_VERSION
iwlwifi0: 0x600A45A1 | FSEQ_CNVIO_INIT_VERSION
iwlwifi0: 0x0000A384 | FSEQ_OTP_VERSION
iwlwifi0: 0x26007318 | FSEQ_TOP_CONTENT_VERSION
iwlwifi0: 0xCA120798 | FSEQ_ALIVE_TOKEN
iwlwifi0: 0x3DBB157A | FSEQ_CNVI_ID
iwlwifi0: 0xAC7EBE89 | FSEQ_CNVR_ID
iwlwifi0: 0x01000100 | CNVI_AUX_MISC_CHIP
iwlwifi0: 0x00000201 | CNVR_AUX_MISC_CHIP
iwlwifi0: 0x0000485B | CNVR_SCU_SD_REGS_SD_REG_DIG_DCDC_VTRIM
iwlwifi0: 0xA5A5A5A2 | CNVR_SCU_SD_REGS_SD_REG_ACTIVE_VDIG_MIRROR
iwlwifi0: 0xED6F3351 | FSEQ_PREV_CNVIO_INIT_VERSION
iwlwifi0: 0x4C88F0D8 | FSEQ_WIFI_FSEQ_VERSION
iwlwifi0: 0x6444150F | FSEQ_BT_FSEQ_VERSION
iwlwifi0: 0xE085B8B9 | FSEQ_CLASS_TP_VERSION
iwlwifi0: WRT: Collecting data: ini trigger 4 fired (delay=0ms).
iwlwifi0: FW error in SYNC CMD ADD_STA
bye & Thanks
av.
--
Bjoern A. Zeeb r15:7
