Date: Wed, 14 Jul 2010 20:49:10 +0400 From: pluknet <pluknet@gmail.com> To: Juergen Lock <nox@jelal.kn-bremen.de> Cc: freebsd-stable@freebsd.org, freebsd-usb@freebsd.org Subject: Re: new umass panic on 7-stable built today Message-ID: <AANLkTik5c1hVGF0VUWqFBYOoAMZLQ7Ae1umoyNUEiZQH@mail.gmail.com> In-Reply-To: <20090719215224.GA2271@triton.kn-bremen.de> References: <20090719215224.GA2271@triton.kn-bremen.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20 July 2009 01:52, Juergen Lock <nox@jelal.kn-bremen.de> wrote:
> Hi!
>
> =A0So I wanted to use an usb key on this freshly updated 7-stable box,
> and got a panic just after plugging it in: :(
>
> zsh triton# kgdb /boot/kernel/kernel.symbols /var/crash/vmcore.9
> ...
> umass0: <OCZ Technology ATV, class 0/0, rev 2.00/11.00, addr 2> on uhub5
> umass0:1:0:-1: Attached to scbus1
>
>
> Fatal trap 12: page fault while in kernel mode
> cpuid =3D 0; apic id =3D 00
> fault virtual address =A0 =3D 0x290
> fault code =A0 =A0 =A0 =A0 =A0 =A0 =A0=3D supervisor read data, page not =
present
> instruction pointer =A0 =A0 =3D 0x8:0xffffffff804d67d4
> stack pointer =A0 =A0 =A0 =A0 =A0 =3D 0x10:0xffffff8085487da0
> frame pointer =A0 =A0 =A0 =A0 =A0 =3D 0x10:0xffffff8085487de0
> code segment =A0 =A0 =A0 =A0 =A0 =A0=3D base 0x0, limit 0xfffff, type 0x1=
b
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=3D DPL 0, pres 1, long 1,=
def32 0, gran 1
> processor eflags =A0 =A0 =A0 =A0=3D interrupt enabled, resume, IOPL =3D 0
> current process =A0 =A0 =A0 =A0 =3D 38 (usb5)
> trap number =A0 =A0 =A0 =A0 =A0 =A0 =3D 12
> panic: page fault
> cpuid =3D 0
> KDB: stack backtrace:
> db_trace_self_wrapper() at db_trace_self_wrapper+0x2a
> panic() at panic+0x182
> trap_fatal() at trap_fatal+0x2b3
> trap_pfault() at trap_pfault+0x294
> trap() at trap+0x312
> calltrap() at calltrap+0x8
> --- trap 0xc, rip =3D 0xffffffff804d67d4, rsp =3D 0xffffff8085487da0, rbp=
=3D 0xffffff8085487de0 ---
> usb_transfer_complete() at usb_transfer_complete+0x1d4
> bus_dmamap_load() at bus_dmamap_load+0x314
> usbd_transfer() at usbd_transfer+0xee
> usbd_do_request_flags_pipe() at usbd_do_request_flags_pipe+0x8f
> usbd_do_request_flags() at usbd_do_request_flags+0x25
> usbd_get_string_desc() at usbd_get_string_desc+0x9b
> usbd_get_string() at usbd_get_string+0x83
> uhub_child_pnpinfo_str() at uhub_child_pnpinfo_str+0xd9
> devaddq() at devaddq+0xd5
> device_attach() at device_attach+0x13a
> usbd_new_device() at usbd_new_device+0x821
> uhub_explore() at uhub_explore+0x1bd
> usb_discover() at usb_discover+0x38
> usb_event_thread() at usb_event_thread+0x8a
> fork_exit() at fork_exit+0x11f
> fork_trampoline() at fork_trampoline+0xe
> --- trap 0, rip =3D 0, rsp =3D 0xffffff8085488d30, rbp =3D 0 ---
> Uptime: 1m1s
> Physical memory: 8176 MB
> Dumping 4605 MB: 4590 4574 4558 4542 4526 4510 4494 4478 4462 4446 4430 4=
414 4398 4382 4366 4350 4334 4318 4302 4286 4270 4254 4238 4222 4206 4190 4=
174 4158 4142 4126 4110 4094 4078 4062 4046 4030 4014 3998 3982 3966 3950 3=
934 3918 3902 3886 3870 3854 3838 3822 3806 3790 3774 3758 3742 3726 3710 3=
