Date: Mon, 30 Jun 2008 01:31:56 +0300 From: Gleb Kurtsou <gleb.kurtsou@gmail.com> To: current@freebsd.org Subject: [panic] system crashes if remove usb dongle during probe Message-ID: <20080629223156.GA1416@h1.d>
next in thread | raw e-mail | index | archive | help
If you get lucky enough you can crash -current just inserting and removing usb flash dongle. Actually I've never seen such panics before. ~ % uname -a FreeBSD h1.d 8.0-CURRENT FreeBSD 8.0-CURRENT #65: Sat Jun 28 23:38:02 EEST 2008 root@h1.d:/usr/obj/usr/freebsd-src/p4/sys/MY1 i386 Sources are few weeks old. I have a dump and can provide with any additional info needed. Note that this dongle is somewhat really special and FreeBSD seems not to like it, but it works ok in linux and windows on the same and other hardware. It can't even be probed without a patch. I've been using the patch since 2005 and had no problems so far. All other usb devices worked as expected. (Patch is at the end of email. It just disables CAM_AUTOSNS_VALID in umass.c) And event with the patch system can't boot with dongle connected (can get a dump and assist in debugging this panic too). Script started on Mon Jun 30 01:08:45 2008 GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd"... Unread portion of the kernel message buffer: umass0: at uhub2 port 1 (addr 2) disconnected (da0:umass-sim0:0:0:0): lost device Fatal trap 12: page fault while in kernel mode fault virtual address = 0x0 fault code = supervisor read, page not present instruction pointer = 0x20:0xc045894a stack pointer = 0x28:0xc2b02848 frame pointer = 0x28:0xc2b02860 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 18 (usb2) trap number = 12 panic: page fault KDB: stack backtrace: db_trace_self_wrapper(c085dfa3,c08f32e0,c083c90e,c2b026fc,c2b026fc,...) at db_trace_self_wrapper+0x26 panic(c083c90e,c08853fe,c2d2aa2c,1,1,...) at panic+0xea trap_fatal(c2d34af8,0,c088522d,33e,0,...) at trap_fatal+0x23d trap_pfault(8bc,c2f33690,c2f33890,c2b027a0,c2d34a70,...) at trap_pfault+0x1f4 trap(c2b02808) at trap+0x361 calltrap() at calltrap+0x6 --- trap 0xc, eip = 0xc045894a, esp = 0xc2b02848, ebp = 0xc2b02860 --- xpt_done(c2d9a400,c2d9a400,0,c08786e4,8da,...) at xpt_done+0x2a xpt_action(c2d9a400,c2d9a400,260,c2b028e0,c07df2d1,...) at xpt_action+0x702 camperiphdone(c571bd80,c2d9a400,0,100,c4a3b814,...) at camperiphdone+0x59 camisr_runqueue(c3eb57c0,1,0,c3eb57d4,c4a3b800,...) at camisr_runqueue+0x165 xpt_bus_deregister(0,c4d71000,c5792480,c2b02c34,c057a3dc,...) at xpt_bus_deregister+0x172 umass_cam_detach_sim(c4d710f4,1,c5792480,c572d100,0,...) at umass_cam_detach_sim+0x1d umass_detach(c5792480,c2c9385c,c08a71cc,98f,0,...) at umass_detach+0xcc device_detach(c5792480,2,c2d256e0,c2d35930,c2d256e0,...) at device_detach+0x8f usb_disconnect_port(c2d35930,c2d18e80,10,c2b02cd8,c061c805,...) at usb_disconnect_port+0x72 uhub_explore(c2d36180,c2d37680,c2b02cf8,c057f147,c2ccd210,...) at uhub_explore+0xff usb_discover(c2ccd210,0,5c,c0850f2a,3a98,...) at usb_discover+0x2c usb_event_thread(c2d37680,c2b02d38,c085a644,324,c2d34a70,...) at usb_event_thread+0x97 fork_exit(c057f0b0,c2d37680,c2b02d38) at fork_exit+0xa6 fork_trampoline() at fork_trampoline+0x8 --- trap 0, eip = 0, esp = 0xc2b02d70, ebp = 0 --- Uptime: 11h12m7s Physical memory: 503 MB Dumping 194 MB: 179 163 147 131 115 99 83 (CTRL-C to abort) (CTRL-C to abort) (CTRL-C to abort) (CTRL-C to abort) (CTRL-C to abort) (CTRL-C to abort) 67 51 35 19 3 Reading symbols from /boot/kernel/zfs.ko...Reading symbols from /.boot/boot/kernel/zfs.ko.symbols...done. done. Loaded symbols for /boot/kernel/zfs.ko Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols from /.boot/boot/kernel/opensolaris.ko.symbols...done. done. Loaded symbols for /boot/kernel/opensolaris.ko #0 doadump () at pcpu.h:196 196 pcpu.h: No such file or directory. in pcpu.h (kgdb) bt #0 doadump () at pcpu.h:196 #1 0xc061426d in boot (howto=260) at /usr/freebsd-src/p4/sys/kern/kern_shutdown.c:418 #2 0xc06145d2 in panic (fmt=0xc083c90e "%s") at /usr/freebsd-src/p4/sys/kern/kern_shutdown.c:572 #3 0xc07ff8dd in trap_fatal (frame=0xc2b02808, eva=0) at /usr/freebsd-src/p4/sys/i386/i386/trap.c:934 #4 0xc07ffc14 in trap_pfault (frame=0xc2b02808, usermode=0, eva=0) at /usr/freebsd-src/p4/sys/i386/i386/trap.c:847 #5 0xc08004b1 in trap (frame=0xc2b02808) at /usr/freebsd-src/p4/sys/i386/i386/trap.c:525 #6 0xc07e7adb in calltrap () at /usr/freebsd-src/p4/sys/i386/i386/exception.s:165 #7 0xc045894a in xpt_done (done_ccb=0xc2d9a400) at /usr/freebsd-src/p4/sys/cam/cam_xpt.c:4835 #8 0xc0459fa2 in xpt_action (start_ccb=0xc2d9a400) at /usr/freebsd-src/p4/sys/cam/cam_xpt.c:3035 #9 0xc0454089 in camperiphdone (periph=0xc571bd80, done_ccb=0xc2d9a400) at /usr/freebsd-src/p4/sys/cam/cam_periph.c:1130 #10 0xc045a605 in camisr_runqueue (V_queue=Variable "V_queue" is not available. ) at /usr/freebsd-src/p4/sys/cam/cam_xpt.c:7316 #11 0xc045f162 in xpt_bus_deregister (pathid=0) at /usr/freebsd-src/p4/sys/cam/cam_xpt.c:4421 #12 0xc057a2dd in umass_cam_detach_sim (sc=0xc4d71000) at /usr/freebsd-src/p4/sys/dev/usb/umass.c:2712 #13 0xc057a3dc in umass_detach (self=0xc5792480) at /usr/freebsd-src/p4/sys/dev/usb/umass.c:1560 #14 0xc063a82f in device_detach (dev=0xc5792480) at device_if.h:212 #15 0xc057ffc2 in usb_disconnect_port (up=0xc2d35930, parent=0xc2d18e80) at /usr/freebsd-src/p4/sys/dev/usb/usb_subr.c:1380 #16 0xc05787bf in uhub_explore (dev=0xc2d36180) at /usr/freebsd-src/p4/sys/dev/usb/uhub.c:462 #17 0xc057e04c in usb_discover (v=Variable "v" is not available. ) at /usr/freebsd-src/p4/sys/dev/usb/usb.c:728 #18 0xc057f147 in usb_event_thread (arg=0xc2d37680) at /usr/freebsd-src/p4/sys/dev/usb/usb.c:440 #19 0xc05f68a6 in fork_exit (callout=0xc057f0b0 <usb_event_thread>, arg=0xc2d37680, frame=0xc2b02d38) at /usr/freebsd-src/p4/sys/kern/kern_fork.c:812 #20 0xc07e7b50 in fork_trampoline () at /usr/freebsd-src/p4/sys/i386/i386/exception.s:270 (kgdb) fr 7 #7 0xc045894a in xpt_done (done_ccb=0xc2d9a400) at /usr/freebsd-src/p4/sys/cam/cam_xpt.c:4835 4835 TAILQ_INSERT_TAIL(&sim->sim_doneq, &done_ccb->ccb_h, (kgdb) l 4830 * any of the "non-immediate" type of ccbs. 4831 */ 4832 sim = done_ccb->ccb_h.path->bus->sim; 4833 switch (done_ccb->ccb_h.path->periph->type) { 4834 case CAM_PERIPH_BIO: 4835 TAILQ_INSERT_TAIL(&sim->sim_doneq, &done_ccb->ccb_h, 4836 sim_links.tqe); 4837 done_ccb->ccb_h.pinfo.index = CAM_DONEQ_INDEX; 4838 if ((sim->flags & CAM_SIM_ON_DONEQ) == 0) { 4839 mtx_lock(&cam_simq_lock); (kgdb) p done_ccb->ccb_h $2 = {pinfo = {priority = 5, generation = 18, index = -2}, xpt_links = {le = {le_next = 0x0, le_prev = 0xc4d72a6c}, sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, tqe_prev = 0xc4d72a6c}, stqe = { stqe_next = 0x0}}, sim_links = {le = {le_next = 0x0, le_prev = 0xc4a3b814}, sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, tqe_prev = 0xc4a3b814}, stqe = {stqe_next = 0x0}}, periph_links = {le = { le_next = 0x0, le_prev = 0x0}, sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, tqe_prev = 0x0}, stqe = { stqe_next = 0x0}}, retry_count = 0, cbfcnp = 0xc0462ef0 <dadone>, func_code = XPT_SCSI_IO, status = 8, path = 0xc79c3360, path_id = 0, target_id = 0, target_lun = 0, flags = 64, periph_priv = {entries = {{ ptr = 0x1, field = 1, bytes = "\001\000\000"}, {ptr = 0x0, field = 0, bytes = "\000\000\000"}}, bytes = "\001\000\000\000\000\000\000"}, sim_priv = {entries = {{ptr = 0x0, field = 0, bytes = "\000\000\000"}, {ptr = 0x0, field = 0, bytes = "\000\000\000"}}, bytes = "\000\000\000\000\000\000\000"}, timeout = 5000, timeout_ch = {callout = 0x0}} (kgdb) fr 8 #8 0xc0459fa2 in xpt_action (start_ccb=0xc2d9a400) at /usr/freebsd-src/p4/sys/cam/cam_xpt.c:3035 3035 (*(sim->sim_action))(sim, start_ccb); (kgdb) l 3030 3031 sim = path->bus->sim; 3032 if (SIM_DEAD(sim)) { 3033 /* The SIM has gone; just execute the CCB directly. */ 3034 cam_ccbq_send_ccb(&path->device->ccbq, start_ccb); 3035 (*(sim->sim_action))(sim, start_ccb); 3036 break; 3037 } 3038 3039 cam_ccbq_insert_ccb(&path->device->ccbq, start_ccb); (kgdb) fr 9 #9 0xc0454089 in camperiphdone (periph=0xc571bd80, done_ccb=0xc2d9a400) at /usr/freebsd-src/p4/sys/cam/cam_periph.c:1130 1130 xpt_action(done_ccb); (kgdb) l 1125 bcopy(done_ccb->ccb_h.saved_ccb_ptr, done_ccb, 1126 sizeof(union ccb)); 1127 1128 periph->flags &= ~CAM_PERIPH_RECOVERY_INPROG; 1129 1130 xpt_action(done_ccb); 1131 1132 break; 1133 } 1134 (kgdb) Index: umass.c =================================================================== RCS file: /pub/mirror/FreeBSD-CVS/src/sys/dev/usb/umass.c,v retrieving revision 1.123 diff -u -r1.123 umass.c --- umass.c 19 Jul 2005 05:18:23 -0000 1.123 +++ umass.c 30 Oct 2005 22:06:23 -0000 @@ -2467,7 +2467,7 @@ sense->extra_len = 10; ccb->csio.scsi_status = SCSI_STATUS_CHECK_COND; ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR | - CAM_AUTOSNS_VALID; + /* CAM_AUTOSNS_VALID */ 0; xpt_done(ccb); return; } @@ -2762,7 +2762,7 @@ */ ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR - | CAM_AUTOSNS_VALID; + | /* CAM_AUTOSNS_VALID */ 0; csio->scsi_status = SCSI_STATUS_CHECK_COND; #if 0 @@ -2793,7 +2793,7 @@ break; } else { ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR - | CAM_AUTOSNS_VALID; + | /* CAM_AUTOSNS_VALID */ 0; csio->scsi_status = SCSI_STATUS_CHECK_COND; } xpt_done(ccb); @@ -2829,7 +2829,7 @@ ccb->ccb_h.status = CAM_REQ_CMP; #endif ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR - | CAM_AUTOSNS_VALID; + | /* CAM_AUTOSNS_VALID */ 0; ccb->csio.scsi_status = SCSI_STATUS_CHECK_COND; xpt_done(ccb); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080629223156.GA1416>