NetBSD Problem Report #51528
From www@NetBSD.org Tue Oct 4 05:59:27 2016
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id 924927A219
for <gnats-bugs@gnats.NetBSD.org>; Tue, 4 Oct 2016 05:59:27 +0000 (UTC)
Message-Id: <20161004055926.904607A274@mollari.NetBSD.org>
Date: Tue, 4 Oct 2016 05:59:26 +0000 (UTC)
From: dhgutteridge@sympatico.ca
Reply-To: dhgutteridge@sympatico.ca
To: gnats-bugs@NetBSD.org
Subject: usb_mem.c panic triggered by mounting USB pen drive
X-Send-Pr-Version: www-1.0
>Number: 51528
>Category: kern
>Synopsis: usb_mem.c panic triggered by mounting USB pen drive
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: skrll
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Oct 04 06:00:00 +0000 2016
>Closed-Date: Tue Jan 31 07:22:38 +0000 2017
>Last-Modified: Tue Jan 31 19:40:01 +0000 2017
>Originator: David H. Gutteridge
>Release: HEAD
>Organization:
>Environment:
NetBSD arcusv.nonus-porta.net 7.99.39 NetBSD 7.99.39 (ARCUSV_DEBUG) #0: Mon Oct 3 19:51:49 EDT 2016 disciple@arcus-v3.nonus-porta.net:/home/disciple/netbsd-current/src/sys/arch/macppc/compile/obj/ARCUSV_DEBUG macppc
>Description:
When trying to mount a USB pen drive on a machine with 7.99.39/macppc
a panic is immediately triggered. With DIAGNOSTIC enabled, the result
is:
panic: kernel diagnostic assertion "offset < dma->udma_block->size" failed: file "/home/disciple/netbsd-current/src/sys/dev/usb/usb_mem.c", line 392 offset 65536 vs 65536
Stopped in pid 0.6 (system) at netbsd:vpanic+0x140: addi r4, r0, 0x0
0x10013c70: at kern_assert+0x68
0x10013cb0: at usb_dmaaddr+0x154
0x10013cd0: at ohci_reset_std_chain+0x260
0x10013d40: at ohci_device_bulk_start+0x26c
0x10013da0: at usbd_transfer+0x194
0x10013de0: at umass_setup_transfer.part.1+0x40
0x10013df0: at umass_bbb_state+0x4f8
0x10013e20: at usb_transfer_complete+0x7b4
0x10013e60: at ohci_softintr+0xd04
0x10013ec0: at usb_soft_intr+0x2c
0x10013ed0: at softint_dispatch+0x138
0x10013f20: at softint_fast_dispatch+0xdc
0x10013fe8: at 0xfffffffc
(A kernel without DIAGNOSTIC enabled also panics.)
The source is as of October 3 16:56 EST.
>How-To-Repeat:
Mount a USB pen drive on the machine in question.
>Fix:
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: kern-bug-people->skrll
Responsible-Changed-By: skrll@NetBSD.org
Responsible-Changed-When: Tue, 04 Oct 2016 06:50:02 +0000
Responsible-Changed-Why:
Take
From: Nick Hudson <skrll@netbsd.org>
To: gnats-bugs@NetBSD.org, skrll@NetBSD.org, kern-bug-people@netbsd.org,
netbsd-bugs@netbsd.org, gnats-admin@netbsd.org, dhgutteridge@sympatico.ca
Cc:
Subject: Re: kern/51528 (usb_mem.c panic triggered by mounting USB pen drive)
Date: Tue, 4 Oct 2016 07:59:34 +0100
Please provide OHCI_DEBUG output - see
http://www.netbsd.org/docs/kernel/#usb-debugging
Thanks,
Nick
From: "David H. Gutteridge" <dhgutteridge@sympatico.ca>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/51528 (usb_mem.c panic triggered by mounting USB pen drive)
Date: Wed, 05 Oct 2016 03:09:25 -0400
On Tue, 2016-10-04 at 07:59 +0100, Nick Hudson wrote:
> Please provide OHCI_DEBUG output - seeĀ
> http://www.netbsd.org/docs/kernel/#usb-debugging
>
> Thanks,
> Nick
I'd wondered why defining USB_DEBUG and OHCI_DEBUG wasn't producing
any output like I was used to. I tried "vmstat -u usbhist", but it
doesn't work, I get "vmstat: undefined symbols: _kmemstatistics
_kmembuckets".
