Kernel panic with wifi module WLE200NX after upgrade to 24.7

[dicer]

I still had the wifi module WLE200NX in my apu2 but didn't use it for a while. After upgrading to 24.7, I got the following panic. WIFIG and WIFIP both used that module. WIFIG seems to be initialized fine but WIFIP gets the panic. WIFIP is part of a bridge (WIFIG is not). That's the only difference I remember. I removed the card from its slot (which resulted in a successful boot) and deleted the interfaces.

Still thought I'd paste the panic here. Let me know if you need more of the lengthy output that followed.

Code Select Expand

Configuring WIFIG interface...done.
Configuring WIFIP interface...

Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address   = 0xffff
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff80d5363d
stack pointer           = 0x28:0xfffffe0062769cd0
frame pointer           = 0x28:0xfffffe0062769d00
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (ath0 net80211 taskq)
rdi: 0000000000040000 rsi: 0000000000000001 rdx: 000000000000ffff
rcx: 00000000500c2408  r8: 0000000000000000  r9: 0000000000000080
rax: fffff800b0eb6942 rbx: fffff800b0a71000 rbp: fffffe0062769d00
r10: 0000000000000000 r11: 000007fffffff000 r12: fffffe00629d6000
r13: fffff800b0eb6938 r14: fffff800b0a71000 r15: fffffe006d9d3000
trap number             = 12
panic: page fault
cpuid = 1
time = 1722197341
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00627699c0
vpanic() at vpanic+0x131/frame 0xfffffe0062769af0
panic() at panic+0x43/frame 0xfffffe0062769b50
trap_fatal() at trap_fatal+0x40b/frame 0xfffffe0062769bb0
trap_pfault() at trap_pfault+0x46/frame 0xfffffe0062769c00
calltrap() at calltrap+0x8/frame 0xfffffe0062769c00
--- trap 0xc, rip = 0xffffffff80d5363d, rsp = 0xfffffe0062769cd0, rbp = 0xfffffe0062769d00 ---
ieee80211_beacon_construct() at ieee80211_beacon_construct+0x7d/frame 0xfffffe0062769d00
ieee80211_beacon_alloc() at ieee80211_beacon_alloc+0xb3/frame 0xfffffe0062769d40
ath_beacon_alloc() at ath_beacon_alloc+0x84/frame 0xfffffe0062769d80
ath_newstate() at ath_newstate+0x3f2/frame 0xfffffe0062769df0
ieee80211_newstate_cb() at ieee80211_newstate_cb+0x1fc/frame 0xfffffe0062769e40
taskqueue_run_locked() at taskqueue_run_locked+0x182/frame 0xfffffe0062769ec0
taskqueue_thread_loop() at taskqueue_thread_loop+0xc2/frame 0xfffffe0062769ef0
fork_exit() at fork_exit+0x7f/frame 0xfffffe0062769f30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0062769f30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 0 tid 100061 ]
Stopped at      kdb_enter+0x33: movq    $0,0xfd9b22(%rip)
db:0:kdb.enter.default> textdump set
textdump set
db:0:kdb.enter.default>  capture on
db:0:kdb.enter.default>  run lockinfo
db:1:lockinfo> show locks
No such command; use "help" to list available commands
db:1:lockinfo>  show alllocks
No such command; use "help" to list available commands
db:1:lockinfo>  show lockedvnods
Locked vnodes
db:0:kdb.enter.default>  show pcpu
cpuid        = 1
dynamic pcpu = 0xfffffe0086ba0c40
curthread    = 0xfffff8000380a000: pid 0 tid 100061 critnest 1 "ath0 net80211 taskq"
curpcb       = 0xfffff8000380a520
fpcurthread  = none
idlethread   = 0xfffff8000353e000: tid 100004 "idle: cpu1"
self         = 0xffffffff82611000
curpmap      = 0xffffffff81b81670
tssp         = 0xffffffff82611384
rsp0         = 0xfffffe006276a000
kcr3         = 0xffffffffffffffff
ucr3         = 0xffffffffffffffff
scr3         = 0x0
gs32p        = 0xffffffff82611404
ldt          = 0xffffffff82611444
tss          = 0xffffffff82611434
curvnet      = 0


[franco]

Hi,

Can't find any relevant fix or bug report in FreeBSD.


Cheers,
Franco

[apraile]

Hi,

I have the same problem and it also happens when configuring the wifi interface that is part of a bridge (in my case "WLAN_MAIN"). The router was working correctly with OPNsense 24.1.10_8.

The following is the log of the panic:

Code Select Expand

Configuring WLAN_HA interface...done.
Configuring WLAN_MAIN interface...

Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 03
fault virtual address = 0xffff
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff80d5363d
stack pointer         = 0x28:0xfffffe0062ca6cd0
frame pointer         = 0x28:0xfffffe0062ca6d00
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 0 (ath0 net80211 taskq)
rdi: 0000000000040000 rsi: 0000000000000001 rdx: 000000000000ffff
rcx: 00000000500c2408  r8: 0000000000000000  r9: 0000000000000180
rax: fffff8010359f942 rbx: fffff80103529000 rbp: fffffe0062ca6d00
r10: 0000000000000000 r11: 000007fffffff000 r12: fffffe0008dab000
r13: fffff8010359f938 r14: fffff80103529000 r15: fffffe008a5f7000
trap number = 12
panic: page fault
cpuid = 3
time = 1721983801
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0062ca69c0
vpanic() at vpanic+0x131/frame 0xfffffe0062ca6af0
panic() at panic+0x43/frame 0xfffffe0062ca6b50
trap_fatal() at trap_fatal+0x40b/frame 0xfffffe0062ca6bb0
trap_pfault() at trap_pfault+0x46/frame 0xfffffe0062ca6c00
calltrap() at calltrap+0x8/frame 0xfffffe0062ca6c00
--- trap 0xc, rip = 0xffffffff80d5363d, rsp = 0xfffffe0062ca6cd0, rbp = 0xfffffe0062ca6d00 ---
ieee80211_beacon_construct() at ieee80211_beacon_construct+0x7d/frame 0xfffffe0062ca6d00
ieee80211_beacon_alloc() at ieee80211_beacon_alloc+0xb3/frame 0xfffffe0062ca6d40
ath_beacon_alloc() at ath_beacon_alloc+0x84/frame 0xfffffe0062ca6d80
ath_newstate() at ath_newstate+0x3f2/frame 0xfffffe0062ca6df0
ieee80211_newstate_cb() at ieee80211_newstate_cb+0x1fc/frame 0xfffffe0062ca6e40
taskqueue_run_locked() at taskqueue_run_locked+0x182/frame 0xfffffe0062ca6ec0
taskqueue_thread_loop() at taskqueue_thread_loop+0xc2/frame 0xfffffe0062ca6ef0
fork_exit() at fork_exit+0x7f/frame 0xfffffe0062ca6f30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0062ca6f30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 0 tid 100064 ]
Stopped at      kdb_enter+0x33: movq    $0,0xfd9b22(%rip)
db:0:kdb.enter.default> textdump set
textdump set
db:0:kdb.enter.default>  capture on
db:0:kdb.enter.default>  run lockinfo
db:1:lockinfo> show locks
No such command; use "help" to list available commands
db:1:lockinfo>  show alllocks
No such command; use "help" to list available commands
db:1:lockinfo>  show lockedvnods
Locked vnodes
db:0:kdb.enter.default>  show pcpu
cpuid        = 3
dynamic pcpu = 0xfffffe00871b7c40
curthread    = 0xfffff800038d1000: pid 0 tid 100064 critnest 1 "ath0 net80211 taskq"
curpcb       = 0xfffff800038d1520
fpcurthread  = none
idlethread   = 0xfffff8000356d000: tid 100006 "idle: cpu3"
self         = 0xffffffff82e13000
curpmap      = 0xffffffff81b81670
tssp         = 0xffffffff82e13384
rsp0         = 0xfffffe0062ca7000
kcr3         = 0x2c1c000
ucr3         = 0xffffffffffffffff
scr3         = 0x68285000
gs32p        = 0xffffffff82e13404
ldt          = 0xffffffff82e13444
tss          = 0xffffffff82e13434
curvnet      = 0

More information:
Router: apu2e4 with WLE200NX wifi module
BIOS: v24.05.00.01 Dasharo (coreboot+SeaBIOS)

The kernel panic error has been fixed adding kern.smp.disabled=1 sysctl tunable value.

Thanks.

[franco]

It's best to report this to bugs.freebsd.org -- if someone asks for away to reproduce on FreeBSD 14.1 let me know and I'll provide builds for it.


Cheers,
Franco

[dicer]

Reported it: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280530

[franco]

Similar panic: https://forum.opnsense.org/index.php?topic=41870.0

Could you try the workaround in that thread?

> Set kern.smp.disabled to 1 (in System -> Settings -> Tunables) and reboot.

It's not a fix but it can help diagnose what the issue likely is...

[dicer]

apraile reported that the smp tunable worked for him:

The kernel panic error has been fixed adding kern.smp.disabled=1 sysctl tunable value.

[franco]

Despite what I already said the interesting thing would be if this is a viable workaround on your end too. If it is we're looking at quite an interesting locking issue.


Cheers,
Franco

[cercle]

Hi,
The same problem with an APU6.
The parameter kern.smp.disabled=1 solves the problem, but the APU only works on 1 core. so it's not the solution.

Setting the wifi channel to automatic solves the problem in my case.

Best regards
Cédric

[apraile]

Thanks a lot, @cercle !

In my case the problem has also been solved setting the wifi channel to Auto (automatic).

[Legally a Shrimp]

Setting the wifi channel to automatic solves the problem in my case.

This seems to have done the trick for me, too. Many thanks for sharing!

I'd still like a proper fix, but given the (lack of) activity on the FreeBSD bug tracker report, I guess this workaround will have to do for the foreseeable future.  :'(

[cercle]

For information, in pfSense with FreeBSD 14.0 and 15.0 I never had this problem, pfSense never used FreeBSD 14.1

[doktornotor]

Looks exactly the same like https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208636 to me at least, where nothing has been done but someone thinks it's been fixed and links some random commits in there.

In general, I strongly discourage anyone from using any form of wireless on FreeBSD. Absolutely NOT fit for purpose and utter waste of time. Get a real Linux-based AP, end of story.

[Patrick M. Hausen]

In general, I strongly discourage anyone from using any form of wireless on FreeBSD. Absolutely NOT fit for purpose and utter waste of time. Get a real Linux-based AP, end of story.

Just so nobody gets you statement wrong: FreeBSD works perfectly well as a WiFi client. You can run your Laptop with FreeBSD and connect wirelessly.

@doktornotor is perfectly right as far as building an AP is concerned. Just don't. If you want an open source AP, run OpenWRT.