Date: Thu, 9 Apr 2009 18:02:13 GMT From: Tim Kientzle <kientzle@freesd.org> To: freebsd-gnats-submit@FreeBSD.org Subject: usb/133545: Kernel crash in usb2_intr_schedule_adjust + 0x75 Message-ID: <200904091802.n39I2DeY021632@www.freebsd.org> Resent-Message-ID: <200904091810.n39IA34L013254@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 133545
>Category: usb
>Synopsis: Kernel crash in usb2_intr_schedule_adjust + 0x75
>Confidential: no
>Severity: critical
>Priority: low
>Responsible: freebsd-usb
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Apr 09 18:10:02 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Tim Kientzle
>Release: CURRENT r190860
>Organization:
>Environment:
FreeBSD dark.x.kientzle.com 8.0-CURRENT FreeBSD 8.0-CURRENT #0 r190860M: Wed Apr 8 19:29:08 PDT 2009 tim@dark.x.kientzle.com:/usr/obj/home/tim/projects/FreeBSD/svn-base/head/sys/GENERIC i386
>Description:
Kernel crash, page fault at address 0xd0.
usb2_intr_schedule_adjust + 0x75: movl 0xd0(%eax),%edi
I'm pretty sure that %edi is the "hub" variable here
and that this is the offending line of C source:
/*
* The Host Controller Driver should have
* performed checks so that the lookup
* below does not result in a NULL pointer
* access.
*/
hub = bus->devices[udev->hs_hub_addr]->hub;
Apparently, the device in question has a NULL hub?
Sorry I couldn't get more details.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
Copyright (c) 1992-2009 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 8.0-CURRENT #0 r190860M: Wed Apr 8 19:29:08 PDT 2009
tim@dark.x.kientzle.com:/usr/obj/home/tim/projects/FreeBSD/svn-base/head/sys/GENERIC
WARNING: WITNESS option enabled, expect reduced performance.
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Pentium(R) 4 CPU 3.00GHz (2992.52-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0xf43 Stepping = 3
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Features2=0x649d<SSE3,DTES64,MON,DS_CPL,EST,CNXT-ID,CX16,xTPR>
AMD Features=0x20100000<NX,LM>
TSC: P-state invariant
Logical CPUs per core: 2
real memory = 2685403136 (2561 MB)
avail memory = 2608443392 (2487 MB)
ACPI APIC Table: <COMPAQ LAKEPORT>
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
cpu0 (BSP): APIC ID: 0
cpu1 (AP/HT): APIC ID: 1
ioapic0: Changing APIC ID to 1
ioapic0 <Version 2.0> irqs 0-23 on motherboard
kbd1 at kbdmux0
acpi0: <COMPAQ CPQ0968> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
acpi0: reservation of 0, a0000 (3) failed
acpi0: reservation of 100000, 9ff00000 (3) failed
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0xf808-0xf80b on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
vgapci0: <VGA-compatible display> port 0x10c0-0x10c7 mem 0xe0400000-0xe047ffff,0xd0000000-0xdfffffff,0xe0500000-0xe053ffff irq 16 at device 2.0 on pci0
agp0: <Intel 82945G (945G GMCH) SVGA controller> on vgapci0
agp0: detected 7932k stolen memory
agp0: aperture size is 256M
vgapci1: <VGA-compatible display> mem 0xe0480000-0xe04fffff at device 2.1 on pci0
pci0: <multimedia, HDA> at device 27.0 (no driver attached)
pcib1: <ACPI PCI-PCI bridge> at device 28.0 on pci0
pci32: <ACPI PCI bus> on pcib1
pcib2: <ACPI PCI-PCI bridge> irq 17 at device 28.1 on pci0
pci63: <ACPI PCI bus> on pcib2
bge0: <Broadcom NetXtreme Gigabit Ethernet Controller, ASIC rev. 0x6001> mem 0xe0800000-0xe080ffff irq 17 at device 0.0 on pci63
miibus0: <MII bus> on bge0
brgphy0: <BCM5752 10/100/1000baseTX PHY> PHY 1 on miibus0
brgphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
bge0: Ethernet address: 00:16:35:79:e5:68
bge0: [ITHREAD]
uhci0: <UHCI (generic) USB controller> port 0x1000-0x101f irq 20 at device 29.0 on pci0
uhci0: [ITHREAD]