Dave
From: "David H. Gutteridge" <dhgutteridge@sympatico.ca>
To: gnats-bugs@NetBSD.org, skrll@netbsd.org
Cc:
Subject: Re: kern/51528 (usb_mem.c panic triggered by mounting USB pen drive)
Date: Wed, 05 Oct 2016 03:16:58 -0400
On Wed, 2016-10-05 at 03:09 -0400, David H. Gutteridge wrote:
> I'd wondered why defining USB_DEBUG and OHCI_DEBUG wasn't producing
> any output like I was used to. I tried "vmstat -u usbhist", but it
> doesn't work, I get "vmstat: undefined symbols: _kmemstatistics
> _kmembuckets".
Bah, that's probably because I have a much older userland than the
kernel. I'll have to upgrade everything. (Sorry, it's late at night.)
From: Nick Hudson <skrll@netbsd.org>
To: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org,
dhgutteridge@sympatico.ca
Cc:
Subject: Re: kern/51528 (usb_mem.c panic triggered by mounting USB pen drive)
Date: Wed, 5 Oct 2016 08:15:11 +0100
On 10/05/16 08:10, David H. Gutteridge wrote:
> The following reply was made to PR kern/51528; it has been noted by GNATS.
>
> From: "David H. Gutteridge" <dhgutteridge@sympatico.ca>
> To: gnats-bugs@NetBSD.org
> Cc:
> Subject: Re: kern/51528 (usb_mem.c panic triggered by mounting USB pen drive)
> Date: Wed, 05 Oct 2016 03:09:25 -0400
>
> On Tue, 2016-10-04 at 07:59 +0100, Nick Hudson wrote:
> > Please provide OHCI_DEBUG output - seeĀ
> > http://www.netbsd.org/docs/kernel/#usb-debugging
> >
> > Thanks,
> > Nick
>
> I'd wondered why defining USB_DEBUG and OHCI_DEBUG wasn't producing
> any output like I was used to. I tried "vmstat -u usbhist", but it
> doesn't work, I get "vmstat: undefined symbols: _kmemstatistics
> _kmembuckets".
>
> Dave
>
>
Update your userland (or use a chroot of updated userland)
Nick
From: "David H. Gutteridge" <dhgutteridge@sympatico.ca>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/51528 (usb_mem.c panic triggered by mounting USB pen drive)
Date: Mon, 28 Nov 2016 21:50:24 -0500
Re-testing with 7.99.43 as of earlier today yields the same panic.
I did notice a little more detail in the dmesg output right before it
happens:
umass0 at uhub0 port 1 configuration 1 interface 0
umass0: Verbatim Store 'n' Go, rev 2.00/1.00, addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, 1 lun per target
scsibus0: detached
umass0: BBB reset failed, CANCELLED
umass0: detached
umass0: at uhub0 port 1 (addr 2) disconnected
ohci0: WARNING: addr 0x100f2f00 not found
umass0 at uhub0 port 1 configuration 1 interface 0
umass0: Verbatim Store 'n' Go, rev 2.00/1.00, addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, 1 lun per target
sd0 at scsibus0 target 0 lun 0: <VBTM, Store 'n' Go, 1.02> disk
removable
sd0: 245 MB, 980 cyl, 16 head, 32 sec, 512 bytes/sect x 501760 sectors
sd0: no NetBSD disk label
Dave
From: smesgr <smesgr@gmail.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/51528
Date: Sun, 22 Jan 2017 12:24:01 +0100
I can confirm this issue on evbarm. Going through the history hunting
another issue. The regression is introduced for me between
2016-02-02 UTC 00:00 and 2016-05-01 UTC 00:00
[...]kern.module.path=/stand/evbarm/7.99.29/modules
init path (default /sbin/init):
init: copying out path `/sbin/init' 11
panic: kernel diagnostic assertion "offset < dma->udma_block->size"
failed: file "/usr/src/sys/dev/usb/usb_mem.c", line 392 offset 65536 vs
65536
Stopped in pid 0.3 (system) at netbsd:cpu_Debugger+0x4: bx r14
From: Nick Hudson <nick.hudson@gmx.co.uk>
To: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org,
dhgutteridge@sympatico.ca
Cc:
Subject: Re: kern/51528
Date: Sun, 22 Jan 2017 11:30:11 +0000
On 22/01/2017 11:25, smesgr wrote:
> The following reply was made to PR kern/51528; it has been noted by GNATS.
