Date: Wed, 29 Jan 2014 12:50:01 GMT From: Hans Petter Selasky <hps@bitfrost.no> To: freebsd-usb@FreeBSD.org Subject: Re: usb/186224: GPF in usbd_get_hr_func() on stable/9 Message-ID: <201401291250.s0TCo1Lf047182@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR usb/186224; it has been noted by GNATS. From: Hans Petter Selasky <hps@bitfrost.no> To: Garrett Wollman <wollman@csail.mit.edu>, FreeBSD-gnats-submit@freebsd.org Cc: Subject: Re: usb/186224: GPF in usbd_get_hr_func() on stable/9 Date: Wed, 29 Jan 2014 13:41:50 +0100 On 01/29/14 05:28, Garrett Wollman wrote: > >> Number: 186224 >> Category: usb >> Synopsis: GPF in usbd_get_hr_func() on stable/9 >> Confidential: no >> Severity: critical >> Priority: high >> Responsible: freebsd-usb >> State: open >> Quarter: >> Keywords: >> Date-Required: >> Class: sw-bug >> Submitter-Id: current-users >> Arrival-Date: Wed Jan 29 04:30:00 UTC 2014 >> Closed-Date: >> Last-Modified: >> Originator: Garrett Wollman >> Release: FreeBSD 9-stable amd64 >> Organization: > MIT Computer Science & Artificial Intelligence Lab >> Environment: > > (from svn info -- this is a newly built kernel) > URL: svn://svn0.us-east.freebsd.org/base/stable/9 > Relative URL: ^/stable/9 > Revision: 261256 > Last Changed Author: mav > Last Changed Rev: 261256 > Last Changed Date: 2014-01-28 21:39:44 -0500 (Tue, 28 Jan 2014) > > There are local changes, but none relevant to USB support. > > Hardware is a Quanta QSSC-S99Q. Under releng/9.2, USB hardware is identified > as: > > uhci0: <Intel 82801JI (ICH10) USB controller USB-D> port 0xbc00-0xbc1f irq 23 at device 26.0 on pci0 > usbus0 on uhci0 > uhci1: <Intel 82801JI (ICH10) USB controller USB-E> port 0xb880-0xb89f irq 22 at device 26.1 on pci0 > usbus1 on uhci1 > uhci2: <Intel 82801JI (ICH10) USB controller USB-F> port 0xb800-0xb81f irq 21 at device 26.2 on pci0 > usbus2 on uhci2 > ehci0: <Intel 82801JI (ICH10) USB 2.0 controller USB-B> mem 0xdf3d6000-0xdf3d63ff irq 20 at device 26.7 on pci0 > usbus3: EHCI version 1.0 > usbus3 on ehci0 > uhci3: <Intel 82801JI (ICH10) USB controller USB-A> port 0xb480-0xb49f irq 23 at device 29.0 on pci0 > usbus4 on uhci3 > uhci4: <Intel 82801JI (ICH10) USB controller USB-B> port 0xb400-0xb41f irq 22 at device 29.1 on pci0 > usbus5 on uhci4 > uhci5: <Intel 82801JI (ICH10) USB controller USB-C> port 0x7c00-0x7c1f irq 21 at device 29.2 on pci0 > usbus6 on uhci5 > ehci1: <Intel 82801JI (ICH10) USB 2.0 controller USB-A> mem 0xdf3d4000-0xdf3d43ff irq 23 at device 29.7 on pci0 > usbus7: EHCI version 1.0 > usbus7 on ehci1 > usbus0: 12Mbps Full Speed USB v1.0 > usbus1: 12Mbps Full Speed USB v1.0 > usbus2: 12Mbps Full Speed USB v1.0 > usbus3: 480Mbps High Speed USB v2.0 > ugen0.1: <Intel> at usbus0 > uhub0: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0 > ugen1.1: <Intel> at usbus1 > uhub1: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus1 > ugen2.1: <Intel> at usbus2 > uhub2: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2 > ugen3.1: <Intel> at usbus3 > uhub3: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus3 > usbus4: 12Mbps Full Speed USB v1.0 > usbus5: 12Mbps Full Speed USB v1.0 > usbus6: 12Mbps Full Speed USB v1.0 > usbus7: 480Mbps High Speed USB v2.0 > ugen4.1: <Intel> at usbus4 > uhub4: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus4 > ugen5.1: <Intel> at usbus5 > uhub5: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus5 > ugen6.1: <Intel> at usbus6 > uhub6: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus6 > ugen7.1: <Intel> at usbus7 > uhub7: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus7 > ugen3.2: <American Megatrends Inc.> at usbus3 > uhub8: <Hub Interface> on usbus3 > ugen3.3: <American Megatrends Inc.