ural(4) hits usb/124758 (Was: Panic while using ural(4) with wpa_supplicant)

Damian Gerow dgerow at afflictions.org
Mon Dec 15 05:12:52 UTC 2008 

I've been able to reliably trigger the panic with ural(4), but I'm pretty
sure it has nothing to do with wpa_supplicant(8).  A quick search of the PR
database turns up usb/124758.

Panic (PID 12 is "irq19: ehci1"):

-----
ural0: could not transmit buffer: SHORT_XFER
panic: ehci_free_sqtd_chain: chain not found
cpuid = 0
KDB: enter: panic
[thread pid 12 tid 100042]
db>
-----

kgdb output; backtrace claims a corrupted stack:

-----
# uname -a
FreeBSD plebeian.afflictions.org 8.0-CURRENT FreeBSD 8.0-CURRENT #3: Fri Dec 12 17:38:49 EST 2008     dgerow at plebeian.afflictions.org:/usr/obj/repo/freebsd/8-CURRENT/src/sys/GENERIC  amd64
# cd /usr/obj/repo/freebsd/8-CURRENT/src/sys/GENERIC
# kgdb kernel.debug /var/crash/vmcore.2
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:
panic: ehci_free_sqtd_chain: chain not found
cpuid = 0
KDB: enter: panic
panic: from debugger
cpuid = 0
Uptime: 24m59s
Physical memory: 3976 MB
Dumping 804 MB: 789 773 757 741 725 709 693 677 661 645 629 613 597 581 565 549 533 517 501 485 469 453 437 421 405 389 373 357 341 325 309 293 277 261 245 229 213 197 181 165 149 133 117 101 85 69 53 37 21 5

