panic while inserting USB key

From: Petr Holub <hopet_at_ics.muni.cz>
Date: Tue, 9 Oct 2007 12:23:49 +0200
Hi,

I'm consistently encountering kernel panic when inserting a USB key
(yes, it's the same machine I had to use realbtx for):

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x290
fault code              = supervisor read data, page not present
instruction pointer     = 0x8:0xffffffff804010a4
stack pointer           = 0x10:0xffffffffac2dada0
frame pointer           = 0x10:0xffffffffac2dade0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 37 (usb4)
[thread pid 37 tid 100032 ]
Stopped at      usb_transfer_complete+0x1d4:    movq    0x290(%r14),%r11
db> bt
Tracing pid 37 tid 100032 td 0xffffff0001242000
usb_transfer_complete() at usb_transfer_complete+0x1d4
bus_dmamap_load() at bus_dmamap_load+0x330
usbd_transfer() at usbd_transfer+0xee
usbd_do_request_flags_pipe() at usbd_do_request_flags_pipe+0x8f
usbd_do_request_flags() at usbd_do_request_flags+0x25
usbd_get_string_desc() at usbd_get_string_desc+0x9b
usbd_get_string() at usbd_get_string+0x83
usbd_devinfo_vp() at usbd_devinfo_vp+0x6f
usbd_devinfo() at usbd_devinfo+0x46
usbd_new_device() at usbd_new_device+0x5b2
uhub_explore() at uhub_explore+0x1bd
usb_discover() at usb_discover+0x38
usb_event_thread() at usb_event_thread+0x8a
fork_exit() at fork_exit+0x11f
fork_trampoline() at fork_trampoline+0xe
--- trap 0, rip = 0, rsp = 0xffffffffac2dbd30, rbp = 0 ---
db> sh threads
  100071 (0xffffff00037d7350)  sched_switch() at sched_switch+0x1fe
  100083 (0xffffff00037dd9f0)  sched_switch() at sched_switch+0x1fe
  100082 (0xffffff0003885000)  sched_switch() at sched_switch+0x1fe
  100096 (0xffffff0003b53000)  sched_switch() at sched_switch+0x1fe
  100063 (0xffffff00037dc350)  sched_switch() at sched_switch+0x1fe
  100065 (0xffffff00037da9f0)  sched_switch() at sched_switch+0x1fe
  100069 (0xffffff00037d79f0)  sched_switch() at sched_switch+0x1fe
  100058 (0xffffff00037a3350)  sched_switch() at sched_switch+0x1fe
  100067 (0xffffff00037da350)  sched_switch() at sched_switch+0x1fe
  100112 (0xffffff0003be9000)  sched_switch() at sched_switch+0x1fe
  100113 (0xffffff0003be89f0)  sched_switch() at sched_switch+0x1fe
  100056 (0xffffff00037a39f0)  sched_switch() at sched_switch+0x1fe
  100060 (0xffffff00037dd000)  sched_switch() at sched_switch+0x1fe
  100062 (0xffffff00037dc6a0)  sched_switch() at sched_switch+0x1fe
  100051 (0xffffff00036cd350)  sched_switch() at sched_switch+0x1fe
  100050 (0xffffff00036cd6a0)  sched_switch() at sched_switch+0x1fe
  100053 (0xffffff00036389f0)  sched_switch() at sched_switch+0x1fe
  100064 (0xffffff00037dc000)  sched_switch() at sched_switch+0x1fe
  100039 (0xffffff0003637000)  sched_switch() at sched_switch+0x1fe
  100040 (0xffffff00036359f0)  sched_switch() at sched_switch+0x1fe
  100041 (0xffffff00036356a0)  sched_switch() at sched_switch+0x1fe
  100042 (0xffffff0003635350)  sched_switch() at sched_switch+0x1fe
  100043 (0xffffff0003635000)  sched_switch() at sched_switch+0x1fe
  100044 (0xffffff00012439f0)  sched_switch() at sched_switch+0x1fe
  100045 (0xffffff00036d09f0)  sched_switch() at sched_switch+0x1fe
  100046 (0xffffff00036d06a0)  sched_switch() at sched_switch+0x1fe
  100047 (0xffffff00036d0350)  cpustop_handler() at cpustop_handler+0x40
  100048 (0xffffff00036d0000)  sched_switch() at sched_switch+0x1fe
  100030 (0xffffff00012426a0)  fork_trampoline() at fork_trampoline
  100031 (0xffffff0001242350)  fork_trampoline() at fork_trampoline
  100032 (0xffffff0001242000)  usb_transfer_complete() at usb_transfer_complete+
0x1d4
  100033 (0xffffff000123b9f0)  sched_switch() at sched_switch+0x1fe
  100034 (0xffffff000123b6a0)  fork_trampoline() at fork_trampoline
  100035 (0xffffff0003638000)  sched_switch() at sched_switch+0x1fe
  100036 (0xffffff00036379f0)  fork_trampoline() at fork_trampoline
  100037 (0xffffff00036376a0)  sched_switch() at sched_switch+0x1fe
  100038 (0xffffff0003637350)  sched_switch() at sched_switch+0x1fe
  100022 (0xffffff0001239350)  sched_switch() at sched_switch+0x1fe
  100023 (0xffffff0001239000)  sched_switch() at sched_switch+0x1fe
  100024 (0xffffff00011129f0)  sched_switch() at sched_switch+0x1fe
  100025 (0xffffff00011126a0)  sched_switch() at sched_switch+0x1fe
  100026 (0xffffff00012436a0)  sched_switch() at sched_switch+0x1fe
  100027 (0xffffff0001243350)  sched_switch() at sched_switch+0x1fe
  100028 (0xffffff0001243000)  fork_trampoline() at fork_trampoline
  100029 (0xffffff00012429f0)  sched_switch() at sched_switch+0x1fe
  100015 (0xffffff0001111350)  sched_switch() at sched_switch+0x1fe
  100016 (0xffffff0001111000)  sched_switch() at sched_switch+0x1fe
  100017 (0xffffff00010ea9f0)  sched_switch() at sched_switch+0x1fe
  100018 (0xffffff000123b350)  sched_switch() at sched_switch+0x1fe
  100019 (0xffffff000123b000)  sched_switch() at sched_switch+0x1fe
  100020 (0xffffff00012399f0)  fork_trampoline() at fork_trampoline
  100021 (0xffffff00012396a0)  sched_switch() at sched_switch+0x1fe
  100009 (0xffffff00010e86a0)  sched_switch() at sched_switch+0x1fe
  100010 (0xffffff00010e8350)  sched_switch() at sched_switch+0x1fe
  100011 (0xffffff0001112350)  sched_switch() at sched_switch+0x1fe
  100012 (0xffffff0001112000)  sched_switch() at sched_switch+0x1fe
  100013 (0xffffff00011119f0)  sched_switch() at sched_switch+0x1fe
  100014 (0xffffff00011116a0)  sched_switch() at sched_switch+0x1fe
  100004 (0xffffff00010e5000)  sched_switch() at sched_switch+0x1fe
  100005 (0xffffff00010ea6a0)  fork_trampoline() at fork_trampoline
  100006 (0xffffff00010ea350)  sched_switch() at sched_switch+0x1fe
  100007 (0xffffff00010ea000)  sched_switch() at sched_switch+0x1fe
  100008 (0xffffff00010e89f0)  cpustop_handler() at cpustop_handler+0x40
  100000 (0xffffff00010e8000)  sched_switch() at sched_switch+0x1fe
  100001 (0xffffff00010e59f0)  cpustop_handler() at cpustop_handler+0x40
  100002 (0xffffff00010e56a0)  sched_switch() at sched_switch+0x1fe
  100003 (0xffffff00010e5350)  sched_switch() at sched_switch+0x1fe
       0 (0xffffffff80a2a1c0)  sched_switch() at sched_switch+0x1fe

