Bug 275381 - page fault while re-enabling network nic via devctl
Summary: page fault while re-enabling network nic via devctl
Status: In Progress
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 14.0-RELEASE
Hardware: Any Any
: --- Affects Some People
Assignee: Zhenlei Huang
URL: https://reviews.freebsd.org/D42678
Keywords:
Depends on:
Blocks:
 
Reported: 2023-11-27 17:14 UTC by Zhenlei Huang
Modified: 2023-12-05 16:24 UTC (History)
3 users (show)

See Also:
zlei: mfc-stable14?
zlei: mfc-stable13?
zlei: mfc-stable12?

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Zhenlei Huang freebsd_committer freebsd_triage 2023-11-27 17:14:39 UTC 
This is originally reported by khng@ on Telegram bsd dev group. Post it here to make it public.

Steps to repeat:

Boot with Ethernet interface disabled, then try to enable it.

```
> set hint.hn.0.disabled="1"
> boot
...
# devctl enable hn0
```


Part of core text dump:

freebsd dumped core - see /var/crash/vmcore.0

Mon Nov 20 04:17:24 UTC 2023

FreeBSD freebsd 14.0-RELEASE FreeBSD 14.0-RELEASE #0 releng/14.0-n265380-f9716eee8ab4: Fri Nov 10 05:57:23 UTC 2023     root@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC  amd64

panic: page fault

GNU gdb (GDB) 13.2 [GDB v13.2 for FreeBSD]
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd14.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /boot/kernel/kernel...
Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address	= 0x28
fault code		= supervisor read data, page not present
instruction pointer	= 0x20:0xffffffff80c5e0c8
stack pointer	        = 0x28:0xfffffe0053f4b900
frame pointer	        = 0x28:0xfffffe0053f4b940
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 650 (devctl)
rdi: fffff80006eb6800 rsi: fffff80001027500 rdx: 0000000000000001
rcx: 0000000000000001  r8: 0000000000000000  r9: 8080808080808080
rax: 0000000000000000 rbx: fffffe0054963c80 rbp: fffffe0053f4b940
r10: ffffffff811e1f39 r11: 8b9091ff93939e00 r12: fffff80007fca000
r13: fffff80007305c20 r14: ffffffff811e1f39 r15: 0000000000000000
trap number		= 12
panic: page fault
cpuid = 1
time = 1700453806
KDB: stack backtrace:
#0 0xffffffff80b9002d at kdb_backtrace+0x5d
#1 0xffffffff80b43132 at vpanic+0x132
#2 0xffffffff80b42ff3 at panic+0x43
#3 0xffffffff8100c85c at trap_fatal+0x40c
#4 0xffffffff8100c8af at trap_pfault+0x4f
#5 0xffffffff80fe3828 at calltrap+0x8
#6 0xffffffff80c5ceb5 at if_attach_internal+0x55
#7 0xffffffff80c6824c at ether_ifattach+0x2c
#8 0xffffffff80f779c6 at hn_attach+0x21d6
#9 0xffffffff80b7fa1e at device_attach+0x3be
#10 0xffffffff80b84dcf at devctl2_ioctl+0x56f
#11 0xffffffff809d10dc at devfs_ioctl+0xcc
#12 0xffffffff80c3b9b4 at vn_ioctl+0xd4
#13 0xffffffff809d177e at devfs_ioctl_f+0x1e
#14 0xffffffff80bb1535 at kern_ioctl+0x255
#15 0xffffffff80bb1273 at sys_ioctl+0x123
#16 0xffffffff8100d119 at amd64_syscall+0x109
#17 0xffffffff80fe413b at fast_syscall_common+0xf8
Uptime: 15s
Dumping 212 out of 470 MB:..8%..16%..23%..31%..46%..53%..61%..76%..83%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
57	/usr/src/sys/amd64/include/pcpu_aux.h: No such file or directory.
(kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
#1  doadump (textdump=<optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:405
#2  0xffffffff80b42cc7 in kern_reboot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:526
#3  0xffffffff80b4319f in vpanic (fmt=0xffffffff81136b3b "%s", 
    ap=ap@entry=0xfffffe0053f4b750) at /usr/src/sys/kern/kern_shutdown.c:970
#4  0xffffffff80b42ff3 in panic (fmt=<unavailable>)
    at /usr/src/sys/kern/kern_shutdown.c:894
#5  0xffffffff8100c85c in trap_fatal (frame=0xfffffe0053f4b840, eva=40)
    at /usr/src/sys/amd64/amd64/trap.c:952
#6  0xffffffff8100c8af in trap_pfault (frame=0xfffffe0053f4b840, 
    usermode=false, signo=<optimized out>, ucode=<optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:760
#7  <signal handler called>
#8  0xffffffff80c5e0c8 in if_addgroup (ifp=ifp@entry=0xfffff80007fca000, 
    groupname=0xffffffff811e1f39 "all") at /usr/src/sys/net/if.c:1477
#9  0xffffffff80c5ceb5 in if_attach_internal (
    ifp=ifp@entry=0xfffff80007fca000, vmove=false)
    at /usr/src/sys/net/if.c:842
#10 0xffffffff80c5ce59 in if_attach (ifp=0xfffff80006eb6800, 
    ifp@entry=0xfffff80007fca000) at /usr/src/sys/net/if.c:772
#11 0xffffffff80c6824c in ether_ifattach (ifp=0xfffff80006eb6800, 
    ifp@entry=0xfffff80007fca000, lla=0xfffff80001027500 "", 
    lla@entry=0xfffffe0053f4ba80 "") at /usr/src/sys/net/if_ethersubr.c:1001
#12 0xffffffff80f779c6 in hn_attach (dev=0xfffff8000291ce00)
    at /usr/src/sys/dev/hyperv/netvsc/if_hn.c:2436
#13 0xffffffff80b7fa1e in DEVICE_ATTACH (dev=0xfffff8000291ce00)
    at ./device_if.h:195
#14 device_attach (dev=dev@entry=0xfffff8000291ce00)
    at /usr/src/sys/kern/subr_bus.c:2535
#15 0xffffffff80b84dcf in devctl2_ioctl (cdev=<optimized out>, 
    cmd=2157462531, data=<optimized out>, fflag=<optimized out>, 
    td=0xfffffe0054963c80) at /usr/src/sys/kern/subr_bus.c:5433
#16 0xffffffff809d10dc in devfs_ioctl (ap=0xfffffe0053f4bc40)
    at /usr/src/sys/fs/devfs/devfs_vnops.c:933
#17 0xffffffff80c3b9b4 in vn_ioctl (fp=0xfffff8000704ce10, 
    com=18446735277633467648, data=0xfffff8000779ee00, 
    active_cred=0xfffff8000702cb00, td=0x0)
    at /usr/src/sys/kern/vfs_vnops.c:1701
#18 0xffffffff809d177e in devfs_ioctl_f (fp=0xfffff80006eb6800, 
    com=18446735277633467648, data=0x1, cred=0x1, td=0x0)
    at /usr/src/sys/fs/devfs/devfs_vnops.c:864
#19 0xffffffff80bb1535 in fo_ioctl (fp=0xfffff8000704ce10, com=2157462531, 
    data=0x1, active_cred=0x1, td=0xfffffe0054963c80)
    at /usr/src/sys/sys/file.h:366
#20 kern_ioctl (td=td@entry=0xfffffe0054963c80, fd=<optimized out>, 
    com=com@entry=2157462531, 
    data=0x1 <error: Cannot access memory at address 0x1>, 
    data@entry=0xfffff8000779ee00 "hn0")
    at /usr/src/sys/kern/sys_generic.c:805
#21 0xffffffff80bb1273 in sys_ioctl (td=0xfffffe0054963c80, 
    uap=0xfffffe0054964080) at /usr/src/sys/kern/sys_generic.c:713
#22 0xffffffff8100d119 in syscallenter (td=0xfffffe0054963c80)
    at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:187
#23 amd64_syscall (td=0xfffffe0054963c80, traced=0)
    at /usr/src/sys/amd64/amd64/trap.c:1197
#24 <signal handler called>
#25 0x000032e7074bce0a in ?? ()
Backtrace stopped: Cannot access memory at address 0x32e7069aff48
(kgdb)
Comment 1 Zhenlei Huang freebsd_committer freebsd_triage 2023-11-27 17:20:15 UTC 
Other ethernet interface drivers are also affected, tested with re(4) and cxgbe(4).

Proposed fix: https://reviews.freebsd.org/D42678