694 3678 3662 3646 3630 3614 3598 3582 3566 3550 3534 3518 3502 3486 3470 3=
454 3438 3422 3406 3390 3374 3358 3342 3326 3310 3294 3278 3262 3246 3230 3=
214 3198 3182 3166 3150 3134 3118 3102 3086 3070 3054 3038 3022 3006 2990 2=
974 2958 2942 2926 2910 2894 2878 2862 2846 2830 2814 2798 2782 2766 2750 2=
734 2718 2702 2686 2670 2654 2638 2622 2606 2590 2574 2558 2542 2526 2510 2=
494 2478 2462 2446 2430 2414 2398 2382 2366 2350 2334 2318 2302 2286 2270 2=
254 2238 2222 2206 2190 2174 2158 2142 2126 2110 2094 2078 2062 2046 2030 2=
014 1998 1982 1966 1950 1934 1918 1902 1886 1870 1854 1838 1822 1806 1790 1=
774 1758 1742 1726 1710 1694 1678 1662 1646 1630 1614 1598 1582 1566 1550 1=
534 1518 1502 1486 1470 1454 1438 1422 1406 1390 1374 1358 1342 1326 1310 1=
294 1278 1262 1246 1230 1214 1198 1182 1166 1150 1134 1118 1102 1086 1070 1=
054 1038 1022 1006 990 974 958 942 926 910 894 878 862 846 830 814 798 782 =
766 750 734 718 702 686 670 654 638 622 606 590 574 558 542 526 510 494 478=
462 446 430 414 398 382 366 350 334 318 302 286 270 254 238 222 206 190 17=
4 158 142 126 110 94 78 62 46 30 14
>
> Reading symbols from /boot/kernel/umass.ko...Reading symbols from /boot/k=
ernel/umass.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/umass.ko
> #0 =A0doadump () at pcpu.h:195
> 195 =A0 =A0 =A0 =A0 =A0 =A0 __asm __volatile("movq %%gs:0,%0" : "=3Dr" (t=
d));
> (kgdb) bt
> #0 =A0doadump () at pcpu.h:195
> #1 =A00xffffffff80567248 in boot (howto=3D260)
> =A0 =A0at /usr/home/nox/src72s2/src/sys/kern/kern_shutdown.c:418
> #2 =A00xffffffff805676ac in panic (fmt=3DVariable "fmt" is not available.
> )
> =A0 =A0at /usr/home/nox/src72s2/src/sys/kern/kern_shutdown.c:574
> #3 =A00xffffffff8082f953 in trap_fatal (frame=3D0xc, eva=3DVariable "eva"=
is not available.
> )
> =A0 =A0at /usr/home/nox/src72s2/src/sys/amd64/amd64/trap.c:756
> #4 =A00xffffffff8082fd34 in trap_pfault (frame=3D0xffffff8085487cf0, user=
mode=3D0)
> =A0 =A0at /usr/home/nox/src72s2/src/sys/amd64/amd64/trap.c:672
> #5 =A00xffffffff808306e2 in trap (frame=3D0xffffff8085487cf0)
> =A0 =A0at /usr/home/nox/src72s2/src/sys/amd64/amd64/trap.c:443
> #6 =A00xffffffff80819cce in calltrap ()
> =A0 =A0at /usr/home/nox/src72s2/src/sys/amd64/amd64/exception.S:218
> #7 =A00xffffffff804d67d4 in usb_transfer_complete (xfer=3D0xffffff00046b1=
000)
> =A0 =A0at /usr/home/nox/src72s2/src/sys/dev/usb/usbdi.c:949
> #8 =A00xffffffff80815bf4 in bus_dmamap_load (dmat=3D0xffffff0004499880,
> =A0 =A0map=3D0xffffff000478ec00, buf=3D0xffffff8085487fe0, buflen=3D0,
> =A0 =A0callback=3D0xffffffff804d68b0 <usbd_start_transfer>,
> =A0 =A0callback_arg=3D0xffffff00046b1000, flags=3D0)
> =A0 =A0at /usr/home/nox/src72s2/src/sys/amd64/amd64/busdma_machdep.c:738
> #9 =A00xffffffff804d6f2e in usbd_transfer (xfer=3D0xffffff00046b1000)
> =A0 =A0at /usr/home/nox/src72s2/src/sys/dev/usb/usbdi.c:312
> #10 0xffffffff804d717f in usbd_do_request_flags_pipe (dev=3D0xffffff00047=
51600,
> ---Type <return> to continue, or q <return> to quit---
> =A0 =A0pipe=3D0xffffff000474cd80, req=3D0xffffff8085487f80, data=3D0xffff=
ff8085487fe0,
> =A0 =A0flags=3DVariable "flags" is not available.
