Date: Thu, 8 Apr 2010 07:44:26 GMT From: Garrett Cooper <gcooper@FreeBSD.org> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/145510: [PATCH] [twa] Removing USB keyboard after filesystems synced causes panic with destroyed mutex Message-ID: <201004080744.o387iQ4D000135@www.freebsd.org> Resent-Message-ID: <201004080808.o3888dP1029600@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 145510 >Category: kern >Synopsis: [PATCH] [twa] Removing USB keyboard after filesystems synced causes panic with destroyed mutex >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Apr 08 08:08:39 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Garrett Cooper >Release: 9-CURRENT >Organization: Cisco Systems, Inc. >Environment: FreeBSD bayonetta.local 9.0-CURRENT FreeBSD 9.0-CURRENT #3 r206173M: Mon Apr 5 12:12:29 PDT 2010 root@bayonetta.local:/usr/obj/usr/src/sys/BAYONETTA amd64 >Description: As discussed here: http://lists.freebsd.org/pipermail/freebsd-current/2010-March/015791.html, I followed the procedure below with my machine that has a twa(4) enabled card, and it panicked deterministically: 1. Rebooted machine. 2. Removed USB keyboard after filesystems were synced. The panic looked like: ugen2.2: <Mitsumi Electric> at usbus2 (disconnected) uhub8: at uhub2, port 1, addr 2 (disconnected) ugen2.3: <Mitsumi Electric> at usbus2 (disconnected) ukbd0: at uhub8, port 3, addr 3 (disconnected) uhid0: at uhub8, port 3, addr 3 (disconnected) panic: mtx_lock_spin() of destroyed mutex @ /usr/src/sys/dev/twa/tw_cl_intr.c:88 cpuid = 1 KDB: enter: panic [thread pid 12 tid 100025 ] Stopped at kdb_enter+0x3d: movq $0,0x40289c(%rip) db> >How-To-Repeat: See above. >Fix: Please see the following patch, provided by giovanni.trematerra@gmail.com . Patch attached with submission follows: Index: tw_cl_intr.c =================================================================== --- tw_cl_intr.c (revision 206339) +++ tw_cl_intr.c (working copy) @@ -75,9 +75,12 @@ if (ctlr == NULL) goto out; - /* If we get an interrupt while resetting, it is a shared - one for another device, so just bail */ - if (ctlr->state & TW_CLI_CTLR_STATE_RESET_IN_PROGRESS) + /* + * If we get an interrupt while resetting, it is a shared + * one for another device, so just bail + */ + if (ctlr->state & TW_CLI_CTLR_STATE_RESET_IN_PROGRESS || + ctlr->state & TW_CLI_CTLR_STATE_SHUTDOWN_IN_PROGRESS) goto out; /* Index: tw_cl.h =================================================================== --- tw_cl.h (revision 206339) +++ tw_cl.h (working copy) @@ -66,6 +66,8 @@ #define TW_CLI_CTLR_STATE_RESET_PHASE1_IN_PROGRESS (1<<5) /* G66 register write access bug needs to be worked around. */ #define TW_CLI_CTLR_STATE_G66_WORKAROUND_NEEDED (1<<6) +/* Controller is shutting down. */ +#define TW_CLI_CTLR_STATE_SHUTDOWN_IN_PROGRESS (1<<7) /* Possible values of ctlr->ioctl_lock.lock. */ #define TW_CLI_LOCK_FREE 0x0 /* lock is free */ Index: tw_cl_init.c =================================================================== --- tw_cl_init.c (revision 206339) +++ tw_cl_init.c (working copy) @@ -598,6 +598,7 @@ * and notify the controller that we are going down. */ ctlr->state &= ~TW_CLI_CTLR_STATE_ACTIVE; + ctlr->state |= TW_CLI_CTLR_STATE_SHUTDOWN_IN_PROGRESS; tw_cli_disable_interrupts(ctlr); >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201004080744.o387iQ4D000135>