Re: panic while playing with a ugen

From: Anish Mistry <mistry.7_at_osu.edu>
Date: Wed, 31 May 2006 19:30:08 -0400
On Wednesday 31 May 2006 18:42, Thierry Herbelot wrote:
> the panic occured when closing one endpoint of a ugen device (the
> device was disconnecting from the USB bus after being reseted).
I haven't seen this particular panic with ugen before. 
Try the patch in PR: usb/97271.  If you've got a test program and 
instructions that can reproduce this panic after applying that patch 
let me know.

Thanks,


>
> 	TfH
>
> Fatal trap 12: page fault while in kernel mode
> cpuid = 1; apic id = 01
> fault virtual address   = 0x60
> fault code              = supervisor read, page not present
> instruction pointer     = 0x20:0xc0671f2c
> stack pointer           = 0x28:0xc73ceaa0
> frame pointer           = 0x28:0xc73ceab4
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 800 (test)
> [thread pid 800 tid 100099 ]
> Stopped at      giant_close+0x20:       movl    0x60(%eax),%eax
> db> bt
> Tracing pid 800 tid 100099 td 0xc17146c0
> giant_close(c173e000,3,2000,c17146c0,c173e000) at giant_close+0x20
> devfs_close(c73ceb0c) at devfs_close+0x2db
> VOP_CLOSE_APV(c09b8000,c73ceb0c) at VOP_CLOSE_APV+0x7e
> vn_close(c1a54410,3,c1969800,c17146c0,0) at vn_close+0x8b
> vn_closefile(c16b5678,c17146c0,c73cebc4,c067ad44,c16b5678) at
> vn_closefile+0xca
> devfs_close_f(c16b5678,c17146c0) at devfs_close_f+0xf
> fdrop_locked(c16b5678,c17146c0,c143a988,0,c0914e2c) at
> fdrop_locked+0x88 fdrop(c16b5678,c17146c0,6b5,c0a0b034,0) at
> fdrop+0x24
> closef(c16b5678,c17146c0,0,0,4) at closef+0x367
> close(c17146c0,c73ced04,c196e234,c,c17146c0) at close+0x1be
> syscall(3b,3b,3b,bfbfeba8,4) at syscall+0x27e
> Xint0x80_syscall() at Xint0x80_syscall+0x1f
> --- syscall (6, FreeBSD ELF32, close), eip = 0x2814837f, esp =
> 0xbfbfeafc, ebp = 0xbfbfebc8 ---
> db> call doadump
> Physical memory: 87 MB
> Dumping 31 MB: 16
> Dump complete
>
>
> multi-cur# kgdb kernel.debug /files1/tmp/vmcore.2
> [GDB will not be able to debug user-mode threads:
> /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License,
> and you are welcome to change it and/or distribute copies of it
> under certain conditions. Type "show copying" to see the
> conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for
> details. This GDB was configured as "i386-marcel-freebsd".
>
> Unread portion of the kernel message buffer:
> ugenioctl: cmd=c018556f
> ugenioctl: cmd=c018556f
> ugen0: at uhub4 port 3 (addr 2) disconnected
> ugen_detach: sc=0xc1579000
>
>
> Fatal trap 12: page fault while in kernel mode
> cpuid = 1; apic id = 01
> fault virtual address   = 0x60
> fault code              = supervisor read, page not present
> instruction pointer     = 0x20:0xc0671f2c
> stack pointer           = 0x28:0xc73ceaa0
> frame pointer           = 0x28:0xc73ceab4
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 800 (udibtest)
> Physical memory: 87 MB
> Dumping 31 MB: 16
>
> #0  doadump () at pcpu.h:166
> 166             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
> (kgdb) where
> #0  doadump () at pcpu.h:166
> #1  0xc04756f3 in db_fncall (dummy1=-952309596, dummy2=0,
> dummy3=1016, dummy4=0xc73ce878 "\220è<Çø\003") at