uhci0: LegSup = 0x0020
usbus0: <UHCI (generic) USB controller> on uhci0
uhci1: <UHCI (generic) USB controller> port 0x1020-0x103f irq 18 at device 29.1 on pci0
uhci1: [ITHREAD]
uhci1: LegSup = 0x0020
usbus1: <UHCI (generic) USB controller> on uhci1
uhci2: <UHCI (generic) USB controller> port 0x1040-0x105f irq 21 at device 29.2 on pci0
uhci2: [ITHREAD]
uhci2: LegSup = 0x0020
usbus2: <UHCI (generic) USB controller> on uhci2
uhci3: <UHCI (generic) USB controller> port 0x1060-0x107f irq 22 at device 29.3 on pci0
uhci3: [ITHREAD]
uhci3: LegSup = 0x003a
usbus3: <UHCI (generic) USB controller> on uhci3
ehci0: <Intel 82801GB/R (ICH7) USB 2.0 controller> mem 0xe0544000-0xe05443ff irq 20 at device 29.7 on pci0
ehci0: [ITHREAD]
usbus4: EHCI version 1.0
usbus4: <Intel 82801GB/R (ICH7) USB 2.0 controller> on ehci0
pcib3: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci5: <ACPI PCI bus> on pcib3
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel ICH7 UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x10a0-0x10af irq 17 at device 31.1 on pci0
ata0: <ATA channel 0> on atapci0
ata0: [ITHREAD]
atapci1: <Intel ICH7 SATA300 controller> port 0x10d8-0x10df,0x10f0-0x10f3,0x10e0-0x10e7,0x10f4-0x10f7,0x10b0-0x10bf irq 19 at device 31.2 on pci0
atapci1: [ITHREAD]
ata2: <ATA channel 0> on atapci1
ata2: [ITHREAD]
ata3: <ATA channel 1> on atapci1
ata3: [ITHREAD]
acpi_button0: <Power Button> on acpi0
atrtc0: <AT realtime clock> port 0x70-0x71 irq 8 on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
fdc0: <floppy drive controller (FDE)> port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
fdc0: [FILTER]
cpu0: <ACPI CPU> on acpi0
acpi_perf0: <ACPI CPU Frequency Control> on cpu0
acpi_perf0: failed in PERF_STATUS attach
device_attach: acpi_perf0 attach returned 6
acpi_perf0: <ACPI CPU Frequency Control> on cpu0
acpi_perf0: failed in PERF_STATUS attach
device_attach: acpi_perf0 attach returned 6
est0: <Enhanced SpeedStep Frequency Control> on cpu0
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr f2d00000f2d
device_attach: est0 attach returned 6
p4tcc0: <CPU Frequency Thermal Control> on cpu0
cpu1: <ACPI CPU> on acpi0
acpi_perf1: <ACPI CPU Frequency Control> on cpu1
acpi_perf1: failed in PERF_STATUS attach
device_attach: acpi_perf1 attach returned 6
acpi_perf1: <ACPI CPU Frequency Control> on cpu1
acpi_perf1: failed in PERF_STATUS attach
device_attach: acpi_perf1 attach returned 6
est1: <Enhanced SpeedStep Frequency Control> on cpu1
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr f2d00000f2d
device_attach: est1 attach returned 6
p4tcc1: <CPU Frequency Thermal Control> on cpu1
pmtimer0 on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
ppc0: parallel port not found.
Timecounters tick every 1.000 msec
usbus0: 12Mbps Full Speed USB v1.0
usbus1: 12Mbps Full Speed USB v1.0
usbus2: 12Mbps Full Speed USB v1.0
usbus3: 12Mbps Full Speed USB v1.0
usbus4: 480Mbps High Speed USB v2.0
ugen0.1: <Intel> at usbus0
uhub0: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
ugen1.1: <Intel> at usbus1
uhub1: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus1
ugen2.1: <Intel> at usbus2
uhub2: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2
ugen3.1: <Intel> at usbus3
uhub3: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus3
ugen4.1: <Intel> at usbus4
uhub4: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus4
acd0: CDRW <HL-DT-STCD-RW/DVD DRIVE GCC-4244N/1.02> at ata0-master PIO4
ad4: 152627MB <Seagate ST3160828AS 3.04> at ata2-master SATA150
SMP: AP CPU #1 Launched!
WARNING: WITNESS option enabled, expect reduced performance.
GEOM_LABEL: Label for provider ad4s1a is ufsid/49dbbd416e8d8115.
