USB CF Reader causes Fatal trap 12
Andre Guibert de Bruet
andy at siliconlandmark.com
Fri May 16 10:33:24 PDT 2003
"It" was the dump, yes. I accidentally deleted the dump and I'm off to
work at the moment, so I won't be able to produce another dump until later
today. Anyway, here are the source code offsets for the functions listed
in the trace:
(kgdb) l *g_disk_access+0xa9
0xc01daf29 is in g_disk_access (../../../geom/geom_disk.c:109).
104 w += pp->acw;
105 e += pp->ace;
106 dp = pp->geom->softc;
107 error = 0;
108 if ((pp->acr + pp->acw + pp->ace) == 0 && (r + w + e) > 0) {
109 if (dp->d_open != NULL) {
110 g_disk_lock_giant(dp);
111 error = dp->d_open(dp);
112 if (error != 0)
113 printf("Opened disk %s -> %d\n",
(kgdb) l *g_access_rel+0x20e
0xc01dfa3e is in g_access_rel (../../../geom/geom_subr.c:513).
508 else if ((dcr > 0 || dcw > 0 || dce > 0) && pp->error != 0)
509 return (pp->error);
510
511 /* Ok then... */
512
513 error = pp->geom->access(pp, dcr, dcw, dce);
514 if (!error) {
515 /*
516 * If we open first write, spoil any partner consumers.
517 * If we close last write, trigger re-taste.
(kgdb) l *g_slice_new+0xdb
0xc01de8eb is in g_slice_new (../../../geom/geom_slice.c:457).
452 gp->dumpconf = g_slice_dumpconf;
453 cp = g_new_consumer(gp);
454 error = g_attach(cp, pp);
455 if (error == 0)
456 error = g_access_rel(cp, 1, 0, 0);
457 if (error) {
458 g_wither_geom(gp, ENXIO);
459 return (NULL);
460 }
461 *vp = gsp->softc;
(kgdb) l *g_bsd_taste+0xa9
0xc0349b29 is in g_bsd_taste (../../../geom/geom_bsd.c:571).
566 * and a softc structure for us. Specify the provider to attach
567 * the consumer to and our "start" routine for special requests.
568 * The provider is opened with mode (1,0,0) so we can do reads
569 * from it.
570 */
571 gp = g_slice_new(mp, MAXPARTITIONS, pp, &cp, &ms,
572 sizeof(*ms), g_bsd_start);
573 if (gp == NULL)
574 return (NULL);
575
(kgdb) l *g_new_provider_event+0x9c
0xc01df20c is in g_new_provider_event (../../../geom/geom_subr.c:258).
253 if (cp->geom->class == mp)
254 i = 0;
255 if (!i)
256 continue;
257 mp->taste(mp, pp, 0);
258 g_topology_assert();
259 }
260 }
261
262
(kgdb) l *one_event+0x20a
0xc01dc77a is in one_event (../../../geom/geom_event.c:180).
175 }
176 TAILQ_REMOVE(&g_events, ep, events);
177 mtx_unlock(&g_eventlock);
178 g_topology_assert();
179 ep->func(ep->arg, 0);
180 g_topology_assert();
181 if (ep->flag & EV_WAKEUP) {
182 ep->flag |= EV_DONE;
183 wakeup(ep);
184 } else {
(kgdb) l *g_run_events+0x8
0xc01dc858 is in g_run_events (../../../geom/geom_event.c:199).
194
195 void
196 g_run_events()
197 {
198
199 while (one_event())
200 ;
201 }
202
203 void
(kgdb) l *g_event_procbody+0x45
0xc01dd7a5 is in g_event_procbody (../../../geom/geom_kern.c:134).
129
130 mtx_assert(&Giant, MA_NOTOWNED);
131 tp->td_base_pri = PRIBIO;
132 for(;;) {
133 g_run_events();
134 tsleep(&g_wait_event, PRIBIO, "g_events", hz/10);
135 }
136 }
137
138 static struct kproc_desc g_event_kp = {
> Andre Guibert de Bruet | Enterprise Software Consultant >
> Silicon Landmark, LLC. | http://siliconlandmark.com/ >
On Fri, 16 May 2003, Robert Watson wrote:
> On Fri, 16 May 2003, Andre Guibert de Bruet wrote:
>
> > No go on the backtrace. It appears as if it got corrupted somehow...
>
> I assume "it" here is the dump. You can still generate source code
> offsets using the function+offset values in the ddb trace by attaching gdb
> to the debugging kernel on disk and using:
>
> (kgdb) l *g_disk_access+0xa9
> ...
> (kgdb) l *g_access_rel+0x20e
> ...
>
> And so on. No local variable inspection, but helps if your source code
> and build options aren't quite in sync with the ones of the person doing
> the debugging.
>
> > On Fri, 16 May 2003, Andre Guibert de Bruet wrote:
> >
> > > The reader I'm using is a Dazzle 6 in 1 unit. It has worked flawlessly up
> > > until last night's USB commit. At last boot, it came up as:
> > >
> > > > umass0: SCM Microsystems Inc. eUSB ORCA Quad Reader, rev 1.10/5.07, addr 4
> > > > da0 at umass-sim0 bus 0 target 0 lun 0
> > > > da0: <eUSB Compact Flash 5.07> Removable Direct Access SCSI-2 device
> > > > da0: 1.000MB/s transfers
> > > > da0: 122MB (250368 512 byte sectors: 64H 32S/T 122C)
> > >
> > > Upon connection, at the console:
> > >
> > > [... some messages that i couldn't copy and paste in time...]
> > > umass0: Invalid CSW: tag 0 should be 10
> > > (da0:umass-sim0:0:0:0): AutoSense Failed
> > > (da0:umass-sim0:0:0:0): removing device entry
> > > Opened disk da0 -> 5
> > >
> > > Fatal trap 12: page fault while in kernel mode
> > > cpuid = 0; lapic.id = 00000000
> > > fault virtual address = 0x1c
> > > fault code = supervisor read, page not present
> > > instruction pointer = 0x8:0xc01daf29
> > > stack pointer = 0x10:0xe42e8b5c
> > > frame pointer = 0x10:0xe42e8b84
> > > code segment = base 0x0, limit 0xfffff, type 0x1b
> > > = DPL 0, pres 1, def32 1, gran 1
> > > processor eflags = interrupt enabled, resume, IOPL = 0
> > > current process = 2 (g_event)
> > > kernel: type 12 trap, code=0
> > > Stopped at g_disk_access+0xa9: cmpl $0,0x1c(%esi)
> > > db> call doadump
> > > Dumping 3583 MB
> > > ata3: resetting devices ..
> > > done
> > > 16 32 48 64 80 [... snip ...] 3568
> > > Dump complete
> > > 0xf
> > >
> > > db> tr
> > > g_disk_access(caafdd80,1,0,0,0) at g_disk_access+0xa9
> > > g_access_rel(cb598b80,1,0,0,e42e8c30) at g_access_rel+0x20e
> > > g_slice_new(c0406b20,8,caafdd80,e42e8c2c,e42e8c30) at g_slice_new+0xdb
> > > g_bsd_taste(c0406b20,caafdd80,0,102,caafdd00) at g_bsd_taste+0xa9
> > > g_new_provider_event(caafdd80,0,c03a3701,b2,66666667) at g_new_provider_event+0x9c
> > > one_event(e42e8d14,c01dd7a5,c041b30c,0,4c) at one_event+0x20a
> > > g_run_events(c041b30c,0,4c,c03a3a23,a) at g_run_events+0x8
> > > g_event_procbody(0,e42e8d48,c03a5629,2f8,c60f7e40) at g_event_procbody+0x45
> > > fork_exit(c01dd760,0,e42e8d48) at fork_exit+0xc0
> > > fork_trampoline() at fork_trampoline+0x1a
> > > --- trap 0x1, eip = 0, esp = 0xe42e8d7c, ebp = 0 ---
> > >
> > > GDB trace to follow. Stay tuned...
More information about the freebsd-current
mailing list