Bug 130736

Yup, crash is at the TAILQ_INSERT_TAIL, line 4835:

 

(kgdb) bt

#0  doadump () at pcpu.h:196

#1  0xc0790ea7 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418

#2  0xc0791179 in panic (fmt=Variable "fmt" is not available.

) at /usr/src/sys/kern/kern_shutdown.c:574

#3  0xc0aa338c in trap_fatal (frame=0xe406c974, eva=0)

    at /usr/src/sys/i386/i386/trap.c:939

#4  0xc0aa3610 in trap_pfault (frame=0xe406c974, usermode=0, eva=0)

    at /usr/src/sys/i386/i386/trap.c:852

#5  0xc0aa3fcc in trap (frame=0xe406c974) at /usr/src/sys/i386/i386/trap.c:530

#6  0xc0a89e3b in calltrap () at /usr/src/sys/i386/i386/exception.s:159

#7  0xc046ae6b in xpt_done (done_ccb=0xc4030400)

    at /usr/src/sys/cam/cam_xpt.c:4835

#8  0xc047154e in probedone (periph=0xc47ee200, done_ccb=Variable "done_ccb" is not available.

)

    at /usr/src/sys/cam/cam_xpt.c:6392

#9  0xc046cff1 in camisr_runqueue (V_queue=Variable "V_queue" is not available.

) at /usr/src/sys/cam/cam_xpt.c:7316

#10 0xc047093f in xpt_bus_deregister (pathid=0)

    at /usr/src/sys/cam/cam_xpt.c:4421

#11 0xc06f6dc0 in umass_cam_detach_sim (sc=0xc4467a00)

    at /usr/src/sys/dev/usb/umass.c:2716

#12 0xc06f6e6d in umass_detach (self=0xc47ee680)

    at /usr/src/sys/dev/usb/umass.c:1564

#13 0xc07b5e38 in device_detach (dev=0xc47ee680) at device_if.h:212

#14 0xc06fdfe2 in usb_disconnect_port (up=0xc3fd9494, parent=0xc3fece80)

    at /usr/src/sys/dev/usb/usb_subr.c:1380

#15 0xc06f3e6e in uhub_explore (dev=0xc3fecc80)

    at /usr/src/sys/dev/usb/uhub.c:462

#16 0xc06fc195 in usb_discover (v=Variable "v" is not available.

) at /usr/src/sys/dev/usb/usb.c:724

#17 0xc06fd187 in usb_event_thread (arg=0xc3fd4880)

    at /usr/src/sys/dev/usb/usb.c:440

#18 0xc076ca19 in fork_exit (callout=0xc06fd0d0 <usb_event_thread>,

    arg=0xc3fd4880, frame=0xe406cd38) at /usr/src/sys/kern/kern_fork.c:804

#19 0xc0a89eb0 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:264

 

(kgdb) print *sim

$2 = {sim_action = 0xc046af70 <dead_sim_action>,

  sim_poll = 0xc0469b00 <dead_sim_poll>, sim_name = 0xc0af0b2e "dead_sim",

  softc = 0x0, mtx = 0x0, sim_doneq = {tqh_first = 0x0, tqh_last = 0x0},

  links = {tqe_next = 0x0, tqe_prev = 0x0}, path_id = 0, unit_number = 0,

  bus_id = 0, max_tagged_dev_openings = 0, max_dev_openings = 0, flags = 0,

  callout = {c_links = {sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0,

        tqe_prev = 0x0}}, c_time = 0, c_arg = 0x0, c_func = 0, c_mtx = 0x0,

    c_flags = 0}, devq = 0x0, ccb_freeq = {slh_first = 0xc4022400},

  max_ccbs = 0, ccb_count = 0}

 

(kgdb) print done_ccb->ccb_h

$5 = {pinfo = {priority = 5, generation = 5, index = -1}, xpt_links = {le = {

      le_next = 0x0, le_prev = 0x0}, sle = {sle_next = 0x0}, tqe = {

      tqe_next = 0x0, tqe_prev = 0x0}, stqe = {stqe_next = 0x0}}, sim_links = {

    le = {le_next = 0x0, le_prev = 0x0}, sle = {sle_next = 0x0}, tqe = {

      tqe_next = 0x0, tqe_prev = 0x0}, stqe = {stqe_next = 0x0}},

  periph_links = {le = {le_next = 0x0, le_prev = 0xc4015c00}, sle = {

      sle_next = 0x0}, tqe = {tqe_next = 0x0, tqe_prev = 0xc4015c00}, stqe = {

      stqe_next = 0x0}}, retry_count = 0, cbfcnp = 0xc046e8f0 <xpt_scan_bus>,

  func_code = XPT_SCAN_LUN, status = 1, path = 0xc480d290, path_id = 0,

  target_id = 0, target_lun = 0, flags = 0, periph_priv = {entries = {{

        ptr = 0xc480d2a0, field = 3296776864, bytes = " Ò\200Ä"}, {ptr = 0x0,

        field = 0, bytes = "\000\000\000"}}, bytes = " Ò\200Ä\000\000\000"},

  sim_priv = {entries = {{ptr = 0x0, field = 0, bytes = "\000\000\000"}, {

        ptr = 0x0, field = 0, bytes = "\000\000\000"}},

    bytes = "\000\000\000\000\000\000\000"}, timeout = 0, timeout_ch = {

    callout = 0x0}}

 

Hope this helps.

 

Comment 2 Eitan Adler 2017-12-31 08:00:47 UTC

For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped