Bug 286573 - panic in usbpf_xfertap()
Summary: panic in usbpf_xfertap()
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: usb (show other bugs)
Version: 14.3-STABLE
Hardware: amd64 Any
: --- Affects Only Me
Assignee: freebsd-usb (Nobody)
URL:
Keywords: crash
Depends on:
Blocks:
 
Reported: 2025-05-04 11:45 UTC by J.R. Oldroyd
Modified: 2025-05-16 10:19 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description J.R. Oldroyd 2025-05-04 11:45:15 UTC 
Reproducible panic when running usbdump.

First usbdump seems to run okay.  Stop it and run again later and panic happens.

Command was:
    usbdump -d 0.3 -s 0 -v


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x10
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff80c5c6eb
stack pointer           = 0x28:0xfffffe00c6255d60
frame pointer           = 0x28:0xfffffe00c6255d60
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 15 (usbus0)
rdi: fffff8021a0da000 rsi: 0000000000000000 rdx: fffffe0117d86278
rcx: fffffe0117d86278  r8: 0000000000000000  r9: 0000000000000300
rax: 0000000000000000 rbx: 0000000000000000 rbp: fffffe00c6255d60
r10: 0000000000000004 r11: 0000000000000310 r12: fffffe00c659c428
r13: fffff8001c194438 r14: fffff8001c194438 r15: fffffe00c659c428
trap number             = 12
panic: page fault
cpuid = 0
time = 1746349882
KDB: stack backtrace:
#0 0xffffffff80b9083d at kdb_backtrace+0x5d
#1 0xffffffff80b426a1 at vpanic+0x131
#2 0xffffffff80b42563 at panic+0x43
#3 0xffffffff81034b7a at trap_pfault+0x3da
#4 0xffffffff8100b508 at calltrap+0x8
#5 0xffffffff8095014a at usbpf_xfertap+0x3a
#6 0xffffffff809583cc at usbd_pipe_start+0x13c
#7 0xffffffff809574f6 at usb_command_wrapper+0x96
#8 0xffffffff80955c03 at usbd_callback_wrapper+0x5c3
#9 0xffffffff809574f6 at usb_command_wrapper+0x96
#10 0xffffffff80956189 at usb_callback_proc+0xb9
#11 0xffffffff80950bbe at usb_process+0xfe
#12 0xffffffff80afba5f at fork_exit+0x7f
#13 0xffffffff8100c56e at fork_trampoline+0xe
Uptime: 8m26s
Dumping 856 out of 16224 MB:..2%..12%..21%..32%..42%..51%..62%..71%..81%..92%
Comment 1 J.R. Oldroyd 2025-05-04 11:46:18 UTC 
Oh, should have said: 14.3-STABLE from 2025/02/03 approx 11:30 UTC.
Comment 2 J.R. Oldroyd 2025-05-04 14:36:56 UTC 
Correction to the above: 14.3-STABLE from 2025/05/03 approx 11:30 UTC.

Not 2025/02/03!
Comment 3 Zhenlei Huang freebsd_committer freebsd_triage 2025-05-14 09:05:50 UTC 
I can not repeat this on either current/15 or stable/14. What's your usb device 0.3 ? Can that also be repeated on 14.3-BETA2 ?
Comment 4 J.R. Oldroyd 2025-05-16 09:48:44 UTC 
The device is:

ugen0.3: <vendor 0x0b0e BTV5.2> at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=ON (0mA)

  bLength = 0x0012 
  bDescriptorType = 0x0001 
  bcdUSB = 0x0200 
  bDeviceClass = 0x0000  <Probed by interface class>
  bDeviceSubClass = 0x0000 
  bDeviceProtocol = 0x0000 
  bMaxPacketSize0 = 0x0040 
  idVendor = 0x0b0e 
  idProduct = 0x24c8 
  bcdDevice = 0x0112 
  iManufacturer = 0x0001  <>
  iProduct = 0x0002  <BTV5.2>
  iSerialNumber = 0x0003  <00ff905B0200>
  bNumConfigurations = 0x0001 

In plain English, it is a vendor "GN Netcom" device "Jabra Link 380" which is a USB to Bluetooth dongle.  In my case, it is driving a Bluetooth headset.

I will pull the latest 14/stable and report back if this still happens there.
Comment 5 J.R. Oldroyd 2025-05-16 10:19:39 UTC 
Just pulled latest 14-stable as of 2025/05/16 09:50 UTC:

FreeBSD x.y.z 14.3-STABLE FreeBSD 14.3-STABLE stable/14-n271493-d7837cac6f64 GENERIC amd64

I have been able to run this usbdump multiple (about 10-15) times so far without problems.

So, perhaps not a problem now.  I will close this ticket in a few days if there are no further problems, or I'll add more details if there are.