kern/125673: FreeBSD7 panics when kldunloading firewire

Stefan Krüger stadtkind2 at gmx.net
Wed Jul 16 10:40:01 UTC 2008 

>Number:         125673
>Category:       kern
>Synopsis:       FreeBSD7 panics when kldunloading firewire
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul 16 10:40:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Stefan Krüger
>Release:        7.0-STABLE
>Organization:
>Environment:
FreeBSD localhost 7.0-STABLE FreeBSD 7.0-STABLE #37: Sun Jul  6 12:08:12 CEST 2008     root at localhost:/usr/obj/usr/src/sys/ULE_KERNCONF  i386
>Description:
I just did a
# kldunload firewire
as root and was "awarded" with a nice kernel panic:

# cat info.4
Dump header from device /dev/da0s1b
  Architecture: i386
  Architecture Version: 2
  Dump Length: 149069824B (142 MB)
  Blocksize: 512
  Dumptime: Wed Jul 16 11:11:48 2008
  Hostname: localhost
  Magic: FreeBSD Kernel Dump
  Version String: FreeBSD 7.0-STABLE #37: Sun Jul  6 12:08:12 CEST 2008
    root at localhost:/usr/obj/usr/src/sys/ULE_KERNCONF
  Panic String: page fault
  Dump Parity: 392815939
  Bounds: 4
  Dump Status: good

# kgdb /boot/kernel/kernel /var/crash/vmcore.4
Unread portion of the kernel message buffer:
firewire0: detached


Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address   = 0x188
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc052dc42
stack pointer           = 0x28:0xe6447ad0
frame pointer           = 0x28:0xe6447ae8
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 2159 (kldunload)
trap number             = 12
panic: page fault
cpuid = 1
Uptime: 1h29m35s
Physical memory: 1015 MB
Dumping 142 MB: 127 111 95 79 63 47 31 15

[Reading symbols output omitted]
(kgdb) where
#0  doadump () at pcpu.h:195
#1  0xc053ade6 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
#2  0xc053b0be in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:572
#3  0xc07659bc in trap_fatal (frame=0xe6447a90, eva=392)
    at /usr/src/sys/i386/i386/trap.c:899
#4  0xc0765c2b in trap_pfault (frame=0xe6447a90, usermode=0, eva=392)
    at /usr/src/sys/i386/i386/trap.c:812
#5  0xc0766622 in trap (frame=0xe6447a90) at /usr/src/sys/i386/i386/trap.c:490
#6  0xc074cfdb in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc052dc42 in _mtx_lock_sleep (m=0xc3c06388, tid=3295632032, opts=0,
    file=0xc0917a07 "/usr/src/sys/modules/firewire/firewire/../../../dev/firewire/firewire.c", line=576) at /usr/src/sys/kern/kern_mutex.c:339
#8  0xc052e0e2 in _mtx_lock_flags (m=0xc3c06388, opts=0,
    file=0xc0917a07 "/usr/src/sys/modules/firewire/firewire/../../../dev/firewire/firewire.c", line=576) at /usr/src/sys/kern/kern_mutex.c:186
#9  0xc090c62a in fw_drain_txq (fc=0xc3c06000)
    at /usr/src/sys/modules/firewire/firewire/../../../dev/firewire/firewire.c:576
#10 0xc090f330 in fwohci_stop (sc=0xc3c06000, dev=0xc3bdd980)
    at /usr/src/sys/modules/firewire/firewire/../../../dev/firewire/fwohci.c:1760
#11 0xc09137bb in fwohci_pci_detach (self=0xc3bdd980)
    at /usr/src/sys/modules/firewire/firewire/../../../dev/firewire/fwohci_pci.c:414
#12 0xc0560878 in device_detach (dev=0xc3bdd980) at device_if.h:212
#13 0xc0560bb1 in devclass_delete_driver (busclass=0xc3afd880,
    driver=0xc091aac0) at /usr/src/sys/kern/subr_bus.c:947
#14 0xc0560d15 in driver_module_handler (mod=0xc3ac28c0, what=1,
    arg=0xc091aaac) at /usr/src/sys/kern/subr_bus.c:3863
#15 0xc052cc57 in module_unload (mod=0xc3ac28c0, flags=0)
    at /usr/src/sys/kern/kern_module.c:244
#16 0xc05249df in linker_file_unload (file=0xc3ae0400, flags=0)
    at /usr/src/sys/kern/kern_linker.c:589
#17 0xc0525443 in kern_kldunload (td=0xc46f5aa0, fileid=5, flags=0)
    at /usr/src/sys/kern/kern_linker.c:1011
#18 0xc05254cb in kldunloadf (td=0xc46f5aa0, uap=0xe6447cfc)
    at /usr/src/sys/kern/kern_linker.c:1040
#19 0xc0765fb5 in syscall (frame=0xe6447d38)
    at /usr/src/sys/i386/i386/trap.c:1035
#20 0xc074d040 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:196
#21 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)


(kgdb) list *0xc052dc42 # this is the instruction pointer
0xc052dc42 is in _mtx_lock_sleep (/usr/src/sys/kern/kern_mutex.c:341).
336                      */
337                     v = m->mtx_lock;
338                     if (v != MTX_UNOWNED) {
339                             owner = (struct thread *)(v & ~MTX_FLAGMASK);
340     #ifdef ADAPTIVE_GIANT
341                             if (TD_IS_RUNNING(owner)) {
342     #else
343                             if (m != &Giant && TD_IS_RUNNING(owner)) {
344     #endif
345                                     if (LOCK_LOG_TEST(&m->lock_object, 0))

(kgdb) f 7
#7  0xc052dc42 in _mtx_lock_sleep (m=0xc3c06388, tid=3295632032, opts=0,
    file=0xc0917a07 "/usr/src/sys/modules/firewire/firewire/../../../dev/firewire/firewire.c", line=576) at /usr/src/sys/kern/kern_mutex.c:339
339                             owner = (struct thread *)(v & ~MTX_FLAGMASK);
(kgdb) print owner
$8 = (volatile struct thread *) 0x0

So owner is NULL, but
  a) I have no idea if this is the root of the panic
  b) I have no idea how to fix this

Any help is much appreciated, kernel + vmcore are available on request
>How-To-Repeat:
# kldunload firewire
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list