Re: usb2: kernel panic with an USB floppy drive

From: Hans Petter Selasky <hselasky_at_c2i.net>
Date: Mon, 12 Jan 2009 09:37:27 +0100
Hi,

Thanks for reporting.

This bug looks like a glitch on my side when introducing Zero-copy in UMASS.

Try the following patch:

http://perforce.freebsd.org/chv.cgi?CH=156005

--HPS

On Monday 12 January 2009, WATANABE Kazuhiro wrote:
> Hi, all.
>
> I have an USB floppy drive which works well on 7.1-RELEASE, and
> 8-current with the old USB stack.
>
> *****
> umass0: <Y-E DATA USB Floppy Drive, class 0/0, rev 1.10/5.01, addr 2> on
> uhub0 da0 at umass-sim0 bus 0 target 0 lun 0
> da0: <Y-E DATA USB-FDU 5.01> Removable Direct Access SCSI-0 device
> da0: 20KB/s transfers
> da0: Attempt to query device size failed: NOT READY, Medium not present
>
> port 1 addr 2: full speed, power 500 mA, config 1, USB Floppy
> Drive(0x0000), Y-E DATA(0x057b), rev 5.01 *****
>
> When I connect the floppy drive to the system with the new USB2 stack,
> it causes a kernel panic.
>
>
> Here is a stack trace and dmesg output.
>
> capricorn# kgdb /boot/kernel/kernel.symbols /var/crash/vmcore.0
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you
> are welcome to change it and/or distribute copies of it under certain
> conditions. Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "i386-marcel-freebsd"...
>
> Unread portion of the kernel message buffer:
> umass0:1:0:-1: Attached to scbus1
> Kernel page fault with the following non-sleepable locks held:
> exclusive sleep mutex UMASS lock (UMASS lock) r = 0 (0xc0d69800) locked _at_
> /FreeBSD/HEAD/src/sys/dev/usb2/core/usb2_transfer.c:1781 KDB: stack
> backtrace:
> db_trace_self_wrapper(c0c1f7c2,cc93ea28,c088f145,c0c0d089,6f5,...) at
> db_trace_self_wrapper+0x26
> kdb_backtrace(c0c0d089,6f5,ffffffff,c0eabdc4,cc93ea60,...) at
> kdb_backtrace+0x29 _witness_debugger(c0c21ae3,cc93ea74,4,1,0,...) at
> _witness_debugger+0x25 witness_warn(5,0,c0c53da2,c28d3b40,c288ea90,...) at
> witness_warn+0x1fd trap(cc93eb00) at trap+0x152
> calltrap() at calltrap+0x6
> --- trap 0xc, eip = 0xc0b32da5, esp = 0xcc93eb40, ebp = 0xcc93eb78 ---
> bus_dmamap_load(c29a4e80,c0ef2bc0,0,24,c077e8b0,...) at
> bus_dmamap_load+0xd5 usb2_pc_load_mem(c2b87f80,24,0,4cf,c0c02651,...) at
> usb2_pc_load_mem+0x125
> usb2_bdma_work_loop(c2b86000,c2b86400,10000ca,c2b4a900,1,...) at
> usb2_bdma_work_loop+0x2b5
> usb2_command_wrapper(c2b86000,c2b86400,c0c0d089,55b,c28d3be4,...) at
> usb2_command_wrapper+0x116
