NetBSD Problem Report #51458
From www@NetBSD.org Sat Sep 3 03:41:39 2016
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id 952B47A10E
for <gnats-bugs@gnats.NetBSD.org>; Sat, 3 Sep 2016 03:41:39 +0000 (UTC)
Message-Id: <20160903034137.F12897A2BF@mollari.NetBSD.org>
Date: Sat, 3 Sep 2016 03:41:37 +0000 (UTC)
From: pr@xn--rvztrtkrfrgp-bbb7j2b8f0b9d7a21oft.com
Reply-To: pr@xn--rvztrtkrfrgp-bbb7j2b8f0b9d7a21oft.com
To: gnats-bugs@NetBSD.org
Subject: usb athn panic
X-Send-Pr-Version: www-1.0
>Number: 51458
>Category: kern
>Synopsis: usb athn panic
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: skrll
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Sep 03 03:45:00 +0000 2016
>Closed-Date: Thu Dec 29 16:26:10 +0000 2016
>Last-Modified: Thu Dec 29 16:26:10 +0000 2016
>Originator: Ben Gergely
>Release: 7.99.36
>Organization:
>Environment:
NetBSD 7.99.36 amd64
>Description:
Panic on attach of a athn* device:
athn0 at uhub4 port 2
uvm_fault(0xffffffff81713ac0, 0x0, 2) -> e
fatal page fault in supervisor mode
trap type 6 code 2 rip ffffffff803a1081 cs 8 rflags 10286 cr2 0 ilevel 5 rsp fffffe8045b90ac0
curlwp 0xfffffe8045c4a580 pid 0.59 lowest kstack 0xfffffe8045b8d2c0
panic: trap
cpu0: Begin traceback...
vpanic() at netbsd:vpanic+0x140
snprintf() at netbsd:snprintf
trap() at netbsd:trap+0xc4b
--- trap (number 6) ---
athn_usb_htc_msg.part.9() at netbsd:athn_usb_htc_msg.part.9+0x1c
athn_usb_htc_connect_svc() at netbsd:athn_usb_htc_connect_svc+0xbc
athn_usb_attachhook() at netbsd:athn_usb_attachhook+0x298
athn_usb_attach() at netbsd:athn_usb_attach+0x395
config_attach_loc() at netbsd:config_attach_loc+0x17a
config_found_sm_loc() at netbsd:config_found_sm_loc+0x48
usbd_attachwholedevice() at netbsd:usbd_attachwholedevice+0x8e
usbd_probe_and_attach() at netbsd:usbd_probe_and_attach+0x46
usbd_new_device() at netbsd:usbd_new_device+0xf0d
uhub_explore() at netbsd:uhub_explore+0x2f4
usb_discover() at netbsd:usb_discover+0x6f
usb_event_thread() at netbsd:usb_event_thread+0x238
cpu0: End traceback...
#0 0xffffffff80119a95 in cpu_reboot ()
#1 0xffffffff8083b9ec in vpanic ()
#2 0xffffffff8083baa0 in panic ()
#3 0xffffffff8011b716 in trap ()
#4 0xffffffff8010115e in alltraps ()
#5 0xffffffff803a1081 in athn_usb_htc_msg.part ()
#6 0xffffffff803a11a6 in athn_usb_htc_connect_svc ()
#7 0xffffffff803a14c7 in athn_usb_attachhook ()
#8 0xffffffff803a26e4 in athn_usb_attach ()
#9 0xffffffff8082500e in config_attach_loc ()
#10 0xffffffff8082511d in config_found_sm_loc ()
#11 0xffffffff8032f6da in usbd_attachwholedevice ()
#12 0xffffffff80332882 in usbd_probe_and_attach ()
#13 0xffffffff80334e33 in usbd_new_device ()
#14 0xffffffff80336ec5 in uhub_explore ()
#15 0xffffffff8032469c in usb_discover ()
#16 0xffffffff803249fc in usb_event_thread ()
#17 0xffffffff801008d7 in lwp_trampoline ()
#18 0x0000000000000000 in ?? ()
#0 0xffffffff80119a95 in cpu_reboot (howto=howto@entry=260, bootstr=bootstr@entry=0x0)
at /usr/src/sys/arch/amd64/amd64/machdep.c:676
#1 0xffffffff8083b9ec in vpanic (fmt=fmt@entry=0xffffffff80ec8b4b "trap",
ap=ap@entry=0xfffffe8045b90898) at /usr/src/sys/kern/subr_prf.c:342
#2 0xffffffff8083baa0 in panic (fmt=fmt@entry=0xffffffff80ec8b4b "trap")
at /usr/src/sys/kern/subr_prf.c:258
#3 0xffffffff8011b716 in trap (frame=0xfffffe8045b909d0)
at /usr/src/sys/arch/amd64/amd64/trap.c:298
#4 0xffffffff8010115e in alltraps ()
