Date: Tue, 9 Oct 2007 12:23:49 +0200 From: "Petr Holub" <hopet@ics.muni.cz> To: <current@freebsd.org> Subject: panic while inserting USB key Message-ID: <034601c80a5e$7b3a6fd0$5317fb93@KLOBOUCEK>
next in thread | raw e-mail | index | archive | help
Hi, I'm consistently encountering kernel panic when inserting a USB key (yes, it's the same machine I had to use realbtx for): Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x290 fault code = supervisor read data, page not present instruction pointer = 0x8:0xffffffff804010a4 stack pointer = 0x10:0xffffffffac2dada0 frame pointer = 0x10:0xffffffffac2dade0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 37 (usb4) [thread pid 37 tid 100032 ] Stopped at usb_transfer_complete+0x1d4: movq 0x290(%r14),%r11 db> bt Tracing pid 37 tid 100032 td 0xffffff0001242000 usb_transfer_complete() at usb_transfer_complete+0x1d4 bus_dmamap_load() at bus_dmamap_load+0x330 usbd_transfer() at usbd_transfer+0xee usbd_do_request_flags_pipe() at usbd_do_request_flags_pipe+0x8f usbd_do_request_flags() at usbd_do_request_flags+0x25 usbd_get_string_desc() at usbd_get_string_desc+0x9b usbd_get_string() at usbd_get_string+0x83 usbd_devinfo_vp() at usbd_devinfo_vp+0x6f usbd_devinfo() at usbd_devinfo+0x46 usbd_new_device() at usbd_new_device+0x5b2 uhub_explore() at uhub_explore+0x1bd usb_discover() at usb_discover+0x38 usb_event_thread() at usb_event_thread+0x8a fork_exit() at fork_exit+0x11f fork_trampoline() at fork_trampoline+0xe --- trap 0, rip = 0, rsp = 0xffffffffac2dbd30, rbp = 0 --- db> sh threads 100071 (0xffffff00037d7350) sched_switch() at sched_switch+0x1fe 100083 (0xffffff00037dd9f0) sched_switch() at sched_switch+0x1fe 100082 (0xffffff0003885000) sched_switch() at sched_switch+0x1fe 100096 (0xffffff0003b53000) sched_switch() at sched_switch+0x1fe 100063 (0xffffff00037dc350) sched_switch() at sched_switch+0x1fe 100065 (0xffffff00037da9f0) sched_switch() at sched_switch+0x1fe 100069 (0xffffff00037d79f0) sched_switch() at sched_switch+0x1fe 100058 (0xffffff00037a3350) sched_switch() at sched_switch+0x1fe 100067 (0xffffff00037da350) sched_switch() at sched_switch+0x1fe 100112 (0xffffff0003be9000) sched_switch() at sched_switch+0x1fe 100113 (0xffffff0003be89f0) sched_switch() at sched_switch+0x1fe 100056 (0xffffff00037a39f0) sched_switch() at sched_switch+0x1fe 100060 (0xffffff00037dd000) sched_switch() at sched_switch+0x1fe 100062 (0xffffff00037dc6a0) sched_switch() at sched_switch+0x1fe 100051 (0xffffff00036cd350) sched_switch() at sched_switch+0x1fe 100050 (0xffffff00036cd6a0) sched_switch() at sched_switch+0x1fe 100053 (0xffffff00036389f0) sched_switch() at sched_switch+0x1fe 100064 (0xffffff00037dc000) sched_switch() at sched_switch+0x1fe 100039 (0xffffff0003637000) sched_switch() at sched_switch+0x1fe 100040 (0xffffff00036359f0) sched_switch() at sched_switch+0x1fe 100041 (0xffffff00036356a0) sched_switch() at sched_switch+0x1fe 100042 (0xffffff0003635350) sched_switch() at sched_switch+0x1fe 100043 (0xffffff0003635000) sched_switch() at sched_switch+0x1fe 100044 (0xffffff00012439f0) sched_switch() at sched_switch+0x1fe 100045 (0xffffff00036d09f0) sched_switch() at sched_switch+0x1fe 100046 (0xffffff00036d06a0) sched_switch() at sched_switch+0x1fe 100047 (0xffffff00036d0350) cpustop_handler() at cpustop_handler+0x40 100048 (0xffffff00036d0000) sched_switch() at sched_switch+0x1fe 100030 (0xffffff00012426a0) fork_trampoline() at fork_trampoline 100031 (0xffffff0001242350) fork_trampoline() at fork_trampoline 100032 (0xffffff0001242000) usb_transfer_complete() at usb_transfer_complete+ 0x1d4 100033 (0xffffff000123b9f0) sched_switch() at sched_switch+0x1fe 100034 (0xffffff000123b6a0) fork_trampoline() at fork_trampoline 100035 (0xffffff0003638000) sched_switch() at sched_switch+0x1fe 100036 (0xffffff00036379f0) fork_trampoline() at