> usb2_start_hardware(c2b86400,c084127c,c2690b68,4,c0c1ac2a,...) at
> usb2_start_hardware+0x6eb
> umass_t_cbi_data_read_callback(c2b86400,0,c0c0d089,752,c0eabdc0,...) at
> umass_t_cbi_data_read_callback+0xfe
> usb2_callback_wrapper(c2b86014,6f6,0,c2b86000,c2b86000,...) at
> usb2_callback_wrapper+0x63a
> usb2_command_wrapper(c2b86014,0,c0c0d089,6f6,c2b86028,...) at
> usb2_command_wrapper+0x116
> usb2_callback_proc(c2b86028,c2690b68,c0c0cc24,51,c0d704c0,...) at
> usb2_callback_proc+0x9b
> usb2_process(c2b86078,cc93ed38,c0c18395,32d,c288ea90,...) at
> usb2_process+0xde fork_exit(c07906b0,c2b86078,cc93ed38) at fork_exit+0xb8
> fork_trampoline() at fork_trampoline+0x8
> --- trap 0, eip = 0, esp = 0xcc93ed70, ebp = 0 ---
>
>
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 00
> fault virtual address	= 0xbfc00000
> fault code		= supervisor read, page not present
> instruction pointer	= 0x20:0xc0b32da5
> stack pointer	        = 0x28:0xcc93eb40
> frame pointer	        = 0x28:0xcc93eb78
> code segment		= base 0x0, limit 0xfffff, type 0x1b
> 			= DPL 0, pres 1, def32 1, gran 1
> processor eflags	= interrupt enabled, resume, IOPL = 0
> current process		= 1338 (USBPROC)
> lock order reversal: (Giant after non-sleepable)
>  1st 0xc0d69800 UMASS lock (UMASS lock) _at_
> /FreeBSD/HEAD/src/sys/dev/usb2/core/usb2_transfer.c:1781 2nd 0xc0d6bfb0
> Giant (Giant) _at_ /FreeBSD/HEAD/src/sys/dev/kbdmux/kbdmux.c:1044 KDB: stack
> backtrace:
> panic: from debugger
> cpuid = 0
> Uptime: 2m8s
> Physical memory: 223 MB
> Dumping 40 MB: 25 9
>
> Reading symbols from /boot/kernel/green_saver.ko...Reading symbols from
> /boot/kernel/green_saver.ko.symbols...done. done.
> Loaded symbols for /boot/kernel/green_saver.ko
> #0  doadump () at pcpu.h:246
> 246	pcpu.h: No such file or directory.
> 	in pcpu.h
> (kgdb) where
> #0  doadump () at pcpu.h:246
> #1  0xc084fe5e in boot (howto=260)
>     at /FreeBSD/HEAD/src/sys/kern/kern_shutdown.c:420
> #2  0xc0850132 in panic (fmt=Variable "fmt" is not available.
> )
>     at /FreeBSD/HEAD/src/sys/kern/kern_shutdown.c:576
> #3  0xc04bdc27 in db_panic (addr=Could not find the frame base for
> "db_panic". )
>     at /FreeBSD/HEAD/src/sys/ddb/db_command.c:478
> #4  0xc04be251 in db_command (last_cmdp=0xc0d3a55c, cmd_table=0x0,
> dopager=1) at /FreeBSD/HEAD/src/sys/ddb/db_command.c:445
> #5  0xc04be3aa in db_command_loop ()
>     at /FreeBSD/HEAD/src/sys/ddb/db_command.c:498
> #6  0xc04c020d in db_trap (type=12, code=0)
>     at /FreeBSD/HEAD/src/sys/ddb/db_main.c:229
> #7  0xc087d7f6 in kdb_trap (type=12, code=0, tf=0xcc93eb00)
>     at /FreeBSD/HEAD/src/sys/kern/subr_kdb.c:534
> #8  0xc0b50e0f in trap_fatal (frame=0xcc93eb00, eva=3217031168)
>     at /FreeBSD/HEAD/src/sys/i386/i386/trap.c:920
> #9  0xc0b51740 in trap (frame=0xcc93eb00)
>     at /FreeBSD/HEAD/src/sys/i386/i386/trap.c:318
> #10 0xc0b35b6b in calltrap ()
>     at /FreeBSD/HEAD/src/sys/i386/i386/exception.s:165
> #11 0xc0b32da5 in bus_dmamap_load (dmat=0xc29a4e80, map=0xc0ef2bc0,
> buf=0x0, buflen=36, callback=0xc077e8b0 <usb2_pc_load_mem_cb>,
>     callback_arg=0xc2b87f80, flags=0) at pmap.h:282
> ---Type <return> to continue, or q <return> to quit---
> #12 0xc077e415 in usb2_pc_load_mem (pc=0xc2b87f80, size=36, sync=0 '\0')
>     at /FreeBSD/HEAD/src/sys/dev/usb2/core/usb2_busdma.c:635
> #13 0xc077e705 in usb2_bdma_work_loop (pq=0xc2b86000)
>     at /FreeBSD/HEAD/src/sys/dev/usb2/core/usb2_busdma.c:1318
> #14 0xc0793076 in usb2_command_wrapper (pq=0xc2b86000, xfer=0xc2b86400)
>     at /FreeBSD/HEAD/src/sys/dev/usb2/core/usb2_transfer.c:2484
> #15 0xc079434b in usb2_start_hardware (xfer=0xc2b86400)
>     at /FreeBSD/HEAD/src/sys/dev/usb2/core/usb2_transfer.c:1491
> #16 0xc077c19e in umass_t_cbi_data_read_callback (xfer=0xc2b86400)
>     at /FreeBSD/HEAD/src/sys/dev/usb2/storage/umass2.c:2414
> #17 0xc07956da in usb2_callback_wrapper (pq=0xc2b86014)
>     at /FreeBSD/HEAD/src/sys/dev/usb2/core/usb2_transfer.c:1911
> #18 0xc0793076 in usb2_command_wrapper (pq=0xc2b86014, xfer=0x0)
>     at /FreeBSD/HEAD/src/sys/dev/usb2/core/usb2_transfer.c:2484
> #19 0xc079315b in usb2_callback_proc (_pm=0xc2b86028)
>     at /FreeBSD/HEAD/src/sys/dev/usb2/core/usb2_transfer.c:1785
> #20 0xc079078e in usb2_process (arg=0xc2b86078)
>     at /FreeBSD/HEAD/src/sys/dev/usb2/core/usb2_process.c:139
> #21 0xc082ce48 in fork_exit (callout=0xc07906b0 <usb2_process>,
>     arg=0xc2b86078, frame=0xcc93ed38)
>     at /FreeBSD/HEAD/src/sys/kern/kern_fork.c:821
> #22 0xc0b35be0 in fork_trampoline ()
>     at /FreeBSD/HEAD/src/sys/i386/i386/exception.s:270
> (kgdb) quit
> capricorn#
>
>
> Copyright (c) 1992-2009 The FreeBSD Project.
> Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
> 	The Regents of the University of California. All rights reserved.
> FreeBSD is a registered trademark of The FreeBSD Foundation.
> FreeBSD 8.0-CURRENT #1: Sun Jan 11 22:14:07 JST 2009
>     nabe_at_capricorn:/FreeBSD/obj/i386/HEAD/FreeBSD/HEAD/src/sys/USB2
> WARNING: WITNESS option enabled, expect reduced performance.