>
> From: smesgr <smesgr@gmail.com>
> To: gnats-bugs@NetBSD.org
> Cc:
> Subject: Re: kern/51528
> Date: Sun, 22 Jan 2017 12:24:01 +0100
>
> I can confirm this issue on evbarm. Going through the history hunting
> another issue. The regression is introduced for me between
>
> 2016-02-02 UTC 00:00 and 2016-05-01 UTC 00:00
It's the nick-nhusb merge where the KASSERTMSG was introduced.
>
> [...]kern.module.path=/stand/evbarm/7.99.29/modules
> init path (default /sbin/init):
> init: copying out path `/sbin/init' 11
> panic: kernel diagnostic assertion "offset < dma->udma_block->size"
> failed: file "/usr/src/sys/dev/usb/usb_mem.c", line 392 offset 65536 vs
> 65536
> Stopped in pid 0.3 (system) at netbsd:cpu_Debugger+0x4: bx r14
>
What's the backtrace?
Please provide OHCI_DEBUG output - see
http://www.netbsd.org/docs/kernel/#usb-debugging
Thanks,
Nick
From: smesgr <smesgr@gmail.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/51528
Date: Sun, 29 Jan 2017 19:33:56 +0100
I try to enable USB_DEBUG but with all the debug messages the sd-drives
aren't discovered at boot time. I will try to add some print lines. The
trace is:
panic: kernel diagnostic assertion "offset < dma->udma_block->size"
failed: file "/usr/src/sys/dev/usb/usb_mem.c", line 392 offset 65536 vs
65536
Stopped in pid 0.3 (system) at netbsd:cpu_Debugger+0x4: bx r14
db> trace
0xc79a9ccc: netbsd:vpanic+0xc
0xc79a9ce4: netbsd:kern_assert+0x40
0xc79a9d24: netbsd:usb_dmaaddr+0x120
0xc79a9d94: netbsd:ohci_reset_std_chain+0x354
0xc79a9df4: netbsd:ohci_device_bulk_start+0x224
0xc79a9e34: netbsd:usbd_transfer+0x178
0xc79a9e74: netbsd:umass_setup_transfer+0x1cc
0xc79a9eac: netbsd:umass_bbb_state+0x3fc
0xc79a9efc: netbsd:usb_transfer_complete+0x4b0
0xc79a9f4c: netbsd:ohci_softintr+0xfe4
0xc79a9f64: netbsd:usb_soft_intr+0x28
0xc79a9fac: netbsd:softint_thread+0x13c
From: smesgr <smesgr@gmail.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/51528
Date: Sun, 29 Jan 2017 20:07:22 +0100
hope those lines are helpful:
[...]start len=8192
addr=2 endpt=2 len=8192 speed=2
sdataphys=0xa0b5d000 edataphys=0xa0b5efff len=8192 curlen=8192
start len=13
addr=2 endpt=2 len=13 speed=2
sdataphys=0xa0b5ae80 edataphys=0xa0b5ae8c len=13 curlen=13
start len=31
addr=2 endpt=1 len=31 speed=2
sdataphys=0xa0b5aec0 edataphys=0xa0b5aede len=31 curlen=31
start len=7680
addr=2 endpt=2 len=7680 speed=2
sdataphys=0xa0b5d000 edataphys=0xa0b5edff len=7680 curlen=8192
sdataphys=0xa0b5f000 edataphys=0xa0b5edff len=-512 curlen=8192
sdataphys=0xa0b61000 edataphys=0xa0b5edff len=-8704 curlen=8192
sdataphys=0xa0b63000 edataphys=0xa0b5edff len=-16896 curlen=8192
sdataphys=0xa0b65000 edataphys=0xa0b5edff len=-25088 curlen=8192
sdataphys=0xa0b67000 edataphys=0xa0b5edff len=-33280 curlen=8192
sdataphys=0xa0b69000 edataphys=0xa0b5edff len=-41472 curlen=8192
sdataphys=0xa0b6b000 edataphys=0xa0b5edff len=-49664 curlen=8192
panic: kernel diagnostic assertion "offset < dma->udma_block->size"
failed: file "/usr/src/sys/dev/usb/usb_mem.c", line 392 offset 65536 vs
65536
