[Bug 203288] axge(4) panics on unplug
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Sep 23 17:45:14 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203288
Bug ID: 203288
Summary: axge(4) panics on unplug
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: cem at freebsd.org
ifconfig(1) tickling axge(4) on uether, unconfigured. Non-DEBUG kernel:
__mtx_lock_sleep on offset from NULL: 0x3a0
bt:
__mtx_lock_sleep
usbd_do_request_flags+0xa23
usbd_do_request_proc+0x6c
axge_read_mem+0xdb
axge_read_cmd_2+0x42
axge_miibus_readreg+0xb4
rgephy_status+0x80
rgephy_service+0x374
mii_pollstat+0x56
axge_ifmedia_sts+0x61
ifmedia_ioctl+0x178
uether_ioctl+0x2cb
axge_ioctl+0x233
ifioctl+0xb4f
kern_ioctl+0x414
sys_ioctl+0x153
...
Last messages before panic:
ugen0.2: <ASIX Elec. Corp.> at usbus0 (disconnected)
axge0: at uhub0, port 5, addr 1 (disconnected)
rgephy0: detached
miibus0: detached
Relevent GDB trace:
...
#11 0xffffffff808d89f3 in usbd_do_request_flags (udev=<value optimized out>,
mtx=<value optimized out>,
req=0xfffffe02257924b0, data=0xfffffe0225792500, flags=977, actlen=<value
optimized out>, timeout=Cannot access memory at address 0x7530
)
at /usr/home/cmeyer/src/freebsd/sys/dev/usb/usb_request.c:732
#12 0xffffffff808d8a7c in usbd_do_request_proc (udev=0xfffff800078f8000,
pproc=0xfffff8000787b440,
req=0xfffffe02257924b0, data=0xfffffe0225792500, flags=0, actlen=0x0,
timeout=<value optimized out>)
at /usr/home/cmeyer/src/freebsd/sys/dev/usb/usb_request.c:766
#13 0xffffffff8260dd2b in axge_read_mem (sc=0xfffff8000787b400, cmd=2 '\002',
index=1, val=3, buf=0xfffffe0225792500,
len=2) at
/usr/home/cmeyer/src/freebsd/sys/modules/usb/axge/../../../dev/usb/net/if_axge.c:221
#14 0xffffffff8260dd82 in axge_read_cmd_2 (sc=0xfffff8000787b400, cmd=2 '\002',
index=1, reg=3)
at
/usr/home/cmeyer/src/freebsd/sys/modules/usb/axge/../../../dev/usb/net/if_axge.c:258
#15 0xffffffff8260d384 in axge_miibus_readreg (dev=0xfffff8000781ae00, phy=3,
reg=1)
at
/usr/home/cmeyer/src/freebsd/sys/modules/usb/axge/../../../dev/usb/net/if_axge.c:290
#16 0xffffffff80635de0 in rgephy_status (sc=0xfffff8000782c080) at
miibus_if.h:26
#17 0xffffffff80635d14 in rgephy_service (sc=0xfffff8000782c080,
mii=0xfffff8000782be00, cmd=3)
at /usr/home/cmeyer/src/freebsd/sys/dev/mii/rgephy.c:260
#18 0xffffffff806319d6 in mii_pollstat (mii=0xfffff8000782be00) at
/usr/home/cmeyer/src/freebsd/sys/dev/mii/mii.c:611
#19 0xffffffff8260e681 in axge_ifmedia_sts (ifp=0xfffff800044c7800,
ifmr=0xfffffe02257928e0)
at
/usr/home/cmeyer/src/freebsd/sys/modules/usb/axge/../../../dev/usb/net/if_axge.c:508
#20 0xffffffff80b8d448 in ifmedia_ioctl (ifp=0xfffff8000787b6c0,
ifr=0xfffffe02257928e0, ifm=0xfffff8000782be00,
cmd=<value optimized out>) at
/usr/home/cmeyer/src/freebsd/sys/net/if_media.c:309
#21 0xffffffff82613f8b in uether_ioctl (ifp=0xfffff800044c7800,
command=3224398136, data=0xfffffe02257928e0 "ue0")
at
/usr/home/cmeyer/src/freebsd/sys/modules/usb/uether/../../../dev/usb/net/usb_ethernet.c:528
#22 0xffffffff8260ea73 in axge_ioctl (ifp=0xfffff800044c7800, cmd=3224398136,
data=0xfffffe02257928e0 "ue0")
at
/usr/home/cmeyer/src/freebsd/sys/modules/usb/axge/../../../dev/usb/net/if_axge.c:923
#23 0xffffffff80b82d5f in ifioctl (so=<value optimized out>, cmd=<value
optimized out>, data=<value optimized out>,
td=<value optimized out>) at /usr/home/cmeyer/src/freebsd/sys/net/if.c:2506
#24 0xffffffff80af69f4 in kern_ioctl (td=0xfffff80042627000, fd=<value
optimized out>, com=18446735278730276864,
data=<value optimized out>) at file.h:326
#25 0xffffffff80af6533 in sys_ioctl (td=0xfffff80042627000,
uap=0xfffffe0225792a40)
at /usr/home/cmeyer/src/freebsd/sys/kern/sys_generic.c:723
...
(kgdb) fr 12
#12 0xffffffff808d8a7c in usbd_do_request_proc (udev=0xfffff800078f8000,
pproc=0xfffff8000787b440,
req=0xfffffe02257924b0, data=0xfffffe0225792500, flags=0, actlen=0x0,
timeout=<value optimized out>)
at /usr/home/cmeyer/src/freebsd/sys/dev/usb/usb_request.c:766
766 err = usbd_do_request_flags(udev, pproc->up_mtx,
(kgdb) p pproc
$2 = (struct usb_process *) 0xfffff8000787b440
(kgdb) p pproc.up_mtx
$3 = (struct mtx *) 0x0
(kgdb) p *pproc
$4 = {
up_qhead = {
tqh_first = 0x0,
tqh_last = 0xfffff8000787b440
},
up_cv = {
cv_description = 0xffffffff8141c9b0 "-",
cv_waiters = 0
},
up_drain = {
cv_description = 0xffffffff81403370 "usbdrain",
cv_waiters = 0
},
up_ptr = 0x0,
up_curtd = 0xfffff80007fcc9a0,
up_mtx = 0x0,
up_msg_num = 0,
up_prio = 32 ' ',
up_gone = 1 '\001',
up_msleep = 0 '\0',
up_csleep = 0 '\0',
up_dsleep = 0 '\0'
}
I have a core, although I don't have time to debug it myself right now nor do I
want to publish it widely. If it would help, I can probably arrange to get it
to some FreeBSD committer for further debugging. Anyway, it is easy to
reproduce.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list