From owner-freebsd-current@FreeBSD.ORG  Sat Jan 19 15:10:58 2013
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 502FB410;
 Sat, 19 Jan 2013 15:10:58 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from onyx.glenbarber.us (onyx.glenbarber.us
 [IPv6:2607:fc50:1000:c200::face])
 by mx1.freebsd.org (Postfix) with ESMTP id 10490FA9;
 Sat, 19 Jan 2013 15:10:58 +0000 (UTC)
Received: from glenbarber.us (kaos.glenbarber.us [71.224.221.174])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested) (Authenticated sender: gjb)
 by onyx.glenbarber.us (Postfix) with ESMTPSA id 238B823F763;
 Sat, 19 Jan 2013 10:10:56 -0500 (EST)
DKIM-Filter: OpenDKIM Filter v2.7.4 onyx.glenbarber.us 238B823F763
Authentication-Results: onyx.glenbarber.us; dkim=none
 reason="no signature"; dkim-adsp=none (insecure policy)
Date: Sat, 19 Jan 2013 10:10:54 -0500
From: Glen Barber <gjb@FreeBSD.org>
To: freebsd-current@FreeBSD.org
Subject: Fatal trap 12 with process cambio on USB attach
Message-ID: <20130119151054.GA1301@glenbarber.us>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="mP3DRpeJDSE+ciuQ"
Content-Disposition: inline
X-Operating-System: FreeBSD 10.0-CURRENT amd64
User-Agent: Mutt/1.5.21 (2010-09-15)
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Jan 2013 15:10:58 -0000


--mP3DRpeJDSE+ciuQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

I am running one-day-old -CURRENT:

 root@nucleus:~ # uname -a
 FreeBSD nucleus 10.0-CURRENT FreeBSD 10.0-CURRENT #51 r245605: Fri Jan
 18 11:25:40 EST 2013     root@nucleus:/usr/obj/usr/src/sys/NUCLEUS amd64

I attached a MicroSDHC flash card with a MicroSD->USB adapter, and the
system crashed with a kernel page fault.  I am certain the SDHC card
should work, as it works in other FreeBSD machines.

kgdb session follows.  Please let me know if I can provide further
information.

Thanks,

Glen

Script started on Sat Jan 19 10:03:27 2013
root@nucleus:/usr/obj/usr/src/sys/NUCLEUS # kgdb kernel.debug /var/crash/vm=
core.8
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain condition=
s.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:
umass0:4:0:-1: Attached to scbus4


Fatal trap 12: page fault while in kernel mode
cpuid =3D 6; apic id =3D 06
fault virtual address   =3D 0x0
fault code              =3D supervisor read data, page not present
instruction pointer     =3D 0x20:0xffffffff802933c9
stack pointer           =3D 0x28:0xffffff80003098e0
frame pointer           =3D 0x28:0xffffff8000309910
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
current process         =3D 12 (swi2: cambio)
trap number             =3D 12
panic: page fault
cpuid =3D 6
KDB: stack backtrace:
#0 0xffffffff80608966 at kdb_backtrace+0x66
#1 0xffffffff805cea9b at panic+0x13b
#2 0xffffffff808880a0 at trap_fatal+0x290
#3 0xffffffff80888411 at trap_pfault+0x221
#4 0xffffffff808889c4 at trap+0x344
#5 0xffffffff80872213 at calltrap+0x8
#6 0xffffffff802934a5 at camq_remove+0x65
#7 0xffffffff80298c4f at xpt_run_dev_sendq+0xef
#8 0xffffffff802995a0 at camisr_runqueue+0x290
#9 0xffffffff802997bf at camisr+0xff
#10 0xffffffff8059fe4d at intr_event_execute_handlers+0xfd
#11 0xffffffff805a165e at ithread_loop+0x9e
#12 0xffffffff8059ca1f at fork_exit+0x11f
#13 0xffffffff8087273e at fork_trampoline+0xe
Uptime: 41s
Dumping 551 out of 7951 MB:..3%..12%..21%..32%..41%..53%..61%..73%..82% (CT=
RL-C to abort) ..93%

