On Mon, 28 Jun 2004, Lukas Ertl wrote:
> On Sat, 26 Jun 2004, Bryan Liesner wrote:
>
>> Large transfers like dumping a filesystem or a tar of a filesystem causes
>> the transfer to grind to a halt and eventually panic. No dump is
>> available, here is the transcribed DDB output:
>>
>> Fatal trap 12: page fault while in kernel mode
>> fault virtual address = 0x53425355
>> fault code = supervisor read, page not present
>> instruction pointer = 0x8:0xc05147d2
>> stack pointer = 0x10:0xd4294b6c
>> frame pointer = 0x10:0xd4294b8c
>> code segment = base 0x0 limit 0xffff, type 0x1b
>> = DPL0, pres 1, def32 1, gran1
>> processor eflags = interrupt enabled, resume, IOPL=0
>> current process = 20 (irq10: pcm0 ehci0)
>> kernel: type 12 trap,code=0
>>
>> Stopped at usb_allocmem+0x82: cmpl %esi, 0(%eax)
>
> Could you try to get a vmcore and a backtrace from it?
>
Here it is:
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x53425355
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc051c117
stack pointer = 0x10:0xd4294ab0
frame pointer = 0x10:0xd4294ad0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 20 (irq10: pcm0 ehci0)
kernel: type 12 trap, code=0
Dumping 511 MB
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496
---
#0 doadump () at ../../../kern/kern_shutdown.c:236
236 dumping++;
doadump () at ../../../kern/kern_shutdown.c:236
236 dumping++;
(kgdb) bt
#0 doadump () at ../../../kern/kern_shutdown.c:236
#1 0xc0467ecd in db_fncall (dummy1=0, dummy2=0, dummy3=0, dummy4=0xd42948cc "_at_ßuÀ\f") at ../../../ddb/db_command.c:551
#2 0xc0467c6a in db_command (last_cmdp=0xc075d650, cmd_table=0x0, aux_cmd_tablep=0xc070fd78, aux_cmd_tablep_end=0xc070fd7c)
at ../../../ddb/db_command.c:348
#3 0xc0467d78 in db_command_loop () at ../../../ddb/db_command.c:475
#4 0xc046ac79 in db_trap (type=12, code=0) at ../../../ddb/db_trap.c:73
#5 0xc069b3ee in kdb_trap (type=12, code=0, regs=0xd4294a70) at ../../../i386/i386/db_interface.c:159
#6 0xc06ac118 in trap_fatal (frame=0xd4294a70, eva=0) at ../../../i386/i386/trap.c:810
#7 0xc06abe39 in trap_pfault (frame=0xd4294a70, usermode=0, eva=1396855637) at ../../../i386/i386/trap.c:733
#8 0xc06ab9d8 in trap (frame=
{tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 0, tf_esi = 13, tf_ebp = -735491376, tf_isp = -735491428, tf_ebx = 1, tf_edx = -1066176724, tf_ecx = -1046045248, tf_eax = 1396855637, tf_trapno = 12, tf_err = 0, tf_eip = -1068383977, tf_cs = 8, tf_eflags = 66182, tf_esp = 52, tf_ss = -1067889552}) at ../../../i386/i386/trap.c:420
#9 0xc069ccea in calltrap () at ../../../i386/i386/exception.s:140
#10 0x00000018 in ?? ()
#11 0x00000010 in ?? ()
#12 0x00000010 in ?? ()
#13 0x00000000 in ?? ()
#14 0x0000000d in ?? ()
#15 0xd4294ad0 in ?? ()
#16 0xd4294a9c in ?? ()
#17 0x00000001 in ?? ()
#18 0xc0736f2c in sysctl___hw_usb_ehci_debug ()
#19 0xc05012fa in ehci_allocm (bus=0x0, dma=0x0, size=0) at ../../../dev/usb/ehci.c:1022
#20 0xc05012fa in ehci_allocm (bus=0x0, dma=0x0, size=0) at ../../../dev/usb/ehci.c:1022
#21 0xc051ec50 in usbd_transfer (xfer=0xd) at ../../../dev/usb/usbdi.c:309
#22 0xc0515fb7 in umass_setup_transfer (sc=0xc1bc5600, pipe=0x0, buffer=0x0, buflen=0, flags=0, xfer=0xc1bc6c00)
at ../../../dev/usb/umass.c:1167
#23 0xc0516722 in umass_bbb_state (xfer=0xc1bc6900, priv=0xc1bc5600, err=USBD_NORMAL_COMPLETION)
at ../../../dev/usb/umass.c:1533
#24 0xc051f60a in usb_transfer_complete (xfer=0xc1bc6900) at ../../../dev/usb/usbdi.c:834
#25 0xc0501105 in ehci_idone (ex=0xc1bc6900) at ../../../dev/usb/ehci.c:818
#26 0xc0500ed2 in ehci_check_intr (sc=0xc1a53400, ex=0xc1bc6900) at ../../../dev/usb/ehci.c:718
#27 0xc0500dda in ehci_softintr (v=0xc1a53400) at ../../../dev/usb/ehci.c:659
#28 0xc051b929 in usb_schedsoftintr (bus=0xc1a53400) at ../../../dev/usb/usb.c:842
#29 0xc0500b0b in ehci_intr1 (sc=0xc1a53400) at ../../../dev/usb/ehci.c:559
#30 0xc050098f in ehci_intr (v=0xc1a53400) at ../../../dev/usb/ehci.c:517
#31 0xc055f0f9 in ithread_loop (arg=0xc196a880) at ../../../kern/kern_intr.c:557
#32 0xc055df08 in fork_exit (callout=0xc055ef60 <ithread_loop>, arg=0x0, frame=0x0) at ../../../kern/kern_fork.c:815
#33 0xc069cd4c in fork_trampoline () at ../../../i386/i386/exception.s:209
(kgdb) list *0xc05012fa
0xc05012fa is in ehci_allocm (../../../dev/usb/ehci.c:1022).
