Created attachment 252391 [details] Full console log I get a kernel panic when initializing an interface for the wifi card WLE200NX (Atheros 9280?) This happens after upgrading my opnsense installation from 24.1 (using FreeBSD 13.2-p10) to 24.7 (using FreeBSD 14.1). I filed an issue there (https://forum.opnsense.org/index.php?topic=41816.0) and was told to tell you about this. Some more details: 1. This is not a generic problem with the wifi card. It seems the panic only happens when the created interface is part of a network bridge. I actually have two interfaces created using this card (different SSIDs) and the first one (WIFIG) gets created ok. When the second one (WIFIP) is created as part of a bridge, I get the kernel panic. Another user on the opnsense thread confirmed my suspicion that it is related to a bridge. 2. Disabling SMP seems to help. Another user wrote: "The kernel panic error has been fixed adding kern.smp.disabled=1 sysctl tunable value." Here is some of what I get one the console (I attached the full output): FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 14.1-RELEASE-p2 stable/24.7-n267758-4ad7ad40bc77 SMP amd64 FreeBSD clang version 18.1.5 (https://github.com/llvm/llvm-project.git llvmorg-18.1.5-0-g617a15a9eac9) VT(vga): resolution 640x480 CPU: AMD GX-412TC SOC (998.24-MHz K8-class CPU) Origin="AuthenticAMD" Id=0x730f01 Family=0x16 Model=0x30 Stepping=1 Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT> Features2=0x3ed8220b<SSE3,PCLMULQDQ,MON,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AESNI,XSAVE,OSXSAVE,AVX,F16C> AMD Features=0x2e500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM> AMD Features2=0x1d4037ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,OSVW,IBS,SKINIT,WDT,Topology,PNXC,DBE,PTSC,PL2I> Structured Extended Features=0x8<BMI1> XSAVE Features=0x1<XSAVEOPT> SVM: NP,NRIP,AFlush,DAssist,NAsids=8 TSC: P-state invariant, performance statistics real memory = 4815060992 (4592 MB) avail memory = 4098850816 (3908 MB) Event timer "LAPIC" quality 100 ACPI APIC Table: <CORE COREBOOT> FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs FreeBSD/SMP: 1 package(s) x 4 core(s) ... wlan: mac acl policy registered ... ath0: <Atheros 9280> mem 0xfe800000-0xfe80ffff at device 0.0 on pci4 [ath] enabling AN_TOP2_FIXUP ath0: [HT] enabling HT modes ath0: [HT] 1 stream STBC receive enabled ath0: [HT] 1 stream STBC transmit enabled ath0: [HT] 2 RX streams; 2 TX streams ath0: AR9280 mac 128.2 RF5133 phy 13.0 ath0: 2GHz radio: 0x0000; 5GHz radio: 0x00c0 ... Configuring WIFIG interface...done. Configuring WIFIP interface... Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0xffff fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80d5363d stack pointer = 0x28:0xfffffe0062769cd0 frame pointer = 0x28:0xfffffe0062769d00 code segment = base rx0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 0 (ath0 net80211 taskq) rdi: 0000000000040000 rsi: 0000000000000001 rdx: 000000000000ffff rcx: 00000000500c2408 r8: 0000000000000000 r9: 0000000000000080 rax: fffff800b0eb6942 rbx: fffff800b0a71000 rbp: fffffe0062769d00 r10: 0000000000000000 r11: 000007fffffff000 r12: fffffe00629d6000 r13: fffff800b0eb6938 r14: fffff800b0a71000 r15: fffffe006d9d3000 trap number = 12 panic: page fault cpuid = 1 time = 1722197341 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00627699c0 vpanic() at vpanic+0x131/frame 0xfffffe0062769af0 panic() at panic+0x43/frame 0xfffffe0062769b50 trap_fatal() at trap_fatal+0x40b/frame 0xfffffe0062769bb0 trap_pfault() at trap_pfault+0x46/frame 0xfffffe0062769c00 calltrap() at calltrap+0x8/frame 0xfffffe0062769c00 --- trap 0xc, rip = 0xffffffff80d5363d, rsp = 0xfffffe0062769cd0, rbp = 0xfffffe0062769d00 --- ieee80211_beacon_construct() at ieee80211_beacon_construct+0x7d/frame 0xfffffe0062769d00 ieee80211_beacon_alloc() at ieee80211_beacon_alloc+0xb3/frame 0xfffffe0062769d40 ath_beacon_alloc() at ath_beacon_alloc+0x84/frame 0xfffffe0062769d80 ath_newstate() at ath_newstate+0x3f2/frame 0xfffffe0062769df0 ieee80211_newstate_cb() at ieee80211_newstate_cb+0x1fc/frame 0xfffffe0062769e40 taskqueue_run_locked() at taskqueue_run_locked+0x182/frame 0xfffffe0062769ec0 taskqueue_thread_loop() at taskqueue_thread_loop+0xc2/frame 0xfffffe0062769ef0 fork_exit() at fork_exit+0x7f/frame 0xfffffe0062769f30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0062769f30 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic [ thread pid 0 tid 100061 ] Stopped at kdb_enter+0x33: movq $0,0xfd9b22(%rip) db:0:kdb.enter.default> textdump set textdump set db:0:kdb.enter.default> capture on db:0:kdb.enter.default> run lockinfo db:1:lockinfo> show locks No such command; use "help" to list available commands db:1:lockinfo> show alllocks No such command; use "help" to list available commands db:1:lockinfo> show lockedvnods Locked vnodes db:0:kdb.enter.default> show pcpu cpuid = 1 dynamic pcpu = 0xfffffe0086ba0c40 curthread = 0xfffff8000380a000: pid 0 tid 100061 critnest 1 "ath0 net80211 taskq" curpcb = 0xfffff8000380a520 fpcurthread = none idlethread = 0xfffff8000353e000: tid 100004 "idle: cpu1" self = 0xffffffff82611000 curpmap = 0xffffffff81b81670 tssp = 0xffffffff82611384 rsp0 = 0xfffffe006276a000 kcr3 = 0xffffffffffffffff ucr3 = 0xffffffffffffffff scr3 = 0x0 gs32p = 0xffffffff82611404 ldt = 0xffffffff82611444 tss = 0xffffffff82611434 curvnet = 0
Requests to reproduce on a stock FreeBSD 14.1 kernel will be accommodated when asked for. In general: could this be related to Giant lock removal efforts?