Reading symbols from /boot/kernel/zfs.ko...Reading symbols from /bootdir/bo=
ot/kernel/zfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/zfs.ko
Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols from /bo=
otdir/boot/kernel/opensolaris.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/opensolaris.ko
Reading symbols from /boot/kernel/geom_eli.ko...Reading symbols from /bootd=
ir/boot/kernel/geom_eli.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/geom_eli.ko
Reading symbols from /boot/kernel/linux.ko...Reading symbols from /bootdir/=
boot/kernel/linux.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linux.ko
Reading symbols from /boot/kernel/coretemp.ko...Reading symbols from /bootd=
ir/boot/kernel/coretemp.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/coretemp.ko
Reading symbols from /boot/kernel/acpi_video.ko...Reading symbols from /boo=
tdir/boot/kernel/acpi_video.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi_video.ko
Reading symbols from /boot/kernel/sem.ko...Reading symbols from /bootdir/bo=
ot/kernel/sem.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/sem.ko
Reading symbols from /boot/kernel/acpi_asus.ko...Reading symbols from /boot=
dir/boot/kernel/acpi_asus.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi_asus.ko
Reading symbols from /boot/kernel/aesni.ko...Reading symbols from /bootdir/=
boot/kernel/aesni.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/aesni.ko
Reading symbols from /boot/kernel/pf.ko...Reading symbols from /bootdir/boo=
t/kernel/pf.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/pf.ko
Reading symbols from /boot/kernel/i915kms.ko...Reading symbols from /bootdi=
r/boot/kernel/i915kms.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/i915kms.ko
Reading symbols from /boot/kernel/iicbb.ko...Reading symbols from /bootdir/=
boot/kernel/iicbb.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/iicbb.ko
Reading symbols from /boot/kernel/iicbus.ko...Reading symbols from /bootdir=
/boot/kernel/iicbus.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/iicbus.ko
Reading symbols from /boot/kernel/iic.ko...Reading symbols from /bootdir/bo=
ot/kernel/iic.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/iic.ko
Reading symbols from /boot/kernel/agp.ko...Reading symbols from /bootdir/bo=
ot/kernel/agp.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/agp.ko
Reading symbols from /boot/kernel/drm2.ko...Reading symbols from /bootdir/b=
oot/kernel/drm2.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/drm2.ko
Reading symbols from /usr/local/libexec/linux_adobe/linux_adobe.ko...done.
Loaded symbols for /usr/local/libexec/linux_adobe/linux_adobe.ko
#0  doadump (textdump=3D<value optimized out>) at pcpu.h:229
229             __asm("movq %%gs:%1,%0" : "=3Dr" (td)
(kgdb) bt
#0  doadump (textdump=3D<value optimized out>) at pcpu.h:229
#1  0xffffffff805ce604 in kern_reboot (howto=3D260) at /usr/src/sys/kern/ke=
rn_shutdown.c:446
#2  0xffffffff805cea85 in panic (fmt=3D<value optimized out>) at /usr/src/s=
ys/kern/kern_shutdown.c:753
#3  0xffffffff808880a0 in trap_fatal (frame=3D0xc, eva=3D<value optimized o=
ut>)
    at /usr/src/sys/amd64/amd64/trap.c:872
#4  0xffffffff80888411 in trap_pfault (frame=3D0xffffff8000309830, usermode=
=3D0)
