[Bug 285676] bhnd_nvram/bhnd_nvram_io_read(?) panics on device_attach

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 285676] bhnd_nvram/bhnd_nvram_io_read(?) panics on device_attach"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 26 Mar 2025 16:36:01 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285676

            Bug ID: 285676
           Summary: bhnd_nvram/bhnd_nvram_io_read(?) panics on
                    device_attach
           Product: Base System
           Version: CURRENT
          Hardware: arm64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: bz@FreeBSD.org

This wasn't the case in the past with 15/main; the card has been in there for a
year or so...

bhnd0: <BCM43224 BCMA bus> on bhndb0
bcma_erom_next_corecfg erom[0x8]: core0: Broadcom ChipCommon I/O Controller
(cid=800, rev=34, unit=0)
bcma_erom_next_corecfg erom[0x1c]: core1: Broadcom 802.11 MAC/PHY/Radio
(cid=812, rev=23, unit=0)
bcma_erom_next_corecfg erom[0x30]: core2: Broadcom PCIe Bridge (cid=820,
rev=15, unit=0)
bcma_erom_next_corecfg erom[0x60]: core3: ARM BP135 AMBA3 AXI to APB Bridge
(cid=135, rev=0, unit=0)
bcma_erom_next_corecfg erom[0x70]: core4: ARM BP135 AMBA3 AXI to APB Bridge
(cid=135, rev=0, unit=1)
bcma_erom_next_corecfg erom[0x84]: core5: ARM PL367 OOB Interrupt Router
(cid=367, rev=0, unit=0)
bcma_erom_next_corecfg erom[0x90]: core6: ARM PL366 Device Enumeration ROM
(cid=366, rev=0, unit=0)
bcma_erom_next_corecfg erom[0x9c]: core7: ARM PL301 AMBA3 Interconnect
(cid=301, rev=0, unit=0)
bcma_erom_next_corecfg erom[0xa8]: core8: ARM Unmapped Address Ranges (cid=fff,
rev=0, unit=0)
bhnd_chipc0: <Broadcom ChipCommon I/O Controller, rev 34> mem
0x18000000-0x18000fff,0x18100000-0x18100fff irq 0 at core 0 on bhnd0
bhnd_chipc0: MIPSEB:  no    | BP64:  yes
bhnd_chipc0: UARTs:   0     | UGPIO: no
bhnd_chipc0: UARTClk: 0x00  | Flash: 0
bhnd_chipc0: SPROM:   yes   | OTP:   yes
bhnd_chipc0: CFIsz:   0x00  | OTPsz: 0x02
bhnd_chipc0: ExtBus:  0x00  | PwrCtrl: no
bhnd_chipc0: PLL:     0x00  | JTAGM: yes
bhnd_chipc0: PMU:     yes   | ECI:   no
bhnd_chipc0: SECI:    no    | GSIO:  no
bhnd_chipc0: AOB:     no    | BootROM: no
bhnd_nvram0: <SPROM/OTP> mem 0x18000800-0x18000bff on bhnd_chipc0
Fatal data abort:
  x0: 0x0000000000000000
  x1: 0xffff000131df4800
  x2: 0x0000000000000000
  x3: 0xffff000130d51c50
  x4: 0x0000000000000040
  x5: 0x0000000000000040
  x6: 0x000000000000003f
  x7: 0x0000000000000000
  x8: 0xffff000131df4800
  x9: 0xffff000000d5cb70 (memmap_bus + 0x0)
 x10: 0x0000000000000000
 x11: 0x0000000000000800
 x12: 0x0000000000000000
 x13: 0x0000000000000006
 x14: 0x0000002f9af14000
 x15: 0xffff000001099e00 (w_locklistdata + 0x3dd38)
 x16: 0xffff0001d40a9438 (bhnd_nvram_iores_read + 0x0)
 x17: 0xffff0001d40a8b10 ($x + 0x0)
 x18: 0xffff000130d51bf0
 x19: 0xffff000130d51c50
 x20: 0xffff0001d4079e70 (bhnd_nvram_crc8_tab + 0x0)
 x21: 0xffffa02030e1e640
 x22: 0x0000000000000000
