Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 31 Oct 2011 01:22:40 -0700
From:      Matt Mullins <mokomull@gmail.com>
To:        freebsd-current@freebsd.org
Subject:   ng_ubt fatal trap 12 on RELENG_9 and CURRENT
Message-ID:  <CAPyT1SE0n4y6du9Janobyi31dBJOn3tz4r-YPqT=2Uy09ZAOwg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
I ran into a somewhat interesting snag while trying out FreeBSD 9 on
my laptop.=A0 I built a kernel from the RELENG_9 branch, and get a
"fatal trap 12" during the initialization sequence.=A0 For testing, I
rebuilt the same kernel from the CURRENT branch, with the same problem
-- this is the one that I'm debugging now.

The kernel was built with the following options in addition to the
generic config:
options         VIMAGE
device          epair
nooptions       GEOM_PART_EBR_COMPAT

The errors as retrieved from the core dump:
ubt0: <vendor 0x413c product 0x8140, class 224/1, rev 2.00/43.15, addr
2> on usbus0

Fatal trap 12: page fault while in kernel mode
cpuid =3D 1; apic id =3D 01
fault virtual address=A0=A0 =3D 0x28
fault code=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =3D supervisor read data,=
 page not present
instruction pointer=A0=A0=A0=A0 =3D 0x20:0xffffffff8164475d
stack pointer=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =3D 0x28:0xffffff80f7180970
frame pointer=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =3D 0x28:0xffffff80f71809a0
code segment=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =3D base 0x0, limit 0xfffff, =
type 0x1b
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =3D D=
PL 0, pres 1, long 1, def32 0, gran 1
processor eflags=A0=A0=A0=A0=A0=A0=A0 =3D interrupt enabled, resume, IOPL =
=3D 0
current process=A0=A0=A0=A0=A0=A0=A0=A0 =3D 15 (usbus0)
trap number=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =3D 12
panic: page fault
cpuid =3D 1
KDB: stack backtrace:
#0 0xffffffff8086b45e at kdb_backtrace+0x5e
#1 0xffffffff80835da7 at panic+0x187
#2 0xffffffff80b2ccc0 at trap_fatal+0x290
#3 0xffffffff80b2d009 at trap_pfault+0x1f9
#4 0xffffffff80b2d4cf at trap+0x3df
#5 0xffffffff80b17a1f at calltrap+0x8
#6 0xffffffff8163620e at ubt_attach+0x5e
#7 0xffffffff80864799 at device_attach+0x69
#8 0xffffffff806d8389 at usb_probe_and_attach+0x1f9
#9 0xffffffff806e078c at uhub_explore+0x46c
#10 0xffffffff806cab5e at usb_bus_explore+0x9e
#11 0xffffffff806e4783 at usb_process+0xd3
#12 0xffffffff8080927f at fork_exit+0x11f
#13 0xffffffff80b17f4e at fork_trampoline+0xe

Relevant information pulled from kgdb:
(kgdb) bt
#0  doadump (textdump=3DVariable "textdump" is not available.
) at pcpu.h:224
#1  0xffffffff808358e5 in kern_reboot (howto=3D260) at
/usr/src/sys/kern/kern_shutdown.c:442
#2  0xffffffff80835d91 in panic (fmt=3DVariable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:607
#3  0xffffffff80b2ccc0 in trap_fatal (frame=3D0xc, eva=3DVariable "eva" is
not available.
) at /usr/src/sys/amd64/amd64/trap.c:818
#4  0xffffffff80b2d009 in trap_pfault (frame=3D0xffffff80f71808c0,
usermode=3D0) at /usr/src/sys/amd64/amd64/trap.c:734
#5  0xffffffff80b2d4cf in trap (frame=3D0xffffff80f71808c0) at
/usr/src/sys/amd64/amd64/trap.c:473
#6  0xffffffff80b17a1f in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:228
#7  0xffffffff8164475d in ng_make_node_common
(type=3D0xffffffff81638fc0, nodepp=3D0xfffffe0005b93910) at
/usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:655
#8  0xffffffff8163620e in ubt_attach (dev=3D0xfffffe0005e65100) at
/usr/src/sys/modules/netgraph/bluetooth/ubt/../../../../netgraph/bluetooth/=
drivers/ubt/ng_ubt.c:455
#9  0xffffffff80864799 in device_attach (dev=3D0xfffffe0005e65100) at
device_if.h:180
#10 0xffffffff806d8389 in usb_probe_and_attach
(udev=3D0xfffffe000534e000, iface_index=3DVariable "iface_index" is not
available.
) at /usr/src/sys/dev/usb/usb_device.c:1195
#11 0xffffffff806e078c in uhub_explore (udev=3D0xfffffe00052d3000) at
/usr/src/sys/dev/usb/usb_hub.c:269
#12 0xffffffff806cab5e in usb_bus_explore (pm=3DVariable "pm" is not availa=
ble.
) at /usr/src/sys/dev/usb/controller/usb_controller.c:259
#13 0xffffffff806e4783 in usb_process (arg=3DVariable "arg" is not availabl=
e.
) at /usr/src/sys/dev/usb/usb_process.c:165
#14 0xffffffff8080927f in fork_exit (callout=3D0xffffffff806e46b0
<usb_process>, arg=3D0xffffff8000726e88, frame=3D0xffffff80f7180c50) at
/usr/src/sys/kern/kern_fork.c:995
#15 0xffffffff80b17f4e in fork_trampoline () at
/usr/src/sys/amd64/amd64/exception.S:602

(kgdb) list *0xffffffff8164475d
0xffffffff8164475d is in ng_make_node_common
(/usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:655).
650             /* Initialize hook list for new node */
651             LIST_INIT(&node->nd_hooks);
652
653             /* Link us into the name hash. */
654             mtx_lock(&ng_namehash_mtx);
655             LIST_INSERT_HEAD(&V_ng_name_hash[0], node, nd_nodes);
656             mtx_unlock(&ng_namehash_mtx);
657
658             /* get an ID and put us in the hash chain */
659             mtx_lock(&ng_idhash_mtx);

This is my first time looking at FreeBSD kernel code, so to verify
that I'm reading these #defines correctly and not looking at nonsense
objects:
(kgdb) print ((struct pcpu*) __pcpu)->pc_curthread->td_proc->p_comm
$16 =3D "usb\000el", '\0' <repeats 13 times>

Time to get dirty and figure out what address V_ng_name_hash points
to.  First, find the value of curvnet in net/vnet.h:
(kgdb) print ((struct pcpu*) __pcpu)->pc_curthread->td_vnet
$17 =3D (struct vnet *) 0x0

That looks like a null pointer... not good.

It's late, so I'm going to come back to this later.  Any ideas on
where I should go from here?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyT1SE0n4y6du9Janobyi31dBJOn3tz4r-YPqT=2Uy09ZAOwg>