[Bug 282374] kernel panic on boot with Chelsio T320 installed

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 282374] kernel panic on boot with Chelsio T320 installed"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 28 Oct 2024 01:34:43 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282374

--- Comment #1 from ScottD <biscuits.carry.0j@icloud.com> ---
Here's the last few lines of the message buffer before the panic:

Starting device manager...
acpi_wmi0: <ACPI-WMI mapping> on acpi0
acpi_wmi0: Embedded MOF found
ACPI: \_SB.WMIB.WQZZ: 1 arguments were passed to a non-method ACPI object
(Buffer) (20221020/nsarguments-361)
acpi_wmi1: <ACPI-WMI mapping> on acpi0
acpi_wmi1: Embedded MOF found
ACPI: \_SB.WMIV.WQZZ: 1 arguments were passed to a non-method ACPI object
(Buffer) (20221020/nsarguments-361)
acpi_wmi2: <ACPI-WMI mapping> on acpi0
acpi_wmi2: Embedded MOF found
cxgbc0: <Chelsio T320, 2 ports> mem 0xd1000000-0xd1000fff,0xd1001000-0xd1001fff
irq 16 at device 0.0 on pci1
cxgbc0: using MSI-X interrupts (9 vectors)
cxgb0: <Port 0 10GBASE-R> on cxgbc0
Fatal trap 12: page fault while in kernel mode

I am not able to reproduce the panic when booting from a FreeBSD 14.1 or
FreeBSD 14.2-PRERELEASE memstick, although I have not tried an install.

Here's the backtrace from the latest 14.2 PRERELEASE kernel:

Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 04
fault virtual address   = 0x0
fault code              = supervisor read instruction, page not present
instruction pointer     = 0x20:0x0
stack pointer           = 0x28:0xfffffe00aab0b6f8
frame pointer           = 0x28:0xfffffe00aab0b720
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 367 (devctl)
rdi: fffff80024451000 rsi: fffffe00aab0b770 rdx: fffffe00acbb9ed8
rcx: 00000000c0306938  r8: 0000000000000000  r9: 0000000000000000
rax: 0000000000000000 rbx: fffffe00aab0b770 rbp: fffffe00aab0b720
r10: fffff8003bb06800 r11: 0000000000000800 r12: 0000000000008802
r13: fffff8003bb06810 r14: fffffe00acbb9ed8 r15: 0000000000000000
trap number             = 12
panic: page fault
cpuid = 2
time = 1730034648
KDB: stack backtrace:
#0 0xffffffff80b8b9bd at kdb_backtrace+0x5d
#1 0xffffffff80b3e101 at vpanic+0x131
#2 0xffffffff80b3dfc3 at panic+0x43
#3 0xffffffff81024a0b at trap_fatal+0x40b
#4 0xffffffff81024a56 at trap_pfault+0x46
#5 0xffffffff80ffb538 at calltrap+0x8
#6 0xffffffff80d897e5 at dump_iface+0x145
#7 0xffffffff80d891a9 at rtnl_handle_ifevent+0xa9
#8 0xffffffff80c5c75f at if_attach_internal+0x3df
#9 0xffffffff80c6784c at ether_ifattach+0x2c
#10 0xffffffff83327b53 at cxgb_port_attach+0x1d3
#11 0xffffffff80b7abac at device_attach+0x3ac
#12 0xffffffff80b7be7b at bus_generic_attach+0x4b
#13 0xffffffff83326ab6 at cxgb_controller_attach+0x926
#14 0xffffffff80b7abac at device_attach+0x3ac
#15 0xffffffff80b7a7e1 at device_probe_and_attach+0x41
#16 0xffffffff80818382 at pci_driver_added+0xf2
#17 0xffffffff80b78269 at devclass_driver_added+0x29

I can provide vmcore files from 14.1-RELEASE or 14.2-PRERELEASE, and am happy
to test with other kernels if necessary.

The information below is from a vmcore on "FreeBSD 14.2-PRERELEASE
stable/14-n269296-5ae76ff5138e GENERIC amd64"

In kgdb, the backtrace is slightly different, with the page fault in
ifmedia_ioctl due to a null pointer in ifm->ifm_status - the ifm_status
callback pointer is null.

