USB4BSD release candidate number 3 - request for review

Alexey Shuvaev shuvaev at physik.uni-wuerzburg.de
Thu Nov 6 13:03:03 PST 2008 

On Thu, Nov 06, 2008 at 08:12:30PM +0100, Alexey Shuvaev wrote:
> On Thu, Nov 06, 2008 at 07:10:20PM +0100, Hans Petter Selasky wrote:
> > On Thursday 06 November 2008, Gary Jennejohn wrote:
> > >
> > > Alexey Shuvaev wrote:
> > > > I am having quite reliable panics with the new stack when I insert
> > > > usb stick (actually during the first access to it).
> > > >
Well, they are not so reliable. I have managed to produce one,
but not with this stick. It is with USB-microSDHC adapter with 8 Gb card.

> > > > Trying to collect more information I haven't managed to produce
> > > > memory dump. Is it working on amd64 SMP CURRENT? I remember there were
> > > > some complains about it.
> > >
> Here I was actually asking about kernel memory dumps...
> Will try harder this time.
> 
Calling doadump at ddb prompt does the job.

> Now I will play with offending usb stick and with another one
> (actually microSDHC-usb adapter).
> 
> Can it be that some modules are automatically loaded when I insert usb stick?
> 
Seems not to be the case.
Now I have a kernel dump. Some info from it:

Unread portion of the kernel message buffer:
[snip]
ugen7.2: <SanDisk> at usbus7
umass0: <SanDisk MobileMate Micro, class 0/0, rev 2.00/94.07, addr 2> on usbus7
umass0:  SCSI over Bulk-Only; quirks = 0x0000
umass0:1:0:-1: Attached to scbus1
da0 at umass-sim0 bus 0 target 0 lun 0
da0: <Generic STORAGE DEVICE 9407> Removable Direct Access SCSI-0 device 
da0: 40.000MB/s transfers
da0: 7790MB (15954944 512 byte sectors: 255H 63S/T 993C)
<118># 
[here I have mounted it rw]
<118># 
<118>.Spotlight-V100    IMG_2684.CR2    IMG_2836.JPG    films
<118>.Trashes   IMG_2684.JPG    My Documents    gpsVP
<118>._.Trashes IMG_2836.CR2    bombus-ng       pilot
[and here umounted, IIRC]
<118># 
Kernel page fault with the following non-sleepable locks held:
exclusive sleep mutex UMASS lock (UMASS lock) r = 0 (0xffffffff80b426a0) locked @ /usr/src/sys/modules/usb2/core/../../../dev/usb2/core/usb2_transfer.c:1795
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2a
_witness_debugger() at _witness_debugger+0x49
witness_warn() at witness_warn+0x2b7
trap() at trap+0x38f
calltrap() at calltrap+0x8
--- trap 0xc, rip = 0xffffffff804b2466, rsp = 0xfffffffeba7f8ac0, rbp = 0xfffffffeba7f8b00 ---
bcopy() at bcopy+0x16
usb2_bdma_pre_sync() at usb2_bdma_pre_sync+0x35
usb2_bdma_work_loop() at usb2_bdma_work_loop+0x29b
usb2_command_wrapper() at usb2_command_wrapper+0x76
usb2_callback_wrapper() at usb2_callback_wrapper+0xfd
usb2_command_wrapper() at usb2_command_wrapper+0x76
usb2_callback_proc() at usb2_callback_proc+0x68
usb2_process() at usb2_process+0xc0
fork_exit() at fork_exit+0x12a
fork_trampoline() at fork_trampoline+0xe
--- trap 0, rip = 0, rsp = 0xfffffffeba7f8d40, rbp = 0 ---


Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address   = 0xfffffffea429a000
fault code              = supervisor write data, page not present
instruction pointer     = 0x8:0xffffffff804b2466
stack pointer           = 0x10:0xfffffffeba7f8ac0
frame pointer           = 0x10:0xfffffffeba7f8b00
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 3393 (USBPROC)
lock order reversal: (Giant after non-sleepable)
 1st 0xffffffff80b426a0 UMASS lock (UMASS lock) @ /usr/src/sys/modules/usb2/core/../../../dev/usb2/core/usb2_transfer.c:1795
 2nd 0xffffffff806eeb20 Giant (Giant) @ /usr/src/sys/dev/kbdmux/kbdmux.c:1044
KDB: stack backtrace:
lock order reversal: (sleepable after non-sleepable)
 1st 0xffffffff80b426a0 UMASS lock (UMASS lock) @ /usr/src/sys/modules/usb2/core/../../../dev/usb2/core/usb2_transfer.c:1795
 2nd 0xffffff00014ab3d0 user map (user map) @ /usr/src/sys/vm/vm_map.c:3115
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2a
_witness_debugger() at _witness_debugger+0x49
witness_checkorder() at witness_checkorder+0x7e6
_sx_xlock() at _sx_xlock+0x44
vm_map_lookup() at vm_map_lookup+0x47
vm_fault() at vm_fault+0xfe
trap_pfault() at trap_pfault+0x1fa
trap() at trap+0x201
calltrap() at calltrap+0x8
--- trap 0xc, rip = 0xffffffff804b2466, rsp = 0xfffffffeba7f8ac0, rbp = 0xfffffffeba7f8b00 ---
bcopy() at bcopy+0x16
usb2_bdma_pre_sync() at usb2_bdma_pre_sync+0x35
usb2_bdma_work_loop() at usb2_bdma_work_loop+0x29b
usb2_command_wrapper() at usb2_command_wrapper+0x76
usb2_callback_wrapper() at usb2_callback_wrapper+0xfd
usb2_command_wrapper() at usb2_command_wrapper+0x76
usb2_callback_proc() at usb2_callback_proc+0x68
usb2_process() at usb2_process+0xc0
fork_exit() at fork_exit+0x12a
fork_trampoline() at fork_trampoline+0xe
--- trap 0, rip = 0, rsp = 0xfffffffeba7f8d40, rbp = 0 ---
panic: vm_fault: fault on nofault entry, addr: fffffffea429a000
cpuid = 1
KDB: enter: panic
Physical memory: 4075 MB
Dumping 347 MB: 332 316 300 284 268 252 236 220 204 188 172 156 140 124 108 92 76 60 44 28 12