Reading symbols from /boot/kernel/geom_eli.ko...Reading symbols from /boot/kernel/geom_eli.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/geom_eli.ko
Reading symbols from /boot/kernel/crypto.ko...Reading symbols from /boot/kernel/crypto.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/crypto.ko
Reading symbols from /boot/kernel/zlib.ko...Reading symbols from /boot/kernel/zlib.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/zlib.ko
Reading symbols from /boot/kernel/zfs.ko...Reading symbols from /boot/kernel/zfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/zfs.ko
Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols from /boot/kernel/opensolaris.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/opensolaris.ko
Reading symbols from /boot/kernel/i915.ko...Reading symbols from /boot/kernel/i915.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/i915.ko
Reading symbols from /boot/kernel/drm.ko...Reading symbols from /boot/kernel/drm.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/drm.ko
#0  doadump () at pcpu.h:196
196		__asm __volatile("movq %%gs:0,%0" : "=r" (td));
(kgdb) backtrace
#0  doadump () at pcpu.h:196
#1  0xffffffff804fc8c0 in boot (howto=260) at /repo/freebsd/8-CURRENT/src/sys/kern/kern_shutdown.c:420
#2  0xffffffff804fcc26 in panic (fmt=Variable "fmt" is not available.
) at /repo/freebsd/8-CURRENT/src/sys/kern/kern_shutdown.c:576
#3  0xffffffff801c398a in db_panic (addr=Variable "addr" is not available.
) at /repo/freebsd/8-CURRENT/src/sys/ddb/db_command.c:478
#4  0xffffffff801c3f33 in db_command (last_cmdp=0xffffffff80b012a0, cmd_table=Variable "cmd_table" is not available.
) at /repo/freebsd/8-CURRENT/src/sys/ddb/db_command.c:445
#5  0xffffffff801c407d in db_command_loop () at /repo/freebsd/8-CURRENT/src/sys/ddb/db_command.c:498
#6  0xffffffff801c5ec6 in db_trap (type=Variable "type" is not available.
) at /repo/freebsd/8-CURRENT/src/sys/ddb/db_main.c:229
#7  0xffffffff8052a0f3 in kdb_trap (type=3, code=0, tf=0xfffffffeb3e628c0) at /repo/freebsd/8-CURRENT/src/sys/kern/subr_kdb.c:534
#8  0xffffffff807a993a in trap (frame=0xfffffffeb3e628c0) at /repo/freebsd/8-CURRENT/src/sys/amd64/amd64/trap.c:533
#9  0xffffffff8078c5be in calltrap () at /repo/freebsd/8-CURRENT/src/sys/amd64/amd64/exception.S:217
#10 0xffffffff8052a280 in kdb_enter (why=0xffffffff80888182 "panic", msg=0xa <Address 0xa out of bounds>) at cpufunc.h:63
#11 0xffffffff804fcc03 in panic (fmt=Variable "fmt" is not available.
) at /repo/freebsd/8-CURRENT/src/sys/kern/kern_shutdown.c:559
#12 0xffffffff80437913 in ehci_free_sqtd_chain (sc=0xffffff000355a000, sqh=0xffffffff81020fe0, sqtd=0xa, sqtdend=0xfffffffeb6940f80)
    at /repo/freebsd/8-CURRENT/src/sys/dev/usb/ehci.c:2737
#13 0xffffffff804379e9 in ehci_device_bulk_done (xfer=0xffffffff81020fe0) at /repo/freebsd/8-CURRENT/src/sys/dev/usb/ehci.c:3543
#14 0xffffffff80469b45 in usb_transfer_complete (xfer=0xffffff0003a8e400) at /repo/freebsd/8-CURRENT/src/sys/dev/usb/usbdi.c:982
#15 0xffffffff8043709e in ehci_idone (ex=Variable "ex" is not available.
) at /repo/freebsd/8-CURRENT/src/sys/dev/usb/ehci.c:1034
#16 0xffffffff804377f0 in ehci_softintr (v=0xffffffff81020fe0) at /repo/freebsd/8-CURRENT/src/sys/dev/usb/ehci.c:802
#17 0xffffffff80465645 in usb_schedsoftintr (bus=Variable "bus" is not available.
) at /repo/freebsd/8-CURRENT/src/sys/dev/usb/usb.c:848
#18 0xffffffff8043937d in ehci_intr1 (sc=0xffffff000355a000) at /repo/freebsd/8-CURRENT/src/sys/dev/usb/ehci.c:631
#19 0xffffffff80439e92 in ehci_intr (v=Variable "v" is not available.
) at /repo/freebsd/8-CURRENT/src/sys/dev/usb/ehci.c:590
#20 0xffffffff804de0ca in intr_event_execute_handlers (p=Variable "p" is not available.
) at /repo/freebsd/8-CURRENT/src/sys/kern/kern_intr.c:1134
#21 0xffffffff804dec8d in ithread_loop (arg=Variable "arg" is not available.
) at /repo/freebsd/8-CURRENT/src/sys/kern/kern_intr.c:1147
#22 0xffffffff804dc0e6 in fork_exit (callout=0xffffffff804debcf <ithread_loop>, arg=0xffffff000360ea60, frame=0xfffffffeb3e62c90)
    at /repo/freebsd/8-CURRENT/src/sys/kern/kern_fork.c:821
#23 0xffffffff8078c9ce in fork_trampoline () at /repo/freebsd/8-CURRENT/src/sys/amd64/amd64/exception.S:521
#24 0x0000000000000000 in ?? ()
#25 0x0000000000000000 in ?? ()
#26 0x0000000000000001 in ?? ()
#27 0x0000000000000000 in ?? ()
#28 0x0000000000000000 in ?? ()
#29 0x0000000000000000 in ?? ()
#30 0x0000000000000000 in ?? ()
#31 0x0000000000000000 in ?? ()
#32 0x0000000000000000 in ?? ()
#33 0x0000000000000000 in ?? ()
#34 0x0000000000000000 in ?? ()
#35 0x0000000000000000 in ?? ()
#36 0x0000000000000000 in ?? ()
#37 0x0000000000000000 in ?? ()
#38 0x0000000000000000 in ?? ()
#39 0x0000000000000000 in ?? ()
#40 0x0000000000000000 in ?? ()
#41 0x0000000000000000 in ?? ()
#42 0x0000000000000000 in ?? ()
#43 0x0000000000000000 in ?? ()
#44 0x0000000000000000 in ?? ()
#45 0x0000000000000000 in ?? ()
#46 0x0000000000000000 in ?? ()
#47 0x0000000000000000 in ?? ()
#48 0x0000000000ee3000 in ?? ()
#49 0x0000000000000000 in ?? ()
#50 0xffffffff80b3e040 in affinity ()
#51 0xffffffff80b3e040 in affinity ()
#52 0xffffff00014d3390 in ?? ()
#53 0xfffffffeb3e62b90 in ?? ()
#54 0xfffffffeb3e62b48 in ?? ()
#55 0xffffff00035b4720 in ?? ()
---Type <return> to continue, or q <return> to quit---
#56 0xffffffff8051e396 in sched_switch (td=0xffffff000360ea60, newtd=0xffffffff804debcf, flags=Cannot access memory at address 0xffffffffffffffc0
) at /repo/freebsd/8-CURRENT/src/sys/kern/sched_ule.c:1848
Previous frame inner to this frame (corrupt stack?)
(kgdb) list
191	static __inline struct thread *
192	__curthread(void)
193	{
194		struct thread *td;
195	
196		__asm __volatile("movq %%gs:0,%0" : "=r" (td));
197		return (td);
198	}
199	#define	curthread		(__curthread())
200	
(kgdb) quit
#
-----

More information about the freebsd-current mailing list