> ) at /usr/home/nox/src72s2/src/sys/dev/usb/usbdi.c:1100
> #11 0xffffffff804d72b5 in usbd_do_request_flags (dev=3DVariable "dev" is =
not available.
> )
> =A0 =A0at /usr/home/nox/src72s2/src/sys/dev/usb/usbdi.c:1070
> #12 0xffffffff804d518b in usbd_get_string_desc (dev=3D0xffffff0004751600,=
sindex=3DVariable "sindex" is not available.
>
> ) at /usr/home/nox/src72s2/src/sys/dev/usb/usb_subr.c:171
> #13 0xffffffff804d6473 in usbd_get_string (dev=3D0xffffff0004751600, si=
=3D3,
> =A0 =A0buf=3D0xffffff8085488160 "", len=3D128)
> =A0 =A0at /usr/home/nox/src72s2/src/sys/dev/usb/usbdi.c:1353
> #14 0xffffffff804cdb49 in uhub_child_pnpinfo_str (cbdev=3DVariable "cbdev=
" is not available.
> )
> =A0 =A0at /usr/home/nox/src72s2/src/sys/dev/usb/uhub.c:658
> #15 0xffffffff80590ce5 in devaddq (type=3D0xffffffff8090dccf "+",
> =A0 =A0what=3D0xffffff00046b0000 "umass0 vendor=3D0x0325 product=3D0xac02=
devclass=3D0x00 devsubclass=3D0x00 release=3D0x1100 sernum=3D\"AA040127001=
52689\" intclass=3D0x08 intsubclass=3D0x06", dev=3D0xffffff00046c0200)
> =A0 =A0at /usr/home/nox/src72s2/src/sys/kern/subr_bus.c:625
> #16 0xffffffff805914ba in device_attach (dev=3D0xffffff00046c0200)
> =A0 =A0at /usr/home/nox/src72s2/src/sys/kern/subr_bus.c:668
> #17 0xffffffff804d5b41 in usbd_new_device (parent=3D0xffffff00044a0200,
> =A0 =A0bus=3D0xffffff0004472000, depth=3DVariable "depth" is not availabl=
e.
> )
> =A0 =A0at /usr/home/nox/src72s2/src/sys/dev/usb/usb_subr.c:926
> #18 0xffffffff804cd79d in uhub_explore (dev=3D0xffffff00044a0300)
> =A0 =A0at /usr/home/nox/src72s2/src/sys/dev/usb/uhub.c:523
> ---Type <return> to continue, or q <return> to quit---
> #19 0xffffffff804d23e8 in usb_discover (v=3DVariable "v" is not available=
.
> )
> =A0 =A0at /usr/home/nox/src72s2/src/sys/dev/usb/usb.c:724
> #20 0xffffffff804d33aa in usb_event_thread (arg=3DVariable "arg" is not a=
vailable.
> )
> =A0 =A0at /usr/home/nox/src72s2/src/sys/dev/usb/usb.c:440
> #21 0xffffffff8054115f in fork_exit (
> =A0 =A0callout=3D0xffffffff804d3320 <usb_event_thread>, arg=3D0xffffff000=
44b1580,
> =A0 =A0frame=3D0xffffff8085488c80)
> =A0 =A0at /usr/home/nox/src72s2/src/sys/kern/kern_fork.c:811
> #22 0xffffffff8081a0ae in fork_trampoline ()
> =A0 =A0at /usr/home/nox/src72s2/src/sys/amd64/amd64/exception.S:554
> #23 0x0000000000000000 in ?? ()
> #24 0x0000000000000000 in ?? ()
> #25 0x0000000000000001 in ?? ()
> #26 0x0000000000000000 in ?? ()
> #27 0x0000000000000000 in ?? ()
> #28 0x0000000000000000 in ?? ()
> #29 0x0000000000000000 in ?? ()
> #30 0x0000000000000000 in ?? ()
> #31 0x0000000000000000 in ?? ()
> #32 0x0000000000000000 in ?? ()
> #33 0x0000000000000000 in ?? ()
> #34 0x0000000000000000 in ?? ()
> #35 0x0000000000000000 in ?? ()
> ---Type <return> to continue, or q <return> to quit---
> #36 0x0000000000000000 in ?? ()
> #37 0x0000000000000000 in ?? ()
> #38 0x0000000000000000 in ?? ()
> #39 0x0000000000000000 in ?? ()
> #40 0x0000000000000000 in ?? ()
> #41 0x0000000000000000 in ?? ()
> #42 0x0000000000000000 in ?? ()
> #43 0x0000000000000000 in ?? ()
> #44 0x0000000000000000 in ?? ()
> #45 0x0000000000000000 in ?? ()
> #46 0x0000000000000000 in ?? ()
> #47 0x0000000000d84000 in ?? ()
> #48 0x0000000000000001 in ?? ()
> #49 0xffffffff80bba848 in sleepq_chains ()
> #50 0xffffff00044a5720 in ?? ()
> #51 0xffffff00044a5a70 in ?? ()
> #52 0xffffff8085487da0 in ?? ()
> #53 0xffffff8085487d38 in ?? ()
> #54 0xffffff00044a5720 in ?? ()
> #55 0xffffffff8058b01e in sched_switch (td=3D0x0, newtd=3DCannot access m=
emory at address 0xffffffffffffffa8
> )
> =A0 =A0at /usr/home/nox/src72s2/src/sys/kern/sched_ule.c:1938
> Previous frame inner to this frame (corrupt stack?)
