NetBSD Problem Report #45013
From www@NetBSD.org Wed Jun 1 04:23:21 2011
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id C026C63C629
for <gnats-bugs@gnats.NetBSD.org>; Wed, 1 Jun 2011 04:23:21 +0000 (UTC)
Message-Id: <20110601042320.C810363C612@www.NetBSD.org>
Date: Wed, 1 Jun 2011 04:23:20 +0000 (UTC)
From: jasper@pointless.net
Reply-To: jasper@pointless.net
To: gnats-bugs@NetBSD.org
Subject: assertion failure in ucomstart in ucom.c with a two CDC ACM devices
X-Send-Pr-Version: www-1.0
>Number: 45013
>Category: kern
>Synopsis: assertion failure in ucomstart in ucom.c with a two CDC ACM devices
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jun 01 04:25:00 +0000 2011
>Closed-Date: Sun May 04 22:20:26 +0000 2014
>Last-Modified: Sun May 04 22:20:26 +0000 2014
>Originator: Jasper Wallace
>Release: 5.99.49
>Organization:
Pointless.net
>Environment:
NetBSD monstrosity 5.99.49 NetBSD 5.99.49 (MONSTROSITY) #0: Fri Apr 22 10:52:22 BST 2011 jasper@monstrosity:/usr/build/obj/sys/arch/amd64/compile/MONSTROSITY amd64
>Description:
With a Simtec Entropy key (http://www.entropykey.co.uk/), which attaches as a umodem/ucom device:
umodem0 at uhub1 port 2 configuration 1 interface 0
umodem0: Simtec Electronics Entropy Key, rev 2.00/2.00, addr 2, iclass 2/2
umodem0: data interface 1, has no CM over data, has no break
umodem0: status change notification available
ucom0 at umodem0
or with an MTK GPS:
umodem1 at uhub1 port 1 configuration 1 interface 1
umodem1: MTK GPS Receiver, rev 2.00/1.00, addr 3, iclass 2/2
umodem1: data interface 0, has no CM over data, has no break
umodem1: status change notification available
ucom1 at umodem1
running 'echo Hello > /dev/ttyU0' hangs the echo, and then hitting Ctrl-C panics the kernel with:
panic: kernel diagnostic assertion "ub != NULL" failed: file
"/usr/src/sys/dev/usb/ucom.c", line 1009
fatal breakpoint trap in supervisor mode
trap type 1 code 0 rip ffffffff8016d2dd cs 8 rflags 246 cr2 7f7ff7b196c0
cpl 8 rsp ffff8000534aaa50
Stopped in pid 0.3 (system) at netbsd:breakpoint+0x5: leave
backtrace:
breakpoint() at netbsd:breakpoint+0x5
panic() at netbsd:panic+0x2b7
kern_assert() at netbsd:kern_assert+0x2d
ucomstart() at netbsd:ucomstart+0x1a9
ttstart() at netbsd:ttstart+0x12
ttyinput() at netbsd:ttyinput+0x36
ucom_read_complete() at netbsd:ucom_read_complete+0x74
ucomreadcb() at netbsd:ucomreadcb+0x163
usb_transfer_complete() at netbsd:usb_transfer_complete+0x244
ohci_softintr() at netbsd:ohci_softintr+0x624
softint_dispatch() at netbsd:softint_dispatch+0xd0
DDB lost frame for netbsd:Xsoftintr+0x4f, trying 0xffff8000534aad70
Xsoftintr() at netbsd:Xsoftintr+0x4f
>How-To-Repeat:
Insert ucom device, run 'echo Hello > /dev/ttyUX', hit Ctrl-C
>Fix:
not sure.
possibly related to the problem and fix in rev 1.86 of ucom.c?
both devices constantly spits status info out, so maybe the problem occurs if the device has data waiting, but the opener of the dev node is only writing?
>Release-Note:
>Audit-Trail:
From: "Jonathan A. Kollasch" <jakllsch@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/45013 CVS commit: src/sys/dev/usb
Date: Sat, 14 Jan 2012 20:51:00 +0000
Module Name: src
Committed By: jakllsch
Date: Sat Jan 14 20:51:00 UTC 2012
Modified Files:
src/sys/dev/usb: ucom.c
Log Message:
Stopgap XXX kludge for PR kern/42848 and PR kern/45013.
Someone should really find and fix the real problem,
but it's better to not crash in the meantime.
To generate a diff of this commit:
cvs rdiff -u -r1.95 -r1.96 src/sys/dev/usb/ucom.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Michael van Elst <mlelstv@serpens.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/45013 assertion failure in ucomstart in ucom.c with a two
CDC ACM devices
Date: Mon, 1 Oct 2012 21:08:49 +0200
The crash happens also in -current with no CDC ACM but one uftdi device.
Apparently the failing assertion in ucom.c is a bit bold, because it
assumes that TS_BUSY t_state always correlates with no free output
buffer. I don't think that you can rely on this.
I have changed the assertion as following:
Index: ucom.c
===================================================================
RCS file: /cvsroot/src/sys/dev/usb/ucom.c,v
retrieving revision 1.99
diff -u -r1.99 ucom.c
--- ucom.c 6 Mar 2012 03:35:29 -0000 1.99
+++ ucom.c 1 Oct 2012 19:03:29 -0000
@@ -1002,7 +1002,10 @@
goto out;
ub = SIMPLEQ_FIRST(&sc->sc_obuff_free);
- KASSERT(ub != NULL);
+ if (ub == NULL) {
+ SET(tp->t_state, TS_BUSY);
+ goto out;
+ }
SIMPLEQ_REMOVE_HEAD(&sc->sc_obuff_free, ub_link);
if (SIMPLEQ_FIRST(&sc->sc_obuff_free) == NULL)
Greetings,
--
Michael van Elst
Internet: mlelstv@serpens.de
"A potential Snark may lurk in every tree."
State-Changed-From-To: open->closed
State-Changed-By: christos@NetBSD.org
State-Changed-When: Sun, 04 May 2014 18:20:26 -0400
State-Changed-Why:
mlelstv's fix seems to work
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home