#5 0xffffffff803a1081 in athn_usb_htc_msg (usc=0x0, usc@entry=0xffff8000071ed000,
msg_id=msg_id@entry=2, buf=buf@entry=0xfffffe8045b90b00, len=len@entry=8)
at /usr/src/sys/dev/usb/if_athn_usb.c:919
#6 0xffffffff803a11a6 in athn_usb_htc_msg (len=8, buf=0xfffffe8045b90b00, msg_id=2,
usc=0xffff8000071ed000) at /usr/src/sys/dev/usb/if_athn_usb.c:1052
#7 athn_usb_htc_connect_svc (usc=usc@entry=0xffff8000071ed000, svc_id=svc_id@entry=256,
ul_pipe=ul_pipe@entry=4 '\004', dl_pipe=dl_pipe@entry=131 '\203',
endpoint_id=endpoint_id@entry=0xffff8000071f20c0 "")
at /usr/src/sys/dev/usb/if_athn_usb.c:1028
#8 0xffffffff803a14c7 in athn_usb_htc_setup (usc=0xffff8000071ed000)
at /usr/src/sys/dev/usb/if_athn_usb.c:944
#9 athn_usb_attachhook (arg=<optimized out>) at /usr/src/sys/dev/usb/if_athn_usb.c:379
#10 0xffffffff803a26e4 in athn_usb_attach (parent=<optimized out>, self=0xfffffe8090d81c08,
aux=<optimized out>) at /usr/src/sys/dev/usb/if_athn_usb.c:306
#11 0xffffffff8082500e in config_attach_loc (parent=parent@entry=0xfffffe8045d00988,
cf=<optimized out>, locs=locs@entry=0xfffffe8045b90cd0, aux=aux@entry=0xfffffe8045b90ce8,
print=print@entry=0xffffffff8032fdc3 <usbd_print>) at /usr/src/sys/kern/subr_autoconf.c:1601
#12 0xffffffff8082511d in config_found_sm_loc (parent=parent@entry=0xfffffe8045d00988,
ifattr=ifattr@entry=0xffffffff80f0aa79 "usbdevif", locs=locs@entry=0xfffffe8045b90cd0,
aux=aux@entry=0xfffffe8045b90ce8, print=print@entry=0xffffffff8032fdc3 <usbd_print>,
submatch=<optimized out>) at /usr/src/sys/kern/subr_autoconf.c:1094
#13 0xffffffff8032f6da in usbd_attachwholedevice (parent=parent@entry=0xfffffe8045d00988,
dev=dev@entry=0xfffffe80be49ec60, port=port@entry=2, usegeneric=usegeneric@entry=0)
at /usr/src/sys/dev/usb/usb_subr.c:904
#14 0xffffffff80332882 in usbd_probe_and_attach (parent=parent@entry=0xfffffe8045d00988,
dev=dev@entry=0xfffffe80be49ec60, port=port@entry=2, addr=addr@entry=2)
at /usr/src/sys/dev/usb/usb_subr.c:1022
#15 0xffffffff80334e33 in usbd_new_device (parent=0xfffffe8045d00988, bus=0xfffffe80459c6048,
depth=<optimized out>, speed=<optimized out>, port=port@entry=2,
up=up@entry=0xfffffe80938bd428) at /usr/src/sys/dev/usb/usb_subr.c:1368
#16 0xffffffff80336ec5 in uhub_explore (dev=0xfffffe8045c80b70)
at /usr/src/sys/dev/usb/uhub.c:758
#17 0xffffffff8032469c in usb_discover (sc=sc@entry=0xfffffe80bfce3648)
at /usr/src/sys/dev/usb/usb.c:921
#18 0xffffffff803249fc in usb_event_thread (arg=0xfffffe80bfce3648)
at /usr/src/sys/dev/usb/usb.c:475
#19 0xffffffff801008d7 in lwp_trampoline ()
#20 0x0000000000000000 in ?? ()
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
From: David Holland <dholland-bugs@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/51458: usb athn panic
Date: Mon, 5 Sep 2016 17:59:23 +0000
On Sat, Sep 03, 2016 at 03:45:00AM +0000, pr@xn--rvztrtkrfrgp-bbb7j2b8f0b9d7a21oft.com wrote:
> >Description:
> Panic on attach of a athn* device:
>
> #5 0xffffffff803a1081 in athn_usb_htc_msg (usc=0x0,
> usc@entry=0xffff8000071ed000,msg_id=msg_id@entry=2,
> buf=buf@entry=0xfffffe8045b90b00, len=len@entry=8)
> at /usr/src/sys/dev/usb/if_athn_usb.c:919
919: htc = (struct ar_htc_frame_hdr *)data->buf;
920: memset(htc, 0, sizeof(*htc));
which comes from
910: struct athn_usb_tx_data *data = &usc->usc_tx_cmd;
and as far as I can tell, the contents of usc_tx_cmd are never
initialized except when the softc's initially zeroed out, so buf will
be null.
