NetBSD Problem Report #50305
From www@NetBSD.org Mon Oct 5 13:25:19 2015
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id 3BA32A5674
for <gnats-bugs@gnats.NetBSD.org>; Mon, 5 Oct 2015 13:25:19 +0000 (UTC)
Message-Id: <20151005132518.114BAA6558@mollari.NetBSD.org>
Date: Mon, 5 Oct 2015 13:25:18 +0000 (UTC)
From: alagupandip@gmail.com
Reply-To: alagupandip@gmail.com
To: gnats-bugs@NetBSD.org
Subject: Kernel crashes when we try to dump the memory contents in usb using sddump() during kernel panic before rebooting/powercycle the system.
X-Send-Pr-Version: www-1.0
>Number: 50305
>Category: kern
>Synopsis: Kernel crashes when we try to dump the memory contents in usb using sddump() during kernel panic before rebooting/powercycle the system.
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: support
>Submitter-Id: net
>Arrival-Date: Mon Oct 05 13:30:00 +0000 2015
>Originator: Alagupandi Pattu
>Release: Netbsd V5.1
>Organization:
self
>Environment:
NetBSD 5.1_STABLE evbarm
>Description:
Requirement:
-----------------
During Kernel panic, the complete RAM memory has to be dumped into the USB device (with swap partition) before rebooting the device.
The kernel crashes, during the first memory dump transfer (with USB sector size) to the USB device during the kernel panic.
Observation:
----------------
it is understood from the code flow that dodumpsys() is called in panic() before rebooting the system to store the memory contents, dodumpsys() inturn invokes the driver call sddump() with XS_CTL_POLL control flag set and the usb driver code follows synchronous data transfer and here we observed the crash.
Netbsd Version:
-------------------
Netbsd V5.1
trace log:
----------
uvm_fault(0x835ca83c, 0, 1) -> e
Fatal kernel mode data abort: 'Translation Fault (P)'
trapframe: 0xd0dc7c40
FSR=00000027, FAR=000000c8, spsr=a0000313
r0 =000000c8, r1 =ffffffff, r2 =000000c8, r3 =80cb1cac
r4 =ffffffe3, r5 =ffffffff, r6 =00000000, r7 =82d084f6
r8 =000000c8, r9 =d0dc7d1c, r10=00000001, r11=d0dc7d10
r12=80c8e31f, ssp=d0dc7c94, slr=802a64dc, pc =80c3dd28
Faulted in DDB; continuing...
Bad function
Reader / writer lock error: rw_vector_exit: assertion failed: RW_OWNER(rw) == curthread
lock address : 0x00000000835cb398
current cpu : 0
current lwp : 0x00000000cfbad980
owner/count : 0x00000000d4252580 flags : 0x0000000000000004
panic: lock error
Begin traceback...
0xd42c5de8: netbsd:__kernassert+0xc7a0
Bad frame pointer: 0x802a6fc4
End traceback...
Stopped in pid 0.3 (system) at netbsd:cpu_Debugger: ldrb r15, [r15, r15, r
or r15]!
0xd42c5e0c: netbsd:vpanic+0xc
0xd42c5e24: netbsd:panic+0x28
0xd42c5e60: netbsd:lockdebug_abort+0x38
0xd42c5e84: netbsd:rw_vector_exit+0x190
0xd42c5efc: netbsd:sys___sysctl+0xc4
0xd42c5f8c: netbsd:syscall+0x94
0xd42c5fac: netbsd:swi_handler+0xac
>How-To-Repeat:
Following steps are done to simulate the issue:
---------------------------------------------------------
1. Configure netbsd “dumpon major and minor device” as USB.
2. Call dodumpsys() using the command “sysctl –w ddb.command=”call dodumpsys()” from the netbsd prompt.
>Fix:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home