 x23: 0xffff0001d40cca08 (bhnd_sprom_layouts + 0x0)
 x24: 0x00000000000000ff
 x25: 0x0000000000000080
 x26: 0x0000000000000080
 x27: 0xffff0000009e4949 (notify.prefix + 0x3ca48)
 x28: 0x0000000000000000
 x29: 0xffff000130d51bf0
  sp: 0xffff000130d51bf0
  lr: 0xffff0001d40a9564 (bhnd_nvram_iores_read + 0x12c)
 elr: 0x0000000000000000
spsr: 0x0000000060000005
 far: 0x0000000000000000
 esr: 0x0000000086000004
panic: vm_fault failed: 0x0 error 1
cpuid = 4
time = 1743006472
KDB: stack backtrace:
db_trace_self() at db_trace_self
db_trace_self_wrapper() at db_trace_self_wrapper+0x38
vpanic() at vpanic+0x1a0
panic() at panic+0x48
data_abort() at data_abort+0x28c
handle_el1h_sync() at handle_el1h_sync+0x18
--- exception, esr 0x86000004
(null)() at 0
bhnd_nvram_sprom_ident() at bhnd_nvram_sprom_ident+0xfc
bhnd_nvram_sprom_new() at bhnd_nvram_sprom_new+0x20
bhnd_nvram_data_new() at bhnd_nvram_data_new+0x60
bhnd_nvram_store_parse_new() at bhnd_nvram_store_parse_new+0x24
bhnd_sprom_attach() at bhnd_sprom_attach+0xe8
chipc_sprom_attach() at chipc_sprom_attach+0xb4
device_attach() at device_attach+0x4c0
bus_attach_children() at bus_attach_children+0x5c
chipc_attach() at chipc_attach+0xfc4
device_attach() at device_attach+0x4c0
bhnd_bus_probe_children() at bhnd_bus_probe_children+0x54
bhnd_generic_attach() at bhnd_generic_attach+0x40
bcma_bhndb_attach() at bcma_bhndb_attach+0x20
device_attach() at device_attach+0x4c0
bus_attach_children() at bus_attach_children+0x5c
bhndb_pci_attach() at bhndb_pci_attach+0x994
device_attach() at device_attach+0x4c0
bhndb_attach_bridge() at bhndb_attach_bridge+0x30
bwn_pci_attach() at bwn_pci_attach+0x54
device_attach() at device_attach+0x4c0
pci_driver_added() at pci_driver_added+0x110
devclass_driver_added() at devclass_driver_added+0x48
device_do_deferred_actions() at device_do_deferred_actions+0x74
devctl2_ioctl() at devctl2_ioctl+0x1bc
devfs_ioctl() at devfs_ioctl+0x100
vn_ioctl() at vn_ioctl+0xbc
devfs_ioctl_f() at devfs_ioctl_f+0x24
kern_ioctl() at kern_ioctl+0x2e4
sys_ioctl() at sys_ioctl+0x140
do_el0_sync() at do_el0_sync+0x608
handle_el0_sync() at handle_el0_sync+0x4c
--- exception, esr 0x56000000
KDB: enter: panic
[ thread pid 129 tid 100267 ]
Stopped at      kdb_enter+0x48: str     xzr, [x19, #2048]


(gdb) l *bhnd_nvram_sprom_ident+0xfc
0x4b958 is in bhnd_nvram_sprom_ident
(/usr/src/sys/dev/bhnd/nvram/bhnd_nvram_data_sprom.c:215).
210                     while (nread > 0) {
211                             size_t nr;
212
213                             nr = bhnd_nv_ummin(nread, sizeof(buf));
214
215                             if ((error = bhnd_nvram_io_read(io, nbytes,
buf, nr)))
216                                     return (error);
217
218                             crc = bhnd_nvram_crc8(buf, nr, crc);
219                             crc_valid = (crc == BHND_NVRAM_CRC8_VALID);

-- 
You are receiving this mail because:
You are the assignee for the bug.