[here starts post-reboot session with kgdb]
[snip]
#0  doadump () at pcpu.h:196
196             __asm __volatile("movq %%gs:0,%0" : "=r" (td));
(kgdb) bt
#0  doadump () at pcpu.h:196
#1  0xffffffff80195f6c in db_fncall (dummy1=Variable "dummy1" is not available.
)
    at /usr/src/sys/ddb/db_command.c:548
#2  0xffffffff801962a1 in db_command (last_cmdp=0xffffffff806d1aa0, cmd_table=Variable "cmd_table" is not available.
)
    at /usr/src/sys/ddb/db_command.c:445
#3  0xffffffff801964e9 in db_command_loop ()
    at /usr/src/sys/ddb/db_command.c:498
#4  0xffffffff80198347 in db_trap (type=Variable "type" is not available.
) at /usr/src/sys/ddb/db_main.c:229
#5  0xffffffff802d4cd2 in kdb_trap (type=3, code=0, tf=0xfffffffeba7f84d0)
    at /usr/src/sys/kern/subr_kdb.c:534
#6  0xffffffff804b3b7f in trap (frame=0xfffffffeba7f84d0)
    at /usr/src/sys/amd64/amd64/trap.c:533
#7  0xffffffff80496d2e in calltrap ()
    at /usr/src/sys/amd64/amd64/exception.S:217
#8  0xffffffff802d4e81 in kdb_enter (why=0xffffffff805183d9 "panic", 
    msg=0xa <Address 0xa out of bounds>) at cpufunc.h:63
#9  0xffffffff802a804f in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:559
#10 0xffffffff804775f3 in vm_fault (map=0xffffff0001000000, 
    vaddr=18446744067873808384, fault_type=Variable "fault_type" is not available.
) at /usr/src/sys/vm/vm_fault.c:277
#11 0xffffffff804b3359 in trap_pfault (frame=0xfffffffeba7f8a10, usermode=0)
    at /usr/src/sys/amd64/amd64/trap.c:664
#12 0xffffffff804b3bec in trap (frame=0xfffffffeba7f8a10)
    at /usr/src/sys/amd64/amd64/trap.c:444
---Type <return> to continue, or q <return> to quit---
#13 0xffffffff80496d2e in calltrap ()
    at /usr/src/sys/amd64/amd64/exception.S:217
#14 0xffffffff804b2466 in bcopy () at /usr/src/sys/amd64/amd64/support.S:123
#15 0xffffffff804917b4 in _bus_dmamap_sync (dmat=0xffffff0005af6380, map=Variable "map" is not available.
)
    at /usr/src/sys/amd64/amd64/busdma_machdep.c:932
#16 0xffffffff80ac6549 in usb2_bdma_pre_sync (xfer=0xfffffffea429a000)
    at /usr/src/sys/modules/usb2/core/../../../dev/usb2/core/usb2_busdma.c:1358
#17 0xffffffff80ac691e in usb2_bdma_work_loop () from /boot/kernel/usb2_core.ko
#18 0xffffffff80ad947c in usb2_command_wrapper (pq=0xfffffffe406fc000, xfer=Variable "xfer" is not available.
)
    at /usr/src/sys/modules/usb2/core/../../../dev/usb2/core/usb2_transfer.c:2515
#19 0xffffffff80adbcb8 in usb2_callback_wrapper (pq=Variable "pq" is not available.
)
    at /usr/src/sys/modules/usb2/core/../../../dev/usb2/core/usb2_transfer.c:1926
#20 0xffffffff80ad947c in usb2_command_wrapper (pq=0xfffffffe406fc028, xfer=Variable "xfer" is not available.
)
    at /usr/src/sys/modules/usb2/core/../../../dev/usb2/core/usb2_transfer.c:2515
#21 0xffffffff80ad95c7 in usb2_callback_proc (_pm=Variable "_pm" is not available.
)
    at /usr/src/sys/modules/usb2/core/../../../dev/usb2/core/usb2_transfer.c:1799
#22 0xffffffff80ad7221 in usb2_process (arg=Variable "arg" is not available.
)
    at /usr/src/sys/modules/usb2/core/../../../dev/usb2/core/usb2_process.c:139
#23 0xffffffff80289eea in fork_exit (
---Type <return> to continue, or q <return> to quit---
    callout=0xffffffff80ad7161 <usb2_process>, arg=0xfffffffe406fc0f0, 
    frame=0xfffffffeba7f8c90) at /usr/src/sys/kern/kern_fork.c:815
#24 0xffffffff8049713e in fork_trampoline ()
    at /usr/src/sys/amd64/amd64/exception.S:521
#25 0x0000000000000000 in ?? ()
[snip]
#50 0x0000000000000000 in ?? ()
#51 0xffffff00056a05a0 in ?? ()
#52 0xffffffff806f6900 in tdq_cpu ()
#53 0xffffff00014e96e0 in ?? ()
#54 0xfffffffeba7f8a70 in ?? ()
#55 0xfffffffeba7f8a28 in ?? ()
#56 0xffffff00056a1000 in ?? ()
#57 0xffffffff802c8de1 in sched_switch (td=0xfffffffe406fc0f0, 
    newtd=0xffffffff80ad7161, flags=Variable "flags" is not available.
) at /usr/src/sys/kern/sched_ule.c:1848
Previous frame inner to this frame (corrupt stack?)
(kgdb) 

I have a dump so let me know if you need more info.

Alexey.

More information about the freebsd-current mailing list