Date: Fri, 16 May 2003 13:33:22 -0400 (EDT) From: Andre Guibert de Bruet <andy@siliconlandmark.com> To: Robert Watson <rwatson@freebsd.org> Cc: current@freebsd.org Subject: Re: USB CF Reader causes Fatal trap 12 Message-ID: <20030516132126.P28986@alpha.siliconlandmark.com> In-Reply-To: <Pine.NEB.3.96L.1030516131352.24024a-100000@fledge.watson.org> References: <Pine.NEB.3.96L.1030516131352.24024a-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
"It" was the dump, yes. I accidentally deleted the dump and I'm off to work at the moment, so I won't be able to produce another dump until later today. Anyway, here are the source code offsets for the functions listed in the trace: (kgdb) l *g_disk_access+0xa9 0xc01daf29 is in g_disk_access (../../../geom/geom_disk.c:109). 104 w += pp->acw; 105 e += pp->ace; 106 dp = pp->geom->softc; 107 error = 0; 108 if ((pp->acr + pp->acw + pp->ace) == 0 && (r + w + e) > 0) { 109 if (dp->d_open != NULL) { 110 g_disk_lock_giant(dp); 111 error = dp->d_open(dp); 112 if (error != 0) 113 printf("Opened disk %s -> %d\n", (kgdb) l *g_access_rel+0x20e 0xc01dfa3e is in g_access_rel (../../../geom/geom_subr.c:513). 508 else if ((dcr > 0 || dcw > 0 || dce > 0) && pp->error != 0) 509 return (pp->error); 510 511 /* Ok then... */ 512 513 error = pp->geom->access(pp, dcr, dcw, dce); 514 if (!error) { 515 /* 516 * If we open first write, spoil any partner consumers. 517 * If we close last write, trigger re-taste. (kgdb) l *g_slice_new+0xdb 0xc01de8eb is in g_slice_new (../../../geom/geom_slice.c:457). 452 gp->dumpconf = g_slice_dumpconf; 453 cp = g_new_consumer(gp); 454 error = g_attach(cp, pp); 455 if (error == 0) 456 error = g_access_rel(cp, 1, 0, 0); 457 if (error) { 458 g_wither_geom(gp, ENXIO); 459 return (NULL); 460 } 461 *vp = gsp->softc; (kgdb) l *g_bsd_taste+0xa9 0xc0349b29 is in g_bsd_taste (../../../geom/geom_bsd.c:571). 566 * and a softc structure for us. Specify the provider to attach 567 * the consumer to and our "start" routine for special requests. 568 * The provider is opened with mode (1,0,0) so we can do reads 569 * from it. 570 */ 571 gp = g_slice_new(mp, MAXPARTITIONS, pp, &cp, &ms, 572 sizeof(*ms), g_bsd_start); 573 if (gp == NULL) 574 return (NULL); 575 (kgdb) l *g_new_provider_event+0x9c 0xc01df20c is in g_new_provider_event (../../../geom/geom_subr.c:258). 253 if (cp->geom->class == mp) 254 i = 0; 255 if (!i) 256 continue; 257 mp->taste(mp, pp, 0); 258 g_topology_assert(); 259 } 260 } 261 262 (kgdb) l *one_event+0x20a 0xc01dc77a is in one_event (../../../geom/geom_event.c:180). 175 } 176 TAILQ_REMOVE(&g_events, ep, events); 177 mtx_unlock(&g_eventlock); 178 g_topology_assert(); 179 ep->func(ep->arg, 0); 180 g_topology_assert(); 181 if (ep->flag & EV_WAKEUP) { 182 ep->flag |= EV_DONE; 183 wakeup(ep); 184 } else { (kgdb) l *g_run_events+0x8 0xc01dc858 is in g_run_events (../../../geom/geom_event.c:199). 194 195 void 196 g_run_events() 197 { 198 199 while (one_event()) 200 ; 201 } 202 203 void (kgdb) l *g_event_procbody+0x45 0xc01dd7a5 is in g_event_procbody (../../../geom/geom_kern.c:134). 