1017 usbd_status
1018 ehci_allocm(struct usbd_bus *bus, usb_dma_t *dma, u_int32_t size)
1019 {
1020 usbd_status err;
1021
1022 err = usb_allocmem(bus, size, 0, dma);
1023 #ifdef EHCI_DEBUG
1024 if (err)
1025 printf("ehci_allocm: usb_allocmem()=%d\n", err);
1026 #endif
(kgdb) list *0xc051ec50
0xc051ec50 is in usbd_transfer (../../../dev/usb/usbdi.c:310).
305 #ifdef DIAGNOSTIC
306 if (xfer->rqflags & URQ_AUTO_DMABUF)
307 printf("usbd_transfer: has old buffer!\n");
308 #endif
309 err = bus->methods->allocm(bus, dmap, size);
310 if (err)
311 return (err);
312 xfer->rqflags |= URQ_AUTO_DMABUF;
313 }
314
(kgdb) list *0xc0515fb7
0xc0515fb7 is in umass_setup_transfer (../../../dev/usb/umass.c:1167).
1162 /* Initialise a USB transfer and then schedule it */
1163
1164 (void) usbd_setup_xfer(xfer, pipe, (void *) sc, buffer, buflen, flags,
1165 sc->timeout, sc->state);
1166
1167 err = usbd_transfer(xfer);
1168 if (err && err != USBD_IN_PROGRESS) {
1169 DPRINTF(UDMASS_BBB, ("%s: failed to setup transfer, %s\n",
1170 USBDEVNAME(sc->sc_dev), usbd_errstr(err)));
1171 return(err);
(kgdb) list *0xc0516722
0xc0516722 is in umass_bbb_state (../../../dev/usb/umass.c:1533).
1528 sc->transfer_state = TSTATE_BBB_STATUS2;
1529 next_xfer = sc->transfer_xfer[XFER_BBB_CSW2];
1530 }
1531
1532 /* Read the Command Status Wrapper via bulk-in endpoint. */
1533 if (umass_setup_transfer(sc, sc->bulkin_pipe,
1534 &sc->csw, UMASS_BBB_CSW_SIZE, 0,
1535 next_xfer)) {
1536 umass_bbb_reset(sc, STATUS_WIRE_FAILED);
1537 return;
(kgdb) list *0xc051f60a
0xc051f60a is in usb_transfer_complete (../../../dev/usb/usbdi.c:834).
829 xfer->actlen, xfer->length));
830 xfer->status = USBD_SHORT_XFER;
831 }
832
833 if (xfer->callback)
834 xfer->callback(xfer, xfer->priv, xfer->status);
835
836 #ifdef DIAGNOSTIC
837 if (pipe->methods->done != NULL)
838 pipe->methods->done(xfer);
(kgdb) list *0xc0501105
0xc0501105 is in ehci_idone (../../../dev/usb/ehci.c:819).
814 } else {
815 xfer->status = USBD_NORMAL_COMPLETION;
816 }
817
818 usb_transfer_complete(xfer);
819 DPRINTFN(/*12*/2, ("ehci_idone: ex=%p done\n", ex));
820 }
821
822 /*
823 * Wait here until controller claims to have an interrupt.
(kgdb) list *�~� �0xc0500ed2
0xc0500ed2 is in ehci_check_intr (../../../dev/usb/ehci.c:719).
714 }
715 done:
716 DPRINTFN(12, ("ehci_check_intr: ex=%p done\n", ex));
717 usb_uncallout(ex->xfer.timeout_handle, ehci_timeout, ex);
718 ehci_idone(ex);
719 }
720
721 void
722 ehci_idone(struct ehci_xfer *ex)
723 {
(kgdb) list *0xc0500dda
0xc0500dda is in ehci_softintr (../../../dev/usb/ehci.c:657).
652 * The only explanation I can think of for why EHCI is as brain dead
653 * as UHCI interrupt-wise is that Intel was involved in both.
654 * An interrupt just tells us that something is done, we have no
655 * clue what, so we need to scan through all active transfers. :-(
656 */
657 for (ex = LIST_FIRST(&sc->sc_intrhead); ex; ex = nextex) {
658 nextex = LIST_NEXT(ex, inext);
659 ehci_check_intr(sc, ex);
660 }
661
(kgdb) lisy � �� �t *0xc051b929
0xc051b929 is in usb_schedsoftintr (../../../dev/usb/usb.c:844).
839 #endif /* __HAVE_GENERIC_SOFT_INTERRUPTS */
840 }
841 #else
842 bus->methods->soft_intr(bus);
843 #endif /* USB_USE_SOFTINTR */
844 }
845
846 #if defined(__NetBSD__) || defined(__OpenBSD__)
847 int
848 usb_activate(device_ptr_t self, enum devact act)
(kgdb) list *0xc050098f
0xc050098f is in ehci_intr (../../../dev/usb/ehci.c:517).
512 printf("ehci_intr: ignored interrupt while polling\n");
513 #endif
514 return (0);
515 }
516
517 return (ehci_intr1(sc));
518 }
519
520 Static int
521 ehci_intr1(ehci_softc_t *sc)
Received on Tue Jun 29 2004 - 00:36:38 UTC