I was out of town, I just tested the patch last night.
No change in how it crashes after applying and building that patch on a
-stable kernel.
One item of note is the following 3 lines seem to happen after this UPS has
been plugged in for a while, in any case.
usbd_start_next: error=5
usbd_free_xfer: xfer=0xfffffd841f61ad20 not free
usbd_free_xfer: xfer=0xfffffd841f61ad20 not free
Console output for testing this patch
login: uhidev0 at uhub0 port 11 configuration 1 interface 0 "CPS
BRG1500AVRLCD" rev 2.00/2.00 addr 2
uhidev0: iclass 3/0, 28 report ids
upd0 at uhidev0
uhid0 at uhidev0 reportid 1: input=0, output=0, feature=1
uhid1 at uhidev0 reportid 2: input=0, output=0, feature=1
uhid2 at uhidev0 reportid 3: input=0, output=0, feature=1
uhid3 at uhidev0 reportid 4: input=0, output=0, feature=1
uhid4 at uhidev0 reportid 5: input=0, output=0, feature=1
uhid5 at uhidev0 reportid 6: input=0, output=0, feature=1
uhid6 at uhidev0 reportid 7: input=0, output=0, feature=6
uhid7 at uhidev0 reportid 8: input=5, output=0, feature=5
uhid8 at uhidev0 reportid 9: input=0, output=0, feature=1
uhid9 at uhidev0 reportid 10: input=0, output=0, feature=1
uhid10 at uhidev0 reportid 12: input=1, output=0, feature=1
uhid11 at uhidev0 reportid 13: input=0, output=0, feature=1
uhid12 at uhidev0 reportid 14: input=0, output=0, feature=1
uhid13 at uhidev0 reportid 15: input=0, output=0, feature=2
uhid14 at uhidev0 reportid 16: input=4, output=0, feature=4
uhid15 at uhidev0 reportid 18: input=0, output=0, feature=2
uhid16 at uhidev0 reportid 19: input=0, output=0, feature=1
uhid17 at uhidev0 reportid 20: input=1, output=0, feature=1
uhid18 at uhidev0 reportid 21: input=0, output=0, feature=2
uhid19 at uhidev0 reportid 22: input=0, output=0, feature=2
uhid20 at uhidev0 reportid 24: input=0, output=0, feature=2
uhid21 at uhidev0 reportid 25: input=0, output=0, feature=2
uhid22 at uhidev0 reportid 26: input=1, output=0, feature=1
uhid23 at uhidev0 reportid 27: input=0, output=0, feature=1
uhid24 at uhidev0 reportid 28: input=0, output=0, feature=5
usbd_start_next: error=5
usbd_free_xfer: xfer=0xfffffd841f61ad20 not free
usbd_free_xfer: xfer=0xfffffd841f61ad20 not free
uhid0 detached
uhid1 detached
uhid2 detached
uhid3 detached
uhid4 detached
uhid5 detached
uhid6 detached
uhid7 detached
uhid8 detached
uhid9 detached
upd0 detached
uhid10 detached
uhid11 detached
uhid12 detached
uhid13 detached
uhid14 detached
uhid15 detached
uhid16 detached
uhid17 detached
uhid18 detached
uhid19 detached
uhid20 detached
uhid21 detached
uhid22 detached
uhid23 detached
uhid24 detached
uhidev0 detached
usbd_start_next: error=5
usbd_start_next: error=5
multiply freed item 0xffff800000a3c260
panic: free: duplicated free
Stopped at db_enter+0x10: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
303845 26989 73 0x1100010 0x80 1 syslogd
* 13736 27682 0 0x14000 0x200 0K usbtask
133461 90610 0 0x14000 0x200 2 softnet
db_enter() at db_enter+0x10
panic(ffffffff81f85db6) at panic+0xbf
free(ffff800000a3c260,7f,20) at free+0x3b3
uhidev_get_report_async_cb(fffffd841f61ad20,ffff800000a3c260,6) at
uhidev_get_r
eport_async_cb+0x95
usb_transfer_complete(fffffd841f61ad20) at usb_transfer_complete+0x1e4
usbd_close_pipe(ffff8000012bf000) at usbd_close_pipe+0x56
usb_free_device(ffff800001345500) at usb_free_device+0x21
usbd_detach(ffff800001345500,ffff80000016c180) at usbd_detach+0x81
uhub_port_connect(ffff80000016c180,b,2a0) at uhub_port_connect+0x75
uhub_explore(ffff800000178900) at uhub_explore+0xbb
usb_explore(ffff800000178800) at usb_explore+0x12a
