From owner-freebsd-current@FreeBSD.ORG Mon Oct 31 08:52:53 2011 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 56F301065675 for ; Mon, 31 Oct 2011 08:52:53 +0000 (UTC) (envelope-from mokomull@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id DE6A48FC17 for ; Mon, 31 Oct 2011 08:52:52 +0000 (UTC) Received: by bkbzs2 with SMTP id zs2so3119231bkb.13 for ; Mon, 31 Oct 2011 01:52:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=iVeXEZinBfQBHVvXGHw9ADJDYziKsKypIxhjQeewJCY=; b=smecAYnXm8yuym+eXQLN7915Er+msomdZYPpSKUZlp41Br0y6UB9Pa2l15Vbse1TpU HXU3o4hGkdS3ytv6Ip3fLG7kAyHIrojen7H9FEF9bTKOdATN4Cmp7rVI5XYvqnPNGlup jkG7GQpOh6Q28zPLhRBdU/DQKFMcJ5kFOqGlM= MIME-Version: 1.0 Received: by 10.204.16.67 with SMTP id n3mr7934318bka.6.1320049360342; Mon, 31 Oct 2011 01:22:40 -0700 (PDT) Received: by 10.204.30.198 with HTTP; Mon, 31 Oct 2011 01:22:40 -0700 (PDT) Date: Mon, 31 Oct 2011 01:22:40 -0700 Message-ID: From: Matt Mullins To: freebsd-current@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: ng_ubt fatal trap 12 on RELENG_9 and CURRENT X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Oct 2011 08:52:53 -0000 I ran into a somewhat interesting snag while trying out FreeBSD 9 on my laptop.=A0 I built a kernel from the RELENG_9 branch, and get a "fatal trap 12" during the initialization sequence.=A0 For testing, I rebuilt the same kernel from the CURRENT branch, with the same problem -- this is the one that I'm debugging now. The kernel was built with the following options in addition to the generic config: options VIMAGE device epair nooptions GEOM_PART_EBR_COMPAT The errors as retrieved from the core dump: ubt0: on usbus0 Fatal trap 12: page fault while in kernel mode cpuid =3D 1; apic id =3D 01 fault virtual address=A0=A0 =3D 0x28 fault code=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =3D supervisor read data,= page not present instruction pointer=A0=A0=A0=A0 =3D 0x20:0xffffffff8164475d stack pointer=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =3D 0x28:0xffffff80f7180970 frame pointer=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =3D 0x28:0xffffff80f71809a0 code segment=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =3D base 0x0, limit 0xfffff, = type 0x1b =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =3D D= PL 0, pres 1, long 1, def32 0, gran 1 processor eflags=A0=A0=A0=A0=A0=A0=A0 =3D interrupt enabled, resume, IOPL = =3D 0 current process=A0=A0=A0=A0=A0=A0=A0=A0 =3D 15 (usbus0) trap number=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =3D 12 panic: page fault cpuid =3D 1 KDB: stack backtrace: #0 0xffffffff8086b45e at kdb_backtrace+0x5e #1 0xffffffff80835da7 at panic+0x187 #2 0xffffffff80b2ccc0 at trap_fatal+0x290 #3 0xffffffff80b2d009 at trap_pfault+0x1f9 #4 0xffffffff80b2d4cf at trap+0x3df #5 0xffffffff80b17a1f at calltrap+0x8 #6 0xffffffff8163620e at ubt_attach+0x5e #7 0xffffffff80864799 at device_attach+0x69 #8 0xffffffff806d8389 at usb_probe_and_attach+0x1f9 #9 0xffffffff806e078c at uhub_explore+0x46c #10 0xffffffff806cab5e at usb_bus_explore+0x9e #11 0xffffffff806e4783 at usb_process+0xd3 #12 0xffffffff8080927f at fork_exit+0x11f #13 0xffffffff80b17f4e at fork_trampoline+0xe Relevant information pulled from kgdb: (kgdb) bt #0 doadump (textdump=3DVariable "textdump" is not available. ) at pcpu.h:224 #1 0xffffffff808358e5 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:442 #2 0xffffffff80835d91 in panic (fmt=3DVariable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:607 #3 0xffffffff80b2ccc0 in trap_fatal (frame=3D0xc, eva=3DVariable "eva" is not available. ) at /usr/src/sys/amd64/amd64/trap.c:818 #4 0xffffffff80b2d009 in trap_pfault (frame=3D0xffffff80f71808c0, usermode=3D0) at /usr/src/sys/amd64/amd64/trap.c:734 #5 0xffffffff80b2d4cf in trap (frame=3D0xffffff80f71808c0) at /usr/src/sys/amd64/amd64/trap.c:473 #6 0xffffffff80b17a1f in calltrap () at /usr/src/sys/amd64/amd64/exception.S:228 #7 0xffffffff8164475d in ng_make_node_common (type=3D0xffffffff81638fc0, nodepp=3D0xfffffe0005b93910) at /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:655 #8 0xffffffff8163620e in ubt_attach (dev=3D0xfffffe0005e65100) at /usr/src/sys/modules/netgraph/bluetooth/ubt/../../../../netgraph/bluetooth/= drivers/ubt/ng_ubt.c:455 #9 0xffffffff80864799 in device_attach (dev=3D0xfffffe0005e65100) at device_if.h:180 #10 0xffffffff806d8389 in usb_probe_and_attach (udev=3D0xfffffe000534e000, iface_index=3DVariable "iface_index" is not available. ) at /usr/src/sys/dev/usb/usb_device.c:1195 #11 0xffffffff806e078c in uhub_explore (udev=3D0xfffffe00052d3000) at /usr/src/sys/dev/usb/usb_hub.c:269 #12 0xffffffff806cab5e in usb_bus_explore (pm=3DVariable "pm" is not availa= ble. ) at /usr/src/sys/dev/usb/controller/usb_controller.c:259 #13 0xffffffff806e4783 in usb_process (arg=3DVariable "arg" is not availabl= e. ) at /usr/src/sys/dev/usb/usb_process.c:165 #14 0xffffffff8080927f in fork_exit (callout=3D0xffffffff806e46b0 , arg=3D0xffffff8000726e88, frame=3D0xffffff80f7180c50) at /usr/src/sys/kern/kern_fork.c:995 #15 0xffffffff80b17f4e in fork_trampoline () at /usr/src/sys/amd64/amd64/exception.S:602 (kgdb) list *0xffffffff8164475d 0xffffffff8164475d is in ng_make_node_common (/usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:655). 650 /* Initialize hook list for new node */ 651 LIST_INIT(&node->nd_hooks); 652 653 /* Link us into the name hash. */ 654 mtx_lock(&ng_namehash_mtx); 655 LIST_INSERT_HEAD(&V_ng_name_hash[0], node, nd_nodes); 656 mtx_unlock(&ng_namehash_mtx); 657 658 /* get an ID and put us in the hash chain */ 659 mtx_lock(&ng_idhash_mtx); This is my first time looking at FreeBSD kernel code, so to verify that I'm reading these #defines correctly and not looking at nonsense objects: (kgdb) print ((struct pcpu*) __pcpu)->pc_curthread->td_proc->p_comm $16 =3D "usb\000el", '\0' Time to get dirty and figure out what address V_ng_name_hash points to. First, find the value of curvnet in net/vnet.h: (kgdb) print ((struct pcpu*) __pcpu)->pc_curthread->td_vnet $17 =3D (struct vnet *) 0x0 That looks like a null pointer... not good. It's late, so I'm going to come back to this later. Any ideas on where I should go from here?