Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 12 Jan 2021 16:59:56 +0100
From:      Hans Petter Selasky <hps@selasky.org>
To:        "Oleg V. Nauman" <oleg@theweb.org.ua>, freebsd-current@freebsd.org
Subject:   Re: Current amd64 main-c255825-g2a4b22514635-dirty panic triggered by ure(4) detach
Message-ID:  <bef43f0c-027f-e248-81f0-710ee60bdd7e@selasky.org>
In-Reply-To: <3792754.BRNeRiNLvY@sigill.theweb.org.ua>
References:  <3792754.BRNeRiNLvY@sigill.theweb.org.ua>

next in thread | previous in thread | raw e-mail | index | archive | help
On 1/12/21 4:58 PM, Oleg V. Nauman wrote:
>   
> 
> 
> __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
> 55              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct
> pcpu,
> (kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
> #1  doadump (textdump=<optimized out>)
>      at /usr/src/sys/kern/kern_shutdown.c:399
> #2  0xffffffff804a3b3e in kern_reboot (howto=260)
>      at /usr/src/sys/kern/kern_shutdown.c:486
> #3  0xffffffff804a3f2b in vpanic (fmt=<optimized out>, ap=0xfffffe00eb7d3130)
>      at /usr/src/sys/kern/kern_shutdown.c:919
> #4  0xffffffff804a3d83 in panic (fmt=<unavailable>)
>      at /usr/src/sys/kern/kern_shutdown.c:843
> #5  0xffffffff807009cc in trap_fatal (frame=frame@entry=0xfffffe00eb7d3330,
>      eva=1088) at /usr/src/sys/amd64/amd64/trap.c:915
> #6  0xffffffff80700d68 in trap_pfault (frame=frame@entry=0xfffffe00eb7d3330,
>      usermode=false, signo=<optimized out>, signo@entry=0x0,
>      ucode=<optimized out>, ucode@entry=0x0)
>      at /usr/src/sys/amd64/include/cpufunc.h:433
> #7  0xffffffff807001c9 in trap (frame=0xfffffe00eb7d3330)
>      at /usr/src/sys/amd64/amd64/trap.c:398
> #8  <signal handler called>
> #9  __mtx_lock_sleep (c=0xfffff8023a13beb8, v=<optimized out>)
>      at /usr/src/sys/kern/kern_mutex.c:590
> #10 0xffffffff80400304 in usbd_do_request_flags (udev=<optimized out>,
>      udev@entry=0xfffff802f632e000, mtx=0xfffff8023a13bea0,
>      req=req@entry=0xfffffe00eb7d3558, data=data@entry=0xfffffe00eb7d3564,
>      flags=flags@entry=0, actlen=actlen@entry=0x0, timeout=<optimized out>)
>      at /usr/src/sys/dev/usb/usb_request.c:714
> #11 0xffffffff804003e0 in usbd_do_request_proc (udev=0xfffff802f632e000,
>      pproc=pproc@entry=0xfffff8023a13bc40, req=req@entry=0xfffffe00eb7d3558,
>      data=data@entry=0xfffffe00eb7d3564, flags=flags@entry=0,
>      actlen=actlen@entry=0x0, timeout=1000)
>      at /usr/src/sys/dev/usb/usb_request.c:759
> #12 0xffffffff81648499 in ure_ctl (sc=0xfffff8023a13bc00, rw=1 '\001',
>      val=45056, index=256, buf=0xfffffe00eb7d3564, len=4)
>      at /usr/src/sys/dev/usb/net/if_ure.c:303
> #13 ure_read_mem (sc=0xfffff8023a13bc00, addr=45056, index=256,
>      buf=0xfffffe00eb7d3564, len=4) at /usr/src/sys/dev/usb/net/if_ure.c:311
> #14 ure_read_2 (sc=0xfffff8023a13bc00, reg=45056, index=256)
>      at /usr/src/sys/dev/usb/net/if_ure.c:349
> #15 ure_ocp_reg_read (sc=0xfffff8023a13bc00, addr=8192)
>      at /usr/src/sys/dev/usb/net/if_ure.c:424
> #16 ure_miibus_readreg (dev=<optimized out>, phy=<optimized out>,
>      reg=<optimized out>) at /usr/src/sys/dev/usb/net/if_ure.c:457
> #17 0xffffffff81660535 in MIIBUS_READREG (dev=0xfffff8027ee1c900, phy=0,
>      reg=0) at ./miibus_if.h:27
> #18 rgephy_status (sc=0xfffff801bdce6880) at /usr/src/sys/dev/mii/rgephy.c:325
> #19 0xffffffff81660427 in rgephy_service (sc=0xfffff801bdce6880,
>      mii=<optimized out>, cmd=<optimized out>)
>      at /usr/src/sys/dev/mii/rgephy.c:265
> #20 0xffffffff8165c8d6 in mii_pollstat (mii=mii@entry=0xfffff801bc043700)
>      at /usr/src/sys/dev/mii/mii.c:627
> #21 0xffffffff8164b165 in ure_ifmedia_sts (ifp=<optimized out>,
>      ifmr=0xfffffe00eb7d3910) at /usr/src/sys/dev/usb/net/if_ure.c:1272
> #22 0xffffffff8059fbca in ifmedia_ioctl (ifp=0xfffff8023a13beb8,
>      ifr=0xfffffe00eb7d3910, ifm=0xfffff801bc043700, cmd=<optimized out>)
>      at /usr/src/sys/net/if_media.c:294
> #23 0xffffffff80597875 in ifhwioctl (cmd=cmd@entry=3224398136,
>      ifp=ifp@entry=0xfffff80268a30000,
>      data=data@entry=0xfffffe00eb7d3910 "ue0", td=td@entry=0xfffffe00eb4aea00)
>      at /usr/src/sys/net/if.c:2840
> #24 0xffffffff805992e6 in ifioctl (so=0xfffff8031252b3b0, cmd=3224398136,
>      data=0xfffffe00eb7d3910 "ue0", td=0xfffffe00eb4aea00)
>      at /usr/src/sys/net/if.c:3049
> #25 0xffffffff80505caa in fo_ioctl (fp=0xfffff80030644e10, com=3224398136,
>      data=0xfffffe00eb7d3910, active_cred=0xfffff8023a13bea0,
>      td=0xfffffe00eb4aea00) at /usr/src/sys/sys/file.h:354
> #26 kern_ioctl (td=0xfffffe00eb4aea00, fd=<optimized out>,
>      com=com@entry=3224398136, data=data@entry=0xfffffe00eb7d3910 "ue0")
>      at /usr/src/sys/kern/sys_generic.c:803
> #27 0xffffffff805059f6 in sys_ioctl (td=<optimized out>,
>      uap=0xfffffe00eb4aede8) at /usr/src/sys/kern/sys_generic.c:711
> #28 0xffffffff807012a0 in syscallenter (td=0xfffffe00eb4aea00)
>      at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:189
> #29 amd64_syscall (td=0xfffffe00eb4aea00, traced=0)
>      at /usr/src/sys/amd64/amd64/trap.c:1156
> #30 <signal handler called>
> #31 0x00000008026d8b6a in ?? ()
> Backtrace stopped: Cannot access memory at address 0x7fffdf7f8ed8
> (kgdb)
> 

This appears to a known regression issue. Patches are on the way. See:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252608

--HPS



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bef43f0c-027f-e248-81f0-710ee60bdd7e>