panic while playing with a ugen

From: Thierry Herbelot <thierry_at_herbelot.com>
Date: Thu, 1 Jun 2006 00:42:46 +0200
the panic occured when closing one endpoint of a ugen device (the device was 
disconnecting from the USB bus after being reseted).

	TfH

Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address   = 0x60
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc0671f2c
stack pointer           = 0x28:0xc73ceaa0
frame pointer           = 0x28:0xc73ceab4
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 800 (test)
[thread pid 800 tid 100099 ]
Stopped at      giant_close+0x20:       movl    0x60(%eax),%eax
db> bt
Tracing pid 800 tid 100099 td 0xc17146c0
giant_close(c173e000,3,2000,c17146c0,c173e000) at giant_close+0x20
devfs_close(c73ceb0c) at devfs_close+0x2db
VOP_CLOSE_APV(c09b8000,c73ceb0c) at VOP_CLOSE_APV+0x7e
vn_close(c1a54410,3,c1969800,c17146c0,0) at vn_close+0x8b
vn_closefile(c16b5678,c17146c0,c73cebc4,c067ad44,c16b5678) at 
vn_closefile+0xca
devfs_close_f(c16b5678,c17146c0) at devfs_close_f+0xf
fdrop_locked(c16b5678,c17146c0,c143a988,0,c0914e2c) at fdrop_locked+0x88
fdrop(c16b5678,c17146c0,6b5,c0a0b034,0) at fdrop+0x24
closef(c16b5678,c17146c0,0,0,4) at closef+0x367
close(c17146c0,c73ced04,c196e234,c,c17146c0) at close+0x1be
syscall(3b,3b,3b,bfbfeba8,4) at syscall+0x27e
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (6, FreeBSD ELF32, close), eip = 0x2814837f, esp = 0xbfbfeafc, ebp 
= 0xbfbfebc8 ---
db> call doadump
Physical memory: 87 MB
Dumping 31 MB: 16
Dump complete


multi-cur# kgdb kernel.debug /files1/tmp/vmcore.2
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: 
Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:
ugenioctl: cmd=c018556f
ugenioctl: cmd=c018556f
ugen0: at uhub4 port 3 (addr 2) disconnected
ugen_detach: sc=0xc1579000


Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address   = 0x60
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc0671f2c
stack pointer           = 0x28:0xc73ceaa0
frame pointer           = 0x28:0xc73ceab4
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 800 (udibtest)
Physical memory: 87 MB
Dumping 31 MB: 16

#0  doadump () at pcpu.h:166
166             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) where
#0  doadump () at pcpu.h:166
#1  0xc04756f3 in db_fncall (dummy1=-952309596, dummy2=0, dummy3=1016,
    dummy4=0xc73ce878 "\220è<Çø\003") at /files1/src/sys/ddb/db_command.c:479
#2  0xc0475504 in db_command (last_cmdp=0xc09ea3a4, cmd_table=0x0)
    at /files1/src/sys/ddb/db_command.c:395
#3  0xc04755c2 in db_command_loop () at /files1/src/sys/ddb/db_command.c:446
#4  0xc04771d9 in db_trap (type=12, code=0) 
at /files1/src/sys/ddb/db_main.c:221
#5  0xc06b38d0 in kdb_trap (type=12, code=0, tf=0xc73cea60)
    at /files1/src/sys/kern/subr_kdb.c:481
#6  0xc0892ce8 in trap_fatal (frame=0xc73cea60, eva=96)
    at /files1/src/sys/i386/i386/trap.c:861
#7  0xc0892a2b in trap_pfault (frame=0xc73cea60, usermode=0, eva=96)
    at /files1/src/sys/i386/i386/trap.c:778
#8  0xc0892649 in trap (frame=
      {tf_fs = -1066729464, tf_es = -1063190488, tf_ds = -1063256024, tf_edi 
= -1046133620, tf_esi = -1063566816, tf_ebp = -952309068, tf_isp 
= -952309108, tf_ebx = -1049370624, tf_edx = -1062922452, tf_ecx 
= -1062922456, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1066983636, 
tf_cs = 32, tf_eflags = 66054, tf_esp = -1063236056, tf_ss = 0}) 
at /files1/src/sys/i386/i386/trap.c:463
#9  0xc087d7ba in calltrap () at /files1/src/sys/i386/i386/exception.s:138
#10 0xc0671f2c in giant_close (dev=0xc173e000, fflag=3, devtype=8192, 
td=0xc17146c0)
    at /files1/src/sys/kern/kern_conf.c:266
#11 0xc064c14f in devfs_close (ap=0xc73ceb0c)
---Type <return> to continue, or q <return> to quit---
    at /files1/src/sys/fs/devfs/devfs_vnops.c:281
#12 0xc08a3e7a in VOP_CLOSE_APV (vop=0x0, a=0xc73ceb0c) at vnode_if.c:424
#13 0xc06ff4df in vn_close (vp=0xc1a54410, flags=3, file_cred=0x0, 
td=0xc17146c0)
    at vnode_if.h:227
#14 0xc070033a in vn_closefile (fp=0xc16b5678, td=0xc17146c0)
    at /files1/src/sys/kern/vfs_vnops.c:870
#15 0xc064c177 in devfs_close_f (fp=0xc16b5678, td=0xc17146c0)
    at /files1/src/sys/fs/devfs/devfs_vnops.c:291
#16 0xc067ad44 in fdrop_locked (fp=0xc16b5678, td=0xc17146c0) at file.h:296
#17 0xc067acb4 in fdrop (fp=0xc16b5678, td=0xc17146c0)
    at /files1/src/sys/kern/kern_descrip.c:2146
#18 0xc06797a3 in closef (fp=0xc16b5678, td=0xc17146c0)
    at /files1/src/sys/kern/kern_descrip.c:1961
#19 0xc067703a in close (td=0xc17146c0, uap=0x0)
    at /files1/src/sys/kern/kern_descrip.c:1018

(kgdb) frame 10
#10 0xc0671f2c in giant_close (dev=0xc173e000, fflag=3, devtype=8192, 
td=0xc17146c0)
    at /files1/src/sys/kern/kern_conf.c:266
266             retval = dev->si_devsw->d_gianttrick->
(kgdb) list
261     giant_close(struct cdev *dev, int fflag, int devtype, struct thread 
*td)
262     {
263             int retval;
264
265             mtx_lock(&Giant);
266             retval = dev->si_devsw->d_gianttrick->
267                 d_close(dev, fflag, devtype, td);
268             mtx_unlock(&Giant);
269             return (retval);
270     }
(kgdb) print dev
$1 = (struct cdev *) 0xc173e000
(kgdb) print dev->si_devsw
$2 = (struct cdevsw *) 0x0
Received on Wed May 31 2006 - 20:42:56 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:56 UTC