fork_trampoline 100037 (0xffffff00036376a0) sched_switch() at sched_switch+0x1fe 100038 (0xffffff0003637350) sched_switch() at sched_switch+0x1fe 100022 (0xffffff0001239350) sched_switch() at sched_switch+0x1fe 100023 (0xffffff0001239000) sched_switch() at sched_switch+0x1fe 100024 (0xffffff00011129f0) sched_switch() at sched_switch+0x1fe 100025 (0xffffff00011126a0) sched_switch() at sched_switch+0x1fe 100026 (0xffffff00012436a0) sched_switch() at sched_switch+0x1fe 100027 (0xffffff0001243350) sched_switch() at sched_switch+0x1fe 100028 (0xffffff0001243000) fork_trampoline() at fork_trampoline 100029 (0xffffff00012429f0) sched_switch() at sched_switch+0x1fe 100015 (0xffffff0001111350) sched_switch() at sched_switch+0x1fe 100016 (0xffffff0001111000) sched_switch() at sched_switch+0x1fe 100017 (0xffffff00010ea9f0) sched_switch() at sched_switch+0x1fe 100018 (0xffffff000123b350) sched_switch() at sched_switch+0x1fe 100019 (0xffffff000123b000) sched_switch() at sched_switch+0x1fe 100020 (0xffffff00012399f0) fork_trampoline() at fork_trampoline 100021 (0xffffff00012396a0) sched_switch() at sched_switch+0x1fe 100009 (0xffffff00010e86a0) sched_switch() at sched_switch+0x1fe 100010 (0xffffff00010e8350) sched_switch() at sched_switch+0x1fe 100011 (0xffffff0001112350) sched_switch() at sched_switch+0x1fe 100012 (0xffffff0001112000) sched_switch() at sched_switch+0x1fe 100013 (0xffffff00011119f0) sched_switch() at sched_switch+0x1fe 100014 (0xffffff00011116a0) sched_switch() at sched_switch+0x1fe 100004 (0xffffff00010e5000) sched_switch() at sched_switch+0x1fe 100005 (0xffffff00010ea6a0) fork_trampoline() at fork_trampoline 100006 (0xffffff00010ea350) sched_switch() at sched_switch+0x1fe 100007 (0xffffff00010ea000) sched_switch() at sched_switch+0x1fe 100008 (0xffffff00010e89f0) cpustop_handler() at cpustop_handler+0x40 100000 (0xffffff00010e8000) sched_switch() at sched_switch+0x1fe 100001 (0xffffff00010e59f0) cpustop_handler() at cpustop_handler+0x40 100002 (0xffffff00010e56a0) sched_switch() at sched_switch+0x1fe 100003 (0xffffff00010e5350) sched_switch() at sched_switch+0x1fe 0 (0xffffffff80a2a1c0) sched_switch() at sched_switch+0x1fe If the post-mortem analysis using kgdb and dump doesn't lie due to some memory corruption or sth like that, it shoudl be: (kgdb) up 11 #11 0xffffffff804010a4 in usb_transfer_complete (xfer=0xffffff00036e4800) at /usr/src/sys/dev/usb/usbdi.c:947 947 STAILQ_REMOVE_HEAD(&pipe->queue, next); (kgdb) up #12 0xffffffff806f05c0 in bus_dmamap_load (dmat=0xffffff00036cad80, map=0xffffff0003f42100, buf=0xffffffffac2defe0, buflen=0, callback=0xffffffff80401180 <usbd_start_transfer>, callback_arg=0xffffff00036e4800, flags=0) at /usr/src/sys/amd64/amd64/busdma_machdep.c:739 739 (*callback)(callback_arg, dmat->segments, nsegs + 1, 0); (kgdb) up #13 0xffffffff804017ae in usbd_transfer (xfer=0xffffff00036e4800) at /usr/src/sys/dev/usb/usbdi.c:312 312 err = bus_dmamap_load(tag, dmap->map, xfer->buffer, size , (kgdb) up #14 0xffffffff804019ff in usbd_do_request_flags_pipe (dev=0xffffff000389cc00, pipe=0xffffff00c5fe5300, req=0xffffffffac2def80, data=0xffffffffac2defe0, flags=Variable "flags" is not available. ) at /usr/src/sys/dev/usb/usbdi.c:1098 1098 err = usbd_sync_transfer(xfer); (kgdb) up #15 0xffffffff80401b35 in usbd_do_request_flags (dev=Variable "dev" is not avail able. ) at /usr/src/sys/dev/usb/usbdi.c:1068 1068 return (usbd_do_request_flags_pipe(dev, dev->default_pipe, req, Any clues? (Should I reenable INVARIANTS and WITNESS for this? I've disabled them in order to prepare for Myrinet 10GE card benchmarking.) Thanks, Petr PS: when doing background fsck after the crash, the machine becomes severly unresponsive and jerky :(.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?034601c80a5e$7b3a6fd0$5317fb93>