From owner-freebsd-current@FreeBSD.ORG Wed May 31 22:42:56 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CBF2216B493 for ; Wed, 31 May 2006 22:42:56 +0000 (UTC) (envelope-from thierry@herbelot.com) Received: from smtp4-g19.free.fr (smtp4-g19.free.fr [212.27.42.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 37EC643D46 for ; Wed, 31 May 2006 22:42:56 +0000 (GMT) (envelope-from thierry@herbelot.com) Received: from herbelot.dyndns.org (bne75-4-82-227-159-103.fbx.proxad.net [82.227.159.103]) by smtp4-g19.free.fr (Postfix) with ESMTP id 66309547D7 for ; Thu, 1 Jun 2006 00:42:55 +0200 (CEST) Received: from diversion.herbelot.nom (diversion.herbelot.nom [192.168.2.6]) by herbelot.dyndns.org (8.13.3/8.13.3) with ESMTP id k4VMgrDh024926 for ; Thu, 1 Jun 2006 00:42:53 +0200 (CEST) From: Thierry Herbelot To: freebsd-current@freebsd.org Date: Thu, 1 Jun 2006 00:42:46 +0200 User-Agent: KMail/1.9.1 X-Warning: Windows can lose your files X-Op-Sys: Le FriBi de la mort qui tue X-Org: TfH&Co X-MailScanner: Found to be clean MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200606010042.47193.thierry@herbelot.com> Subject: panic while playing with a ugen X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: thierry@herbelot.com List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 May 2006 22:42:59 -0000 the panic occured when closing one endpoint of a ugen device (the device was disconnecting from the USB bus after being reseted). TfH Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0x60 fault code = supervisor read, page not present instruction pointer = 0x20:0xc0671f2c stack pointer = 0x28:0xc73ceaa0 frame pointer = 0x28:0xc73ceab4 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 800 (test) [thread pid 800 tid 100099 ] Stopped at giant_close+0x20: movl 0x60(%eax),%eax db> bt Tracing pid 800 tid 100099 td 0xc17146c0 giant_close(c173e000,3,2000,c17146c0,c173e000) at giant_close+0x20 devfs_close(c73ceb0c) at devfs_close+0x2db VOP_CLOSE_APV(c09b8000,c73ceb0c) at VOP_CLOSE_APV+0x7e vn_close(c1a54410,3,c1969800,c17146c0,0) at vn_close+0x8b vn_closefile(c16b5678,c17146c0,c73cebc4,c067ad44,c16b5678) at vn_closefile+0xca devfs_close_f(c16b5678,c17146c0) at devfs_close_f+0xf fdrop_locked(c16b5678,c17146c0,c143a988,0,c0914e2c) at fdrop_locked+0x88 fdrop(c16b5678,c17146c0,6b5,c0a0b034,0) at fdrop+0x24 closef(c16b5678,c17146c0,0,0,4) at closef+0x367 close(c17146c0,c73ced04,c196e234,c,c17146c0) at close+0x1be syscall(3b,3b,3b,bfbfeba8,4) at syscall+0x27e Xint0x80_syscall() at Xint0x80_syscall+0x1f --- syscall (6, FreeBSD ELF32, close), eip = 0x2814837f, esp = 0xbfbfeafc, ebp = 0xbfbfebc8 --- db> call doadump Physical memory: 87 MB Dumping 31 MB: 16 Dump complete multi-cur# kgdb kernel.debug /files1/tmp/vmcore.2 [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: ugenioctl: cmd=c018556f ugenioctl: cmd=c018556f ugen0: at uhub4 port 3 (addr 2) disconnected ugen_detach: sc=0xc1579000 Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0x60 fault code = supervisor read, page not present instruction pointer = 