    at /usr/src/sys/amd64/amd64/trap.c:789
#5  0xffffffff808889c4 in trap (frame=3D0xffffff8000309830) at /usr/src/sys=
/amd64/amd64/trap.c:463
#6  0xffffffff80872213 in calltrap () at /usr/src/sys/amd64/amd64/exception=
=2ES:228
#7  0xffffffff802933c9 in heap_down (queue_array=3D0xfffffe01c90223f8, inde=
x=3D<value optimized out>,=20
    num_entries=3D0) at /usr/src/sys/cam/cam_queue.c:357
#8  0xffffffff802934a5 in camq_remove (queue=3D0xfffffe000359e880, index=3D=
-1) at /usr/src/sys/cam/cam_queue.c:185
#9  0xffffffff80298c4f in xpt_run_dev_sendq (bus=3D0xfffffe01c909ed00) at c=
am_queue.h:210
#10 0xffffffff802995a0 in camisr_runqueue (V_queue=3D<value optimized out>)=
 at /usr/src/sys/cam/cam_xpt.c:5102
#11 0xffffffff802997bf in camisr (dummy=3D<value optimized out>) at /usr/sr=
c/sys/cam/cam_xpt.c:5002
#12 0xffffffff8059fe4d in intr_event_execute_handlers (p=3D<value optimized=
 out>, ie=3D0xfffffe00031ccc00)
    at /usr/src/sys/kern/kern_intr.c:1272
#13 0xffffffff805a165e in ithread_loop (arg=3D0xfffffe0002f5a800) at /usr/s=
rc/sys/kern/kern_intr.c:1285
#14 0xffffffff8059ca1f in fork_exit (callout=3D0xffffffff805a15c0 <ithread_=
loop>, arg=3D0xfffffe0002f5a800,=20
    frame=3D0xffffff8000309ac0) at /usr/src/sys/kern/kern_fork.c:991
#15 0xffffffff8087273e in fork_trampoline () at /usr/src/sys/amd64/amd64/ex=
ception.S:602
#16 0x0000000000000000 in ?? ()
(kgdb) frame 7
#7  0xffffffff802933c9 in heap_down (queue_array=3D0xfffffe01c90223f8, inde=
x=3D<value optimized out>,=20
    num_entries=3D0) at /usr/src/sys/cam/cam_queue.c:357
357             if (queue_array[i]->priority =3D=3D queue_array[j]->priorit=
y)
(kgdb) list *0xffffffff802933c9
0xffffffff802933c9 is in heap_down (/usr/src/sys/cam/cam_queue.c:357).
352      * equal too, or greater than j respectively.
353      */
354     static __inline int
355     queue_cmp(cam_pinfo **queue_array, int i, int j)
356     {
357             if (queue_array[i]->priority =3D=3D queue_array[j]->priorit=
y)
358                     return (  queue_array[i]->generation
359                             - queue_array[j]->generation );
360             else
361                     return (  queue_array[i]->priority
(kgdb) frame 8
#8  0xffffffff802934a5 in camq_remove (queue=3D0xfffffe000359e880, index=3D=
-1) at /usr/src/sys/cam/cam_queue.c:185
185                     heap_down(queue->queue_array, index, queue->entries=
 - 1);
(kgdb) list *0xffffffff802934a5
0xffffffff802934a5 is in camq_remove (/usr/src/sys/cam/cam_queue.c:187).
182             if (queue->entries !=3D index) {
183                     queue->queue_array[index] =3D queue->queue_array[qu=
eue->entries];
184                     queue->queue_array[index]->index =3D index;
185                     heap_down(queue->queue_array, index, queue->entries=
 - 1);
186             }
187             removed_entry->index =3D CAM_UNQUEUED_INDEX;
188             queue->entries--;
189             return (removed_entry);
190     }
191    =20
(kgdb) frame 9
#9  0xffffffff80298c4f in xpt_run_dev_sendq (bus=3D0xfffffe01c909ed00) at c=
am_queue.h:210
210             camq_remove(&ccbq->queue, ccb->ccb_h.pinfo.index);
(kgdb) list *0xffffffff80298c4f
0xffffffff80298c4f is in xpt_run_dev_sendq (cam_queue.h:211).
206    =20
207     static __inline int