> /files1/src/sys/ddb/db_command.c:479 #2  0xc0475504 in db_command
> (last_cmdp=0xc09ea3a4, cmd_table=0x0) at
> /files1/src/sys/ddb/db_command.c:395
> #3  0xc04755c2 in db_command_loop () at
> /files1/src/sys/ddb/db_command.c:446 #4  0xc04771d9 in db_trap
> (type=12, code=0)
> at /files1/src/sys/ddb/db_main.c:221
> #5  0xc06b38d0 in kdb_trap (type=12, code=0, tf=0xc73cea60)
>     at /files1/src/sys/kern/subr_kdb.c:481
> #6  0xc0892ce8 in trap_fatal (frame=0xc73cea60, eva=96)
>     at /files1/src/sys/i386/i386/trap.c:861
> #7  0xc0892a2b in trap_pfault (frame=0xc73cea60, usermode=0,
> eva=96) at /files1/src/sys/i386/i386/trap.c:778
> #8  0xc0892649 in trap (frame=
>       {tf_fs = -1066729464, tf_es = -1063190488, tf_ds =
> -1063256024, tf_edi = -1046133620, tf_esi = -1063566816, tf_ebp =
> -952309068, tf_isp = -952309108, tf_ebx = -1049370624, tf_edx =
> -1062922452, tf_ecx = -1062922456, tf_eax = 0, tf_trapno = 12,
> tf_err = 0, tf_eip = -1066983636, tf_cs = 32, tf_eflags = 66054,
> tf_esp = -1063236056, tf_ss = 0}) at
> /files1/src/sys/i386/i386/trap.c:463
> #9  0xc087d7ba in calltrap () at
> /files1/src/sys/i386/i386/exception.s:138 #10 0xc0671f2c in
> giant_close (dev=0xc173e000, fflag=3, devtype=8192, td=0xc17146c0)
>     at /files1/src/sys/kern/kern_conf.c:266
> #11 0xc064c14f in devfs_close (ap=0xc73ceb0c)
> ---Type <return> to continue, or q <return> to quit---
>     at /files1/src/sys/fs/devfs/devfs_vnops.c:281
> #12 0xc08a3e7a in VOP_CLOSE_APV (vop=0x0, a=0xc73ceb0c) at
> vnode_if.c:424 #13 0xc06ff4df in vn_close (vp=0xc1a54410, flags=3,
> file_cred=0x0, td=0xc17146c0)
>     at vnode_if.h:227
> #14 0xc070033a in vn_closefile (fp=0xc16b5678, td=0xc17146c0)
>     at /files1/src/sys/kern/vfs_vnops.c:870
> #15 0xc064c177 in devfs_close_f (fp=0xc16b5678, td=0xc17146c0)
>     at /files1/src/sys/fs/devfs/devfs_vnops.c:291
> #16 0xc067ad44 in fdrop_locked (fp=0xc16b5678, td=0xc17146c0) at
> file.h:296 #17 0xc067acb4 in fdrop (fp=0xc16b5678, td=0xc17146c0)
>     at /files1/src/sys/kern/kern_descrip.c:2146
> #18 0xc06797a3 in closef (fp=0xc16b5678, td=0xc17146c0)
>     at /files1/src/sys/kern/kern_descrip.c:1961
> #19 0xc067703a in close (td=0xc17146c0, uap=0x0)
>     at /files1/src/sys/kern/kern_descrip.c:1018
>
> (kgdb) frame 10
> #10 0xc0671f2c in giant_close (dev=0xc173e000, fflag=3,
> devtype=8192, td=0xc17146c0)
>     at /files1/src/sys/kern/kern_conf.c:266
> 266             retval = dev->si_devsw->d_gianttrick->
> (kgdb) list
> 261     giant_close(struct cdev *dev, int fflag, int devtype,
> struct thread *td)
> 262     {
> 263             int retval;
> 264
> 265             mtx_lock(&Giant);
> 266             retval = dev->si_devsw->d_gianttrick->
> 267                 d_close(dev, fflag, devtype, td);
> 268             mtx_unlock(&Giant);
> 269             return (retval);
> 270     }
> (kgdb) print dev
> $1 = (struct cdev *) 0xc173e000
> (kgdb) print dev->si_devsw
> $2 = (struct cdevsw *) 0x0
> _______________________________________________
> freebsd-current_at_freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to
> "freebsd-current-unsubscribe_at_freebsd.org"

-- 
Anish Mistry
Received on Wed May 31 2006 - 21:29:59 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:56 UTC