From owner-freebsd-bugs@FreeBSD.ORG Wed Jul 16 10:40:01 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 748981065676 for ; Wed, 16 Jul 2008 10:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 5610F8FC24 for ; Wed, 16 Jul 2008 10:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m6GAe1hs031432 for ; Wed, 16 Jul 2008 10:40:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m6GAe1v1031431; Wed, 16 Jul 2008 10:40:01 GMT (envelope-from gnats) Resent-Date: Wed, 16 Jul 2008 10:40:01 GMT Resent-Message-Id: <200807161040.m6GAe1v1031431@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Stefan Krüger Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6BD9A106566C for ; Wed, 16 Jul 2008 10:33:20 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 5F9058FC1A for ; Wed, 16 Jul 2008 10:33:20 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m6GAXKCV080191 for ; Wed, 16 Jul 2008 10:33:20 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.2/8.14.1/Submit) id m6GAXJll080190; Wed, 16 Jul 2008 10:33:19 GMT (envelope-from nobody) Message-Id: <200807161033.m6GAXJll080190@www.freebsd.org> Date: Wed, 16 Jul 2008 10:33:19 GMT From: Stefan Krüger To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/125673: FreeBSD7 panics when kldunloading firewire X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jul 2008 10:40:01 -0000 >Number: 125673 >Category: kern >Synopsis: FreeBSD7 panics when kldunloading firewire >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jul 16 10:40:00 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Stefan Krüger >Release: 7.0-STABLE >Organization: >Environment: FreeBSD localhost 7.0-STABLE FreeBSD 7.0-STABLE #37: Sun Jul 6 12:08:12 CEST 2008 root@localhost:/usr/obj/usr/src/sys/ULE_KERNCONF i386 >Description: I just did a # kldunload firewire as root and was "awarded" with a nice kernel panic: # cat info.4 Dump header from device /dev/da0s1b Architecture: i386 Architecture Version: 2 Dump Length: 149069824B (142 MB) Blocksize: 512 Dumptime: Wed Jul 16 11:11:48 2008 Hostname: localhost Magic: FreeBSD Kernel Dump Version String: FreeBSD 7.0-STABLE #37: Sun Jul 6 12:08:12 CEST 2008 root@localhost:/usr/obj/usr/src/sys/ULE_KERNCONF Panic String: page fault Dump Parity: 392815939 Bounds: 4 Dump Status: good # kgdb /boot/kernel/kernel /var/crash/vmcore.4 Unread portion of the kernel message buffer: firewire0: detached Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0x188 fault code = supervisor read, page not present instruction pointer = 0x20:0xc052dc42 stack pointer = 0x28:0xe6447ad0 frame pointer = 0x28:0xe6447ae8 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 2159 (kldunload) trap number = 12 panic: page fault cpuid = 1 Uptime: 1h29m35s Physical memory: 1015 MB Dumping 142 MB: 127 111 95 79 63 47 31 15 [Reading symbols output omitted] (kgdb) where #0 doadump () at pcpu.h:195 #1 0xc053ade6 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418 #2 0xc053b0be in panic (fmt=Variable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:572 #3 0xc07659bc in trap_fatal (frame=0xe6447a90, eva=392) at /usr/src/sys/i386/i386/trap.c:899 #4 0xc0765c2b in trap_pfault (frame=0xe6447a90, usermode=0, eva=392) at /usr/src/sys/i386/i386/trap.c:812 #5 0xc0766622 in trap (frame=0xe6447a90) at /usr/src/sys/i386/i386/trap.c:490 #6 0xc074cfdb in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #7 0xc052dc42 in _mtx_lock_sleep (m=0xc3c06388, tid=3295632032, opts=0, file=0xc0917a07 "/usr/src/sys/modules/firewire/firewire/../../../dev/firewire/firewire.c", line=576) at /usr/src/sys/kern/kern_mutex.c:339 #8 0xc052e0e2 in _mtx_lock_flags (m=0xc3c06388, opts=0, file=0xc0917a07 "/usr/src/sys/modules/firewire/firewire/../../../dev/firewire/firewire.c", line=576) at /usr/src/sys/kern/kern_mutex.c:186 #9 0xc090c62a in fw_drain_txq (fc=0xc3c06000) at /usr/src/sys/modules/firewire/firewire/../../../dev/firewire/firewire.c:576 #10 0xc090f330 in fwohci_stop (sc=0xc3c06000, dev=0xc3bdd980) at /usr/src/sys/modules/firewire/firewire/../../../dev/firewire/fwohci.c:1760 #11 0xc09137bb in fwohci_pci_detach (self=0xc3bdd980) at /usr/src/sys/modules/firewire/firewire/../../../dev/firewire/fwohci_pci.c:414 #12 0xc0560878 in device_detach (dev=0xc3bdd980) at device_if.h:212 #13 0xc0560bb1 in devclass_delete_driver (busclass=0xc3afd880, driver=0xc091aac0) at /usr/src/sys/kern/subr_bus.c:947 #14 0xc0560d15 in driver_module_handler (mod=0xc3ac28c0, what=1, arg=0xc091aaac) at /usr/src/sys/kern/subr_bus.c:3863 #15 0xc052cc57 in module_unload (mod=0xc3ac28c0, flags=0) at /usr/src/sys/kern/kern_module.c:244 #16 0xc05249df in linker_file_unload (file=0xc3ae0400, flags=0) at /usr/src/sys/kern/kern_linker.c:589 #17 0xc0525443 in kern_kldunload (td=0xc46f5aa0, fileid=5, flags=0) at /usr/src/sys/kern/kern_linker.c:1011 #18 0xc05254cb in kldunloadf (td=0xc46f5aa0, uap=0xe6447cfc) at /usr/src/sys/kern/kern_linker.c:1040 #19 0xc0765fb5 in syscall (frame=0xe6447d38) at /usr/src/sys/i386/i386/trap.c:1035 #20 0xc074d040 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:196 #21 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) list *0xc052dc42 # this is the instruction pointer 0xc052dc42 is in _mtx_lock_sleep (/usr/src/sys/kern/kern_mutex.c:341). 336 */ 337 v = m->mtx_lock; 338 if (v != MTX_UNOWNED) { 339 owner = (struct thread *)(v & ~MTX_FLAGMASK); 340 #ifdef ADAPTIVE_GIANT 341 if (TD_IS_RUNNING(owner)) { 342 #else 343 if (m != &Giant && TD_IS_RUNNING(owner)) { 344 #endif 345 if (LOCK_LOG_TEST(&m->lock_object, 0)) (kgdb) f 7 #7 0xc052dc42 in _mtx_lock_sleep (m=0xc3c06388, tid=3295632032, opts=0, file=0xc0917a07 "/usr/src/sys/modules/firewire/firewire/../../../dev/firewire/firewire.c", line=576) at /usr/src/sys/kern/kern_mutex.c:339 339 owner = (struct thread *)(v & ~MTX_FLAGMASK); (kgdb) print owner $8 = (volatile struct thread *) 0x0 So owner is NULL, but a) I have no idea if this is the root of the panic b) I have no idea how to fix this Any help is much appreciated, kernel + vmcore are available on request >How-To-Repeat: # kldunload firewire >Fix: >Release-Note: >Audit-Trail: >Unformatted: