From owner-freebsd-current@freebsd.org Thu Mar 25 15:31:18 2021 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3E73F5C1536 for ; Thu, 25 Mar 2021 15:31:18 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-qv1-xf2e.google.com (mail-qv1-xf2e.google.com [IPv6:2607:f8b0:4864:20::f2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F5pwj1ymbz3lRr for ; Thu, 25 Mar 2021 15:31:16 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: by mail-qv1-xf2e.google.com with SMTP id g8so1379734qvx.1 for ; Thu, 25 Mar 2021 08:31:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=P9gtmm99aDnXP/NRQT1OsmVSoqe4S5UGuXH82TTncmk=; b=0Oqv3dVy2IlK+tRLkgZmk7NSKi8I8Q4YxyEHePO6Iy5uNMbllEzP1+kQVw5OS4XjEy 2O4lNdksEjvkCqLBlHrpwXTLEEFs21BuIXxxWHXGwHdiM1pHx4R7f+a/ZhuKrOJKF5RX WkSTSllXHpMqsGDwqJKYx1AzJVfKmSe4mk97cFsY2ptgt7aUY/endGWsOWccjPYuhVaT DQLX2qaDaNuLkQQGb/0tsSOkq3GjCeeFuiixW925XySOZYgaOZ9MYGr3C8mdP9eg/y5w nH3Kx0PyUMmLiJxd4pQ86EyjVzbWypPzP/AovkazZ8vmHImtpYvq3JoRLVBJ/TQQTIsd HxiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=P9gtmm99aDnXP/NRQT1OsmVSoqe4S5UGuXH82TTncmk=; b=bUoq0w2mllaUKotvzOBYRyDT7WozS6CGjrmvwV0/VGJz7O+LbIzvFsq2XtVGxC8cUW 2zorAKPCgeocrDCc2pfOBGpX1TwAU9XEr0xvqBdaP/15SNEf1DPrTQ3FFWTLSRFubzm6 TCewXyy3jQ1T1VTvEsoJfM4t+rI0LDLPRmlB5QonKJTtHV5THqRCmCVFd7l8v/BfwiFm H7qNk3c+keEsQd3In2h3vnu8R7bc9eQYO+LPCDVU49kaSv0DfwQg6dohAsZEs2rZDuZv Gu2f3YeUV1QsnVYNa490HddTXA6FzZ9aX92/6+63Mui3n1iVWG7rKlAi6gxC6Mjl3/Pv mxPg== X-Gm-Message-State: AOAM5325QiM6YY43mHqFQsvkmoyYN4XNA6hYZL9SBCfPQ79bafUKf0A+ SCBozdHlbMr5tf6FZrwSJbpu//TOSAmyAUVn3CKKGQ== X-Google-Smtp-Source: ABdhPJycvNkdViMg/mwlVshgxV0y6nlKuWp3ksJVPKTrAi51pA5KHk8QPAGBzZ3p20NcuuIwuVGiEp0kAxNIhoKXDNw= X-Received: by 2002:a05:6214:aae:: with SMTP id ew14mr9091417qvb.24.1616686275947; Thu, 25 Mar 2021 08:31:15 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Warner Losh Date: Thu, 25 Mar 2021 09:31:03 -0600 Message-ID: Subject: Re: GPF: xpt_done_process got invalid ccb_h->path->bus pointer To: Tai-hwa Liang Cc: FreeBSD Current X-Rspamd-Queue-Id: 4F5pwj1ymbz3lRr X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=bsdimp-com.20150623.gappssmtp.com header.s=20150623 header.b=0Oqv3dVy; dmarc=none; spf=none (mx1.freebsd.org: domain of wlosh@bsdimp.com has no SPF policy when checking 2607:f8b0:4864:20::f2e) smtp.mailfrom=wlosh@bsdimp.com X-Spamd-Result: default: False [-2.99 / 15.00]; RCVD_TLS_ALL(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[bsdimp-com.20150623.gappssmtp.com:s=20150623]; NEURAL_HAM_MEDIUM(-1.00)[-0.995]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; DMARC_NA(0.00)[bsdimp.com]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::f2e:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[bsdimp-com.20150623.gappssmtp.