From owner-freebsd-current@FreeBSD.ORG Thu Oct 18 10:48:55 2012 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4AD9C5AF for ; Thu, 18 Oct 2012 10:48:55 +0000 (UTC) (envelope-from freebsd-current@m.gmane.org) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) by mx1.freebsd.org (Postfix) with ESMTP id 0077C8FC12 for ; Thu, 18 Oct 2012 10:48:54 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1TOnet-0004qh-LT for freebsd-current@freebsd.org; Thu, 18 Oct 2012 12:48:59 +0200 Received: from l.saper.info ([91.121.203.103]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 18 Oct 2012 12:48:59 +0200 Received: from saper by l.saper.info with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 18 Oct 2012 12:48:59 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-current@freebsd.org From: Marcin Cieslak Subject: Regression: panic in camq_remove when plugging in Huawei IDEOS phone Date: Thu, 18 Oct 2012 10:48:43 +0000 (UTC) Organization: http://saper.info Lines: 49 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: l.saper.info X-Face: "MPx|KfVwz7Gg!ayb)rH,hKiCBJXvLY7t+%r1s0Uiw; (%xWn-C-H38.2Oa4JL|4Cx}a"V ~a pL4%i"s20r0%z0yZew?2><1ZfOFF27cPqcAKp?wG+-c&%BgXeJVm[lylYKH?j User-Agent: slrn/0.9.9p1 (FreeBSD) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Oct 2012 10:48:55 -0000 Hello, I got this crash in -CURRENT (r241671) when plugging in Huawei IDEOS Android mobile phone via USB. #10 0xffffffff802ab7a7 in heap_down (queue_array=0xfffffe0002f29878, index=Variable "index" is not available. ) at /usr/src/sys/cam/cam_queue.c:357 #11 0xffffffff802ab86e in camq_remove (queue=0xfffffe0002e9f880, index=49453168) at /usr/src/sys/cam/cam_queue.c:185 #12 0xffffffff802b0bf3 in xpt_run_dev_sendq (bus=0xfffffe0002e98d00) at cam_queue.h:210 ---Type to continue, or q to quit--- #13 0xffffffff802b150f in camisr_runqueue (V_queue=Variable "V_queue" is not available. ) at /usr/src/sys/cam/cam_xpt.c:5117 #14 0xffffffff802b171a in camisr (dummy=Variable "dummy" is not available. ) at /usr/src/sys/cam/cam_xpt.c:5017 #15 0xffffffff80767fab in intr_event_execute_handlers (p=Variable "p" is not available. ) at /usr/src/sys/kern/kern_intr.c:1272 #16 0xffffffff8076967f in ithread_loop (arg=0xfffffe00024b48c0) at /usr/src/sys/kern/kern_intr.c:1285 Some randomly collected data from the dump file: #11 0xffffffff802ab86e in camq_remove (queue=0xfffffe0002e9f880, index=49453168) at /usr/src/sys/cam/cam_queue.c:185 185 heap_down(queue->queue_array, index, queue->entries - 1); (kgdb) print queue $3 = (struct camq *) 0xfffffe0002e9f880 (kgdb) print *queue $4 = {queue_array = 0xfffffe0002f29878, array_size = 5, entries = 1, generation = 28, qfrozen_cnt = {0, 0, 0, 0, 0}} (kgdb) print *queue->queue_array $5 = (cam_pinfo *) 0x0 (kgdb) print queue->queue_array $6 = (cam_pinfo **) 0xfffffe0002f29878 (kgdb) print queue->queue_array[0] $7 = (cam_pinfo *) 0x0 (kgdb) print queue->queue_array[1] $8 = (cam_pinfo *) 0xfffffe0002d24800 I have a full core dump so I can poke around more. It did work when the machine was running a ca. 1 year old 9-something system. //Marcin