0x20:0xc0671f2c stack pointer = 0x28:0xc73ceaa0 frame pointer = 0x28:0xc73ceab4 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 800 (udibtest) Physical memory: 87 MB Dumping 31 MB: 16 #0 doadump () at pcpu.h:166 166 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) where #0 doadump () at pcpu.h:166 #1 0xc04756f3 in db_fncall (dummy1=-952309596, dummy2=0, dummy3=1016, dummy4=0xc73ce878 "\220è<Çø\003") at /files1/src/sys/ddb/db_command.c:479 #2 0xc0475504 in db_command (last_cmdp=0xc09ea3a4, cmd_table=0x0) at /files1/src/sys/ddb/db_command.c:395 #3 0xc04755c2 in db_command_loop () at /files1/src/sys/ddb/db_command.c:446 #4 0xc04771d9 in db_trap (type=12, code=0) at /files1/src/sys/ddb/db_main.c:221 #5 0xc06b38d0 in kdb_trap (type=12, code=0, tf=0xc73cea60) at /files1/src/sys/kern/subr_kdb.c:481 #6 0xc0892ce8 in trap_fatal (frame=0xc73cea60, eva=96) at /files1/src/sys/i386/i386/trap.c:861 #7 0xc0892a2b in trap_pfault (frame=0xc73cea60, usermode=0, eva=96) at /files1/src/sys/i386/i386/trap.c:778 #8 0xc0892649 in trap (frame= {tf_fs = -1066729464, tf_es = -1063190488, tf_ds = -1063256024, tf_edi = -1046133620, tf_esi = -1063566816, tf_ebp = -952309068, tf_isp = -952309108, tf_ebx = -1049370624, tf_edx = -1062922452, tf_ecx = -1062922456, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1066983636, tf_cs = 32, tf_eflags = 66054, tf_esp = -1063236056, tf_ss = 0}) at /files1/src/sys/i386/i386/trap.c:463 #9 0xc087d7ba in calltrap () at /files1/src/sys/i386/i386/exception.s:138 #10 0xc0671f2c in giant_close (dev=0xc173e000, fflag=3, devtype=8192, td=0xc17146c0) at /files1/src/sys/kern/kern_conf.c:266 #11 0xc064c14f in devfs_close (ap=0xc73ceb0c) ---Type to continue, or q to quit--- at /files1/src/sys/fs/devfs/devfs_vnops.c:281 #12 0xc08a3e7a in VOP_CLOSE_APV (vop=0x0, a=0xc73ceb0c) at vnode_if.c:424 #13 0xc06ff4df in vn_close (vp=0xc1a54410, flags=3, file_cred=0x0, td=0xc17146c0) at vnode_if.h:227 #14 0xc070033a in vn_closefile (fp=0xc16b5678, td=0xc17146c0) at /files1/src/sys/kern/vfs_vnops.c:870 #15 0xc064c177 in devfs_close_f (fp=0xc16b5678, td=0xc17146c0) at /files1/src/sys/fs/devfs/devfs_vnops.c:291 #16 0xc067ad44 in fdrop_locked (fp=0xc16b5678, td=0xc17146c0) at file.h:296 #17 0xc067acb4 in fdrop (fp=0xc16b5678, td=0xc17146c0) at /files1/src/sys/kern/kern_descrip.c:2146 #18 0xc06797a3 in closef (fp=0xc16b5678, td=0xc17146c0) at /files1/src/sys/kern/kern_descrip.c:1961 #19 0xc067703a in close (td=0xc17146c0, uap=0x0) at /files1/src/sys/kern/kern_descrip.c:1018 (kgdb) frame 10 #10 0xc0671f2c in giant_close (dev=0xc173e000, fflag=3, devtype=8192, td=0xc17146c0) at /files1/src/sys/kern/kern_conf.c:266 266 retval = dev->si_devsw->d_gianttrick-> (kgdb) list 261 giant_close(struct cdev *dev, int fflag, int devtype, struct thread *td) 262 { 263 int retval; 264 265 mtx_lock(&Giant); 266 retval = dev->si_devsw->d_gianttrick-> 267 d_close(dev, fflag, devtype, td); 268 mtx_unlock(&Giant); 269 return (retval); 270 } (kgdb) print dev $1 = (struct cdev *) 0xc173e000 (kgdb) print dev->si_devsw $2 = (struct cdevsw *) 0x0