208     cam_ccbq_remove_ccb(struct cam_ccbq *ccbq, union ccb *ccb)
209     {
210             camq_remove(&ccbq->queue, ccb->ccb_h.pinfo.index);
211             if (ccbq->queue.qfrozen_cnt[CAM_PRIORITY_TO_RL(
212                 ccb->ccb_h.pinfo.priority)] > 0) {
213                     ccbq->devq_openings--;
214                     ccbq->held--;
215                     return (1);
(kgdb) frame 10
#10 0xffffffff802995a0 in camisr_runqueue (V_queue=3D<value optimized out>)=
 at /usr/src/sys/cam/cam_xpt.c:5102
5102                            xpt_run_dev_sendq(ccb_h->path->bus);
(kgdb) list *0xffffffff802995a0
0xffffffff802995a0 is in camisr_runqueue (/usr/src/sys/cam/cam_xpt.c:5102).
5097                     && (ccb_h->status & CAM_DEV_QFRZN)) {
5098                            xpt_release_devq(ccb_h->path, /*count*/1,
5099                                             /*run_queue*/TRUE);
5100                            ccb_h->status &=3D ~CAM_DEV_QFRZN;
5101                    } else if (runq) {
5102                            xpt_run_dev_sendq(ccb_h->path->bus);
5103                    }
5104   =20
5105                    /* Call the peripheral driver's callback */
5106                    (*ccb_h->cbfcnp)(ccb_h->path->periph, (union ccb *)=
ccb_h);
(kgdb) p *ccb_h
$1 =3D {pinfo =3D {priority =3D 896, generation =3D 29, index =3D -1}, xpt_=
links =3D {le =3D {le_next =3D 0x0, le_prev =3D 0x0},=20
    sle =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D 0x0, tqe_prev =3D 0x0=
}, stqe =3D {stqe_next =3D 0x0}}, sim_links =3D {
    le =3D {le_next =3D 0x0, le_prev =3D 0xfffffe0185688c28}, sle =3D {sle_=
next =3D 0x0}, tqe =3D {tqe_next =3D 0x0,=20
      tqe_prev =3D 0xfffffe0185688c28}, stqe =3D {stqe_next =3D 0x0}}, peri=
ph_links =3D {le =3D {le_next =3D 0x0,=20
      le_prev =3D 0x0}, sle =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D 0=
x0, tqe_prev =3D 0x0}, stqe =3D {
      stqe_next =3D 0x0}}, retry_count =3D 4, cbfcnp =3D 0xffffffff802d6dd0=
 <dadone>, func_code =3D XPT_SCSI_IO,=20
  status =3D 1, path =3D 0xfffffe0006f878a0, path_id =3D 4, target_id =3D 0=
, target_lun =3D 0, flags =3D 64,=20
  periph_priv =3D {entries =3D {{ptr =3D 0x1, field =3D 1, bytes =3D "\001\=
000\000\000\000\000\000"}, {ptr =3D 0x0,=20
        field =3D 0, bytes =3D "\000\000\000\000\000\000\000"}}, bytes =3D =
"\001", '\0' <repeats 14 times>},=20
  sim_priv =3D {entries =3D {{ptr =3D 0x0, field =3D 0, bytes =3D "\000\000=
\000\000\000\000\000"}, {ptr =3D 0x0,=20
        field =3D 0, bytes =3D "\000\000\000\000\000\000\000"}}, bytes =3D =
'\0' <repeats 15 times>}, timeout =3D 5000,=20
  timeout_ch =3D {callout =3D 0x0}}
(kgdb) root@nucleus:/usr/obj/usr/src/sys/NUCLEUS # ^D

Script done on Sat Jan 19 10:04:19 2013


--mP3DRpeJDSE+ciuQ
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iQEcBAEBCAAGBQJQ+rd+AAoJEFJPDDeguUajEpUH/jTWrhMCe4eXDEYIRyzukpTY
K/pjnk4AuWAhIKISg9ubcngoZ3HxB2htNuyyO1krQmSOJNbg1YZOByaaEdAajIT2
71slwFYeQxlXIUXvtN3TQw1RXlSW+rSIwxW8uS3wNWGNBAJhYXsuv8Zk+8Gq0Y44
YJ7PrzLfYd5OKBOyJKiAGA3H9N9G3ZEcb7JKVi0aeqkmXZRg0wErjmc5nzFy3HSs
rTB03mTJvtrH52+XHVM1Wq0x3pgPVrjTPZht5Cy3IsPB/WadD6oak2GxYvxjMlcF
tU7rdxTvr7Po0mr/wzENnqBqY4X3lWmvFD4IhHe0GTQocP9K7N8blYNQ5h/2FdM=
=gNHE
-----END PGP SIGNATURE-----

--mP3DRpeJDSE+ciuQ--