Date: Sat, 19 Jan 2013 10:10:54 -0500 From: Glen Barber <gjb@FreeBSD.org> To: freebsd-current@FreeBSD.org Subject: Fatal trap 12 with process cambio on USB attach Message-ID: <20130119151054.GA1301@glenbarber.us>
next in thread | raw e-mail | index | archive | help
--mP3DRpeJDSE+ciuQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi,
I am running one-day-old -CURRENT:
root@nucleus:~ # uname -a
FreeBSD nucleus 10.0-CURRENT FreeBSD 10.0-CURRENT #51 r245605: Fri Jan
18 11:25:40 EST 2013 root@nucleus:/usr/obj/usr/src/sys/NUCLEUS amd64
I attached a MicroSDHC flash card with a MicroSD->USB adapter, and the
system crashed with a kernel page fault. I am certain the SDHC card
should work, as it works in other FreeBSD machines.
kgdb session follows. Please let me know if I can provide further
information.
Thanks,
Glen
Script started on Sat Jan 19 10:03:27 2013
root@nucleus:/usr/obj/usr/src/sys/NUCLEUS # kgdb kernel.debug /var/crash/vm=
core.8
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain condition=
s.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
Unread portion of the kernel message buffer:
umass0:4:0:-1: Attached to scbus4
Fatal trap 12: page fault while in kernel mode
cpuid =3D 6; apic id =3D 06
fault virtual address =3D 0x0
fault code =3D supervisor read data, page not present
instruction pointer =3D 0x20:0xffffffff802933c9
stack pointer =3D 0x28:0xffffff80003098e0
frame pointer =3D 0x28:0xffffff8000309910
code segment =3D base 0x0, limit 0xfffff, type 0x1b
=3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags =3D interrupt enabled, resume, IOPL =3D 0
current process =3D 12 (swi2: cambio)
trap number =3D 12
panic: page fault
cpuid =3D 6
KDB: stack backtrace:
#0 0xffffffff80608966 at kdb_backtrace+0x66
#1 0xffffffff805cea9b at panic+0x13b
#2 0xffffffff808880a0 at trap_fatal+0x290
#3 0xffffffff80888411 at trap_pfault+0x221
#4 0xffffffff808889c4 at trap+0x344
#5 0xffffffff80872213 at calltrap+0x8
#6 0xffffffff802934a5 at camq_remove+0x65
#7 0xffffffff80298c4f at xpt_run_dev_sendq+0xef
#8 0xffffffff802995a0 at camisr_runqueue+0x290
#9 0xffffffff802997bf at camisr+0xff
#10 0xffffffff8059fe4d at intr_event_execute_handlers+0xfd
#11 0xffffffff805a165e at ithread_loop+0x9e
#12 0xffffffff8059ca1f at fork_exit+0x11f
#13 0xffffffff8087273e at fork_trampoline+0xe
Uptime: 41s
Dumping 551 out of 7951 MB:..3%..12%..21%..32%..41%..53%..61%..73%..82% (CT=
RL-C to abort) ..93%
Reading symbols from /boot/kernel/zfs.ko...Reading symbols from /bootdir/bo=
ot/kernel/zfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/zfs.ko
Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols from /bo=
otdir/boot/kernel/opensolaris.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/opensolaris.ko
Reading symbols from /boot/kernel/geom_eli.ko...Reading symbols from /bootd=
ir/boot/kernel/geom_eli.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/geom_eli.ko
Reading symbols from /boot/kernel/linux.ko...Reading symbols from /bootdir/=
boot/kernel/linux.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linux.ko
Reading symbols from /boot/kernel/coretemp.ko...Reading symbols from /bootd=
ir/boot/kernel/coretemp.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/coretemp.ko
Reading symbols from /boot/kernel/acpi_video.ko...Reading symbols from /boo=
tdir/boot/kernel/acpi_video.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi_video.ko
Reading symbols from /boot/kernel/sem.ko...Reading symbols from /bootdir/bo=
ot/kernel/sem.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/sem.ko
Reading symbols from /boot/kernel/acpi_asus.ko...Reading symbols from /boot=
dir/boot/kernel/acpi_asus.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi_asus.ko
Reading symbols from /boot/kernel/aesni.ko...Reading symbols from /bootdir/=
boot/kernel/aesni.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/aesni.ko
Reading symbols from /boot/kernel/pf.ko...Reading symbols from /bootdir/boo=
t/kernel/pf.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/pf.ko
Reading symbols from /boot/kernel/i915kms.ko...Reading symbols from /bootdi=
r/boot/kernel/i915kms.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/i915kms.ko
Reading symbols from /boot/kernel/iicbb.ko...Reading symbols from /bootdir/=
boot/kernel/iicbb.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/iicbb.ko
Reading symbols from /boot/kernel/iicbus.ko...Reading symbols from /bootdir=
/boot/kernel/iicbus.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/iicbus.ko
Reading symbols from /boot/kernel/iic.ko...Reading symbols from /bootdir/bo=
ot/kernel/iic.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/iic.ko
Reading symbols from /boot/kernel/agp.ko...Reading symbols from /bootdir/bo=
ot/kernel/agp.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/agp.ko
Reading symbols from /boot/kernel/drm2.ko...Reading symbols from /bootdir/b=
oot/kernel/drm2.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/drm2.ko
Reading symbols from /usr/local/libexec/linux_adobe/linux_adobe.ko...done.
