Fatal trap 12 with process cambio on USB attach

From: Glen Barber <gjb_at_FreeBSD.org>
Date: Sat, 19 Jan 2013 10:10:54 -0500
Hi,

I am running one-day-old -CURRENT:

 root_at_nucleus:~ # uname -a
 FreeBSD nucleus 10.0-CURRENT FreeBSD 10.0-CURRENT #51 r245605: Fri Jan
 18 11:25:40 EST 2013     root_at_nucleus:/usr/obj/usr/src/sys/NUCLEUS amd64

I attached a MicroSDHC flash card with a MicroSD->USB adapter, and the
system crashed with a kernel page fault.  I am certain the SDHC card
should work, as it works in other FreeBSD machines.

kgdb session follows.  Please let me know if I can provide further
information.

Thanks,

Glen

Script started on Sat Jan 19 10:03:27 2013
root_at_nucleus:/usr/obj/usr/src/sys/NUCLEUS # kgdb kernel.debug /var/crash/vmcore.8
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:
umass0:4:0:-1: Attached to scbus4


Fatal trap 12: page fault while in kernel mode
cpuid = 6; apic id = 06
fault virtual address   = 0x0
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff802933c9
stack pointer           = 0x28:0xffffff80003098e0
frame pointer           = 0x28:0xffffff8000309910
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 12 (swi2: cambio)
trap number             = 12
panic: page fault
cpuid = 6
KDB: stack backtrace:
#0 0xffffffff80608966 at kdb_backtrace+0x66
#1 0xffffffff805cea9b at panic+0x13b
#2 0xffffffff808880a0 at trap_fatal+0x290
#3 0xffffffff80888411 at trap_pfault+0x221
#4 0xffffffff808889c4 at trap+0x344
#5 0xffffffff80872213 at calltrap+0x8
#6 0xffffffff802934a5 at camq_remove+0x65
#7 0xffffffff80298c4f at xpt_run_dev_sendq+0xef
#8 0xffffffff802995a0 at camisr_runqueue+0x290
#9 0xffffffff802997bf at camisr+0xff
#10 0xffffffff8059fe4d at intr_event_execute_handlers+0xfd
#11 0xffffffff805a165e at ithread_loop+0x9e
#12 0xffffffff8059ca1f at fork_exit+0x11f
#13 0xffffffff8087273e at fork_trampoline+0xe
Uptime: 41s
Dumping 551 out of 7951 MB:..3%..12%..21%..32%..41%..53%..61%..73%..82% (CTRL-C to abort) ..93%

Reading symbols from /boot/kernel/zfs.ko...Reading symbols from /bootdir/boot/kernel/zfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/zfs.ko
Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols from /bootdir/boot/kernel/opensolaris.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/opensolaris.ko
Reading symbols from /boot/kernel/geom_eli.ko...Reading symbols from /bootdir/boot/kernel/geom_eli.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/geom_eli.ko
Reading symbols from /boot/kernel/linux.ko...Reading symbols from /bootdir/boot/kernel/linux.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linux.ko
Reading symbols from /boot/kernel/coretemp.ko...Reading symbols from /bootdir/boot/kernel/coretemp.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/coretemp.ko
Reading symbols from /boot/kernel/acpi_video.ko...Reading symbols from /bootdir/boot/kernel/acpi_video.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi_video.ko
Reading symbols from /boot/kernel/sem.ko...Reading symbols from /bootdir/boot/kernel/sem.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/sem.ko
Reading symbols from /boot/kernel/acpi_asus.ko...Reading symbols from /bootdir/boot/kernel/acpi_asus.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi_asus.ko
Reading symbols from /boot/kernel/aesni.ko...Reading symbols from /bootdir/boot/kernel/aesni.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/aesni.ko
Reading symbols from /boot/kernel/pf.ko...Reading symbols from /bootdir/boot/kernel/pf.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/pf.ko
Reading symbols from /boot/kernel/i915kms.ko...Reading symbols from /bootdir/boot/kernel/i915kms.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/i915kms.ko
Reading symbols from /boot/kernel/iicbb.ko...Reading symbols from /bootdir/boot/kernel/iicbb.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/iicbb.ko
Reading symbols from /boot/kernel/iicbus.ko...Reading symbols from /bootdir/boot/kernel/iicbus.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/iicbus.ko
Reading symbols from /boot/kernel/iic.ko...Reading symbols from /bootdir/boot/kernel/iic.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/iic.ko
Reading symbols from /boot/kernel/agp.ko...Reading symbols from /bootdir/boot/kernel/agp.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/agp.ko
Reading symbols from /boot/kernel/drm2.ko...Reading symbols from /bootdir/boot/kernel/drm2.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/drm2.ko
Reading symbols from /usr/local/libexec/linux_adobe/linux_adobe.ko...done.
Loaded symbols for /usr/local/libexec/linux_adobe/linux_adobe.ko
#0  doadump (textdump=<value optimized out>) at pcpu.h:229
229             __asm("movq %%gs:%1,%0" : "=r" (td)
(kgdb) bt
#0  doadump (textdump=<value optimized out>) at pcpu.h:229
#1  0xffffffff805ce604 in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:446
#2  0xffffffff805cea85 in panic (fmt=<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:753
#3  0xffffffff808880a0 in trap_fatal (frame=0xc, eva=<value optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:872
#4  0xffffffff80888411 in trap_pfault (frame=0xffffff8000309830, usermode=0)
    at /usr/src/sys/amd64/amd64/trap.c:789
#5  0xffffffff808889c4 in trap (frame=0xffffff8000309830) at /usr/src/sys/amd64/amd64/trap.c:463
#6  0xffffffff80872213 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:228
#7  0xffffffff802933c9 in heap_down (queue_array=0xfffffe01c90223f8, index=<value optimized out>, 
    num_entries=0) at /usr/src/sys/cam/cam_queue.c:357
#8  0xffffffff802934a5 in camq_remove (queue=0xfffffe000359e880, index=-1) at /usr/src/sys/cam/cam_queue.c:185
#9  0xffffffff80298c4f in xpt_run_dev_sendq (bus=0xfffffe01c909ed00) at cam_queue.h:210
#10 0xffffffff802995a0 in camisr_runqueue (V_queue=<value optimized out>) at /usr/src/sys/cam/cam_xpt.c:5102
#11 0xffffffff802997bf in camisr (dummy=<value optimized out>) at /usr/src/sys/cam/cam_xpt.c:5002
#12 0xffffffff8059fe4d in intr_event_execute_handlers (p=<value optimized out>, ie=0xfffffe00031ccc00)
    at /usr/src/sys/kern/kern_intr.c:1272
#13 0xffffffff805a165e in ithread_loop (arg=0xfffffe0002f5a800) at /usr/src/sys/kern/kern_intr.c:1285
#14 0xffffffff8059ca1f in fork_exit (callout=0xffffffff805a15c0 <ithread_loop>, arg=0xfffffe0002f5a800, 
    frame=0xffffff8000309ac0) at /usr/src/sys/kern/kern_fork.c:991
#15 0xffffffff8087273e in fork_trampoline () at /usr/src/sys/amd64/amd64/exception.S:602
#16 0x0000000000000000 in ?? ()
(kgdb) frame 7
#7  0xffffffff802933c9 in heap_down (queue_array=0xfffffe01c90223f8, index=<value optimized out>, 
    num_entries=0) at /usr/src/sys/cam/cam_queue.c:357
357             if (queue_array[i]->priority == queue_array[j]->priority)
(kgdb) list *0xffffffff802933c9
0xffffffff802933c9 is in heap_down (/usr/src/sys/cam/cam_queue.c:357).
352      * equal too, or greater than j respectively.
353      */
354     static __inline int
355     queue_cmp(cam_pinfo **queue_array, int i, int j)
356     {
357             if (queue_array[i]->priority == queue_array[j]->priority)
358                     return (  queue_array[i]->generation
359                             - queue_array[j]->generation );
360             else
361                     return (  queue_array[i]->priority
(kgdb) frame 8
#8  0xffffffff802934a5 in camq_remove (queue=0xfffffe000359e880, index=-1) at /usr/src/sys/cam/cam_queue.c:185
185                     heap_down(queue->queue_array, index, queue->entries - 1);
(kgdb) list *0xffffffff802934a5
0xffffffff802934a5 is in camq_remove (/usr/src/sys/cam/cam_queue.c:187).
182             if (queue->entries != index) {
183                     queue->queue_array[index] = queue->queue_array[queue->entries];
184                     queue->queue_array[index]->index = index;
185                     heap_down(queue->queue_array, index, queue->entries - 1);
186             }
187             removed_entry->index = CAM_UNQUEUED_INDEX;
188             queue->entries--;
189             return (removed_entry);
190     }
191     
(kgdb) frame 9
#9  0xffffffff80298c4f in xpt_run_dev_sendq (bus=0xfffffe01c909ed00) at cam_queue.h:210
210             camq_remove(&ccbq->queue, ccb->ccb_h.pinfo.index);
(kgdb) list *0xffffffff80298c4f
0xffffffff80298c4f is in xpt_run_dev_sendq (cam_queue.h:211).
206     
207     static __inline int
208     cam_ccbq_remove_ccb(struct cam_ccbq *ccbq, union ccb *ccb)
209     {
210             camq_remove(&ccbq->queue, ccb->ccb_h.pinfo.index);
211             if (ccbq->queue.qfrozen_cnt[CAM_PRIORITY_TO_RL(
212                 ccb->ccb_h.pinfo.priority)] > 0) {
213                     ccbq->devq_openings--;
214                     ccbq->held--;
215                     return (1);
(kgdb) frame 10
#10 0xffffffff802995a0 in camisr_runqueue (V_queue=<value optimized out>) at /usr/src/sys/cam/cam_xpt.c:5102
5102                            xpt_run_dev_sendq(ccb_h->path->bus);
(kgdb) list *0xffffffff802995a0
0xffffffff802995a0 is in camisr_runqueue (/usr/src/sys/cam/cam_xpt.c:5102).
5097                     && (ccb_h->status & CAM_DEV_QFRZN)) {
5098                            xpt_release_devq(ccb_h->path, /*count*/1,
5099                                             /*run_queue*/TRUE);
5100                            ccb_h->status &= ~CAM_DEV_QFRZN;
5101                    } else if (runq) {
5102                            xpt_run_dev_sendq(ccb_h->path->bus);
5103                    }
5104    
5105                    /* Call the peripheral driver's callback */
5106                    (*ccb_h->cbfcnp)(ccb_h->path->periph, (union ccb *)ccb_h);
(kgdb) p *ccb_h
$1 = {pinfo = {priority = 896, generation = 29, index = -1}, xpt_links = {le = {le_next = 0x0, le_prev = 0x0}, 
    sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, tqe_prev = 0x0}, stqe = {stqe_next = 0x0}}, sim_links = {
    le = {le_next = 0x0, le_prev = 0xfffffe0185688c28}, sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, 
      tqe_prev = 0xfffffe0185688c28}, stqe = {stqe_next = 0x0}}, periph_links = {le = {le_next = 0x0, 
      le_prev = 0x0}, sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, tqe_prev = 0x0}, stqe = {
      stqe_next = 0x0}}, retry_count = 4, cbfcnp = 0xffffffff802d6dd0 <dadone>, func_code = XPT_SCSI_IO, 
  status = 1, path = 0xfffffe0006f878a0, path_id = 4, target_id = 0, target_lun = 0, flags = 64, 
  periph_priv = {entries = {{ptr = 0x1, field = 1, bytes = "\001\000\000\000\000\000\000"}, {ptr = 0x0, 
        field = 0, bytes = "\000\000\000\000\000\000\000"}}, bytes = "\001", '\0' <repeats 14 times>}, 
  sim_priv = {entries = {{ptr = 0x0, field = 0, bytes = "\000\000\000\000\000\000\000"}, {ptr = 0x0, 
        field = 0, bytes = "\000\000\000\000\000\000\000"}}, bytes = '\0' <repeats 15 times>}, timeout = 5000, 
  timeout_ch = {callout = 0x0}}
(kgdb) root_at_nucleus:/usr/obj/usr/src/sys/NUCLEUS # ^D

Script done on Sat Jan 19 10:04:19 2013
Received on Sat Jan 19 2013 - 14:10:58 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:34 UTC