GEOM_LABEL: Label for provider ad4s1d is ufsid/49dbbd45d6b7d72e.
Root mount waiting for: usbus4 usbus3 usbus2 usbus1 usbus0
uhub0: 2 ports with 2 removable, self powered
uhub1: 2 ports with 2 removable, self powered
uhub2: 2 ports with 2 removable, self powered
uhub3: 2 ports with 2 removable, self powered
Root mount waiting for: usbus4
Root mount waiting for: usbus4
Root mount waiting for: usbus4
uhub4: 8 ports with 8 removable, self powered
Root mount waiting for: usbus4
ugen4.2: <NEC> at usbus4
uhub5: <NEC product 0x0058, class 9/0, rev 2.00/1.00, addr 2> on usbus4
ugen2.2: <Microsoft> at usbus2
ukbd0: <Microsoft Natural Keyboard Elite, class 0/0, rev 1.00/1.04, addr 2> on usbus2
kbd2 at ukbd0
uhub5: 4 ports with 4 removable, self powered
Root mount waiting for: usbus4
ugen4.3: <Logitech> at usbus4
ums0: <Logitech Trackball, class 0/0, rev 1.10/2.20, addr 3> on usbus4
ums0: 3 buttons and [XYZ] coordinates ID=0
Trying to mount root from ufs:/dev/ad4s1a
WARNING: / was not properly dismounted
/: mount pending error: blocks 7384 files 64
GEOM_LABEL: Label ufsid/49dbbd416e8d8115 removed.
GEOM_LABEL: Label for provider ad4s1a is ufsid/49dbbd416e8d8115.
GEOM_LABEL: Label ufsid/49dbbd416e8d8115 removed.
GEOM_LABEL: Label for provider ad4s1a is ufsid/49dbbd416e8d8115.
GEOM_LABEL: Label ufsid/49dbbd416e8d8115 removed.
GEOM_LABEL: Label for provider ad4s1a is ufsid/49dbbd416e8d8115.
GEOM_LABEL: Label ufsid/49dbbd45d6b7d72e removed.
GEOM_LABEL: Label for provider ad4s1d is ufsid/49dbbd45d6b7d72e.
GEOM_LABEL: Label ufsid/49dbbd416e8d8115 removed.
GEOM_LABEL: Label ufsid/49dbbd45d6b7d72e removed.
lock order reversal:
1st 0xc6599594 ufs (ufs) @ /home/tim/projects/FreeBSD/svn-base/head/sys/kern/vfs_subr.c:2101
2nd 0xd9d07160 bufwait (bufwait) @ /home/tim/projects/FreeBSD/svn-base/head/sys/ufs/ffs/ffs_softdep.c:6150
3rd 0xc6599488 ufs (ufs) @ /home/tim/projects/FreeBSD/svn-base/head/sys/kern/vfs_subr.c:2101
KDB: stack backtrace:
db_trace_self_wrapper(c0c2ffbd,e866a3d0,c0895bf5,c0887afb,c0c32f3b,...) at db_trace_self_wrapper+0x26
kdb_backtrace(c0887afb,c0c32f3b,c5d24a18,c5d27ad8,e866a42c,...) at kdb_backtrace+0x29
_witness_debugger(c0c32f3b,c6599488,c0c25e38,c5d27ad8,c0c3a108,...) at _witness_debugger+0x25
witness_checkorder(c6599488,9,c0c3a108,835,0,...) at witness_checkorder+0x839
__lockmgr_args(c6599488,80100,c65994a4,0,0,...) at __lockmgr_args+0x797
ffs_lock(e866a53c,c089599b,c0c3970a,80100,c6599430,...) at ffs_lock+0x8a
VOP_LOCK1_APV(c0d32e00,e866a53c,c6112964,c0d4b8a0,c6599430,...) at VOP_LOCK1_APV+0xb5
_vn_lock(c6599430,80100,c0c3a108,835,4,...) at _vn_lock+0x5e
vget(c6599430,80100,c61128c0,50,0,...) at vget+0xc9
vfs_hash_get(c617ec80,386c69,80000,c61128c0,e866a698,...) at vfs_hash_get+0xe6
ffs_vgetf(c617ec80,386c69,80000,e866a698,1,...) at ffs_vgetf+0x49