> (kgdb) fr 7
> #7 =A00xffffffff804d67d4 in usb_transfer_complete (xfer=3D0xffffff00046b1=
000)
> =A0 =A0at /usr/home/nox/src72s2/src/sys/dev/usb/usbdi.c:949
> 949 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 STAILQ_REMOVE_HEAD(&pipe->que=
ue, next);
> (kgdb) p pipe
> $1 =3D 0xffffff000474cd80
> (kgdb) p *pipe
> $2 =3D {iface =3D 0x0, device =3D 0xffffff0004751600, endpoint =3D 0xffff=
ff0004751638,
> =A0refcnt =3D 1, running =3D 0 '\0', aborting =3D 0 '\0', queue =3D {stqh=
_first =3D 0x0,
> =A0 =A0stqh_last =3D 0xffffff000474cda0}, next =3D {le_next =3D 0x0, le_p=
rev =3D 0x0},
> =A0intrxfer =3D 0x0, repeat =3D 0 '\0', interval =3D -1, methods =3D 0xff=
ffffff80afbf00}
> (kgdb) q
> zsh triton#
>
> =A0Suggestions/patches welcome...
>
> =A0Thanx,
> =A0 =A0 =A0 =A0Juergen
Hi,
Wow, a year passed until today I attached almost the same keyboard
on 7.3-RELEASE amd64 and faced panic with the same backtrace.
Is there maybe some *cough* specific handling need with this vendor?
db> bt
Tracing pid 47 tid 100047 td 0xffffff0006c54740
usb_transfer_complete() at usb_transfer_complete+0x1d4
bus_dmamap_load() at bus_dmamap_load+0x314
usbd_transfer() at usbd_transfer+0xee
usbd_do_request_flags_pipe() at usbd_do_request_flags_pipe+0x8f
usbd_do_request_flags() at usbd_do_request_flags+0x25
usbd_get_string_desc() at usbd_get_string_desc+0x9b
usbd_get_string() at usbd_get_string+0x83
uhub_child_pnpinfo_str() at uhub_child_pnpinfo_str+0xd9
devaddq() at devaddq+0xd5
device_attach() at device_attach+0x13a
usbd_new_device() at usbd_new_device+0x816
uhub_explore() at uhub_explore+0x1bd
usb_discover() at usb_discover+0x38
usb_event_thread() at usb_event_thread+0x8a
fork_exit() at fork_exit+0x11f
fork_trampoline() at fork_trampoline+0xe
--- trap 0, rip =3D 0, rsp =3D 0xffffff8161196d30, rbp =3D 0 ---
db> show msgbuf
msgbufp =3D 0xffffffff80e20fe0
magic =3D 63062, size =3D 65504, r=3D 44209, w =3D 44746, ptr =3D
0xffffffff80e11000, cksum=3D 3347961
umass0: <OCZ ATV, class 0/0, rev 2.00/1.10, addr 2> on uhub2
Fatal trap 12: page fault while in kernel mode
cpuid =3D 4; apic id =3D 04
fault virtual address =3D 0x290
fault code =3D supervisor read data, page not present
instruction pointer =3D 0x8:0xffffffff804a9d44
stack pointer =3D 0x10:0xffffff8161195db0
frame pointer =3D 0x10:0xffffff8161195df0
code segment =3D base 0x0, limit 0xfffff, type 0x1b
=3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags =3D interrupt enabled, resume, IOPL =3D 0
current process =3D 47 (usb2)
--=20
wbr,
pluknet
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTik5c1hVGF0VUWqFBYOoAMZLQ7Ae1umoyNUEiZQH>