usb_task_thread(ffff800022a00fd0) at usb_task_thread+0xe5
end trace frame: 0x0, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}> trace
db_enter() at db_enter+0x10
panic(ffffffff81f85db6) at panic+0xbf
free(ffff800000a3c260,7f,20) at free+0x3b3
uhidev_get_report_async_cb(fffffd841f61ad20,ffff800000a3c260,6) at
uhidev_get_r
eport_async_cb+0x95
usb_transfer_complete(fffffd841f61ad20) at usb_transfer_complete+0x1e4
usbd_close_pipe(ffff8000012bf000) at usbd_close_pipe+0x56
usb_free_device(ffff800001345500) at usb_free_device+0x21
usbd_detach(ffff800001345500,ffff80000016c180) at usbd_detach+0x81
uhub_port_connect(ffff80000016c180,b,2a0) at uhub_port_connect+0x75
uhub_explore(ffff800000178900) at uhub_explore+0xbb
usb_explore(ffff800000178800) at usb_explore+0x12a
usb_task_thread(ffff800022a00fd0) at usb_task_thread+0xe5
end trace frame: 0x0, count: -12
ddb{0}> boot crash
Here is dmesg output from the machine
OpenBSD 7.2-stable (GENERIC.MP) #0: Thu Feb 9 20:37:03 PST 2023
[email protected]:/sys/arch/amd64/compile/GENERIC.MP
real mem = 17043976192 (16254MB)
avail mem = 16510033920 (15745MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe8578 (72 entries)
bios0: vendor Hewlett-Packard version "L01 v02.78" date 02/20/2020
bios0: Hewlett-Packard HP ProDesk 600 G1 SFF
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT SSDT SSDT SSDT MCFG HPET SSDT SSDT SSDT
SLIC ASF! TCPA
acpi0: wakeup devices PS2K(S3) PS2M(S3) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4)
PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4) GLAN(S4) EHC1(S3) EHC2(S3) XHC_(S3)
HDEF(S4) PEG0(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz, 3292.47 MHz, 06-3c-03
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB
64b/line 8-way L2 cache, 6MB 64b/line 12-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz, 3292.40 MHz, 06-3c-03
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB
64b/line 8-way L2 cache, 6MB 64b/line 12-way L3 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz, 3292.40 MHz, 06-3c-03
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu2: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB
64b/line 8-way L2 cache, 6MB 64b/line 12-way L3 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz, 3292.40 MHz, 06-3c-03
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu3: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB
64b/line 8-way L2 cache, 6MB 64b/line 12-way L3 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 8 pa 0xfec00000, version 20, 24 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf8000000, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG1)
acpiprt3 at acpi0: bus -1 (PEG2)
acpiec0 at acpi0: not present
acpipci0 at acpi0 PCI0: 0x00000010 0x00000011 0x00000000
acpicmos0 at acpi0
com0 at acpi0 UAR1 addr 0x3f8/0x8 irq 4: ns16550a, 16 byte fifo
com0: console
tpm0 at acpi0 TPM_ 1.2 (TIS) addr 0xfed40000/0x5000, Infineon SLB9635 1.2
rev 0x10
acpibtn0 at acpi0: PWRB
"PNP0C14" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
acpicpu0 at acpi0: C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: FN00, resource for FAN0
acpipwrres1 at acpi0: FN01, resource for FAN1
acpipwrres2 at acpi0: FN02, resource for FAN2
acpipwrres3 at acpi0: FN03, resource for FAN3
acpipwrres4 at acpi0: FN04, resource for FAN4
acpitz0 at acpi0: critical temperature is 105 degC
acpitz1 at acpi0: critical temperature is 105 degC
acpivideo0 at acpi0: PEG0
acpivideo1 at acpi0: VGA_
acpivout0 at acpivideo1: LCD_
acpivideo2 at acpi0: GFX0
acpivout1 at acpivideo2: DD1F
acpivout2 at acpivideo2: LCD_