> Timecounter "i8254" frequency 1193182 Hz quality 0
> CPU: Intel(R) Pentium(R) 4 CPU 2.00GHz (1991.92-MHz 686-class CPU)
>   Origin = "GenuineIntel"  Id = 0xf24  Stepping = 4
>  
> Features=0x3febfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MC
>A,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM> real memory 
> = 251592704 (239 MB)
> avail memory = 227368960 (216 MB)
> ACPI APIC Table: <NEC    DModel29>
> ioapic0 <Version 1.1> irqs 0-23 on motherboard
> lapic0: Forcing LINT1 to edge trigger
> kbd0 at kbdmux0
> acpi0: <NEC DModel29> on motherboard
> acpi0: [ITHREAD]
> acpi0: Power Button (fixed)
> Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
> acpi_timer0: <24-bit timer at 3.579545MHz> port 0x8008-0x800b on acpi0
> pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
> pci0: <ACPI PCI bus> on pcib0
> agp0: <SiS 651 host to AGP bridge> on hostb0
> pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0
> pci1: <ACPI PCI bus> on pcib1
> vgapci0: <VGA-compatible display> port 0x9000-0x907f mem
> 0xf0000000-0xf7ffffff,0xec100000-0xec11ffff irq 16 at device 0.0 on pci1
> isab0: <PCI-ISA bridge> at device 2.0 on pci0
> isa0: <ISA bus> on isab0
> atapci0: <SiS 962/963 UDMA133 controller> port
> 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x1000-0x100f at device 2.5 on pci0
> ata0: <ATA channel 0> on atapci0
> ata0: [ITHREAD]
> ata1: <ATA channel 1> on atapci0
> ata1: [ITHREAD]
> pci0: <multimedia, audio> at device 2.7 (no driver attached)
> ohci0: <SiS 5571 USB controller> mem 0xec000000-0xec000fff irq 20 at device
> 3.0 on pci0 ohci0: [ITHREAD]
> usbus0: <SiS 5571 USB controller> on ohci0
> ohci1: <SiS 5571 USB controller> mem 0xec001000-0xec001fff irq 21 at device
> 3.1 on pci0 ohci1: [ITHREAD]
> usbus1: <SiS 5571 USB controller> on ohci1
> ohci2: <SiS 5571 USB controller> mem 0xec002000-0xec002fff irq 22 at device
> 3.2 on pci0 ohci2: [ITHREAD]
> usbus2: <SiS 5571 USB controller> on ohci2
> ehci0: <EHCI (generic) USB 2.0 controller> mem 0xec003000-0xec003fff irq 23
> at device 3.3 on pci0 ehci0: [ITHREAD]
> usbus3: EHCI version 1.0
> usbus3: <EHCI (generic) USB 2.0 controller> on ehci0
> fwohci0: <NEC uPD72874> mem 0xec004000-0xec004fff irq 18 at device 6.0 on
> pci0 fwohci0: [FILTER]
> fwohci0: OHCI version 1.10 (ROM=1)
> fwohci0: No. of Isochronous channels is 4.
> fwohci0: EUI64 00:00:4c:e0:26:82:00:a8
> fwohci0: Phy 1394a available S400, 3 ports.
> fwohci0: Link S400, max_rec 2048 bytes.
> firewire0: <IEEE1394(FireWire) bus> on fwohci0
> dcons_crom0: <dcons configuration ROM> on firewire0
> dcons_crom0: bus_addr 0xeb80000
> fwe0: <Ethernet over FireWire> on firewire0
> if_fwe0: Fake Ethernet address: 02:00:4c:82:00:a8
> fwe0: Ethernet address: 02:00:4c:82:00:a8
> fwip0: <IP over FireWire> on firewire0
> fwip0: Firewire address: 00:00:4c:e0:26:82:00:a8 _at_ 0xfffe00000000, S400,
> maxrec 2048 sbp0: <SBP-2/SCSI over FireWire> on firewire0
> fwohci0: Initiate bus reset
> fwohci0: BUS reset
> fwohci0: node_id=0xc000ffc0, gen=1, CYCLEMASTER mode
> cbb0: <RF5C476 PCI-CardBus Bridge> at device 8.0 on pci0
> cardbus0: <CardBus bus> on cbb0
> pccard0: <16-bit PCCard bus> on cbb0
> cbb0: [FILTER]
> cbb1: <RF5C476 PCI-CardBus Bridge> at device 8.1 on pci0
> cardbus1: <CardBus bus> on cbb1
> pccard1: <16-bit PCCard bus> on cbb1
> cbb1: [FILTER]
> pci0: <simple comms, UART> at device 16.0 (no driver attached)