Your line numbers appear to not quite match mine but that might just
be version skew; I'm looking at if_athn_usb.c -r1.12.
I have no idea what to do about it, but hopefully someone else does.
--
David A. Holland
dholland@netbsd.org
Responsible-Changed-From-To: kern-bug-people->skrll
Responsible-Changed-By: skrll@NetBSD.org
Responsible-Changed-When: Mon, 05 Sep 2016 20:55:11 +0000
Responsible-Changed-Why:
my bug
State-Changed-From-To: open->feedback
State-Changed-By: skrll@NetBSD.org
State-Changed-When: Mon, 05 Sep 2016 21:00:55 +0000
State-Changed-Why:
should be fixed with src/sys/dev/usb/if_athn_usb.c:1.13
From: Ben Gergely <pr@xn--rvztrtkrfrgp-bbb7j2b8f0b9d7a21oft.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/51458: usb athn panic
Date: Tue, 6 Sep 2016 18:04:20 +0100
So it attaches now:
athn0 at uhub4 port 2
: Atheros AR9280
athn0: rev 2 (2T2R), ROM rev 25, address e0:46:9a:0a:e1:58
athn0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
athn0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
athn0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
anything that talks to it will hang though; ifconfig, wpa_supplicant, drvctl etc.
From: Nick Hudson <skrll@netbsd.org>
To: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org,
pr@xn--rvztrtkrfrgp-bbb7j2b8f0b9d7a21oft.com
Cc:
Subject: Re: kern/51458: usb athn panic
Date: Tue, 6 Sep 2016 21:04:51 +0100
On 09/06/16 19:35, Ben Gergely wrote:
> The following reply was made to PR kern/51458; it has been noted by GNATS.
>
> From: Ben Gergely <pr@xn--rvztrtkrfrgp-bbb7j2b8f0b9d7a21oft.com>
> To: gnats-bugs@NetBSD.org
> Cc:
> Subject: Re: kern/51458: usb athn panic
> Date: Tue, 6 Sep 2016 18:04:20 +0100
>
> So it attaches now:
>
> athn0 at uhub4 port 2
> : Atheros AR9280
> athn0: rev 2 (2T2R), ROM rev 25, address e0:46:9a:0a:e1:58
> athn0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
> athn0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
> athn0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
>
> anything that talks to it will hang though; ifconfig, wpa_supplicant, drvctl etc.
>
>
>
What do you mean by hang? Can the processes be killed?
Can you break into ddb, or use crash(8), or gdb to find out what a hung
process is waiting on?
Thanks,
Nick
From: Ben Gergely <pr@xn--rvztrtkrfrgp-bbb7j2b8f0b9d7a21oft.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/51458: usb athn panic
Date: Mon, 12 Sep 2016 11:13:52 +0100
So if the device is present on boot then there is just the aforementioned hang but if attached after boot it still panics:
savecore: reboot after panic: panic: kernel diagnostic assertion "xfer->ux_state == XFER_BUSY" failed: file "/usr/src/sys/dev/usb/usbdi.c", line 1006
#0 0xffffffff80119a85 in cpu_reboot (howto=howto@entry=260, bootstr=bootstr@entry=0x0)
at /usr/src/sys/arch/amd64/amd64/machdep.c:676
#1 0xffffffff8083011c in vpanic (
fmt=0xffffffff80ec4158 "kernel %sassertion \"%s\" failed: file \"%s\", line %d ",
ap=ap@entry=0xfffffe8045d74928) at /usr/src/sys/kern/subr_prf.c:342
#2 0xffffffff80a456f5 in kern_assert (
fmt=fmt@entry=0xffffffff80ec4158 "kernel %sassertion \"%s\" failed: file \"%s\", line %d ")
at /usr/src/sys/lib/libkern/kern_assert.c:51
#3 0xffffffff80324fd3 in usb_insert_transfer (xfer=xfer@entry=0xfffffe80b99dee18)
at /usr/src/sys/dev/usb/usbdi.c:1006
#4 0xffffffff804e8aea in ehci_device_intr_transfer (xfer=0xfffffe80b99dee18)
at /usr/src/sys/dev/usb/ehci.c:3993
#5 0xffffffff80323f67 in usbd_transfer (xfer=0xfffffe80b99dee18)
at /usr/src/sys/dev/usb/usbdi.c:323
#6 0xffffffff803925a3 in athn_usb_wmi_xcmd (usc=usc@entry=0xffff800006867000,