If the post-mortem analysis using kgdb and dump doesn't lie due
to some memory corruption or sth like that, it shoudl be:

(kgdb) up 11
#11 0xffffffff804010a4 in usb_transfer_complete (xfer=0xffffff00036e4800)
    at /usr/src/sys/dev/usb/usbdi.c:947
947                     STAILQ_REMOVE_HEAD(&pipe->queue, next);
(kgdb) up
#12 0xffffffff806f05c0 in bus_dmamap_load (dmat=0xffffff00036cad80,
    map=0xffffff0003f42100, buf=0xffffffffac2defe0, buflen=0,
    callback=0xffffffff80401180 <usbd_start_transfer>,
    callback_arg=0xffffff00036e4800, flags=0)
    at /usr/src/sys/amd64/amd64/busdma_machdep.c:739
739                     (*callback)(callback_arg, dmat->segments, nsegs + 1, 0);

(kgdb) up
#13 0xffffffff804017ae in usbd_transfer (xfer=0xffffff00036e4800)
    at /usr/src/sys/dev/usb/usbdi.c:312
312                     err = bus_dmamap_load(tag, dmap->map, xfer->buffer, size
,
(kgdb) up
#14 0xffffffff804019ff in usbd_do_request_flags_pipe (dev=0xffffff000389cc00,
    pipe=0xffffff00c5fe5300, req=0xffffffffac2def80, data=0xffffffffac2defe0,
    flags=Variable "flags" is not available.
) at /usr/src/sys/dev/usb/usbdi.c:1098
1098            err = usbd_sync_transfer(xfer);
(kgdb) up
#15 0xffffffff80401b35 in usbd_do_request_flags (dev=Variable "dev" is not avail
able.
)
    at /usr/src/sys/dev/usb/usbdi.c:1068
1068            return (usbd_do_request_flags_pipe(dev, dev->default_pipe, req,


Any clues? (Should I reenable INVARIANTS and WITNESS for this?
I've disabled them in order to prepare for Myrinet 10GE card
benchmarking.)

Thanks,
Petr

PS: when doing background fsck after the crash, the machine becomes
severly unresponsive and jerky :(.
Received on Tue Oct 09 2007 - 08:23:45 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:19 UTC