From owner-freebsd-current@FreeBSD.ORG  Tue Nov 27 14:59:22 2007
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BBC4C16A420
	for <freebsd-current@freebsd.org>; Tue, 27 Nov 2007 14:59:22 +0000 (UTC)
	(envelope-from asmrookie@gmail.com)
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.188])
	by mx1.freebsd.org (Postfix) with ESMTP id 3E4F113C457
	for <freebsd-current@freebsd.org>; Tue, 27 Nov 2007 14:59:22 +0000 (UTC)
	(envelope-from asmrookie@gmail.com)
Received: by nf-out-0910.google.com with SMTP id b2so930943nfb
	for <freebsd-current@freebsd.org>; Tue, 27 Nov 2007 06:59:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
	bh=zDD8BgXWkgtTSNf9TUce9DCMVA3skZKERbBYHGGxuW4=;
	b=CumIPSx5qW7RZqAquIrzaQhNL4r2IXbuiJrAxKWFpATS7c3Q2MgZapF3sK9ZZDObt7XMSfQHr+UsOfZbB0zwKUJXSHKX+t3R04IezPImy+sMOB4bp8uLacxQtMWXw77Gd+h+EqtSSG+lJMPdH+F6JiLh+ZxY+4b7jywLwDPo8No=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
	b=X+lpWELZB37hLv1+QX5KbQ2GTPtrTmW3nnvNaDU4rDBdynyIL/inFPhxXwMsCLHWpRmCe41MM8dwnp+YrxxM/tpZFrfKW1marupwS7LTgDcANwVebEg2Fr0r3I1DRBqjLtLm30he+9g5+AoufTvpmQbZoKB6wcRZ6dDiEDJWxpY=
Received: by 10.86.65.11 with SMTP id n11mr3940864fga.1196175557675;
	Tue, 27 Nov 2007 06:59:17 -0800 (PST)
Received: by 10.86.28.19 with HTTP; Tue, 27 Nov 2007 06:59:17 -0800 (PST)
Message-ID: <3bbf2fe10711270659gbfbdde5m5acb0ea38351607a@mail.gmail.com>
Date: Tue, 27 Nov 2007 15:59:17 +0100
From: "Attilio Rao" <attilio@freebsd.org>
Sender: asmrookie@gmail.com
To: "Matthias Schmidt" <xhr@gmx.net>
In-Reply-To: <A2356BD6-2268-434E-B099-3F3DF9399B43@gmx.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <A2356BD6-2268-434E-B099-3F3DF9399B43@gmx.net>
X-Google-Sender-Auth: a89be625d0f31d2d
Cc: freebsd-current@freebsd.org
Subject: Re: 7.0-BETA3 kernel panic when unplugging USB stick
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Nov 2007 14:59:22 -0000