> at usbus3 > ukbd0: <Keyboard Interface> on usbus3 > ums0: <Mouse Interface> on usbus3 > >> Description: > > Kernel panics with a GPF in interrupt-driven part of boot process: > > usbus0: 12Mbps Full Speed USB v1.0 > usbus1: 12Mbps Full Speed USB v1.0 > usbus2: 12Mbps Full Speed USB v1.0 > usbus3: 480Mbps High Speed USB v2.0 > ugen0.1: <Intel> at usbus0 > uhub0: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0 > ugen1.1: <Intel> at usbus1 > uhub1: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus1 > ugen2.1: <Intel> at usbus2 > uhub2: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2 > ugen3.1: <Intel> at usbus3 > uhub3: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus3 > usbus4: 12Mbps Full Speed USB v1.0 > usbus5: 12Mbps Full Speed USB v1.0 > usbus6: 12Mbps Full Speed USB v1.0 > usbus7: 480Mbps High Speed USB v2.0 > ugen4.1: <Intel> at usbus4 > uhub4: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus4 > ugen5.1: <Intel> at usbus5 > uhub5: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus5 > ugen6.1: <Intel> at usbus6 > uhub6: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus6 > ugen7.1: <Intel> at usbus7 > uhub7: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus7 > uhub0: 2 ports with 2 removable, self powered > uhub1: 2 ports with 2 removable, self powered > uhub2: 2 ports with 2 removable, self powered > uhub4: 2 ports with 2 removable, self powered > uhub5: 2 ports with 2 removable, self powered > uhub6: 2 ports with 2 removable, self powered > ipmi0: IPMI device rev. 1, firmware rev. 1.03, version 2.0 > ipmi0: Number of channels 2 > ipmi0: Attached watchdog > uhub3: 6 ports with 6 removable, self powered > uhub7: 6 ports with 6 removable, self powered > ugen3.2: <American Megatrends Inc.> at usbus3 > uhub8: <Hub Interface> on usbus3 > failure at /usr/src-9-stable/sys/dev/mps/mps_sas_lsi.c:667/mpssas_add_device()! Could not get ID for device with handle 0x0010 > mpssas_fw_work: failed to add device with handle 0x10 > uhub8: 3 ports with 3 removable, self powered > > > Fatal trap 9: general protection fault while in kernel mode > cpuid = 0; apic id = 00 > instruction pointer = 0x20:0xffffffff804b6929 > stack pointer = 0x28:0xffffff945a8a39d0 > frame pointer = 0x28:0xffffff945a8a39e0 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 15 (usbus6) > trap number = 9 > panic: general protection fault > cpuid = 0 > KDB: stack backtrace: > db_trace_self_wrapper() at db_trace_self_wrapper+0x2a/frame 0xffffff945a8a34f0 > kdb_backtrace() at kdb_backtrace+0x37/frame 0xffffff945a8a35b0 > panic() at panic+0x1ce/frame 0xffffff945a8a36b0 > trap_fatal() at trap_fatal+0x290/frame 0xffffff945a8a3710 > trap() at trap+0x241/frame 0xffffff945a8a3910 > calltrap() at calltrap+0x8/frame 0xffffff945a8a3910 > --- trap 0x9, rip = 0xffffffff804b6929, rsp = 0xffffff945a8a39d0, rbp = 0xffffff945a8a39e0 --- > usbd_get_hr_func() at usbd_get_hr_func+0x29/frame 0xffffff945a8a39e0 > usbd_do_request_flags() at usbd_do_request_flags+0x18e/frame 0xffffff945a8a3aa0 > usbd_req_get_port_status() at usbd_req_get_port_status+0x43/frame 0xffffff945a8a3ad0 > uhub_read_port_status() at uhub_read_port_status+0x2d/frame 0xffffff945a8a3b10 > uhub_explore() at uhub_explore+0xc9/frame 0xffffff945a8a3b80 > usb_bus_explore() at usb_bus_explore+0xcb/frame 0xffffff945a8a3bb0 > usb_process() at usb_process+0xd3/frame 0xffffff945a8a3be0 > fork_exit() at fork_exit+0x11f/frame 0xffffff945a8a3c30 > fork_trampoline() at fork_trampoline+0xe/frame 0xffffff945a8a3c30 > --- trap 0, rip = 0, rsp = 0xffffff945a8a3cf0, rbp = 0 --- > >> How-To-Repeat: > > Try to boot a stable/9 kernel on my Quanta hardware > Hi, All USB devices should have a valid bus, methods and roothub_exec pointers. You can try adding some printfs, to see what the values of the "udev->bus->methods->roothub_exec" fields are, as shown in the code below: The code in question "sys/dev/usb/usb_request.c": else if (udev->parent_hub == NULL) 16: 31 c0 xor %eax,%eax 18: 48 83 bf 60 01 00 00 cmpq $0x0,0x160(%rdi) 1f: 00 20: 75 f2 jne 14 <usbd_get_hr_func+0x14> return (udev->bus->methods->roothub_exec); 22: 48 8b 97 50 01 00 00 mov 0x150(%rdi),%rdx 29: 48 8b 82 40 05 00 00 mov 0x540(%rdx),%rax 30: 48 8b 00 mov (%rax),%rax else According to your backtrace "udev->bus" is corrupted somehow. --HPS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401291250.s0TCo1Lf047182>