softdep_sync_metadata(c659953c,0,c0c5334b,131,0,...) at softdep_sync_metadata+0x5ba
ffs_syncvnode(c659953c,1,c0c2b18d,c0c253ea,3,...) at ffs_syncvnode+0x3e2
ffs_truncate(c659953c,600,0,880,c5d6e400,...) at ffs_truncate+0x66a
ufs_direnter(c659953c,c6599430,e866aa20,e866ac04,d9d074f0,...) at ufs_direnter+0x8f6
ufs_mkdir(e866ac28,e866ac28,0,e866ac28,e866abd8,...) at ufs_mkdir+0x90e
VOP_MKDIR_APV(c0d32e00,e866ac28,ebf,ebd,0,...) at VOP_MKDIR_APV+0xa5
kern_mkdirat(c61128c0,ffffff9c,bfbfef5a,0,1ff,...) at kern_mkdirat+0x276
kern_mkdir(c61128c0,bfbfef5a,0,1ff,e866ad2c,...) at kern_mkdir+0x2e
mkdir(c61128c0,e866acf8,8,c0c3386c,c0d122c0,...) at mkdir+0x29
syscall(e866ad38) at syscall+0x2a3
Xint0x80_syscall() at Xint0x80_syscall+0x20
--- syscall (136, FreeBSD ELF32, mkdir), eip = 0x2815ff23, esp = 0xbfbfed6c, ebp = 0xbfbfee38 ---
bge0: link state changed to UP
drm0: <Intel i945G> on vgapci0
vgapci0: child drm0 requested pci_enable_busmaster
info: [drm] AGP at 0xd0000000 256MB
info: [drm] Initialized i915 1.6.0 20080730
drm0: [ITHREAD]
drm0: [ITHREAD]
drm0: [ITHREAD]
drm0: [ITHREAD]
lock order reversal:
1st 0xd9eec380 bufwait (bufwait) @ /home/tim/projects/FreeBSD/svn-base/head/sys/kern/vfs_bio.c:2549
2nd 0xc7f9e600 dirhash (dirhash) @ /home/tim/projects/FreeBSD/svn-base/head/sys/ufs/ufs/ufs_dirhash.c:275
KDB: stack backtrace:
db_trace_self_wrapper(c0c2ffbd,e8835778,c0895bf5,c0887afb,c0c32f22,...) at db_trace_self_wrapper+0x26
kdb_backtrace(c0887afb,c0c32f22,c5d24a18,c5d27b40,e88357d4,...) at kdb_backtrace+0x29
_witness_debugger(c0c32f22,c7f9e600,c0c53a75,c5d27b40,c0c536ee,...) at _witness_debugger+0x25
witness_checkorder(c7f9e600,9,c0c536ee,113,0,...) at witness_checkorder+0x839
_sx_xlock(c7f9e600,0,c0c536ee,113,c81213e0,...) at _sx_xlock+0x85
ufsdirhash_acquire(d9eec320,e01ffbcc,34,e01ffbe0,e88358a4,...) at ufsdirhash_acquire+0x35
ufsdirhash_add(c81213e0,e88358ec,be0,e8835890,e8835894,...) at ufsdirhash_add+0x13
ufs_direnter(c812696c,c7f31324,e88358ec,e8835bd4,0,...) at ufs_direnter+0x729
ufs_makeinode(e8835bd4,e8835acc,e8835acc,e8835a34,c0b70025,...) at ufs_makeinode+0x519
ufs_create(e8835acc,e8835acc,0,e8835acc,e8835ba8,...) at ufs_create+0x30
VOP_CREATE_APV(c0d32e00,e8835acc,2,c0c253ea,3,...) at VOP_CREATE_APV+0xa5
vn_open_cred(e8835ba8,e8835c5c,180,c7e94600,c7da3690,...) at vn_open_cred+0x1d0
vn_open(e8835ba8,e8835c5c,180,c7da3690,2a67b000,...) at vn_open+0x33
kern_openat(c80b8af0,ffffff9c,2c2fea68,0,203,...) at kern_openat+0x108
kern_open(c80b8af0,2c2fea68,0,202,180,...) at kern_open+0x35
open(c80b8af0,e8835cf8,c,c0c33a95,c0d11678,...) at open+0x30
syscall(e8835d38) at syscall+0x2a3
Xint0x80_syscall() at Xint0x80_syscall+0x20
--- syscall (5, FreeBSD ELF32, open), eip = 0x29b26f63, esp = 0xbfbfce18, ebp = 0xbfbfce44 ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200904091802.n39I2DeY021632>