#9  0xffffffff80c6c329 in ifmedia_ioctl (ifp=0xfffff80024451000,
ifr=0xfffffe00aab0b770, ifm=0xfffffe00acbb9ed8,
    cmd=<optimized out>) at /usr/src/sys/net/if_media.c:293
warning: Source file is more recent than executable.
293                     (*ifm->ifm_status)(ifp, ifmr);
(kgdb) p ifm
$1 = (struct ifmedia *) 0xfffffe00acbb9ed8
(kgdb) p ifm->ifm_status
$2 = (ifm_stat_cb_t) 0x0

And here's the more complete backtrace as shown in kgdb:

#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
#1  doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:405
#2  0xffffffff80b3dc97 in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:523
#3  0xffffffff80b3e16e in vpanic (fmt=0xffffffff81174043 "%s",
ap=ap@entry=0xfffffe00aab0b550)
    at /usr/src/sys/kern/kern_shutdown.c:967
#4  0xffffffff80b3dfc3 in panic (fmt=<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:891
#5  0xffffffff81024a0b in trap_fatal (frame=0xfffffe00aab0b630, eva=0) at
/usr/src/sys/amd64/amd64/trap.c:952
#6  0xffffffff81024a56 in trap_pfault (frame=<unavailable>, usermode=false,
signo=<optimized out>,
    ucode=<optimized out>) at /usr/src/sys/amd64/amd64/trap.c:760
#7  <signal handler called>
#8  0x0000000000000000 in ?? ()
#9  0xffffffff80c6c329 in ifmedia_ioctl (ifp=0xfffff80024451000,
ifr=0xfffffe00aab0b770, ifm=0xfffffe00acbb9ed8,
    cmd=<optimized out>) at /usr/src/sys/net/if_media.c:293
#10 0xffffffff80d897e5 in get_operstate_ether (ifp=0xfffff80024451000,
pstate=<optimized out>)
    at /usr/src/sys/netlink/route/iface.c:124
#11 get_operstate (ifp=0xfffff80024451000, pstate=<optimized out>) at
/usr/src/sys/netlink/route/iface.c:181
#12 dump_iface (nw=nw@entry=0xfffffe00aab0b7e8,
ifp=ifp@entry=0xfffff80024451000,
    hdr=hdr@entry=0xfffffe00aab0b828, if_flags_mask=if_flags_mask@entry=0)
    at /usr/src/sys/netlink/route/iface.c:310
#13 0xffffffff80d891a9 in rtnl_handle_ifevent (ifp=0xfffff80024451000,
nlmsg_type=<optimized out>,
    if_flags_mask=0) at /usr/src/sys/netlink/route/iface.c:1411
#14 0xffffffff80c5c75f in if_attach_internal (ifp=ifp@entry=0xfffff80024451000,
vmove=<optimized out>)
    at /usr/src/sys/net/if.c:957
#15 0xffffffff80c5c379 in if_attach (ifp=ifp@entry=0xfffff80024451000) at
/usr/src/sys/net/if.c:772
#16 0xffffffff80c6784c in ether_ifattach (ifp=ifp@entry=0xfffff80024451000,
lla=0xfffffe00aab0b770 "",
    lla@entry=0xfffffe00acbb9f38 "") at /usr/src/sys/net/if_ethersubr.c:1001
#17 0xffffffff83327b53 in cxgb_port_attach (dev=0xfffff80006f09100) at
/usr/src/sys/dev/cxgb/cxgb_main.c:1044
#18 0xffffffff80b7abac in DEVICE_ATTACH (dev=0xfffff80006f09100) at
./device_if.h:195
#19 device_attach (dev=dev@entry=0xfffff80006f09100) at
/usr/src/sys/kern/subr_bus.c:2548
#20 0xffffffff80b7be7b in device_probe_and_attach (dev=0xfffff80006f09100) at
/usr/src/sys/kern/subr_bus.c:2505
#21 bus_generic_attach (dev=dev@entry=0xfffff80001b11000) at
