usb/96224: [usb] mount_msdosfs cause page fault in syncer process

Ricardo A. Reis ricardo.areis at gmail.com
Sun Apr 23 19:40:10 UTC 2006 

>Number:         96224
>Category:       usb
>Synopsis:       [usb] mount_msdosfs cause page fault in syncer process
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-usb
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Apr 23 19:40:09 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Ricardo A. Reis
>Release:        FreeBSD-7.0-CURRENT (cvsuped in 21/04/2006)
>Organization:
UNIFESP
>Environment:
FreeBSD myfreebsd.homeunix.org 7.0-CURRENT FreeBSD 7.0-CURRENT #10: Fri Apr 21 20:27:55 BRT 2006     root at myfreebsd.homeunix.org:/usr/obj/usr/src/sys/CURRENT  i386

>Description:
         After last update my workstation (k62-500) with striped kernel (generic kernel) reboot after mount_msdosfs attempt.

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x80000003
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc04a1816
stack pointer           = 0x28:0xc9cafbfc
frame pointer           = 0x28:0xc9cafc10
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 33 (syncer)
trap number             = 12
panic: page fault
Uptime: 1m50s
Physical memory: 187 MB
Dumping 44 MB: 29 13

#0  doadump () at pcpu.h:166
166     pcpu.h: No such file or directory.
        in pcpu.h

(kgdb) where
#0  doadump () at pcpu.h:166
#1  0xc04db0dc in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2  0xc04db3b6 in panic (fmt=0xc0663226 "%s") at /usr/src/sys/kern/kern_shutdown.c:565
#3  0xc0642931 in trap_fatal (frame=0xc9cafbbc, eva=2147483651) at /usr/src/sys/i386/i386/trap.c:870
#4  0xc0642681 in trap_pfault (frame=0xc9cafbbc, usermode=0, eva=2147483651) at /usr/src/sys/i386/i386/trap.c:778
#5  0xc0642292 in trap (frame=
      {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -1043629440, tf_esi = -2147483645, tf_ebp = -909444080, tf_isp = -909444120, tf_ebx = -1045892460, tf_edx = 4096, tf_ecx = 0, tf_eax = 2, tf_trapno = 12, tf_err = 0, tf_eip = -1068885994, tf_cs = 32, tf_eflags = 590470, tf_esp = 2, tf_ss = 4}) at /usr/src/sys/i386/i386/trap.c:463
#6  0xc0632b9a in calltrap () at /usr/src/sys/i386/i386/exception.s:138
#7  0xc04a1816 in g_io_request (bp=0xc1a8f294, cp=0xc1cb7a80) at /usr/src/sys/geom/geom_io.c:310
#8  0xc04a4029 in g_vfs_strategy (bo=0x2, bp=0xc56bd170) at /usr/src/sys/geom/geom_vfs.c:106
#9  0xc0524907 in bufwrite (bp=0xc56bd170) at buf.h:419
#10 0xc0524f53 in bawrite (bp=0x2) at buf.h:403
#11 0xc052dc7c in vop_stdfsync (ap=0xc9cafcc0) at /usr/src/sys/kern/vfs_default.c:435
#12 0xc049a0a3 in devfs_fsync (ap=0xc9cafcc0) at /usr/src/sys/fs/devfs/devfs_vnops.c:301
#13 0xc0654c5c in VOP_FSYNC_APV (vop=0x2, a=0x1000) at vnode_if.c:1001
#14 0xc0536b90 in sync_vnode (bo=0xc209ece4, td=0xc1957510) at vnode_if.h:537
#15 0xc0536eb0 in sched_sync () at /usr/src/sys/kern/vfs_subr.c:1674
#16 0xc04c2718 in fork_exit (callout=0xc0536c60 <sched_sync>, arg=0x0, frame=0xc9cafd38) at /usr/src/sys/kern/kern_fork.c:819
#17 0xc0632bfc in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:199

#1  0xc04db0dc in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
        first_buf_printf = 1
#2  0xc04db3b6 in panic (fmt=0xc0663226 "%s") at /usr/src/sys/kern/kern_shutdown.c:565
        td = (struct thread *) 0xc1957510
        bootopt = 260
        newpanic = 0
        ap = 0xc1957510 "Ð(©Á"
        buf = "page fault", '\0' <repeats 245 times>
#3  0xc0642931 in trap_fatal (frame=0xc9cafbbc, eva=2147483651) at /usr/src/sys/i386/i386/trap.c:870
        code = 40
        type = 12
        ss = 40
        esp = 0
        softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_xx = 8, ssd_xx1 = 2, ssd_def32 = 1, ssd_gran = 1}
        msg = 0x0
#4  0xc0642681 in trap_pfault (frame=0xc9cafbbc, usermode=0, eva=2147483651) at /usr/src/sys/i386/i386/trap.c:778
        va = 2147483648
        vm = (struct vmspace *) 0x0
        map = 0xc06bea40
        rv = 1
        ftype = 1 '\001'
        td = (struct thread *) 0xc1957510
        p = (struct proc *) 0xc1a928d0
#5  0xc0642292 in trap (frame=
      {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -1043629440, tf_esi = -2147483645, tf_ebp = -909444080, tf_isp = -909444120, tf_ebx = -1045892460, tf_edx = 4096, tf_ecx = 0, tf_eax = 2, tf_trapno = 12, tf_err = 0, tf_eip = -1068885994, tf_cs = 32, tf_eflags = 590470, tf_esp = 2, tf_ss = 4}) at /usr/src/sys/i386/i386/trap.c:463
        td = (struct thread *) 0xc1957510
        p = (struct proc *) 0xc1a928d0
        i = 0
        ucode = 0
        type = 12
        code = 0
        addr = -1045773824
        eva = 2147483651
        ksi = {ksi_link = {tqe_next = 0xc9cafb60, tqe_prev = 0xc04fdaf3}, ksi_info = {si_signo = -909444232, si_errno = -1068506014, si_code = -1066670756, si_pid = -1066670756, si_uid = 3249193472, si_status = -1045865984, 
    si_addr = 0xc9cafb94, si_value = {sival_int = -1068620265, sival_ptr = 0xc04e2617}, _reason = {_fault = {_trapno = -1066670756}, _timer = {_timerid = -1066670756, _overrun = 0}, _mesgq = {_mqd = -1066670756}, _poll = {
        _band = -1066670756}, __spare__ = {__spare1__ = -1066670756, __spare2__ = {0, -1, -1066670756, -1043674940, -909444172, -1068885802, -1066670756}}}}, ksi_flags = -1066671040, ksi_sigq = 0xc1cac92c}
#6  0xc0632b9a in calltrap () at /usr/src/sys/i386/i386/exception.s:138
No locals.
#7  0xc04a1816 in g_io_request (bp=0xc1a8f294, cp=0xc1cb7a80) at /usr/src/sys/geom/geom_io.c:310
        pp = (struct g_provider *) 0x80000003
#8  0xc04a4029 in g_vfs_strategy (bo=0x2, bp=0xc56bd170) at /usr/src/sys/geom/geom_vfs.c:106
        cp = (struct g_consumer *) 0xc1cb7a80
        bip = (struct bio *) 0x2
#9  0xc0524907 in bufwrite (bp=0xc56bd170) at buf.h:419
        oldflags = -1610612572
#10 0xc0524f53 in bawrite (bp=0x2) at buf.h:403
No locals.
#11 0xc052dc7c in vop_stdfsync (ap=0xc9cafcc0) at /usr/src/sys/kern/vfs_default.c:435
        vp = (struct vnode *) 0xc209ec30
        bp = (struct buf *) 0xc56bd170
        bo = (struct bufobj *) 0xc56bd170
        nbp = (struct buf *) 0x0
        error = 0
        maxretry = 1000
#12 0xc049a0a3 in devfs_fsync (ap=0xc9cafcc0) at /usr/src/sys/fs/devfs/devfs_vnops.c:301
No locals.
#13 0xc0654c5c in VOP_FSYNC_APV (vop=0x2, a=0x1000) at vnode_if.c:1001
        rc = 2
#14 0xc0536b90 in sync_vnode (bo=0xc209ece4, td=0xc1957510) at vnode_if.h:537
        vp = (struct vnode *) 0xc209ec30
        mp = (struct mount *) 0xc1ab8000
#15 0xc0536eb0 in sched_sync () at /usr/src/sys/kern/vfs_subr.c:1674
        next = (struct synclist *) 0xc1a34cb4
        slp = (struct synclist *) 0xc1a34cb0
        bo = (struct bufobj *) 0xc209ece4
        starttime = 109
        td = (struct thread *) 0xc1957510
        dummychan = 0
        last_work_seen = 13
        net_worklist_len = 4
        syncer_final_iter = 0
        first_printf = 1
        error = 2
#16 0xc04c2718 in fork_exit (callout=0xc0536c60 <sched_sync>, arg=0x0, frame=0xc9cafd38) at /usr/src/sys/kern/kern_fork.c:819
        p = (struct proc *) 0xc1a928d0
        td = (struct thread *) 0x1000
#17 0xc0632bfc in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:199

ehci0: <ALi M5239 USB 2.0 controller> mem 0xec004000-0xec0040ff irq 9 at device 12.3 on pci0
ehci0: [GIANT-LOCKED]
usb3: EHCI version 1.0
usb3: companion controllers, 2 ports each: usb1 usb2
usb3: <ALi M5239 USB 2.0 controller> on ehci0
usb3: USB revision 2.0
uhub3: <AcerLabs EHCI root hub, class 9/0, rev 2.00/1.00, addr 1> on usb3
uhub3: 6 ports with 6 removable, self powered



>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-usb mailing list