Stopped in pid 0.3 (system) at netbsd:cpu_Debugger+0x4: bx r14
From: smesgr <smesgr@gmail.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/51528
Date: Mon, 30 Jan 2017 21:54:29 +0100
this patch works for me:
Index: sys/dev/usb/ohci.c
===================================================================
RCS file: /cvsroot/src/sys/dev/usb/ohci.c,v
retrieving revision 1.265
diff -u -r1.265 ohci.c
--- sys/dev/usb/ohci.c 4 Dec 2016 10:12:35 -0000 1.265
+++ sys/dev/usb/ohci.c 30 Jan 2017 20:53:03 -0000
@@ -632,7 +632,7 @@
* crossing per TD
*/
curlen = len;
- if (!(sphyspg == ephyspg || sphyspg + 1 == ephyspg)) {
+ if (!(sphyspg == ephyspg || sphyspg + OHCI_PAGE_SIZE == ephyspg)) {
/* must use multiple TDs, fill as much as possible. */
curlen = 2 * OHCI_PAGE_SIZE -
(sdataphys & (OHCI_PAGE_SIZE - 1));
State-Changed-From-To: open->feedback
State-Changed-By: skrll@NetBSD.org
State-Changed-When: Mon, 30 Jan 2017 21:46:03 +0000
State-Changed-Why:
Should be fixed now with sys/dev/usb/ohci.c:1.266 and later
From: Nick Hudson <skrll@netbsd.org>
To: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org,
dhgutteridge@sympatico.ca
Cc:
Subject: Re: kern/51528
Date: Mon, 30 Jan 2017 21:45:10 +0000
On 01/30/17 20:55, smesgr wrote:
> The following reply was made to PR kern/51528; it has been noted by GNATS.
>
> From: smesgr <smesgr@gmail.com>
> To: gnats-bugs@NetBSD.org
> Cc:
> Subject: Re: kern/51528
> Date: Mon, 30 Jan 2017 21:54:29 +0100
>
> this patch works for me:
>
> Index: sys/dev/usb/ohci.c
> ===================================================================
> RCS file: /cvsroot/src/sys/dev/usb/ohci.c,v
> retrieving revision 1.265
> diff -u -r1.265 ohci.c
> --- sys/dev/usb/ohci.c 4 Dec 2016 10:12:35 -0000 1.265
> +++ sys/dev/usb/ohci.c 30 Jan 2017 20:53:03 -0000
> @@ -632,7 +632,7 @@
> * crossing per TD
> */
> curlen = len;
> - if (!(sphyspg == ephyspg || sphyspg + 1 == ephyspg)) {
> + if (!(sphyspg == ephyspg || sphyspg + OHCI_PAGE_SIZE == ephyspg)) {
> /* must use multiple TDs, fill as much as possible. */
> curlen = 2 * OHCI_PAGE_SIZE -
> (sdataphys & (OHCI_PAGE_SIZE - 1));
>
Thanks... I'd spotted the bug as well. I've committed your change as
sys/dev/usb/ohci.c:1.266 and updated the file with some other fixes /
improvement.
Please re-test to make sure it still works :)
Nick
From: "David H. Gutteridge" <dhgutteridge@sympatico.ca>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/51528 (usb_mem.c panic triggered by mounting USB pen drive)
Date: Mon, 30 Jan 2017 20:41:54 -0500
In my case, this bug seems resolved, thanks! (I'm now experiencing a
new
issue, but I'll report that separately, as it seems not directly
related.
)
Dave
State-Changed-From-To: feedback->closed
State-Changed-By: skrll@NetBSD.org
State-Changed-When: Tue, 31 Jan 2017 07:22:38 +0000
State-Changed-Why:
Fixed
From: smesgr <smesgr@gmail.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/51528
Date: Tue, 31 Jan 2017 20:36:53 +0100
your patch also works fine for me
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home