286573 – panic in usbpf_xfertap()

Bug 286573 - panic in usbpf_xfertap()

Summary: panic in usbpf_xfertap()

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	usb (show other bugs)
Version:	14.3-STABLE
Hardware:	amd64 Any

Importance:	--- Affects Only Me
Assignee:	freebsd-usb (Nobody)

URL:
Keywords:	crash

Depends on:
Blocks:

Reported:	2025-05-04 11:45 UTC by J.R. Oldroyd
Modified:	2025-05-14 09:05 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description J.R. Oldroyd 2025-05-04 11:45:15 UTC

Reproducible panic when running usbdump.

First usbdump seems to run okay.  Stop it and run again later and panic happens.

Command was:
    usbdump -d 0.3 -s 0 -v


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x10
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff80c5c6eb
stack pointer           = 0x28:0xfffffe00c6255d60
frame pointer           = 0x28:0xfffffe00c6255d60
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 15 (usbus0)
rdi: fffff8021a0da000 rsi: 0000000000000000 rdx: fffffe0117d86278
rcx: fffffe0117d86278  r8: 0000000000000000  r9: 0000000000000300
rax: 0000000000000000 rbx: 0000000000000000 rbp: fffffe00c6255d60
r10: 0000000000000004 r11: 0000000000000310 r12: fffffe00c659c428
r13: fffff8001c194438 r14: fffff8001c194438 r15: fffffe00c659c428
trap number             = 12
panic: page fault
cpuid = 0
time = 1746349882
KDB: stack backtrace:
#0 0xffffffff80b9083d at kdb_backtrace+0x5d
#1 0xffffffff80b426a1 at vpanic+0x131
#2 0xffffffff80b42563 at panic+0x43
#3 0xffffffff81034b7a at trap_pfault+0x3da
#4 0xffffffff8100b508 at calltrap+0x8
#5 0xffffffff8095014a at usbpf_xfertap+0x3a
#6 0xffffffff809583cc at usbd_pipe_start+0x13c
#7 0xffffffff809574f6 at usb_command_wrapper+0x96
#8 0xffffffff80955c03 at usbd_callback_wrapper+0x5c3
#9 0xffffffff809574f6 at usb_command_wrapper+0x96
#10 0xffffffff80956189 at usb_callback_proc+0xb9
#11 0xffffffff80950bbe at usb_process+0xfe
#12 0xffffffff80afba5f at fork_exit+0x7f
#13 0xffffffff8100c56e at fork_trampoline+0xe
Uptime: 8m26s
Dumping 856 out of 16224 MB:..2%..12%..21%..32%..42%..51%..62%..71%..81%..92%

Comment 1 J.R. Oldroyd 2025-05-04 11:46:18 UTC

Oh, should have said: 14.3-STABLE from 2025/02/03 approx 11:30 UTC.

Comment 2 J.R. Oldroyd 2025-05-04 14:36:56 UTC

Correction to the above: 14.3-STABLE from 2025/05/03 approx 11:30 UTC.

Not 2025/02/03!

Comment 3 Zhenlei Huang freebsd_committer

2025-05-14 09:05:50 UTC

I can not repeat this on either current/15 or stable/14. What's your usb device 0.3 ? Can that also be repeated on 14.3-BETA2 ?