https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286045
Bug ID: 286045
Summary: [iicbus] panic page fault on start by devd in L635:
sc->intr_handler(sc->intr_ctx, sc->intr_buf, actual);
Product: Base System
Version: 15.0-CURRENT
Hardware: amd64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: b...@freebsd.org
Reporter: d...@freebsd.org
Started after March stabilisation week, 100% reproducible.
Dump header from device: /dev/gpt/swap0
Architecture: amd64
Architecture Version: 2
Dump Length: 819712000
Blocksize: 512
Compression: none
Dumptime: 2025-04-10 07:00:54 +0000
Hostname: akai.skunkwerks.at
Magic: FreeBSD Kernel Dump
Version String: FreeBSD 15.0-CURRENT #0 main-n276338-98ea3178e54d: Wed Apr 9
15:34:34 UTC 2025
root@picard:/usr/obj/usr/src/amd64.amd64/sys/GENERIC
Panic String: page fault
Dump Parity: 4113817190
Bounds: 0
Dump Status: good
## dmesg
Starting devd.
iwmbtfw: iwmbt_fw_read: open: /usr/local/share/iwmbt-firmware/ibt-12-16.sfi: No
such file or directory
iwmbtfw: main: Firmware download failed!
Autoloading module: ng_ubt
Autoloading module: iichid
iichid0: <DLL075B:00 06CB:76AF I2C HID device> at addr 0x2c irq 51 on iicbus1
hidbus0: <HID bus> on iichid0
Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 02
fault virtual address = 0x0
fault code = supervisor read instruction, page not present
instruction pointer = 0x20:0x0
stack pointer = 0x28:0xfffffe00d89c7e38
frame pointer = 0x28:0xfffffe00d89c7e60
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 12 (irq51: iichid0)
rdi: 0000000000000000 rsi: fffff800432a8080 rdx: 000000000000003e
rcx: 0000000000000700 r8: 0000000000000000 r9: 0000000000000100
rax: 0000000000000001 rbx: fffff800015a2400 rbp: fffffe00d89c7e60
r10: 0000000000000000 r11: 000000000000003e r12: fffff80001462200
r13: fffff80039803580 r14: fffff800019b5d00 r15: fffff8000d436000
trap number = 12
panic: page fault
cpuid = 1
time = 1744268454
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00d89c7b60
vpanic() at vpanic+0x136/frame 0xfffffe00d89c7c90
panic() at panic+0x43/frame 0xfffffe00d89c7cf0
trap_pfault() at trap_pfault+0x48e/frame 0xfffffe00d89c7d60
calltrap() at calltrap+0x8/frame 0xfffffe00d89c7d60
--- trap 0xc, rip = 0, rsp = 0xfffffe00d89c7e38, rbp = 0xfffffe00d89c7e60 ---
??() at 0/frame 0xfffffe00d89c7e60
ithread_loop() at ithread_loop+0x266/frame 0xfffffe00d89c7ef0
fork_exit() at fork_exit+0x82/frame 0xfffffe00d89c7f30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00d89c7f30
--- trap 0xc, rip = 0x4b7fe22a61a, rsp = 0x4b813c6cf48, rbp = 0x4b813c6cf60 ---
KDB: enter: panic
## backtrace
Reading symbols from /boot/kernel/iichid.ko...
Reading symbols from /usr/lib/debug//boot/kernel/iichid.ko.debug...
__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
(kgdb) #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
#1 doadump (textdump=textdump@entry=0)
at /usr/src/sys/kern/kern_shutdown.c:404
#2 0xffffffff804a44fa in db_dump (dummy=<optimized out>,
dummy2=<optimized out>, dummy3=<optimized out>, dummy4=<optimized out>)
at /usr/src/sys/ddb/db_command.c:596
#3 0xffffffff804a42ed in db_command (last_cmdp=<optimized out>,
cmd_table=<optimized out>, dopager=true)
at /usr/src/sys/ddb/db_command.c:508
#4 0xffffffff804a3fad in db_command_loop ()
at /usr/src/sys/ddb/db_command.c:555
#5 0xffffffff804a7986 in db_trap (type=<optimized out>, code=<optimized out>)
at /usr/src/sys/ddb/db_main.c:267
#6 0xffffffff80ba89ef in kdb_trap (type=type@entry=3, code=code@entry=0,
tf=tf@entry=0xfffffe00d89c7aa0) at /usr/src/sys/kern/subr_kdb.c:790
#7 0xffffffff8109656c in trap (frame=<optimized out>)
at /usr/src/sys/amd64/amd64/trap.c:617
#8 <signal handler called>
#9 kdb_enter (why=<optimized out>, msg=<optimized out>)
at /usr/src/sys/kern/subr_kdb.c:556
#10 0xffffffff80b5880b in vpanic (fmt=0xffffffff8120b2c1 "%s",
ap=ap@entry=0xfffffe00d89c7cd0) at /usr/src/sys/kern/kern_shutdown.c:967
#11 0xffffffff80b58673 in panic (
fmt=0xffffffff81b9c3a0 <cnputs_mtx> "\306o\027\201\377\377\377\377")
at /usr/src/sys/kern/kern_shutdown.c:892
#12 0xffffffff8109706e in trap_fatal (frame=<optimized out>,
eva=<optimized out>) at /usr/src/sys/amd64/amd64/trap.c:974
#13 0xffffffff8109706e in trap_pfault (frame=0xfffffe00d89c7d70,
usermode=false, signo=<optimized out>, ucode=<optimized out>)
#14 <signal handler called>
#15 0x0000000000000000 in ?? ()
#16 0xffffffff83ae2812 in iichid_intr (context=0xfffff800015a2400)
at /usr/src/sys/dev/iicbus/iichid.c:635
#17 0xffffffff80b0e896 in intr_event_execute_handlers (ie=0xfffff80001462200,
p=<optimized out>) at /usr/src/sys/kern/kern_intr.c:1191
#18 ithread_execute_handlers (ie=0xfffff80001462200, p=<optimized out>)
at /usr/src/sys/kern/kern_intr.c:1204
#19 ithread_loop (arg=arg@entry=0xfffff800015857c0)
at /usr/src/sys/kern/kern_intr.c:1297
#20 0xffffffff80b0ac12 in fork_exit (
callout=0xffffffff80b0e630 <ithread_loop>, arg=0xfffff800015857c0,
frame=0xfffffe00d89c7f40) at /usr/src/sys/kern/kern_fork.c:1152
#21 <signal handler called>
#22 0x000004b7fe22a61a in ?? ()
Backtrace stopped: Cannot access memory at address 0x4b813c6cf48
(kgdb)
THREAD_SLEEPING_OK();
error = iichid_cmd_read(sc, sc->intr_buf, sc->intr_bufsize, &actual);
THREAD_NO_SLEEPING();
if (error == 0) {
if (sc->power_on) {
if (actual != 0)
L#635 sc->intr_handler(sc->intr_ctx, sc->intr_buf,
actual);
else
DPRINTF(sc, "no data received\n");
}
} else
DPRINTF(sc, "read error occurred: %d\n", error);
iicbus_release_bus(parent, sc->dev);
}
--
You are receiving this mail because:
You are the assignee for the bug.
