Date: Wed, 23 Sep 2015 17:45:14 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 203288] axge(4) panics on unplug Message-ID: <bug-203288-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203288 Bug ID: 203288 Summary: axge(4) panics on unplug Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: cem@freebsd.org ifconfig(1) tickling axge(4) on uether, unconfigured. Non-DEBUG kernel: __mtx_lock_sleep on offset from NULL: 0x3a0 bt: __mtx_lock_sleep usbd_do_request_flags+0xa23 usbd_do_request_proc+0x6c axge_read_mem+0xdb axge_read_cmd_2+0x42 axge_miibus_readreg+0xb4 rgephy_status+0x80 rgephy_service+0x374 mii_pollstat+0x56 axge_ifmedia_sts+0x61 ifmedia_ioctl+0x178 uether_ioctl+0x2cb axge_ioctl+0x233 ifioctl+0xb4f kern_ioctl+0x414 sys_ioctl+0x153 ... Last messages before panic: ugen0.2: <ASIX Elec. Corp.> at usbus0 (disconnected) axge0: at uhub0, port 5, addr 1 (disconnected) rgephy0: detached miibus0: detached Relevent GDB trace: ... #11 0xffffffff808d89f3 in usbd_do_request_flags (udev=<value optimized out>, mtx=<value optimized out>, req=0xfffffe02257924b0, data=0xfffffe0225792500, flags=977, actlen=<value optimized out>, timeout=Cannot access memory at address 0x7530 ) at /usr/home/cmeyer/src/freebsd/sys/dev/usb/usb_request.c:732 #12 0xffffffff808d8a7c in usbd_do_request_proc (udev=0xfffff800078f8000, pproc=0xfffff8000787b440, req=0xfffffe02257924b0, data=0xfffffe0225792500, flags=0, actlen=0x0, timeout=<value optimized out>) at /usr/home/cmeyer/src/freebsd/sys/dev/usb/usb_request.c:766 #13 0xffffffff8260dd2b in axge_read_mem (sc=0xfffff8000787b400, cmd=2 '\002', index=1, val=3, buf=0xfffffe0225792500, len=2) at /usr/home/cmeyer/src/freebsd/sys/modules/usb/axge/../../../dev/usb/net/if_axge.c:221 #14 0xffffffff8260dd82 in axge_read_cmd_2 (sc=0xfffff8000787b400, cmd=2 '\002', index=1, reg=3) at /usr/home/cmeyer/src/freebsd/sys/modules/usb/axge/../../../dev/usb/net/if_axge.c:258 #15 0xffffffff8260d384 in axge_miibus_readreg (dev=0xfffff8000781ae00, phy=3, reg=1) at /usr/home/cmeyer/src/freebsd/sys/modules/usb/axge/../../../dev/usb/net/if_axge.c:290 #16 0xffffffff80635de0 in rgephy_status (sc=0xfffff8000782c080) at miibus_if.h:26 #17 0xffffffff80635d14 in rgephy_service (sc=0xfffff8000782c080, mii=0xfffff8000782be00, cmd=3) at /usr/home/cmeyer/src/freebsd/sys/dev/mii/rgephy.c:260 #18 0xffffffff806319d6 in mii_pollstat (mii=0xfffff8000782be00) at /usr/home/cmeyer/src/freebsd/sys/dev/mii/mii.c:611 #19 0xffffffff8260e681 in axge_ifmedia_sts (ifp=0xfffff800044c7800, ifmr=0xfffffe02257928e0) at /usr/home/cmeyer/src/freebsd/sys/modules/usb/axge/../../../dev/usb/net/if_axge.c:508 #20 0xffffffff80b8d448 in ifmedia_ioctl (ifp=0xfffff8000787b6c0, ifr=0xfffffe02257928e0, ifm=0xfffff8000782be00, cmd=<value optimized out>) at /usr/home/cmeyer/src/freebsd/sys/net/if_media.c:309 #21 0xffffffff82613f8b in uether_ioctl (ifp=0xfffff800044c7800, command=3224398136, data=0xfffffe02257928e0 "ue0") at /usr/home/cmeyer/src/freebsd/sys/modules/usb/uether/../../../dev/usb/net/usb_ethernet.c:528 #22 0xffffffff8260ea73 in axge_ioctl (ifp=0xfffff800044c7800, cmd=3224398136, data=0xfffffe02257928e0 "ue0") at /usr/home/cmeyer/src/freebsd/sys/modules/usb/axge/../../../dev/usb/net/if_axge.c:923 #23 0xffffffff80b82d5f in ifioctl (so=<value optimized out>, cmd=<value optimized out>, data=<value optimized out>, td=<value optimized out>) at /usr/home/cmeyer/src/freebsd/sys/net/if.c:2506 #24 0xffffffff80af69f4 in kern_ioctl (td=0xfffff80042627000, fd=<value optimized out>, com=18446735278730276864, data=<value optimized out>) at file.h:326 #25 0xffffffff80af6533 in sys_ioctl (td=0xfffff80042627000, uap=0xfffffe0225792a40) at /usr/home/cmeyer/src/freebsd/sys/kern/sys_generic.c:723 ... (kgdb) fr 12 #12 0xffffffff808d8a7c in usbd_do_request_proc (udev=0xfffff800078f8000, pproc=0xfffff8000787b440, req=0xfffffe02257924b0, data=0xfffffe0225792500, flags=0, actlen=0x0, timeout=<value optimized out>) at /usr/home/cmeyer/src/freebsd/sys/dev/usb/usb_request.c:766 766 err = usbd_do_request_flags(udev, pproc->up_mtx, (kgdb) p pproc $2 = (struct usb_process *) 0xfffff8000787b440 (kgdb) p pproc.up_mtx $3 = (struct mtx *) 0x0 (kgdb) p *pproc $4 = { up_qhead = { tqh_first = 0x0, tqh_last = 0xfffff8000787b440 }, up_cv = { cv_description = 0xffffffff8141c9b0 "-", cv_waiters = 0 }, up_drain = { cv_description = 0xffffffff81403370 "usbdrain", cv_waiters = 0 }, up_ptr = 0x0, up_curtd = 0xfffff80007fcc9a0, up_mtx = 0x0, up_msg_num = 0, up_prio = 32 ' ', up_gone = 1 '\001', up_msleep = 0 '\0', up_csleep = 0 '\0', up_dsleep = 0 '\0' } I have a core, although I don't have time to debug it myself right now nor do I want to publish it widely. If it would help, I can probably arrange to get it to some FreeBSD committer for further debugging. Anyway, it is easy to reproduce. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-203288-8>