NetBSD Problem Report #58382

From www@netbsd.org  Sun Jun 30 16:03:10 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits)
	 client-signature RSA-PSS (2048 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 1E1151A923A
	for <gnats-bugs@gnats.NetBSD.org>; Sun, 30 Jun 2024 16:03:10 +0000 (UTC)
Message-Id: <20240630160308.C45C41A923C@mollari.NetBSD.org>
Date: Sun, 30 Jun 2024 16:03:08 +0000 (UTC)
From: rspmn@arcor.de
Reply-To: rspmn@arcor.de
To: gnats-bugs@NetBSD.org
Subject: url(4): kernel panic after ifconfig url0 up on NetBSD 10.0
X-Send-Pr-Version: www-1.0

>Number:         58382
>Category:       kern
>Synopsis:       url(4): kernel panic after ifconfig url0 up on NetBSD 10.0
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          needs-pullups
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jun 30 16:05:00 +0000 2024
>Closed-Date:    
>Last-Modified:  Wed Jul 03 01:16:47 +0000 2024
>Originator:     Reinhard Speyerer
>Release:        10.0
>Organization:
>Environment:
NetBSD nena 10.0 NetBSD 10.0 (GENERIC) #0: Thu Mar 28 08:33:33 UTC 2024  mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/i386/compile/GENERIC i386
>Description:
A Sitecom USB Ethernet adapter (USB id 0bda:8150) handled by url(4) causes a kernel panic on NetbSD 10.0 after executing ifconfig url0 up.

This problem did not occur on NetBSD 9.3.

>How-To-Repeat:
Connect a Sitecom USB Ethernet adapter handled by url(4) to a USB port and execute
# ifconfig url0 up
which causes this kernal panic:

Jun 29 23:52:38 nena /netbsd: [ 144.2448047] uvm_fault(0xc2e79a14, 0xc000, 2) -> 0xe
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] fatal page fault in supervisor mode
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] trap type 6 code 0x2 eip 0xc01253ed cs 0x8 eflags 0x10246 cr2 0xc2af ilevel 0x8 esp 0xc03dbb96
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] curlwp 0xc308d940 pid 842 lid 842 lowest kstack 0xdb4c62c0
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] panic: trap
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] cpu0: Begin traceback...
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] vpanic(c1186f58,db4c7700,db4c77bc,c012fed8,c1186f58,db4c77c8,db4c77c8,34a,db4c62c0,10246) at netbsd:vpanic+0x196
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] panic(c1186f58,db4c77c8,db4c77c8,34a,db4c62c0,10246,c2af,8,c03dbb96,c2e79a14) at netbsd:panic+0x18
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] trap() at netbsd:trap+0xd51
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] --- trap (number 6) ---
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] mutex_exit(c2e6fc24,c2e6fc24,db4c7884,c2e6fc00,db4c7884,80906931,c2e6fc24,db4c7884,db4c7924,c0d5161e) at netbsd:mutex_exit+0xd
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] usbnet_if_ioctl(c2e6fc24,80906931,db4c7884,c37fcd84,c310d684,db4c796c,c0d849e2,181c,0,20002ff) at netbsd:usbnet_if_ioctl+0xa3
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] if_mcast_op(c2e6fc24,80906931,db4c7940,c3e1c7bc,db4c79d4,181c,0,20002ff,0,1000000) at netbsd:if_mcast_op+0x53
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] in6_addmulti(db4c7a0c,c2e6fc24,db4c79d4,22,c37fcd84,db4c7ae0,c0a03bcc,c2e6fc24,db4c7a0c,db4c79d4) at netbsd:in6_addmulti+0x168
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] in6_joingroup(c2e6fc24,db4c7a0c,db4c79d4,22,c3022e40,db4c79d8,c0c49fa9,1,181,c37fce84) at netbsd:in6_joingroup+0x41
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] in6_update_ifa1(0,1,c2e6fc24,0,db4c7c60,c0a0763a,c2e6fc24,db4c7bd0,1,0) at netbsd:in6_update_ifa1+0x9a0
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] in6_update_ifa(c2e6fc24,db4c7bd0,1,0,db4c7bc8,8,0,c09a13c1,c3022740,db4c7bb0) at netbsd:in6_update_ifa+0x31
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] in6_ifattach(c2e6fc24,0,c14a14c0,db4c7c88,c0d4bd4f,c2e6fc24,c376bb80,c2e6fc24,db4c7cbc,c0d4ccd1) at netbsd:in6_ifattach+0x41b
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] in6_if_up(c2e6fc24,c376bb80,c2e6fc24,db4c7cbc,c0d4ccd1,4,db4c7ca8,c0de3313,c3e05340,c3e05340) at netbsd:in6_if_up+0x1a
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] if_up_locked(4,db4c7ca8,c0de3313,c3e05340,c3e05340,c3e05340,db4c7ce4,c0c5c028,c376bb80,c2e6fc24) at netbsd:if_up_locked+0x4d
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] ifioctl_common(c2e6fc24,80906910,c376bb80,1,c2e817c0,c2e6fc24,db4c7d04,c03af3ec,c2e6fc24,80906910) at netbsd:ifioctl_common+0x47f
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] ether_ioctl(c2e6fc24,80906910,c376bb80,c2e6fc00,c376bb80,c308d940,c2e6fc24,80906910,db4c7e20,c0d50088) at netbsd:ether_ioctl+0x167
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] usbnet_if_ioctl(c2e6fc24,80906910,c376bb80,14,c2e6fc24,80906910,0,8802,c376bb80,0) at netbsd:usbnet_if_ioctl+0x43
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] doifioctl(c375e7bc,80906910,c376bb80,c308d940,c0cb2e95,c2ac8700,1,0,c376bb80,ffffffff) at netbsd:doifioctl+0x304
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] soo_ioctl(c36208c0,80906910,c376bb80,0,0,c36208c0,c2a898f0,c2a9b17c,c36208c0,c376bb80) at netbsd:soo_ioctl+0x180
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] sys_ioctl(c308d940,db4c7f68,db4c7f60,c2e7a400,0,36,db4c7f60,db4c7f68,0,0) at netbsd:sys_ioctl+0x35b
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] syscall() at netbsd:syscall+0x1d6
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] --- syscall (number 54) ---
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] b1ee7df7:
Jun 29 23:52:38 nena /netbsd: [ 144.2448047] cpu0: End traceback...