cpu0: using VERW MDS workaround (except on vmm entry)
cpu0: Enhanced SpeedStep 3292 MHz: speeds: 3301, 3300, 3100, 2900, 2800,
2600, 2400, 2200, 2000, 1900, 1700, 1500, 1300, 1200, 1000, 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 4G Host" rev 0x06
ppb0 at pci0 dev 1 function 0 "Intel Core 4G PCIE" rev 0x06: msi
pci1 at ppb0 bus 1
em0 at pci1 dev 0 function 0 "Intel 82580" rev 0x01: msi, address
ac:16:2d:9f:fa:1c
em1 at pci1 dev 0 function 1 "Intel 82580" rev 0x01: msi, address
ac:16:2d:9f:fa:1d
em2 at pci1 dev 0 function 2 "Intel 82580" rev 0x01: msi, address
ac:16:2d:9f:fa:1e
em3 at pci1 dev 0 function 3 "Intel 82580" rev 0x01: msi, address
ac:16:2d:9f:fa:1f
inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 4600" rev 0x06
drm0 at inteldrm0
inteldrm0: msi, HASWELL, gen 7
azalia0 at pci0 dev 3 function 0 "Intel Core 4G HD Audio" rev 0x06: msi
azalia0: No codecs found
xhci0 at pci0 dev 20 function 0 "Intel 8 Series xHCI" rev 0x04: msi, xHCI
1.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev
3.00/1.00 addr 1
"Intel 8 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
puc0 at pci0 dev 22 function 3 "Intel 8 Series KT" rev 0x04: ports: 16 com
com4 at puc0 port 0 apic 8 int 19: ns16550a, 16 byte fifo
com4: probed fifo depth: 0 bytes
em4 at pci0 dev 25 function 0 "Intel I217-LM" rev 0x04: msi, address
f0:92:1c:f1:fd:91
ehci0 at pci0 dev 26 function 0 "Intel 8 Series USB" rev 0x04: apic 8 int 16
usb1 at ehci0: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev
2.00/1.00 addr 1
ehci1 at pci0 dev 29 function 0 "Intel 8 Series USB" rev 0x04: apic 8 int 23
usb2 at ehci1: USB revision 2.0
uhub2 at usb2 configuration 1 interface 0 "Intel EHCI root hub" rev
2.00/1.00 addr 1
pcib0 at pci0 dev 31 function 0 "Intel Q85 LPC" rev 0x04
ahci0 at pci0 dev 31 function 2 "Intel 8 Series AHCI" rev 0x04: msi, AHCI
1.3
ahci0: port 0: 6.0Gb/s
ahci0: port 1: 6.0Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0: <ATA, HGST HUS724040AL, MFAO>
naa.5000cca24ceeee2e
sd0: 3815447MB, 512 bytes/sector, 7814037168 sectors
sd1 at scsibus1 targ 1 lun 0: <ATA, SPCC Solid State, R120>
naa.502b2a201d1c1b1a
sd1: 122104MB, 512 bytes/sector, 250069680 sectors, thin
ichiic0 at pci0 dev 31 function 3 "Intel 8 Series SMBus" rev 0x04: apic 8
int 18
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-12800
spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-8500
spdmem2 at iic0 addr 0x52: 4GB DDR3 SDRAM PC3-12800
spdmem3 at iic0 addr 0x53: 4GB DDR3 SDRAM PC3-8500
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0 mux 1
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
vmm0 at mainbus0: VMX/EPT
efifb at mainbus0 not configured
uhub3 at uhub1 port 1 configuration 1 interface 0 "Intel Rate Matching Hub"
rev 2.00/0.04 addr 2
uhub4 at uhub2 port 1 configuration 1 interface 0 "Intel Rate Matching Hub"
rev 2.00/0.04 addr 2
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd1a (ea87824e05c62003.a) swap on sd1b dump on sd1b
WARNING: / was not properly unmounted
inteldrm0: 1024x768, 32bpp
wsdisplay0 at inteldrm0 mux 1
pckbd_enable: command error
wsdisplay0: screen 0-5 added (std, vt100 emulation)
Peter
On Sun, Feb 5, 2023 at 2:21 AM Anton Lindqvist <[email protected]> wrote:
> On Sat, Feb 04, 2023 at 09:18:44AM -0800, Peter Van Eenoo wrote:
> > I've found a repeatable crash after unplugging a usb port that's
> connected
> > to a UPS. I can't trigger it if I quickly plug it in and unplug it but
> only
> > after leaving it connected for a few hours and then I unplug it. It
> crashes
> > at the same spot every time.
