I've found a repeatable crash after unplugging a usb port that's connected
to a UPS. I can't trigger it if I quickly plug it in and unplug it but only
after leaving it connected for a few hours and then I unplug it. It crashes
at the same spot every time.
I can't get a crash dump from it because every time I try boot
crash/sync/dump it just hangs and never writes or reboots.
login: uhid0 detached
uhid1 detached
uhid2 detached
uhid3 detached
uhid4 detached
uhid5 detached
uhid6 detached
uhid7 detached
uhid8 detached
uhid9 detached
upd0 detached
uhid10 detached
uhid11 detached
uhid12 detached
uhid13 detached
uhid14 detached
uhid15 detached
uhid16 detached
uhid17 detached
uhid18 detached
uhid19 detached
uhid20 detached
uhid21 detached
uhid22 detached
uhid23 detached
uhid24 detached
uhidev0 detached
usbd_start_next: error=5
usbd_start_next: error=5
multiply freed item 0xffff800000a3d300
panic: free: duplicated free
Stopped at db_enter+0x10: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
191599 18517 73 0x1100010 0x80 1 syslogd
* 93216 36036 0 0x14000 0x200 0K usbtask
db_enter() at db_enter+0x10
panic(ffffffff81f836b9) at panic+0xbf
free(ffff800000a3d300,7f,20) at free+0x3b3
uhidev_get_report_async_cb(fffffd841f61a000,ffff800000a3d300,6) at
uhidev_get_r
eport_async_cb+0x95
usb_transfer_complete(fffffd841f61a000) at usb_transfer_complete+0x1e4
usbd_close_pipe(ffff8000012bf000) at usbd_close_pipe+0x56
usb_free_device(ffff800007ffe500) at usb_free_device+0x21
usbd_detach(ffff800007ffe500,ffff80000016c180) at usbd_detach+0x81
uhub_port_connect(ffff80000016c180,b,2a0) at uhub_port_connect+0x75
uhub_explore(ffff800000178900) at uhub_explore+0xbb
usb_explore(ffff800000178800) at usb_explore+0x12a
usb_task_thread(ffff800022a00fd0) at usb_task_thread+0xe5
end trace frame: 0x0, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}> show uvm
Current UVM status:
pagesize=4096 (0x1000), pagemask=0xfff, pageshift=12
4032841 VM pages: 20457 active, 153693 inactive, 35 wired, 3353999 free
(4192
50 zero)
min 10% (25) anon, 10% (25) vnode, 5% (12) vtext
freemin=134428, free-target=179237, inactive-target=0, wired-max=1344280
faults=1900481, traps=1622220, intrs=7626933, ctxswitch=22560630
fpuswitch=0
softint=8296896, syscalls=4541342, kmapent=13
fault counts:
noram=0, noanon=0, noamap=0, pgwait=0, pgrele=0
ok relocks(total)=205402(207488), anget(retries)=973654(0),
amapcopy=247970
neighbor anon/obj pg=459259/706646, gets(lock/unlock)=443246/207549
cases: anon=845889, anoncow=127765, obj=393386, prcopy=47713,
przero=485697
daemon and swap counts:
woke=0, revs=0, scans=0, obscans=0, anscans=0
busy=0, freed=0, reactivate=0, deactivate=0
pageouts=0, pending=0, nswget=0
nswapdev=1
swpages=2130604, swpginuse=0, swpgonly=0 paging=0
kernel pointers:
objs(kern)=0xffffffff823ce470
ddb{0}> show bcstats
Current Buffer Cache status:
numbufs 114213 busymapped 0, delwri 6
kvaslots 6553 avail kva slots 6553
bufpages 456799, dmapages 176456, dirtypages 24
pendingreads 0, pendingwrites 0
highflips 70932, highflops 0, dmaflips 805
ddb{0}> show panic
*cpu0: free: duplicated free
ddb{0}> trace
db_enter() at db_enter+0x10
panic(ffffffff81f836b9) at panic+0xbf
free(ffff800000a3d300,7f,20) at free+0x3b3
uhidev_get_report_async_cb(fffffd841f61a000,ffff800000a3d300,6) at
uhidev_get_r
eport_async_cb+0x95
usb_transfer_complete(fffffd841f61a000) at usb_transfer_complete+0x1e4
usbd_close_pipe(ffff8000012bf000) at usbd_close_pipe+0x56
usb_free_device(ffff800007ffe500) at usb_free_device+0x21
usbd_detach(ffff800007ffe500,ffff80000016c180) at usbd_detach+0x81
uhub_port_connect(ffff80000016c180,b,2a0) at uhub_port_connect+0x75
uhub_explore(ffff800000178900) at uhub_explore+0xbb
usb_explore(ffff800000178800) at usb_explore+0x12a
usb_task_thread(ffff800022a00fd0) at usb_task_thread+0xe5
end trace frame: 0x0, count: -12
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x12: leave
x86_ipi_db(ffff800022509ff0) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_acquire_count(ffffffff82379d10,1) at __mp_acquire_count+0x92
mi_switch() at mi_switch+0x28b
sleep_finish(ffff80003374fe90,1) at sleep_finish+0xfe
msleep(fffffd83a38355c0,fffffd83a38355c0,318,ffffffff81f9908d,533) at
msleep+0x
c7
kqueue_sleep(fffffd83a38355c0,ffff800033750248) at kqueue_sleep+0xbe
kqueue_scan(ffff800033750148,8,ffff800033750040,ffff800033750248,ffff8000336eba
50,ffff80003375029c) at kqueue_scan+0x10d
sys_kevent(ffff8000336eba50,ffff800033750300,ffff800033750360) at
sys_kevent+0x
371
syscall(ffff8000337503d0) at syscall+0x384
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff3100, count: 3
ddb{1}> boot crash
<<hang until manual power cycle >>
-Peter
