kern/145510: [PATCH] [twa] Removing USB keyboard after filesystems synced causes panic with destroyed mutex

Garrett Cooper gcooper at FreeBSD.org
Thu Apr 8 08:08:40 UTC 2010 

>Number:         145510
>Category:       kern
>Synopsis:       [PATCH] [twa] Removing USB keyboard after filesystems synced causes panic with destroyed mutex
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 08 08:08:39 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Garrett Cooper
>Release:        9-CURRENT
>Organization:
Cisco Systems, Inc.
>Environment:
FreeBSD bayonetta.local 9.0-CURRENT FreeBSD 9.0-CURRENT #3 r206173M: Mon Apr  5 12:12:29 PDT 2010     root at bayonetta.local:/usr/obj/usr/src/sys/BAYONETTA  amd64
>Description:
As discussed here: http://lists.freebsd.org/pipermail/freebsd-current/2010-March/015791.html, I followed the procedure below with my machine that has a twa(4) enabled card, and it panicked deterministically:

1. Rebooted machine.
2. Removed USB keyboard after filesystems were synced.

The panic looked like:

ugen2.2: <Mitsumi Electric> at usbus2 (disconnected)
uhub8: at uhub2, port 1, addr 2 (disconnected)
ugen2.3: <Mitsumi Electric> at usbus2 (disconnected)
ukbd0: at uhub8, port 3, addr 3 (disconnected)
uhid0: at uhub8, port 3, addr 3 (disconnected)
panic: mtx_lock_spin() of destroyed mutex @ /usr/src/sys/dev/twa/tw_cl_intr.c:88

cpuid = 1
KDB: enter: panic
[thread pid 12 tid 100025 ]
Stopped at         kdb_enter+0x3d: movq     $0,0x40289c(%rip)
db>

>How-To-Repeat:
See above.
>Fix:
Please see the following patch, provided by giovanni.trematerra at gmail.com .

Patch attached with submission follows:

Index: tw_cl_intr.c
===================================================================
--- tw_cl_intr.c	(revision 206339)
+++ tw_cl_intr.c	(working copy)
@@ -75,9 +75,12 @@
 	if (ctlr == NULL)
 		goto out;
 
-	/* If we get an interrupt while resetting, it is a shared
-	   one for another device, so just bail */
-	if (ctlr->state & TW_CLI_CTLR_STATE_RESET_IN_PROGRESS)
+	/* 
+	 * If we get an interrupt while resetting, it is a shared
+	 * one for another device, so just bail
+	 */
+	if (ctlr->state & TW_CLI_CTLR_STATE_RESET_IN_PROGRESS ||
+	    ctlr->state & TW_CLI_CTLR_STATE_SHUTDOWN_IN_PROGRESS)
 		goto out;
 
 	/*
Index: tw_cl.h
===================================================================
--- tw_cl.h	(revision 206339)
+++ tw_cl.h	(working copy)
@@ -66,6 +66,8 @@
 #define TW_CLI_CTLR_STATE_RESET_PHASE1_IN_PROGRESS	(1<<5)
 /* G66 register write access bug needs to be worked around. */
 #define TW_CLI_CTLR_STATE_G66_WORKAROUND_NEEDED	(1<<6)
+/* Controller is shutting down. */
+#define TW_CLI_CTLR_STATE_SHUTDOWN_IN_PROGRESS	(1<<7)
 
 /* Possible values of ctlr->ioctl_lock.lock. */
 #define TW_CLI_LOCK_FREE		0x0	/* lock is free */
Index: tw_cl_init.c
===================================================================
--- tw_cl_init.c	(revision 206339)
+++ tw_cl_init.c	(working copy)
@@ -598,6 +598,7 @@
 	 * and notify the controller that we are going down.
 	 */
 	ctlr->state &= ~TW_CLI_CTLR_STATE_ACTIVE;
+	ctlr->state |= TW_CLI_CTLR_STATE_SHUTDOWN_IN_PROGRESS;
 
 	tw_cli_disable_interrupts(ctlr);
 


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list