129 130 mtx_assert(&Giant, MA_NOTOWNED); 131 tp->td_base_pri = PRIBIO; 132 for(;;) { 133 g_run_events(); 134 tsleep(&g_wait_event, PRIBIO, "g_events", hz/10); 135 } 136 } 137 138 static struct kproc_desc g_event_kp = { > Andre Guibert de Bruet | Enterprise Software Consultant > > Silicon Landmark, LLC. | http://siliconlandmark.com/ > On Fri, 16 May 2003, Robert Watson wrote: > On Fri, 16 May 2003, Andre Guibert de Bruet wrote: > > > No go on the backtrace. It appears as if it got corrupted somehow... > > I assume "it" here is the dump. You can still generate source code > offsets using the function+offset values in the ddb trace by attaching gdb > to the debugging kernel on disk and using: > > (kgdb) l *g_disk_access+0xa9 > ... > (kgdb) l *g_access_rel+0x20e > ... > > And so on. No local variable inspection, but helps if your source code > and build options aren't quite in sync with the ones of the person doing > the debugging. > > > On Fri, 16 May 2003, Andre Guibert de Bruet wrote: > > > > > The reader I'm using is a Dazzle 6 in 1 unit. It has worked flawlessly up > > > until last night's USB commit. At last boot, it came up as: > > > > > > > umass0: SCM Microsystems Inc. eUSB ORCA Quad Reader, rev 1.10/5.07, addr 4 > > > > da0 at umass-sim0 bus 0 target 0 lun 0 > > > > da0: <eUSB Compact Flash 5.07> Removable Direct Access SCSI-2 device > > > > da0: 1.000MB/s transfers > > > > da0: 122MB (250368 512 byte sectors: 64H 32S/T 122C) > > > > > > Upon connection, at the console: > > > > > > [... some messages that i couldn't copy and paste in time...] > > > umass0: Invalid CSW: tag 0 should be 10 > > > (da0:umass-sim0:0:0:0): AutoSense Failed > > > (da0:umass-sim0:0:0:0): removing device entry > > > Opened disk da0 -> 5 > > > > > > Fatal trap 12: page fault while in kernel mode > > > cpuid = 0; lapic.id = 00000000 > > > fault virtual address = 0x1c > > > fault code = supervisor read, page not present > > > instruction pointer = 0x8:0xc01daf29 > > > stack pointer = 0x10:0xe42e8b5c > > > frame pointer = 0x10:0xe42e8b84 > > > code segment = base 0x0, limit 0xfffff, type 0x1b > > > = DPL 0, pres 1, def32 1, gran 1 > > > processor eflags = interrupt enabled, resume, IOPL = 0 > > > current process = 2 (g_event) > > > kernel: type 12 trap, code=0 > > > Stopped at g_disk_access+0xa9: cmpl $0,0x1c(%esi) > > > db> call doadump > > > Dumping 3583 MB > > > ata3: resetting devices .. > > > done > > > 16 32 48 64 80 [... snip ...] 3568 > > > Dump complete > > > 0xf > > > > > > db> tr > > > g_disk_access(caafdd80,1,0,0,0) at g_disk_access+0xa9 > > > g_access_rel(cb598b80,1,0,0,e42e8c30) at g_access_rel+0x20e > > > g_slice_new(c0406b20,8,caafdd80,e42e8c2c,e42e8c30) at g_slice_new+0xdb > > > g_bsd_taste(c0406b20,caafdd80,0,102,caafdd00) at g_bsd_taste+0xa9 > > > g_new_provider_event(caafdd80,0,c03a3701,b2,66666667) at g_new_provider_event+0x9c > > > one_event(e42e8d14,c01dd7a5,c041b30c,0,4c) at one_event+0x20a > > > g_run_events(c041b30c,0,4c,c03a3a23,a) at g_run_events+0x8 > > > g_event_procbody(0,e42e8d48,c03a5629,2f8,c60f7e40) at g_event_procbody+0x45 > > > fork_exit(c01dd760,0,e42e8d48) at fork_exit+0xc0 > > > fork_trampoline() at fork_trampoline+0x1a > > > --- trap 0x1, eip = 0, esp = 0xe42e8d7c, ebp = 0 --- > > > > > > GDB trace to follow. Stay tuned...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030516132126.P28986>