cmd_id=cmd_id@entry=24, ibuf=ibuf@entry=0xffff800006869cd0, ilen=<optimized out>,
obuf=obuf@entry=0x0) at /usr/src/sys/dev/usb/if_athn_usb.c:1124
#7 0xffffffff8039265a in athn_usb_wmi_xcmd (obuf=0x0, ilen=<optimized out>,
ibuf=0xffff800006869cd0, cmd_id=24, usc=0xffff800006867000)
at /usr/src/sys/dev/usb/if_athn_usb.c:1229
#8 athn_usb_write_barrier (sc=sc@entry=0xffff800006867000)
at /usr/src/sys/dev/usb/if_athn_usb.c:1228
#9 0xffffffff80392692 in athn_usb_read (sc=0xffff800006867000, addr=28740)
at /usr/src/sys/dev/usb/if_athn_usb.c:1189
#10 0xffffffff809103cd in athn_set_power_awake (sc=sc@entry=0xffff800006867000)
at /usr/src/sys/dev/ic/athn.c:689
#11 0xffffffff80392ac9 in athn_usb_init (ifp=ifp@entry=0xffff800006867d30)
at /usr/src/sys/dev/usb/if_athn_usb.c:2613
#12 0xffffffff80393c66 in athn_usb_ioctl (ifp=0xffff800006867d30, cmd=<optimized out>,
data=0xfffffe80b7f540d0) at /usr/src/sys/dev/usb/if_athn_usb.c:2530
#13 0xffffffff808be9da in doifioctl (so=0xfffffe80bde3d000, cmd=2156947728,
data=<optimized out>, l=0xfffffe80be1886c0) at /usr/src/sys/net/if.c:2862
#14 0xffffffff80846cc5 in soo_ioctl (fp=<optimized out>, cmd=2156947728, data=0xfffffe80b7f540d0)
at /usr/src/sys/kern/sys_socket.c:202
#15 0xffffffff8083ba28 in sys_ioctl (l=<optimized out>, uap=0xfffffe8045d74f00,
retval=<optimized out>) at /usr/src/sys/kern/sys_generic.c:681
#16 0xffffffff8013bbbc in sy_call (rval=0xfffffe8045d74eb0, uap=0xfffffe8045d74f00,
l=0xfffffe80be1886c0, sy=0xffffffff81169070 <sysent+1296>)
at /usr/src/sys/sys/syscallvar.h:65
#17 sy_invoke (code=54, rval=0xfffffe8045d74eb0, uap=0xfffffe8045d74f00, l=0xfffffe80be1886c0,
sy=0xffffffff81169070 <sysent+1296>) at /usr/src/sys/sys/syscallvar.h:94
#18 syscall (frame=0xfffffe8045d74f00) at /usr/src/sys/arch/x86/x86/syscall.c:156
#19 0xffffffff80100761 in Xsyscall ()
From: Ben Gergely <pr@xn--rvztrtkrfrgp-bbb7j2b8f0b9d7a21oft.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/51458: usb athn panic
Date: Mon, 12 Sep 2016 11:36:31 +0100
Forgot to add, no the hung process can not be killed.
From: pr@xn--rvztrtkrfrgp-bbb7j2b8f0b9d7a21oft.com
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/51458: usb athn panic
Date: Sat, 5 Nov 2016 15:53:20 +0000
it looks like it's getting stuck after athntsk
From: "Nick Hudson" <skrll@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/51458 CVS commit: src/sys/dev/usb
Date: Sun, 11 Dec 2016 15:01:37 +0000
Module Name: src
Committed By: skrll
Date: Sun Dec 11 15:01:37 UTC 2016
Modified Files:
src/sys/dev/usb: if_athn_usb.c if_athn_usb.h
Log Message:
Fix some bugs introduced by the nick-nhusb merge and related to the
Tx Interrupt pipe transfer handling
While I'm here make some other changes moving towards MPification
PR/51151: athn panic on attach
PR/51458: usb athn panic
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 src/sys/dev/usb/if_athn_usb.c
cvs rdiff -u -r1.3 -r1.4 src/sys/dev/usb/if_athn_usb.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Nick Hudson <skrll@netbsd.org>
To: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org,
pr@xn--rvztrtkrfrgp-bbb7j2b8f0b9d7a21oft.com
Cc:
Subject: Re: kern/51458: usb athn panic
Date: Sun, 11 Dec 2016 15:08:17 +0000
Should be fixed now with
src/sys/dev/usb/if_athn_usb.c:1.18
src/sys/dev/usb/if_athn_usb.h:1.4
Please test and report back
State-Changed-From-To: feedback->closed
State-Changed-By: skrll@NetBSD.org
State-Changed-When: Thu, 29 Dec 2016 16:26:10 +0000
State-Changed-Why:
Reported fixed
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home