> >
> > I can't get a crash dump from it because every time I try boot
> > crash/sync/dump it just hangs and never writes or reboots.
> >
> > login: uhid0 detached
> > uhid1 detached
> > uhid2 detached
> > uhid3 detached
> > uhid4 detached
> > uhid5 detached
> > uhid6 detached
> > uhid7 detached
> > uhid8 detached
> > uhid9 detached
> > upd0 detached
> > uhid10 detached
> > uhid11 detached
> > uhid12 detached
> > uhid13 detached
> > uhid14 detached
> > uhid15 detached
> > uhid16 detached
> > uhid17 detached
> > uhid18 detached
> > uhid19 detached
> > uhid20 detached
> > uhid21 detached
> > uhid22 detached
> > uhid23 detached
> > uhid24 detached
> > uhidev0 detached
> > usbd_start_next: error=5
> > usbd_start_next: error=5
> > multiply freed item 0xffff800000a3d300
> > panic: free: duplicated free
> > Stopped at db_enter+0x10: popq %rbp
> > TID PID UID PRFLAGS PFLAGS CPU COMMAND
> > 191599 18517 73 0x1100010 0x80 1 syslogd
> > * 93216 36036 0 0x14000 0x200 0K usbtask
> > db_enter() at db_enter+0x10
> > panic(ffffffff81f836b9) at panic+0xbf
> > free(ffff800000a3d300,7f,20) at free+0x3b3
> > uhidev_get_report_async_cb(fffffd841f61a000,ffff800000a3d300,6) at
> > uhidev_get_r
> > eport_async_cb+0x95
> > usb_transfer_complete(fffffd841f61a000) at usb_transfer_complete+0x1e4
> > usbd_close_pipe(ffff8000012bf000) at usbd_close_pipe+0x56
> > usb_free_device(ffff800007ffe500) at usb_free_device+0x21
> > usbd_detach(ffff800007ffe500,ffff80000016c180) at usbd_detach+0x81
> > uhub_port_connect(ffff80000016c180,b,2a0) at uhub_port_connect+0x75
> > uhub_explore(ffff800000178900) at uhub_explore+0xbb
> > usb_explore(ffff800000178800) at usb_explore+0x12a
> > usb_task_thread(ffff800022a00fd0) at usb_task_thread+0xe5
> > end trace frame: 0x0, count: 3
>
> Does the following diff help?
>
> diff --git sys/dev/usb/uhidev.c sys/dev/usb/uhidev.c
> index 26b5b04088d..1771e146cbb 100644
> --- sys/dev/usb/uhidev.c
> +++ sys/dev/usb/uhidev.c
> @@ -911,6 +911,7 @@ uhidev_get_report_async(struct uhidev_softc *sc, int
> type, int id, void *data,
>
> if (usbd_request_async(xfer, &req, info,
> uhidev_get_report_async_cb)) {
> free(info, M_TEMP, sizeof(*info));
> + usbd_free_xfer(xfer);
> actlen = -1;
> }
>
>
