NetBSD Problem Report #51093

From cjb@brushtail.apana.org.au  Mon Apr 25 19:06:08 2016
Return-Path: <cjb@brushtail.apana.org.au>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 5CE8B7A466
	for <gnats-bugs@gnats.NetBSD.org>; Mon, 25 Apr 2016 19:06:08 +0000 (UTC)
Message-Id: <20160425174656.0AAEF48DF91@brushtail.apana.org.au>
Date: Tue, 26 Apr 2016 03:46:56 +1000 (AEST)
From: cjb@brushtail.apana.org.au
Reply-To: cjb@brushtail.apana.org.au
To: gnats-bugs@netbsd.org
Subject:
X-Send-Pr-Version: 3.95

>Number:         51093
>Category:       kern
>Synopsis:       Accessing USB hid device results in crash
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    skrll
>State:          feedback
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Apr 25 19:10:00 +0000 2016
>Closed-Date:    
>Last-Modified:  Thu Sep 05 05:24:12 +0000 2019
>Originator:     Chris Baird
>Release:        NetBSD 7.99.28 -- Apr 25 12:26 AEST (3 hours ago..)
>Organization:
Australian Public Access Network Assocation
>Environment:
System: NetBSD brushtail 7.99.28 NetBSD 7.99.28 (BRUSHTAIL) #640: Tue Apr 26 03:07:01 AEST 2016 cjb@brushtail:/root/Brushtail amd64
Architecture: x86_64
Machine: amd64
>Description:

	Recent USB changes will make a kernel panic when an
	application attempts direct access of USB hid devices.

console:
----------------------------------------------------------------------

uvm_fault(0xfffffe8428d23e90, 0x0, 1) -> e
fatal page fault in supervisor mode
trap type 6 code 0 rip ffffffff8036c8b4 cs 8 rflags 10246 cr2 36 ilevel 0 rsp fffffe811f57aa10
curlwp 0xfffffe8439876000 pid 1185.1 lowest kstack 0xfffffe811f5782c0
kernel: page fault trap, code=0
Stopped in pid 1185.1 (x64) at  netbsd:vmem_alloc+0x3e: movq    0(%rax),%rdi
vmem_alloc() at netbsd:vmem_alloc+0x3e
uvm_km_kmem_alloc() at netbsd:uvm_km_kmem_alloc+0x46
kmem_intr_alloc() at netbsd:kmem_intr_alloc+0x6d
uhidopen() at netbsd:uhidopen+0xaf
cdev_open() at netbsd:cdev_open+0xbe
spec_open() at netbsd:spec_open+0x265
VOP_OPEN() at netbsd:VOP_OPEN+0x33
vn_open() at netbsd:vn_open+0x1eb
do_open() at netbsd:do_open+0x112
do_sys_openat() at netbsd:do_sys_openat+0x68
sys_open() at netbsd:sys_open+0x24
syscall() at netbsd:syscall+0x9c
--- syscall (number 5) ---
7f7ff203d60a:
ds          aa10
es          84b0
fs          8000
gs          e04a
rdi         ffffffff80803340    kmem_va_arena_store
rsi         1
rbp         fffffe811f57aa40
rbx         fffffe811f57aa68
rdx         0
rcx         c
rax         36
r8          0
r9          fffffe8436a16800
r10         200
r11         0
r12         fffffe811d8e9818
r13         0
r14         1001
r15         fffffe811f57aab8
rip         ffffffff8036c8b4    vmem_alloc+0x3e
cs          8
rflags      10246
rsp         fffffe811f57aa10
ss          10
netbsd:vmem_alloc+0x3e: movq    0(%rax),%rdi
db{7}> reboot
rebooting...
----------------------------------------------------------------------

>How-To-Repeat:

	# install pkgsrc/emulators/vice
	$ /usr/pkg/bin/x64

>Fix:
	Fnord.


>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: kern-bug-people->skrll
Responsible-Changed-By: skrll@NetBSD.org
Responsible-Changed-When: Mon, 25 Apr 2016 19:39:28 +0000
Responsible-Changed-Why:
Take




From: Nick Hudson <skrll@netbsd.org>
To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org,
 gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Cc: 
Subject: Re: kern/51093:
Date: Mon, 25 Apr 2016 20:44:09 +0100

 On 04/25/16 20:10, cjb@brushtail.apana.org.au wrote:

 dmesg, please

 Thanks,
 Nick

From: matthew green <mrg@eterna.com.au>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@netbsd.org, gnats-admin@netbsd.org,
    netbsd-bugs@netbsd.org
Subject: re: kern/51093: 
Date: Tue, 26 Apr 2016 05:46:44 +1000

 can you show the dmesg of the usb controller and devices you have?

 > Stopped in pid 1185.1 (x64) at  netbsd:vmem_alloc+0x3e: movq    0(%rax),%rdi
 > vmem_alloc() at netbsd:vmem_alloc+0x3e
 > uvm_km_kmem_alloc() at netbsd:uvm_km_kmem_alloc+0x46
 > kmem_intr_alloc() at netbsd:kmem_intr_alloc+0x6d
 > uhidopen() at netbsd:uhidopen+0xaf
 > cdev_open() at netbsd:cdev_open+0xbe
 > spec_open() at netbsd:spec_open+0x265

 and:

 > rax         36

 is a NULL deref, i guess.  usually when kmem_alloc fails it's cuz
 some prior user broke something (freed to the wrong size?).  which
 makes it a little harder to track down.

 can you try a DEBUG kernel?  and if possible, also a test with the
 kmguard feature enabled.  see the "OPTIONS" section of kmem_alloc(9)
 manual for details on enabling kmguard.

 thanks.


 .mrg.

State-Changed-From-To: open->feedback
State-Changed-By: skrll@NetBSD.org
State-Changed-When: Thu, 05 Sep 2019 05:24:12 +0000
State-Changed-Why:
feedback requested


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.