Loaded symbols for /usr/local/libexec/linux_adobe/linux_adobe.ko
#0 doadump (textdump=3D<value optimized out>) at pcpu.h:229
229 __asm("movq %%gs:%1,%0" : "=3Dr" (td)
(kgdb) bt
#0 doadump (textdump=3D<value optimized out>) at pcpu.h:229
#1 0xffffffff805ce604 in kern_reboot (howto=3D260) at /usr/src/sys/kern/ke=
rn_shutdown.c:446
#2 0xffffffff805cea85 in panic (fmt=3D<value optimized out>) at /usr/src/s=
ys/kern/kern_shutdown.c:753
#3 0xffffffff808880a0 in trap_fatal (frame=3D0xc, eva=3D<value optimized o=
ut>)
at /usr/src/sys/amd64/amd64/trap.c:872
#4 0xffffffff80888411 in trap_pfault (frame=3D0xffffff8000309830, usermode=
=3D0)
at /usr/src/sys/amd64/amd64/trap.c:789
#5 0xffffffff808889c4 in trap (frame=3D0xffffff8000309830) at /usr/src/sys=
/amd64/amd64/trap.c:463
#6 0xffffffff80872213 in calltrap () at /usr/src/sys/amd64/amd64/exception=
=2ES:228
#7 0xffffffff802933c9 in heap_down (queue_array=3D0xfffffe01c90223f8, inde=
x=3D<value optimized out>,=20
num_entries=3D0) at /usr/src/sys/cam/cam_queue.c:357
#8 0xffffffff802934a5 in camq_remove (queue=3D0xfffffe000359e880, index=3D=
-1) at /usr/src/sys/cam/cam_queue.c:185
#9 0xffffffff80298c4f in xpt_run_dev_sendq (bus=3D0xfffffe01c909ed00) at c=
am_queue.h:210
#10 0xffffffff802995a0 in camisr_runqueue (V_queue=3D<value optimized out>)=
at /usr/src/sys/cam/cam_xpt.c:5102
#11 0xffffffff802997bf in camisr (dummy=3D<value optimized out>) at /usr/sr=
c/sys/cam/cam_xpt.c:5002
#12 0xffffffff8059fe4d in intr_event_execute_handlers (p=3D<value optimized=
out>, ie=3D0xfffffe00031ccc00)
at /usr/src/sys/kern/kern_intr.c:1272
#13 0xffffffff805a165e in ithread_loop (arg=3D0xfffffe0002f5a800) at /usr/s=
rc/sys/kern/kern_intr.c:1285
#14 0xffffffff8059ca1f in fork_exit (callout=3D0xffffffff805a15c0 <ithread_=
loop>, arg=3D0xfffffe0002f5a800,=20
frame=3D0xffffff8000309ac0) at /usr/src/sys/kern/kern_fork.c:991
#15 0xffffffff8087273e in fork_trampoline () at /usr/src/sys/amd64/amd64/ex=
ception.S:602
#16 0x0000000000000000 in ?? ()
(kgdb) frame 7
#7 0xffffffff802933c9 in heap_down (queue_array=3D0xfffffe01c90223f8, inde=
x=3D<value optimized out>,=20
num_entries=3D0) at /usr/src/sys/cam/cam_queue.c:357
357 if (queue_array[i]->priority =3D=3D queue_array[j]->priorit=
y)
(kgdb) list *0xffffffff802933c9
0xffffffff802933c9 is in heap_down (/usr/src/sys/cam/cam_queue.c:357).
352 * equal too, or greater than j respectively.
353 */
354 static __inline int
355 queue_cmp(cam_pinfo **queue_array, int i, int j)
356 {
357 if (queue_array[i]->priority =3D=3D queue_array[j]->priorit=
y)
358 return ( queue_array[i]->generation
359 - queue_array[j]->generation );
360 else
361 return ( queue_array[i]->priority
(kgdb) frame 8
#8 0xffffffff802934a5 in camq_remove (queue=3D0xfffffe000359e880, index=3D=
-1) at /usr/src/sys/cam/cam_queue.c:185
185 heap_down(queue->queue_array, index, queue->entries=
- 1);
(kgdb) list *0xffffffff802934a5
0xffffffff802934a5 is in camq_remove (/usr/src/sys/cam/cam_queue.c:187).
