From owner-freebsd-bugs@FreeBSD.ORG Fri Aug 25 15:10:25 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0428716A4DA for ; Fri, 25 Aug 2006 15:10:25 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 10A3543D46 for ; Fri, 25 Aug 2006 15:10:22 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k7PFALUp007509 for ; Fri, 25 Aug 2006 15:10:21 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k7PFALW7007508; Fri, 25 Aug 2006 15:10:21 GMT (envelope-from gnats) Date: Fri, 25 Aug 2006 15:10:21 GMT Message-Id: <200608251510.k7PFALW7007508@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: lurca@okolar.net Cc: Subject: RE: kern/99200:[bluetooth] SMP-Kernel crashes reliably when bluetooth-connection speeds up X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: lurca@okolar.net List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Aug 2006 15:10:25 -0000 The following reply was made to PR kern/99200; it has been noted by GNATS. From: lurca@okolar.net To: undisclosed-recipients:; Cc: Subject: RE: kern/99200:[bluetooth] SMP-Kernel crashes reliably when bluetooth-connection speeds up Date: Fri, 25 Aug 2006 12:21:54 +0000 (UTC) This is a kernel (on the same machine) with "makeoptions DEBUG=-g" enabled. It behaves different from the one without this option - it seems more stable. An scp from the peer comes in with about 18 KB/s - an scp tranferring from the host to the peer goes up to 40 KB/s, then either the ppp dies or the host panics. Without DEBUG the host crashes after transmission of half a page on an ls -l command in ssh. (A non-SMP-Kernel transfers with 80 KB/s in both directions for hours.) The following sticks to the handbook... --------------------------------------------------------- GNU gdb 6.1.1 [FreeBSD] .... This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x8 fault code = supervisor read, page not present instruction pointer = 0x20:0xc04a5423 stack pointer = 0x28:0xd71ddc88 frame pointer = 0x28:0xd71ddc94 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 24 (usbtask) trap number = 12 panic: page fault cpuid = 0 Uptime: 24m20s Dumping 447 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 447MB (114432 pages) 432 416 400 384 368 352 336 320 304 288 272 256 240 224 208 192 176 160 144 128 112 96 80 64 48 32 16 #0 doadump () at pcpu.h:165 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) bt #0 doadump () at pcpu.h:165 #1 0xc04ef4a1 in boot (howto=260) at ../../../kern/kern_shutdown.c:402 #2 0xc04ef7c9 in panic (fmt=0xc06788e5 "%s") at ../../../kern/kern_shutdown.c:558 #3 0xc0654f20 in trap_fatal (frame=0xd71ddc48, eva=8) at ../../../i386/i386/trap.c:836 #4 0xc0654c5f in trap_pfault (frame=0xd71ddc48, usermode=0, eva=8) at ../../../i386/i386/trap.c:744 #5 0xc06548b9 in trap (frame= {tf_fs = 8, tf_es = -685965272, tf_ds = 40, tf_edi = -1028263936, tf_esi = -1027805504, tf_ebp = -685908844, tf_isp = -685908876, tf_ebx = 0, tf_edx = 11, tf_ecx = -1027935232, tf_eax = -1027805504, tf_trapno = 12, tf_err = 0, tf_eip = -1068870621, tf_cs = 32, tf_eflags = 66051, tf_esp = -1027899024, tf_ss = -1028263936}) at ../../../i386/i386/trap.c:434 #6 0xc06421ba in calltrap () at ../../../i386/i386/exception.s:139 #7 0xc04a5423 in uhci_remove_bulk (sc=0xc2b5f000, sqh=0xc2bceec0) at ../../../dev/usb/uhci.c:398 #8 0xc04a6c61 in uhci_device_bulk_done (xfer=0xc2bceec0) at ../../../dev/usb/uhci.c:2800 #9 0xc04aecdf in usb_transfer_complete (xfer=0xc2bb8100) at ../../../dev/usb/usbdi.c:861 #10 0xc04a6162 in uhci_abort_xfer (xfer=0xc2bb8100, status=USBD_NO_POWER) at ../../../dev/usb/uhci.c:2021 #11 0xc04a58a1 in uhci_timeout_task (addr=0xc2bb8100) at ../../../dev/usb/uhci.c:1534 #12 0xc04ab891 in usb_task_thread (arg=0x0) at ../../../dev/usb/usb.c:476 #13 0xc04dab65 in fork_exit (callout=0xc04ab7f8 , arg=0x0, frame=0xd71ddd38) at ../../../kern/kern_fork.c:805 #14 0xc064221c in fork_trampoline () at ../../../i386/i386/exception.s:208 (kgdb) list *0xc04a5423 0xc04a5423 is in uhci_remove_bulk (../../../dev/usb/uhci.c:398). 393 Static __inline uhci_soft_qh_t * 394 uhci_find_prev_qh(uhci_soft_qh_t *pqh, uhci_soft_qh_t *sqh) 395 { 396 DPRINTFN(15,("uhci_find_prev_qh: pqh=%p sqh=%p\n", pqh, sqh)); 397 398 for (; pqh->hlink != sqh; pqh = pqh->hlink) { 399 #if defined(DIAGNOSTIC) || defined(USB_DEBUG) 400 if (le32toh(pqh->qh.qh_hlink) & UHCI_PTR_T) { 401 printf("uhci_find_prev_qh: QH not found\n"); 402 return (NULL); (kgdb) quit -----------------------------------------------------------------------