> pci0: <simple comms> at device 18.0 (no driver attached)
> dc0: <ADMtek ADM9511 10/100BaseTX> port 0x1c00-0x1cff mem
> 0xec005400-0xec0057ff irq 17 at device 20.0 on pci0 miibus0: <MII bus> on
> dc0
> acphy0: <ACXXX 10/100 media interface> PHY 1 on miibus0
> acphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
> dc0: Ethernet address: 00:90:96:xx:xx:xx
> dc0: [ITHREAD]
> pci0: <simple comms, generic modem> at device 20.1 (no driver attached)
> acpi_button0: <Power Button> on acpi0
> atrtc0: <AT realtime clock> port 0x70-0x71 irq 8 on acpi0
> atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
> atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
> kbd1 at atkbd0
> atkbd0: [GIANT-LOCKED]
> atkbd0: [ITHREAD]
> psm0: <PS/2 Mouse> irq 12 on atkbdc0
> psm0: [GIANT-LOCKED]
> psm0: [ITHREAD]
> psm0: model IntelliMouse, device ID 3
> ppc0: <Parallel port> port 0x378-0x37f irq 7 on acpi0
> ppc0: Generic chipset (EPP/NIBBLE) in COMPATIBLE mode
> ppc0: [GIANT-LOCKED]
> ppc0: [ITHREAD]
> ppbus0: <Parallel port bus> on ppc0
> plip0: <PLIP network interface> on ppbus0
> plip0: WARNING: using obsoleted IFF_NEEDSGIANT flag
> lpt0: <Printer> on ppbus0
> lpt0: Interrupt-driven port
> ppi0: <Parallel I/O> on ppbus0
> cpu0: <ACPI CPU> on acpi0
> p4tcc0: <CPU Frequency Thermal Control> on cpu0
> pmtimer0 on isa0
> orm0: <ISA Option ROMs> at iomem
> 0xc0000-0xcbfff,0xcc000-0xce7ff,0xe0000-0xe3fff,0xe4000-0xe47ff,0xe4800-0xe
>ffff pnpid ORM0000 on isa0 sc0: <System console> at flags 0x100 on isa0
> sc0: VGA <16 virtual consoles, flags=0x300>
> vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
> Timecounter "TSC" frequency 1991920060 Hz quality 800
> Timecounters tick every 1.000 msec
> firewire0: 1 nodes, maxhop <= 0, cable IRM = 0 (me)
> firewire0: bus manager 0 (me)
> usbus0: 12Mbps Full Speed USB v1.0
> usbus1: 12Mbps Full Speed USB v1.0
> usbus2: 12Mbps Full Speed USB v1.0
> usbus3: 480Mbps High Speed USB v2.0
> ugen0.1: <SiS> at usbus0
> ushub0: <SiS OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
> ugen1.1: <SiS> at usbus1
> ushub1: <SiS OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus1
> ugen2.1: <SiS> at usbus2
> ushub2: <SiS OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2
> ugen3.1: <SiS> at usbus3
> ushub3: <SiS EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus3
> ad0: 78147MB <Seagate ST380020A 3.99> at ata0-master UDMA100
> ushub0: 2 ports with 2 removable, self powered
> ushub1: 2 ports with 2 removable, self powered
> ushub2: 2 ports with 2 removable, self powered
> acd0: CDRW <TOSHIBA DVD-ROM SD-R1202/1N37> at ata1-master UDMA33
> GEOM: ad0s2: geometry does not match label (255h,63s != 16h,63s).
> GEOM: ad0s3: geometry does not match label (255h,63s != 16h,63s).
> GEOM_LABEL: Label for provider ad0s4 is msdosfs/NEC-RESTORE.
> ushub3: 6 ports with 6 removable, self powered
> ugen3.2: <NEC> at usbus3
> ushub4: <NEC product 0x0058, class 9/0, rev 2.00/1.00, addr 2> on usbus3
> ushub4: 4 ports with 4 removable, self powered
> WARNING: WITNESS option enabled, expect reduced performance.
> Trying to mount root from ufs:/dev/ad0s3a
>
> ---
> WATANABE Kazuhiro (CQG00620_at_nifty.ne.jp)
> _______________________________________________
> freebsd-current_at_freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
Received on Mon Jan 12 2009 - 07:35:08 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:40 UTC