Re: kern/52553: Panic on "ifconfig athn0 up"

[Nick Hudson <skrll%netbsd.org@localhost>]

On 09/18/17 17:05, Andreas Gustafsson wrote:



> It looks like the trap actually occurred in athn_usb_init_locked(),
> but gdb is unable to correctly display the stack frame in case,
> which is rather unfortunate and a bug in itself.  OTOH, ddb does
> pinpoint the trap to athn_usb_init_locked+0x110:
>
>    --- trap (number 6) ---
>    athn_usb_init_locked(c2685ae4,c2685000,c2685000,c2752d40,d95f6cf0,c0503465,c2685ae4,80906910,c279d188,0) at netbsd:athn_usb_init_locked+0x110
>    athn_usb_init(c2685ae4,80906910,c279d188,0,c2685000,c2685000,c2685030,0,d95f6e00,c0cae54d) at netbsd:athn_usb_init+0x2f
>
> which would be near the end of this code block:
>
>    (gdb) x/30i athn_usb_init_locked
>       0xc0503624 <athn_usb_init_locked>:   push   %ebp
>       0xc0503625 <athn_usb_init_locked+1>: mov    %esp,%ebp
>       0xc0503627 <athn_usb_init_locked+3>: push   %edi
>       0xc0503628 <athn_usb_init_locked+4>: push   %esi
>       0xc0503629 <athn_usb_init_locked+5>: push   %ebx
>       0xc050362a <athn_usb_init_locked+6>: sub    $0xb4,%esp
>       0xc0503630 <athn_usb_init_locked+12>:        mov    0x8(%ebp),%eax
>       0xc0503633 <athn_usb_init_locked+15>:        mov    %eax,-0xa4(%ebp)
>       0xc0503639 <athn_usb_init_locked+21>:        mov    0xc16ad420,%eax
>       0xc050363e <athn_usb_init_locked+26>:        mov    %eax,-0x10(%ebp)
>       0xc0503641 <athn_usb_init_locked+29>:        xor    %eax,%eax
>       0xc0503643 <athn_usb_init_locked+31>:        mov    -0xa4(%ebp),%eax
>       0xc0503649 <athn_usb_init_locked+37>:        mov    (%eax),%eax
>       0xc050364b <athn_usb_init_locked+39>:        mov    %eax,-0x94(%ebp)
>       0xc0503651 <athn_usb_init_locked+45>:        mov    -0x94(%ebp),%eax
>       0xc0503657 <athn_usb_init_locked+51>:        mov    %eax,-0x90(%ebp)
>       0xc050365d <athn_usb_init_locked+57>:        mov    -0x94(%ebp),%eax
>       0xc0503663 <athn_usb_init_locked+63>:        add    $0x1ad4,%eax
>       0xc0503668 <athn_usb_init_locked+68>:        mov    %eax,-0x8c(%ebp)
>       0xc050366e <athn_usb_init_locked+74>:        mov    -0x94(%ebp),%eax
>       0xc0503674 <athn_usb_init_locked+80>:        add    $0x30,%eax
>       0xc0503677 <athn_usb_init_locked+83>:        mov    %eax,-0x88(%ebp)
>       0xc050367d <athn_usb_init_locked+89>:        mov    -0x90(%ebp),%eax
>       0xc0503683 <athn_usb_init_locked+95>:        mov    0x1db0(%eax),%eax
>       0xc0503689 <athn_usb_init_locked+101>:       test   %eax,%eax
>       0xc050368b <athn_usb_init_locked+103>:       je     0xc0503697 <athn_usb_init_locked+115>
>       0xc050368d <athn_usb_init_locked+105>:       mov    $0x6,%eax
>       0xc0503692 <athn_usb_init_locked+110>:       jmp    0xc0503ded <athn_usb_init_locked+1993>
>       0xc0503697 <athn_usb_init_locked+115>:       mov    -0x90(%ebp),%eax
>       0xc050369d <athn_usb_init_locked+121>:       add    $0x1d88,%eax

+110 is not +0x110 unfortunately...


> Here is the full dmesg:
...

>    athn0 at uhub0 port 2
>    : Atheros AR9271
>    athn0: rev 1 (1T1R), ROM rev 15, address 48:5d:60:57:7d:4f
>    athn0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
>    athn0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
>    uvm_fault(0xc261b9f0, 0, 1) -> 0xe
>    fatal page fault in supervisor mode
>    trap type 6 code 0 eip 0xc0503734 cs 0x8 eflags 0x10246 cr2 0xc ilevel 0x6 esp 0xc2686d8c

The trap is caused by the instruction at 0xc0503734 (i.e. 
athn_usb_init_locked+0x110 )

addr2line -e netbsd.gdb -f 0xc0503734

Will give us the offending line

Nick