NetBSD Problem Report #50217
From prlw1@cam.ac.uk Mon Sep 7 13:45:40 2015
Return-Path: <prlw1@cam.ac.uk>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id 84307A6554
for <gnats-bugs@gnats.NetBSD.org>; Mon, 7 Sep 2015 13:45:40 +0000 (UTC)
Message-Id: <20150907134533.GA1574@quark.internal.precedence.co.uk>
Date: Mon, 7 Sep 2015 14:45:33 +0100
From: Patrick Welche <prlw1@cam.ac.uk>
Reply-To: prlw1@cam.ac.uk
To: gnats-bugs@NetBSD.org
Cc: prlw1@cam.ac.uk
Subject: ehci panic on unplug
>Number: 50217
>Category: kern
>Synopsis: ehci panic (un)plugging uplcom
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Sep 07 13:50:01 +0000 2015
>Last-Modified: Mon Sep 07 14:27:22 +0000 2015
>Originator: Patrick Welche
>Release: NetBSD 7.99.21
>Organization:
>Environment:
NetBSD-7.99.21/amd64 of 5 Sep 2015
>Description:
Just unplugged a
uplcom0: Prolific Technology PL2303 Serial adapter (ATEN/IOGEAR UC232A), rev 1.10/2.02, addr 3
at which point essentially everything froze with the disk light
flickering. After a minute or so I plugged it back in, and:
#0 0xffffffff80118b15 in cpu_reboot (howto=howto@entry=260,
bootstr=bootstr@entry=0x0) at ../../../../arch/amd64/amd64/machdep.c:671
#1 0xffffffff80527eb2 in vpanic (fmt=fmt@entry=0xffffffff807a6d23 "trap",
ap=ap@entry=0xfffffe8040205cf0) at ../../../../kern/subr_prf.c:342
#2 0xffffffff80527f6d in panic (fmt=fmt@entry=0xffffffff807a6d23 "trap")
at ../../../../kern/subr_prf.c:258
#3 0xffffffff8011a49f in trap (frame=0xfffffe8040205e10)
at ../../../../arch/amd64/amd64/trap.c:298
#4 0xffffffff80100f46 in alltraps ()
#5 0xffffffff8020fd35 in usb_transfer_complete (
xfer=xfer@entry=0xfffffe8107e44170) at ../../../../dev/usb/usbdi.c:873
#6 0xffffffff802cde01 in ehci_idone (ex=ex@entry=0xfffffe8107e44170)
at ../../../../dev/usb/ehci.c:1138
#7 0xffffffff802d03ff in ehci_check_qh_intr (sc=<optimized out>,
ex=<optimized out>) at ../../../../dev/usb/ehci.c:908
#8 ehci_check_intr (sc=0xfffffe8107d85000, ex=0xfffffe8107e44170)
at ../../../../dev/usb/ehci.c:817
#9 ehci_softintr (v=<optimized out>) at ../../../../dev/usb/ehci.c:787
#10 0xffffffff8020deca in usb_soft_intr (arg=0xfffffe8107d85040)
at ../../../../dev/usb/usb.c:1025
#11 0xffffffff80507d34 in softint_execute (l=<optimized out>,
s=<optimized out>, si=<optimized out>)
at ../../../../kern/kern_softint.c:589
#12 softint_dispatch (pinned=<optimized out>, s=4)
at ../../../../kern/kern_softint.c:871
#13 0xffffffff8011402f in Xsoftintr ()
(gdb) frame 5
#5 0xffffffff8020fd35 in usb_transfer_complete (
xfer=xfer@entry=0xfffffe8107e44170) at ../../../../dev/usb/usbdi.c:873
873 SIMPLEQ_REMOVE_HEAD(&pipe->queue, next);
(gdb) list
868 if (xfer != SIMPLEQ_FIRST(&pipe->queue))
869 printf("%s: bad dequeue %p != %p\n", __func__,
870 xfer, SIMPLEQ_FIRST(&pipe->queue));
871 xfer->busy_free = XFER_BUSY;
872 #endif
873 SIMPLEQ_REMOVE_HEAD(&pipe->queue, next);
874 }
875 USBHIST_LOG(usbdebug, "xfer %p: repeat %d new head = %p",
876 xfer, repeat, SIMPLEQ_FIRST(&pipe->queue), 0);
877
(gdb) print *pipe
$2 = {iface = 0x0, device = 0xfffffe813b2c1c48, endpoint = 0xfffffe813b2c1c80,
refcnt = 1, running = 0 '\000', aborting = 0 '\000', queue = {
sqh_first = 0x0, sqh_last = 0xfffffe813b2c1ba8}, next = {le_next = 0x0,
le_prev = 0x0}, async_task = {next = {tqe_next = 0x0, tqe_prev = 0x0},
fun = 0xffffffff802101bd <usbd_clear_endpoint_stall_task>,
arg = 0xfffffe813b2c1b88, queue = 2, flags = 128}, intrxfer = 0x0,
repeat = 0 '\000', interval = -1, flags = 128 '',
methods = 0xffffffff807372a0 <ehci_device_ctrl_methods>}
#define SIMPLEQ_REMOVE_HEAD(head, field) do { \
if (((head)->sqh_first = (head)->sqh_first->field.sqe_next) == NULL) \
(head)->sqh_last = &(head)->sqh_first; \
} while (/*CONSTCOND*/0)
Looks like head->sqh_first == NULL, so looking at head->sqh_first->anything
isn't going to go well?
>How-To-Repeat:
>Fix:
Another aspect of PR 50149 ?
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->kern-bug-people
Responsible-Changed-By: prlw1@NetBSD.org
Responsible-Changed-When: Mon, 07 Sep 2015 14:27:22 +0000
Responsible-Changed-Why:
pending -> kern
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.