/usr/src/sys/kern/subr_bus.c:3381
#22 0xffffffff83326ab6 in cxgb_controller_attach (dev=0xfffff80001b11000) at
/usr/src/sys/dev/cxgb/cxgb_main.c:644
#23 0xffffffff80b7abac in DEVICE_ATTACH (dev=0xfffff80001b11000) at
./device_if.h:195
#24 device_attach (dev=dev@entry=0xfffff80001b11000) at
/usr/src/sys/kern/subr_bus.c:2548
#25 0xffffffff80b7a7e1 in device_probe_and_attach
(dev=dev@entry=0xfffff80001b11000)
    at /usr/src/sys/kern/subr_bus.c:2505
#26 0xffffffff80818382 in pci_driver_added (dev=0xfffff80001b11100,
driver=<optimized out>)
    at /usr/src/sys/dev/pci/pci.c:4733
#27 0xffffffff80b78269 in BUS_DRIVER_ADDED (_dev=0xfffff80001b11100,
    _driver=0xffffffff8333b420 <cxgb_controller_driver>) at ./bus_if.h:210
#28 devclass_driver_added (dc=dc@entry=0xfffff80001717300,
driver=0xffffffff8333b420 <cxgb_controller_driver>)
    at /usr/src/sys/kern/subr_bus.c:603
#29 0xffffffff80b8065b in device_do_deferred_actions () at
/usr/src/sys/kern/subr_bus.c:5543
#30 0xffffffff80b7ff5f in devctl2_ioctl (cdev=<optimized out>, cmd=2157462540,
data=0xfffff80024647a00 "",
    fflag=<optimized out>, td=<optimized out>) at
/usr/src/sys/kern/subr_bus.c:5826
#31 0xffffffff809cc79b in devfs_ioctl (ap=0xfffffe00aab0bc58) at
/usr/src/sys/fs/devfs/devfs_vnops.c:952
#32 0xffffffff80c3a91e in VOP_IOCTL (vp=<optimized out>, command=<optimized
out>, data=<optimized out>,
--Type <RET> for more, q to quit, c to continue without paging--c
    fflag=<optimized out>, cred=<optimized out>, td=<optimized out>) at
./vnode_if.h:633
#33 0xffffffff80c3a91e in vn_ioctl (fp=<optimized out>,
com=18446741877550004080, data=0xfffffe00acbb9ed8,
    active_cred=0xc0306938, td=0x0)
#34 0xffffffff809ccdfe in devfs_ioctl_f (fp=0xfffff80024451000,
com=18446741877550004080,
    data=0xfffffe00acbb9ed8, cred=0xc0306938, td=0x0) at
/usr/src/sys/fs/devfs/devfs_vnops.c:883
#35 0xffffffff80bacad5 in fo_ioctl (fp=0xfffff80006f63d20, com=2157462540,
data=0xfffffe00acbb9ed8,
    active_cred=0xc0306938, td=0xfffff80006eca740) at
/usr/src/sys/sys/file.h:370
#36 kern_ioctl (td=td@entry=0xfffff80006eca740, fd=<optimized out>,
com=com@entry=2157462540,
    data=0xfffffe00acbb9ed8 "", data@entry=0xfffff80024647a00 "") at
/usr/src/sys/kern/sys_generic.c:807
#37 0xffffffff80bac81f in sys_ioctl (td=<optimized out>,
uap=0xfffff80006ecab40)
    at /usr/src/sys/kern/sys_generic.c:715
#38 0xffffffff810252c5 in syscallenter (td=0xfffff80006eca740)
    at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:191
#39 amd64_syscall (td=0xfffff80006eca740, traced=0) at
/usr/src/sys/amd64/amd64/trap.c:1194
#40 <signal handler called>
#41 0x00003925bf8095fa in ?? ()
Backtrace stopped: Cannot access memory at address 0x3925bccb1db8

What can I do to gather more information or further investigate?

-- 
You are receiving this mail because:
You are the assignee for the bug.