>Fix:

>Release-Note:

>Audit-Trail:
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/58382 CVS commit: src/sys/dev/usb
Date: Sun, 30 Jun 2024 16:35:19 +0000

 Module Name:	src
 Committed By:	riastradh
 Date:		Sun Jun 30 16:35:19 UTC 2024

 Modified Files:
 	src/sys/dev/usb: if_url.c

 Log Message:
 url(4): uint32_t for 32-bit hash so h>>31 becomes 0/1, not +1/-1.

 Should avoid buffer overrun in PR 58382.


 To generate a diff of this commit:
 cvs rdiff -u -r1.97 -r1.98 src/sys/dev/usb/if_url.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->feedback
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Sun, 30 Jun 2024 16:48:56 +0000
State-Changed-Why:
Candidate fix committed, can you see if a kernel from the first HEAD
build at https://releng.netbsd.org/cgi-bin/builds.cgi dated after
2024-06-30T16:35Z (when it's ready) works, or build a kernel yourself
to test?


From: Reinhard Speyerer <rspmn@arcor.de>
To: gnats-bugs@netbsd.org
Cc: kern-bug-people@netbsd.org, netbsd-bugs@netbsd.org,
	gnats-admin@netbsd.org, riastradh@netbsd.org
Subject: Re: kern/58382 (url(4): kernel panic after ifconfig url0 up on
 NetBSD 10.0)
Date: Tue, 2 Jul 2024 22:19:07 +0200

 On Sun, Jun 30, 2024 at 04:48:56PM +0000, riastradh@NetBSD.org wrote:
 > Synopsis: url(4): kernel panic after ifconfig url0 up on NetBSD 10.0
 > 
 > State-Changed-From-To: open->feedback
 > State-Changed-By: riastradh@NetBSD.org
 > State-Changed-When: Sun, 30 Jun 2024 16:48:56 +0000
 > State-Changed-Why:
 > Candidate fix committed, can you see if a kernel from the first HEAD
 > build at https://releng.netbsd.org/cgi-bin/builds.cgi dated after
 > 2024-06-30T16:35Z (when it's ready) works, or build a kernel yourself
 > to test?

 Thank you for providing an updated if_url.c that fast.
 With a rebuilt kernel the Sitecom USB Ethernet adapter now works on NetBSD 10.0.

 Reinhard

State-Changed-From-To: feedback->needs-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Wed, 03 Jul 2024 01:16:47 +0000
State-Changed-Why:
confirmed fixed in HEAD, need pullup-10
no need for pullup-9, bug is new since 9


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.