2007/11/26, Matthias Schmidt <xhr@gmx.net>:
> Hi everybody,
>
> I experienced a kernel panic with FreeBSD 7.0-BETA3 and an USB stick.
> After plugging the stick into the machine I got the following
> message:
>
> umass0: <vendor 0x0420 product 0x1307, class 0/0, rev 2.00/1.00, addr 3>
> on uhub2
>
> The stick wasn't correctly recognized and I couldn't use it.  Googling
> for that vendor ID I found the following PR:
>
> http://monkey.org/freebsd/archive/freebsd-bugs/200602/msg00384.html
>
> When I plugged out the stick, I got the below messages followed by a
> kernel panic:
>
> umass0: BBB reset failed, STALLED
> umass0: BBB bulk-in clear stall failed, STALLED
> umass0: BBB bulk-out clear stall failed, STALLED
> umass0: BBB reset failed, STALLED
> umass0: at uhub2 port 4 (addr 3) disconnected
>
> Backtrace below.  You can find a copy of the dmesg, pciconf -l -v
> output, kernel config and the corresponding crash dump under:
>
> http://www.mathematik.uni-marburg.de/~schmidtm/usbcrash/
>
> FreeBSD version is
>
> FreeBSD node008.lab.ds 7.0-BETA3 FreeBSD 7.0-BETA3 #0: Sun Nov 25
> 14:11:30 CET 2007 root@node008.lab.ds:/usr/src/sys/i386/compile/
> NODE008  i386
>
> with a GENERIC kernel supplemented only with WITNESS and debug options.
>
>
> GDB will not be able to debug user-mode threads:
> /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you
> are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for
> details.
> This GDB was configured as "i386-marcel-freebsd".
>
> Unread portion of the kernel message buffer:
> umass0: BBB reset failed, STALLED
> umass0: BBB bulk-in clear stall failed, STALLED
> umass0: BBB bulk-out clear stall failed, STALLED
> umass0: BBB reset failed, STALLED
> umass0: at uhub2 port 4 (addr 3) disconnected
>
>
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 00
> fault virtual address   = 0x10
> fault code              = supervisor read, page not present
> instruction pointer     = 0x20:0xc07453e3
> stack pointer           = 0x28:0xd51dc960
> frame pointer           = 0x28:0xd51dc970
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
>                         processor eflags        = interrupt enabled,
>                         resume, IOPL = 0
>                         current process         = 30 (usb1)
> exclusive sleep mutex Giant r = 0 (0xc0bba270) locked @
> dev/usb/uhub.c:639
> panic: from debugger
> cpuid = 0
> Uptime: 16h39m33s
> Physical memory: 499 MB
> Dumping 100 MB: 85 69 53 37 21 5
>
> #0  doadump () at pcpu.h:195
>         195             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
> (kgdb)
> (kgdb) bt
> #0  doadump () at pcpu.h:195
> #1  0xc075137e in boot (howto=260) at ../../../kern/kern_shutdown.c:409
> #2  0xc075163b in panic (fmt=Variable "fmt" is not available.
>                 ) at ../../../kern/kern_shutdown.c:563
> #3  0xc048cf07 in db_panic (addr=Could not find the frame base for
>                 "db_panic".
>                 ) at ../../../ddb/db_command.c:433
> #4  0xc048d8f5 in db_command_loop () at ../../../ddb/db_command.c:401
> #5  0xc048f065 in db_trap (type=12, code=0) at
> ../../../ddb/db_main.c:222
> #6  0xc07783b6 in kdb_trap (type=12, code=0, tf=0xd51dc920) at
> ../../../kern/subr_kdb.c:502
> #7  0xc0a09d1f in trap_fatal (frame=0xd51dc920, eva=16) at
> ../../../i386/i386/trap.c:863
> #8  0xc0a09f53 in trap_pfault (frame=0xd51dc920, usermode=0, eva=16) at
> ../../../i386/i386/trap.c:785
> #9  0xc0a0a925 in trap (frame=0xd51dc920) at
> ../../../i386/i386/trap.c:463
> #10 0xc09f04ab in calltrap () at ../../../i386/i386/exception.s:139
> #11 0xc07453e3 in _mtx_assert (m=0x0, what=4, file=0xc0a59667
>                 "../../../cam/cam_xpt.c", line=4300)
>     at ../../../kern/kern_mutex.c:622
> #12 0xc046e064 in xpt_release_ccb (free_ccb=0xc2f16c00) at
>     ../../../cam/cam_xpt.c:4300
> #13 0xc046e5c0 in probedone (periph=0xc53ee380, done_ccb=0xc2f16c00) at
>     ../../../cam/cam_xpt.c:6095
> #14 0xc046ac7f in camisr_runqueue (V_queue=Variable "V_queue" is not
>                 available.
>                 ) at ../../../cam/cam_xpt.c:7255
> #15 0xc046f396 in xpt_bus_deregister (pathid=0) at
> ../../../cam/cam_xpt.c:4442
> #16 0xc06c80f0 in umass_cam_detach_sim (sc=0xc43a7000) at
> ../../../dev/usb/umass.c:2694
> #17 0xc06c819d in umass_detach (self=0xc53ee000) at
> ../../../dev/usb/umass.c:1542
> #18 0xc0772f1c in device_detach (dev=0xc53ee000) at device_if.h:212
> #19 0xc06ce882 in usb_disconnect_port (up=0xc2f5536c, parent=0xc2f55480)
> at ../../../dev/usb/usb_subr.c:1380
> #20 0xc06c5a6e in uhub_explore (dev=0xc2f55700) at
> ../../../dev/usb/uhub.c:462
> #21 0xc06c5a36 in uhub_explore (dev=0xc2f29100) at
> ../../../dev/usb/uhub.c:434
> #22 0xc06cc835 in usb_discover (v=Variable "v" is not available.
>                 ) at ../../../dev/usb/usb.c:724
> #23 0xc06cd207 in usb_event_thread (arg=0xc2f1ca00) at
> ../../../dev/usb/usb.c:440
> #24 0xc0733538 in fork_exit (callout=0xc06cd170 <usb_event_thread>,
>                 arg=0xc2f1ca00, frame=0xd51dcd38)
>     at ../../../kern/kern_fork.c:754
> #25 0xc09f0520 in fork_trampoline () at
>     ../../../i386/i386/exception.s:205
> (kgdb) up 9
> #9  0xc0a0a925 in trap (frame=0xd51dc920) at
>     ../../../i386/i386/trap.c:463
> 463                             (void) trap_pfault(frame, FALSE, eva);
> (kgdb) l
> 458
> 459                     KASSERT(cold || td->td_ucred != NULL,
> 460                         ("kernel trap doesn't have
>                             ucred"));
> 461                     switch (type) {
> 462                     case T_PAGEFLT:
>                                     /* page fault */
> 463                             (void)
>                                     trap_pfault(frame, FALSE, eva);
> 464                             goto out;
> 465
> 466                     case T_DNA:
> 467     #ifdef DEV_NPX
>
> If you need further information, don't hesitate to contact me.  I can
> even provide remote access to that box if its needed.

This seems a race in the sim with the lock field (it switches just
before to assert so that it get unconsistent when asserting).
Something is unclear to me (sorry if I missed the information): you
use SMP and PREEMPTION but I don't see any other core started in the
dmesg, what kind of hw is this?

Thanks,
Attilio


-- 
Peace can only be achieved by understanding - A. Einstein