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::f2e:from]; NEURAL_HAM_SHORT(-0.99)[-0.990]; R_SPF_NA(0.00)[no SPF record]; FREEMAIL_TO(0.00)[gmail.com]; FORGED_SENDER(0.30)[imp@bsdimp.com,wlosh@bsdimp.com]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::f2e:from]; RCVD_COUNT_TWO(0.00)[2]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[imp@bsdimp.com,wlosh@bsdimp.com]; MAILMAN_DEST(0.00)[freebsd-current] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2021 15:31:18 -0000 I see a similar crash rarely on machines that have a stutter in their link... any idea if you can recreate it with USB and umass? I haven't been able to reproduce it at will, though. Warner On Thu, Mar 25, 2021, 7:55 AM Tai-hwa Liang wrote: > -CURRENT as of 24cd2796cf10211964be8a2cb3ea3e161adea746 > > This race can be triggered on a host with 1394 enclosure attached by > using the following loop: > while true; do > kldload sbp; kldunload sbp > done > > Fatal trap 9: general protection fault while in kernel mode > cpuid = 13; apic id = 0d > instruction pointer = 0x20:0xffffffff8038be3a > stack pointer = 0x28:0xfffffe0269e07b30 > frame pointer = 0x28:0xfffffe0269e07b60 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 41 (doneq0) > trap number = 9 > panic: general protection fault > cpuid = 13 > time = 1616639524 > KDB: stack backtrace: > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame > 0xfffffe0269e07840 > vpanic() at vpanic+0x181/frame 0xfffffe0269e07890 > panic() at panic+0x43/frame 0xfffffe0269e078f0 > trap_fatal() at trap_fatal+0x387/frame 0xfffffe0269e07950 > trap() at trap+0xa4/frame 0xfffffe0269e07a60 > calltrap() at calltrap+0x8/frame 0xfffffe0269e07a60 > --- trap 0x9, rip = 0xffffffff8038be3a, rsp = 0xfffffe0269e07b30, rbp > = 0xfffffe0269e07b60 --- > xpt_done_process() at xpt_done_process+0x12a/frame 0xfffffe0269e07b60 > xpt_done_td() at xpt_done_td+0xf5/frame 0xfffffe0269e07bb0 > fork_exit() at fork_exit+0x80/frame 0xfffffe0269e07bf0 > fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0269e07bf0 > --- trap 0, rip = 0, rsp = 0, rbp = 0 --- > KDB: enter: panic > > __curthread () at /home/freebsd-current/sys/amd64/include/pcpu_aux.h:55 > 55 __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" > (offsetof(struct pcpu, > (kgdb) where > #0 __curthread () at /home/freebsd-current/sys/amd64/include/pcpu_aux.h:55 > #1 doadump (textdump=textdump@entry=0) at > /home/freebsd-current/sys/kern/kern_shutdown.c:399 > #2 0xffffffff804c7d2a in db_dump (dummy=, > dummy2=, dummy3=, dummy4=) at > /home/freebsd-current/sys/ddb/db_command.c:575 > #3 0xffffffff804c7aee in db_command (last_cmdp=, > cmd_table=, dopager=dopager@entry=1) at > /home/freebsd-current/sys/ddb/db_command.c:482 > #4 0xffffffff804c782d in db_command_loop () at > /home/freebsd-current/sys/ddb/db_command.c:535 > #5 0xffffffff804cafb6 in db_trap (type=, > code=) at /home/freebsd-current/sys/ddb/db_main.c:270 > #6 0xffffffff80c5c754 in kdb_trap (type=type@entry=3, > code=code@entry=0, tf=, tf@entry=0xfffffe0269e07770) at > /home/freebsd-current/sys/kern/subr_kdb.c:727 > #7 0xffffffff810bf97e in trap (frame=0xfffffe0269e07770) at > /home/freebsd-current/sys/amd64/amd64/trap.c:576 > #8 > #9 