Bug 226174 - umass access results in kernel panic
Summary: umass access results in kernel panic
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: usb (show other bugs)
Version: CURRENT
Hardware: amd64 Any
: --- Affects Some People
Assignee: freebsd-usb (Nobody)
URL:
Keywords: crash
Depends on:
Blocks:
 
Reported: 2018-02-24 17:39 UTC by Rupert Stitzinger
Modified: 2022-10-12 00:49 UTC (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Rupert Stitzinger 2018-02-24 17:39:54 UTC 
With kernel CURRENT from feb., 19 2018 kernel crashes (panic) and goes into debug, when
1. Always - A connected memory stick shall be mounted i.e mount_msdosfs is executed for a memory stick
2. Sometimes on boot, when the kernel shows the messages for an integrated USB umass device (in this case a SD card reader connected via USB without inserted SD-card) it crashes

Because of point 2 i assume this is a problem in the USB system and not of mount.
Comment 1 Warner Losh freebsd_committer freebsd_triage 2018-03-12 14:41:21 UTC 
What's the panic?
I've been working on some lock issues that my assert uncovered.

Please try https://reviews.freebsd.org/D14456 if you can repeat this panic reliably.
Comment 2 Rupert Stitzinger 2018-03-12 21:07:26 UTC 
1. Installed the patch for scsi_da from below link (D14456)
--> Same behaviour

2. messages when crashing (hope no typo):
-----------------------
#
// plug in usb stick
umass1 on uhub0
.
umass1: SCSI over bulk-only; quirks=0x4000
umass1:2:1: Attached to scbus2
da1 at umass-sim1 bus 1 scbus 2 target 0 lun 0
da1: <  1100> Removable Direct Access SPC-2 SCSI device
.
da1: 40.000MB/s transfers
.
da1: quirks=0x2<NO_6_BYTE>
#
# mount_msdosfs /dev/da1 /mnt/dos	
panic: bq_remove: Remove buffer 0xfffffe0000e3ec40 from wrong queue
cpuid=1
time=1520878478
KBD: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00004a07a0
vpanic() at vpanic+0x18d/frame 0xfffffe00004a0800
vpanic() at vpanic/frame 0xfffffe00004a0800
bq_remove() at bq_remove+0x151/frame 0xfffffe00004a08a0
buf_recycle() at buf_recycle+0x1a6/frame 0xfffffe00004a0910
bufspace_demon() at bufspace_demon+0x9a/frame 0xfffffe00004a0970
fork_exit() at fork_exit+0x84/frame 0xfffffe00004a09b0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00004a09b0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KBD: enter: panic
[thread pid 22 tid 1000072 ]
Stopped at    kbd_enter+0x3b: movq   $0,kdb_why
db>
------------------------------

// Added some debug printfs at various functions at head and at end for entering and leaving (only at the end of function) some functions
// Before panic: ENTER dastart, LEAVE dastart, ENTER dadone, ENTER dastart, LEAVE dastart panic:
-----------------------------

Might be of interest: Machine has microcode patches (for Meltdown / Spectre) in BIOS.
Comment 3 Rupert Stitzinger 2018-08-12 15:30:23 UTC 
Bug does not show up with 12.0-ALPHA1
--> Closed