NetBSD Problem Report #54762

From alnsn@netbsd.org  Sat Dec 14 00:20:13 2019
Return-Path: <alnsn@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id A9BF97A18B
	for <gnats-bugs@gnats.NetBSD.org>; Sat, 14 Dec 2019 00:20:13 +0000 (UTC)
Message-Id: <20191214002012.C5D287A1C8@mollari.NetBSD.org>
Date: Sat, 14 Dec 2019 00:20:12 +0000 (UTC)
From: alnsn@netbsd.org
Reply-To: alnsn@netbsd.org
To: gnats-bugs@NetBSD.org
Subject: kernel assert "mii != NULL" when urndis is plugged
X-Send-Pr-Version: 3.95

>Number:         54762
>Category:       kern
>Synopsis:       kernel assert "mii != NULL" when urndis is plugged
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Dec 14 00:25:00 +0000 2019
>Closed-Date:    Sat Dec 14 16:42:20 +0000 2019
>Last-Modified:  Tue Dec 17 13:00:02 +0000 2019
>Originator:     Alexander Nasonov
>Release:        NetBSD 9.99.24 amd64
>Organization:
	XMM SWAP LTD
>Environment:
	NetBSD neva 9.99.24 NetBSD 9.99.24 (GENERIC) #0: Fri Dec 13 23:34:36 GMT 2019 alnsn@lonet:/scratch/alnsn/netbsd-current/obj/sys/arch/amd64/compile/GENERIC amd64
System: NetBSD neva 9.99.24 NetBSD 9.99.24 (GENERIC) #0: Fri Dec 13 23:34:36 GMT 2019 alnsn@lonet:/scratch/alnsn/netbsd-current/obj/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
	When I boot a recent current kernel with usb tethering, it reliably crashes:

	panic: kernel diagnostic assertion "mi != NULL" failed: /scratch/alnsn/netbsd-current/src/sys/dev/usb/usbnet.c", line 1191
	cpu1: Begin traceback...
	vpanic() at netbsd:vpanic+0x178
	kern_assert() at netbsd:kern_assert+0x48
	usbnet_tick_task() at netbsd:usbnet_tick_task+0x20e
	usb_task_thread() at netbsd:usb_task_thread+0x47
	cpu1: End traceback...

	Last working version was around 9.99.19-9.99.20.
>How-To-Repeat:
	Plug google pixel 3a, start booting, enable tethering, boom.
>Fix:
	Not known.

>Release-Note:

>Audit-Trail:

From: Alexander Nasonov <alnsn@yandex.ru>
To: gnats-bugs@netbsd.org
Cc: kern-bug-people@netbsd.org, gnats-admin@netbsd.org,
	netbsd-bugs@netbsd.org
Subject: Re: kern/54762: kernel assert "mi != NULL" when urndis is plugged
Date: Sat, 14 Dec 2019 14:31:35 +0000

 alnsn@netbsd.org wrote:
 > >Number:         54762
 > >Category:       kern
 > >Synopsis:       kernel assert "mi != NULL" when urndis is plugged

 As pointed by Jaap on tech-net@, there is a typo here.
 It should be "mii != NULL".

 In the same thread on tech-net@ we narrowed a range of commits that
 introduced the bug. My early 9.99.19 kernel works but something broke
 9.99.19 later.

 This gives the following range for a bisection:

 $ cvs log sys/sys/param.h
 ...
 revision 1.621
 date: 2019-12-06 21:07:07 +0000;  author: ad;  state: Exp;  lines: +2
 -2;  commitid: 4eFCDlNIb8C7QGNB;
 NetBSD 9.99.20 cpu_info/cpu_data changes for topology
 ----------------------------
 revision 1.620
 date: 2019-12-01 16:36:25 +0000;  author: ad;  state: Exp;  lines: +2
 -2;  commitid: v6SbsZvvByg4v1NB;
 NetBSD 9.99.19 - many kernel data structure changes

 --
 Alex

State-Changed-From-To: open->analyzed
State-Changed-By: maya@NetBSD.org
State-Changed-When: Sat, 14 Dec 2019 14:37:49 +0000
State-Changed-Why:
Index: usbnet.c
===================================================================
RCS file: /cvsroot/src/sys/dev/usb/usbnet.c,v
retrieving revision 1.32
diff -u -r1.32 usbnet.c
--- usbnet.c	3 Dec 2019 05:01:58 -0000	1.32
+++ usbnet.c	14 Dec 2019 14:34:45 -0000
@@ -1197,9 +1197,11 @@
 		usbnet_watchdog(ifp);

 	DPRINTFN(8, "mii %jx ifp %jx", (uintptr_t)mii, (uintptr_t)ifp, 0, 0);
-	mii_tick(mii);
-	if (!unp->unp_link)
-		(*mii->mii_statchg)(ifp);
+	if (mii) {
+		mii_tick(mii);
+		if (!unp->unp_link)
+			(*mii->mii_statchg)(ifp);
+	}

 	/* Call driver if requested. */
 	uno_tick(un);



From: "Maya Rashish" <maya@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/54762 CVS commit: src/sys/dev/usb
Date: Sat, 14 Dec 2019 15:40:43 +0000

 Module Name:	src
 Committed By:	maya
 Date:		Sat Dec 14 15:40:43 UTC 2019

 Modified Files:
 	src/sys/dev/usb: usbnet.c

 Log Message:
 Don't assume mii is not null here. Some drivers like urndis don't use
 mii, so they always have mii == NULL.

 ok riastradh. fixes PR kern/54762


 To generate a diff of this commit:
 cvs rdiff -u -r1.32 -r1.33 src/sys/dev/usb/usbnet.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: analyzed->closed
State-Changed-By: alnsn@NetBSD.org
State-Changed-When: Sat, 14 Dec 2019 16:42:20 +0000
State-Changed-Why:
Confirmed fixed.


From: matthew green <mrg@eterna.com.au>
To: gnats-bugs@netbsd.org
Cc: kern-bug-people@netbsd.org, netbsd-bugs@netbsd.org,
    gnats-admin@netbsd.org, alnsn@NetBSD.org
Subject: re: kern/54762 (kernel assert "mii != NULL" when urndis is plugged)
Date: Sun, 15 Dec 2019 07:29:51 +1100

 this one probably needs pulling up -- the revs
 that introduced the problem were, right?


 .mrg.

From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/54762 CVS commit: [netbsd-9] src/sys/dev/usb
Date: Tue, 17 Dec 2019 12:55:10 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Tue Dec 17 12:55:10 UTC 2019

 Modified Files:
 	src/sys/dev/usb [netbsd-9]: usbnet.c

 Log Message:
 Pull up following revision(s) (requested by riastradh in ticket #565):

 	sys/dev/usb/usbnet.c: revision 1.31
 	sys/dev/usb/usbnet.c: revision 1.32
 	sys/dev/usb/usbnet.c: revision 1.33

 Fix order of nulling un->un_pri->unp_ec.ec_mii.

 Can't null it until after if_detach prevents further use.

 While here, fix conditionals in usbnet_tick_task to use the unp_dying
 flag, not the nullness of mii (or of ifp, which never null because
 it's an embedded member).

 Fix inequality for refcnt drain: -1 here means all refs gone.

 Don't assume mii is not null here. Some drivers like urndis don't use
 mii, so they always have mii == NULL.
 ok riastradh. fixes PR kern/54762


 To generate a diff of this commit:
 cvs rdiff -u -r1.25.2.3 -r1.25.2.4 src/sys/dev/usb/usbnet.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.45 2018/12/21 14:23:33 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.