From nobody@FreeBSD.org  Thu Apr  8 07:44:27 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9982D1065678
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  8 Apr 2010 07:44:26 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 6DE998FC23
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  8 Apr 2010 07:44:26 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o387iQUc000136
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 8 Apr 2010 07:44:26 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o387iQ4D000135;
	Thu, 8 Apr 2010 07:44:26 GMT
	(envelope-from nobody)
Message-Id: <201004080744.o387iQ4D000135@www.freebsd.org>
Date: Thu, 8 Apr 2010 07:44:26 GMT
From: Garrett Cooper <yaneurabeya@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [PATCH] [twa] Removing USB keyboard after filesystems synced causes panic with destroyed mutex
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         145510
>Category:       kern
>Synopsis:       [PATCH] [twa] Removing USB keyboard after filesystems synced causes panic with destroyed mutex
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    delphij
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 08 08:08:39 UTC 2010
>Closed-Date:    Wed Jun 09 22:13:12 UTC 2010
>Last-Modified:  Sun Feb 03 22:28:35 UTC 2013
>Originator:     Garrett Cooper
>Release:        9-CURRENT
>Organization:
Cisco Systems, Inc.
>Environment:
FreeBSD bayonetta.local 9.0-CURRENT FreeBSD 9.0-CURRENT #3 r206173M: Mon Apr  5 12:12:29 PDT 2010     root@bayonetta.local:/usr/obj/usr/src/sys/BAYONETTA  amd64
>Description:
As discussed here: http://lists.freebsd.org/pipermail/freebsd-current/2010-March/015791.html, I followed the procedure below with my machine that has a twa(4) enabled card, and it panicked deterministically:

1. Rebooted machine.
2. Removed USB keyboard after filesystems were synced.

The panic looked like:

ugen2.2: <Mitsumi Electric> at usbus2 (disconnected)
uhub8: at uhub2, port 1, addr 2 (disconnected)
ugen2.3: <Mitsumi Electric> at usbus2 (disconnected)
ukbd0: at uhub8, port 3, addr 3 (disconnected)
uhid0: at uhub8, port 3, addr 3 (disconnected)
panic: mtx_lock_spin() of destroyed mutex @ /usr/src/sys/dev/twa/tw_cl_intr.c:88

cpuid = 1
KDB: enter: panic
[thread pid 12 tid 100025 ]
Stopped at         kdb_enter+0x3d: movq     $0,0x40289c(%rip)
db>

>How-To-Repeat:
See above.
>Fix:
Please see the following patch, provided by giovanni.trematerra@gmail.com .

Patch attached with submission follows:

Index: tw_cl_intr.c
===================================================================
--- tw_cl_intr.c	(revision 206339)
+++ tw_cl_intr.c	(working copy)
@@ -75,9 +75,12 @@
 	if (ctlr == NULL)
 		goto out;
 
-	/* If we get an interrupt while resetting, it is a shared
-	   one for another device, so just bail */
-	if (ctlr->state & TW_CLI_CTLR_STATE_RESET_IN_PROGRESS)
+	/* 
+	 * If we get an interrupt while resetting, it is a shared
+	 * one for another device, so just bail
+	 */
+	if (ctlr->state & TW_CLI_CTLR_STATE_RESET_IN_PROGRESS ||
+	    ctlr->state & TW_CLI_CTLR_STATE_SHUTDOWN_IN_PROGRESS)
 		goto out;
 
 	/*
Index: tw_cl.h
===================================================================
--- tw_cl.h	(revision 206339)
+++ tw_cl.h	(working copy)
@@ -66,6 +66,8 @@
 #define TW_CLI_CTLR_STATE_RESET_PHASE1_IN_PROGRESS	(1<<5)
 /* G66 register write access bug needs to be worked around. */
 #define TW_CLI_CTLR_STATE_G66_WORKAROUND_NEEDED	(1<<6)
+/* Controller is shutting down. */
+#define TW_CLI_CTLR_STATE_SHUTDOWN_IN_PROGRESS	(1<<7)
 
 /* Possible values of ctlr->ioctl_lock.lock. */
 #define TW_CLI_LOCK_FREE		0x0	/* lock is free */
Index: tw_cl_init.c
===================================================================
--- tw_cl_init.c	(revision 206339)
+++ tw_cl_init.c	(working copy)
@@ -598,6 +598,7 @@
 	 * and notify the controller that we are going down.
 	 */
 	ctlr->state &= ~TW_CLI_CTLR_STATE_ACTIVE;
+	ctlr->state |= TW_CLI_CTLR_STATE_SHUTDOWN_IN_PROGRESS;
 
 	tw_cli_disable_interrupts(ctlr);
 


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->analyzed 
State-Changed-By: delphij 
State-Changed-When: Wed Jun 9 20:41:12 UTC 2010 
State-Changed-Why:  
The pending twa(4) update would solve this. 


Responsible-Changed-From-To: freebsd-bugs->delphij 
Responsible-Changed-By: delphij 
Responsible-Changed-When: Wed Jun 9 20:41:12 UTC 2010 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=145510 
State-Changed-From-To: analyzed->patched 
State-Changed-By: delphij 
State-Changed-When: Wed Jun 9 22:11:49 UTC 2010 
State-Changed-Why:  


http://www.freebsd.org/cgi/query-pr.cgi?pr=145510 
State-Changed-From-To: patched->closed 
State-Changed-By: delphij 
State-Changed-When: Wed Jun 9 22:12:44 UTC 2010 
State-Changed-Why:  
Consider this closed as it's believed to have been fixed by kern/147695. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=145510 
>Unformatted:
