ng_ubt fatal trap 12 on RELENG_9 and CURRENT
Matt Mullins
mokomull at gmail.com
Mon Oct 31 08:52:53 UTC 2011
I ran into a somewhat interesting snag while trying out FreeBSD 9 on
my laptop. I built a kernel from the RELENG_9 branch, and get a
"fatal trap 12" during the initialization sequence. For testing, I
rebuilt the same kernel from the CURRENT branch, with the same problem
-- this is the one that I'm debugging now.
The kernel was built with the following options in addition to the
generic config:
options VIMAGE
device epair
nooptions GEOM_PART_EBR_COMPAT
The errors as retrieved from the core dump:
ubt0: <vendor 0x413c product 0x8140, class 224/1, rev 2.00/43.15, addr
2> on usbus0
Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address = 0x28
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff8164475d
stack pointer = 0x28:0xffffff80f7180970
frame pointer = 0x28:0xffffff80f71809a0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 15 (usbus0)
trap number = 12
panic: page fault
cpuid = 1
KDB: stack backtrace:
#0 0xffffffff8086b45e at kdb_backtrace+0x5e
#1 0xffffffff80835da7 at panic+0x187
#2 0xffffffff80b2ccc0 at trap_fatal+0x290
#3 0xffffffff80b2d009 at trap_pfault+0x1f9
#4 0xffffffff80b2d4cf at trap+0x3df
#5 0xffffffff80b17a1f at calltrap+0x8
#6 0xffffffff8163620e at ubt_attach+0x5e
#7 0xffffffff80864799 at device_attach+0x69
#8 0xffffffff806d8389 at usb_probe_and_attach+0x1f9
#9 0xffffffff806e078c at uhub_explore+0x46c
#10 0xffffffff806cab5e at usb_bus_explore+0x9e
#11 0xffffffff806e4783 at usb_process+0xd3
#12 0xffffffff8080927f at fork_exit+0x11f
#13 0xffffffff80b17f4e at fork_trampoline+0xe
Relevant information pulled from kgdb:
(kgdb) bt
#0 doadump (textdump=Variable "textdump" is not available.
) at pcpu.h:224
#1 0xffffffff808358e5 in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:442
#2 0xffffffff80835d91 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:607
#3 0xffffffff80b2ccc0 in trap_fatal (frame=0xc, eva=Variable "eva" is
not available.
) at /usr/src/sys/amd64/amd64/trap.c:818
#4 0xffffffff80b2d009 in trap_pfault (frame=0xffffff80f71808c0,
usermode=0) at /usr/src/sys/amd64/amd64/trap.c:734
#5 0xffffffff80b2d4cf in trap (frame=0xffffff80f71808c0) at
/usr/src/sys/amd64/amd64/trap.c:473
#6 0xffffffff80b17a1f in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:228
#7 0xffffffff8164475d in ng_make_node_common
(type=0xffffffff81638fc0, nodepp=0xfffffe0005b93910) at
/usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:655
#8 0xffffffff8163620e in ubt_attach (dev=0xfffffe0005e65100) at
/usr/src/sys/modules/netgraph/bluetooth/ubt/../../../../netgraph/bluetooth/drivers/ubt/ng_ubt.c:455
#9 0xffffffff80864799 in device_attach (dev=0xfffffe0005e65100) at
device_if.h:180
#10 0xffffffff806d8389 in usb_probe_and_attach
(udev=0xfffffe000534e000, iface_index=Variable "iface_index" is not
available.
) at /usr/src/sys/dev/usb/usb_device.c:1195
#11 0xffffffff806e078c in uhub_explore (udev=0xfffffe00052d3000) at
/usr/src/sys/dev/usb/usb_hub.c:269
#12 0xffffffff806cab5e in usb_bus_explore (pm=Variable "pm" is not available.
) at /usr/src/sys/dev/usb/controller/usb_controller.c:259
#13 0xffffffff806e4783 in usb_process (arg=Variable "arg" is not available.
) at /usr/src/sys/dev/usb/usb_process.c:165
#14 0xffffffff8080927f in fork_exit (callout=0xffffffff806e46b0
<usb_process>, arg=0xffffff8000726e88, frame=0xffffff80f7180c50) at
/usr/src/sys/kern/kern_fork.c:995
#15 0xffffffff80b17f4e in fork_trampoline () at
/usr/src/sys/amd64/amd64/exception.S:602
(kgdb) list *0xffffffff8164475d
0xffffffff8164475d is in ng_make_node_common
(/usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:655).
650 /* Initialize hook list for new node */
651 LIST_INIT(&node->nd_hooks);
652
653 /* Link us into the name hash. */
654 mtx_lock(&ng_namehash_mtx);
655 LIST_INSERT_HEAD(&V_ng_name_hash[0], node, nd_nodes);
656 mtx_unlock(&ng_namehash_mtx);
657
658 /* get an ID and put us in the hash chain */
659 mtx_lock(&ng_idhash_mtx);
This is my first time looking at FreeBSD kernel code, so to verify
that I'm reading these #defines correctly and not looking at nonsense
objects:
(kgdb) print ((struct pcpu*) __pcpu)->pc_curthread->td_proc->p_comm
$16 = "usb\000el", '\0' <repeats 13 times>
Time to get dirty and figure out what address V_ng_name_hash points
to. First, find the value of curvnet in net/vnet.h:
(kgdb) print ((struct pcpu*) __pcpu)->pc_curthread->td_vnet
$17 = (struct vnet *) 0x0
That looks like a null pointer... not good.
It's late, so I'm going to come back to this later. Any ideas on
where I should go from here?
More information about the freebsd-current
mailing list