kdb_enter (why=0xffffffff812b664a "panic", msg=) at > /home/freebsd-current/sys/kern/subr_kdb.c:506 > #10 0xffffffff80c0faf2 in vpanic (fmt=, ap= out>, ap@entry=0xfffffe0269e078d0) at > /home/freebsd-current/sys/kern/kern_shutdown.c:907 > #11 0xffffffff80c0f883 in panic (fmt=0xffffffff81e9a738 > "\202;'\201\377\377\377\377") at > /home/freebsd-current/sys/kern/kern_shutdown.c:843 > #12 0xffffffff810bfdd7 in trap_fatal (frame=0xfffffe0269e07a70, eva=0) > at /home/freebsd-current/sys/amd64/amd64/trap.c:915 > #13 0xffffffff810bf264 in trap (frame=0xfffffe0269e07a70) at > /home/freebsd-current/sys/amd64/amd64/trap.c:212 > #14 > #15 xpt_done_process (ccb_h=0xfffff80102f2f000) at > /home/freebsd-current/sys/cam/cam_xpt.c:5419 > #16 0xffffffff8038e0f5 in xpt_done_td > (arg=arg@entry=0xffffffff81bc4980 ) at > /home/freebsd-current/sys/cam/cam_xpt.c:5544 > #17 0xffffffff80bc9a60 in fork_exit (callout=0xffffffff8038e000 > , arg=0xffffffff81bc4980 , > frame=0xfffffe0269e07c00) > at /home/freebsd-current/sys/kern/kern_fork.c:1077 > #18 > (kgdb) up 15 > #15 xpt_done_process (ccb_h=0xfffff80102f2f000) at > /home/freebsd-current/sys/cam/cam_xpt.c:5419 > 5419 sim = ccb_h->path->bus->sim; > (kgdb) print *ccb_h > $1 = {pinfo = {priority = 1, generation = 11, index = -3}, xpt_links = > {le = {le_next = 0x0, le_prev = 0x0}, sle = {sle_next = 0x0}, tqe = > {tqe_next = 0x0, tqe_prev = 0x0}, stqe = { > stqe_next = 0x0}}, sim_links = {le = {le_next = 0x0, le_prev = > 0x0}, sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, tqe_prev = 0x0}, > stqe = {stqe_next = 0x0}}, periph_links = {le = { > le_next = 0xffffffffffffffff, le_prev = 0xffffffffffffffff}, sle > = {sle_next = 0xffffffffffffffff}, tqe = {tqe_next = > 0xffffffffffffffff, tqe_prev = 0xffffffffffffffff}, stqe = { > stqe_next = 0xffffffffffffffff}}, retry_count = 0, cbfcnp = > 0xffffffff826fdfe0 , func_code = XPT_SCAN_LUN, > status = 1, path = 0xfffff820d9c10fa0, path_id = 6, > target_id = 0, target_lun = 0, flags = 2048, xflags = 0, periph_priv > = {entries = {{ptr = 0x0, field = 0, bytes = > "\000\000\000\000\000\000\000"}, {ptr = 0x0, field = 0, > bytes = "\000\000\000\000\000\000\000"}}, bytes = '\000' > }, sim_priv = {entries = {{ptr = 0xfffff820d9d8dd80, > field = 18446735418710351232, > bytes = "\200\335\330\331 \370\377\377"}, {ptr = 0x0, field = > 0, bytes = "\000\000\000\000\000\000\000"}}, bytes = "\200\335\330\331 > \370\377\377\000\000\000\000\000\000\000"}, > qos = {etime = 0x0, sim_data = 0, periph_data = 1050626691830}, > timeout = 0, softtimeout = {tv_sec = 0, tv_usec = 0}} > (kgdb) print *ccb_h->path > $2 = {periph = 0xdeadc0dedeadc0de, bus = 0xdeadc0dedeadc0de, target = > 0xdeadc0dedeadc0de, device = 0xffffffff81a49810 } > (kgdb) print *ccb_h->path->bus > access memory at address 0xdeadc0dedeadc0de > > Not sure how we ended up with device pointer appears to be valid > whilst the others are 0xdeadc0dedeadc0de. > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >