panic while playing with a ugen
Thierry Herbelot
thierry at herbelot.com
Wed May 31 15:42:59 PDT 2006
the panic occured when closing one endpoint of a ugen device (the device was
disconnecting from the USB bus after being reseted).
TfH
Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address = 0x60
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc0671f2c
stack pointer = 0x28:0xc73ceaa0
frame pointer = 0x28:0xc73ceab4
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 800 (test)
[thread pid 800 tid 100099 ]
Stopped at giant_close+0x20: movl 0x60(%eax),%eax
db> bt
Tracing pid 800 tid 100099 td 0xc17146c0
giant_close(c173e000,3,2000,c17146c0,c173e000) at giant_close+0x20
devfs_close(c73ceb0c) at devfs_close+0x2db
VOP_CLOSE_APV(c09b8000,c73ceb0c) at VOP_CLOSE_APV+0x7e
vn_close(c1a54410,3,c1969800,c17146c0,0) at vn_close+0x8b
vn_closefile(c16b5678,c17146c0,c73cebc4,c067ad44,c16b5678) at
vn_closefile+0xca
devfs_close_f(c16b5678,c17146c0) at devfs_close_f+0xf
fdrop_locked(c16b5678,c17146c0,c143a988,0,c0914e2c) at fdrop_locked+0x88
fdrop(c16b5678,c17146c0,6b5,c0a0b034,0) at fdrop+0x24
closef(c16b5678,c17146c0,0,0,4) at closef+0x367
close(c17146c0,c73ced04,c196e234,c,c17146c0) at close+0x1be
syscall(3b,3b,3b,bfbfeba8,4) at syscall+0x27e
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (6, FreeBSD ELF32, close), eip = 0x2814837f, esp = 0xbfbfeafc, ebp
= 0xbfbfebc8 ---
db> call doadump
Physical memory: 87 MB
Dumping 31 MB: 16
Dump complete
multi-cur# kgdb kernel.debug /files1/tmp/vmcore.2
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so:
Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
ugenioctl: cmd=c018556f
ugenioctl: cmd=c018556f
ugen0: at uhub4 port 3 (addr 2) disconnected
ugen_detach: sc=0xc1579000
Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address = 0x60
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc0671f2c
stack pointer = 0x28:0xc73ceaa0
frame pointer = 0x28:0xc73ceab4
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 800 (udibtest)
Physical memory: 87 MB
Dumping 31 MB: 16
#0 doadump () at pcpu.h:166
166 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) where
#0 doadump () at pcpu.h:166
#1 0xc04756f3 in db_fncall (dummy1=-952309596, dummy2=0, dummy3=1016,
dummy4=0xc73ce878 "\220è<Çø\003") at /files1/src/sys/ddb/db_command.c:479
#2 0xc0475504 in db_command (last_cmdp=0xc09ea3a4, cmd_table=0x0)
at /files1/src/sys/ddb/db_command.c:395
#3 0xc04755c2 in db_command_loop () at /files1/src/sys/ddb/db_command.c:446
#4 0xc04771d9 in db_trap (type=12, code=0)
at /files1/src/sys/ddb/db_main.c:221
#5 0xc06b38d0 in kdb_trap (type=12, code=0, tf=0xc73cea60)
at /files1/src/sys/kern/subr_kdb.c:481
#6 0xc0892ce8 in trap_fatal (frame=0xc73cea60, eva=96)
at /files1/src/sys/i386/i386/trap.c:861
#7 0xc0892a2b in trap_pfault (frame=0xc73cea60, usermode=0, eva=96)
at /files1/src/sys/i386/i386/trap.c:778
#8 0xc0892649 in trap (frame=
{tf_fs = -1066729464, tf_es = -1063190488, tf_ds = -1063256024, tf_edi
= -1046133620, tf_esi = -1063566816, tf_ebp = -952309068, tf_isp
= -952309108, tf_ebx = -1049370624, tf_edx = -1062922452, tf_ecx
= -1062922456, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1066983636,
tf_cs = 32, tf_eflags = 66054, tf_esp = -1063236056, tf_ss = 0})
at /files1/src/sys/i386/i386/trap.c:463
#9 0xc087d7ba in calltrap () at /files1/src/sys/i386/i386/exception.s:138
#10 0xc0671f2c in giant_close (dev=0xc173e000, fflag=3, devtype=8192,
td=0xc17146c0)
at /files1/src/sys/kern/kern_conf.c:266
#11 0xc064c14f in devfs_close (ap=0xc73ceb0c)
---Type <return> to continue, or q <return> to quit---
at /files1/src/sys/fs/devfs/devfs_vnops.c:281
#12 0xc08a3e7a in VOP_CLOSE_APV (vop=0x0, a=0xc73ceb0c) at vnode_if.c:424
#13 0xc06ff4df in vn_close (vp=0xc1a54410, flags=3, file_cred=0x0,
td=0xc17146c0)
at vnode_if.h:227
#14 0xc070033a in vn_closefile (fp=0xc16b5678, td=0xc17146c0)
at /files1/src/sys/kern/vfs_vnops.c:870
#15 0xc064c177 in devfs_close_f (fp=0xc16b5678, td=0xc17146c0)
at /files1/src/sys/fs/devfs/devfs_vnops.c:291
#16 0xc067ad44 in fdrop_locked (fp=0xc16b5678, td=0xc17146c0) at file.h:296
#17 0xc067acb4 in fdrop (fp=0xc16b5678, td=0xc17146c0)
at /files1/src/sys/kern/kern_descrip.c:2146
#18 0xc06797a3 in closef (fp=0xc16b5678, td=0xc17146c0)
at /files1/src/sys/kern/kern_descrip.c:1961
#19 0xc067703a in close (td=0xc17146c0, uap=0x0)
at /files1/src/sys/kern/kern_descrip.c:1018
(kgdb) frame 10
#10 0xc0671f2c in giant_close (dev=0xc173e000, fflag=3, devtype=8192,
td=0xc17146c0)
at /files1/src/sys/kern/kern_conf.c:266
266 retval = dev->si_devsw->d_gianttrick->
(kgdb) list
261 giant_close(struct cdev *dev, int fflag, int devtype, struct thread
*td)
262 {
263 int retval;
264
265 mtx_lock(&Giant);
266 retval = dev->si_devsw->d_gianttrick->
267 d_close(dev, fflag, devtype, td);
268 mtx_unlock(&Giant);
269 return (retval);
270 }
(kgdb) print dev
$1 = (struct cdev *) 0xc173e000
(kgdb) print dev->si_devsw
$2 = (struct cdevsw *) 0x0
More information about the freebsd-current
mailing list