182 if (queue->entries !=3D index) {
183 queue->queue_array[index] =3D queue->queue_array[qu=
eue->entries];
184 queue->queue_array[index]->index =3D index;
185 heap_down(queue->queue_array, index, queue->entries=
- 1);
186 }
187 removed_entry->index =3D CAM_UNQUEUED_INDEX;
188 queue->entries--;
189 return (removed_entry);
190 }
191 =20
(kgdb) frame 9
#9 0xffffffff80298c4f in xpt_run_dev_sendq (bus=3D0xfffffe01c909ed00) at c=
am_queue.h:210
210 camq_remove(&ccbq->queue, ccb->ccb_h.pinfo.index);
(kgdb) list *0xffffffff80298c4f
0xffffffff80298c4f is in xpt_run_dev_sendq (cam_queue.h:211).
206 =20
207 static __inline int
208 cam_ccbq_remove_ccb(struct cam_ccbq *ccbq, union ccb *ccb)
209 {
210 camq_remove(&ccbq->queue, ccb->ccb_h.pinfo.index);
211 if (ccbq->queue.qfrozen_cnt[CAM_PRIORITY_TO_RL(
212 ccb->ccb_h.pinfo.priority)] > 0) {
213 ccbq->devq_openings--;
214 ccbq->held--;
215 return (1);
(kgdb) frame 10
#10 0xffffffff802995a0 in camisr_runqueue (V_queue=3D<value optimized out>)=
at /usr/src/sys/cam/cam_xpt.c:5102
5102 xpt_run_dev_sendq(ccb_h->path->bus);
(kgdb) list *0xffffffff802995a0
0xffffffff802995a0 is in camisr_runqueue (/usr/src/sys/cam/cam_xpt.c:5102).
5097 && (ccb_h->status & CAM_DEV_QFRZN)) {
5098 xpt_release_devq(ccb_h->path, /*count*/1,
5099 /*run_queue*/TRUE);
5100 ccb_h->status &=3D ~CAM_DEV_QFRZN;
5101 } else if (runq) {
5102 xpt_run_dev_sendq(ccb_h->path->bus);
5103 }
5104 =20
5105 /* Call the peripheral driver's callback */
5106 (*ccb_h->cbfcnp)(ccb_h->path->periph, (union ccb *)=
ccb_h);
(kgdb) p *ccb_h
$1 =3D {pinfo =3D {priority =3D 896, generation =3D 29, index =3D -1}, xpt_=
links =3D {le =3D {le_next =3D 0x0, le_prev =3D 0x0},=20
sle =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D 0x0, tqe_prev =3D 0x0=
}, stqe =3D {stqe_next =3D 0x0}}, sim_links =3D {
le =3D {le_next =3D 0x0, le_prev =3D 0xfffffe0185688c28}, sle =3D {sle_=
next =3D 0x0}, tqe =3D {tqe_next =3D 0x0,=20
tqe_prev =3D 0xfffffe0185688c28}, stqe =3D {stqe_next =3D 0x0}}, peri=
ph_links =3D {le =3D {le_next =3D 0x0,=20
le_prev =3D 0x0}, sle =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D 0=
x0, tqe_prev =3D 0x0}, stqe =3D {
stqe_next =3D 0x0}}, retry_count =3D 4, cbfcnp =3D 0xffffffff802d6dd0=
<dadone>, func_code =3D XPT_SCSI_IO,=20
status =3D 1, path =3D 0xfffffe0006f878a0, path_id =3D 4, target_id =3D 0=
, target_lun =3D 0, flags =3D 64,=20
periph_priv =3D {entries =3D {{ptr =3D 0x1, field =3D 1, bytes =3D "\001\=
000\000\000\000\000\000"}, {ptr =3D 0x0,=20
field =3D 0, bytes =3D "\000\000\000\000\000\000\000"}}, bytes =3D =
"\001", '\0' <repeats 14 times>},=20
sim_priv =3D {entries =3D {{ptr =3D 0x0, field =3D 0, bytes =3D "\000\000=
\000\000\000\000\000"}, {ptr =3D 0x0,=20
field =3D 0, bytes =3D "\000\000\000\000\000\000\000"}}, bytes =3D =
'\0' <repeats 15 times>}, timeout =3D 5000,=20
timeout_ch =3D {callout =3D 0x0}}
(kgdb) root@nucleus:/usr/obj/usr/src/sys/NUCLEUS # ^D
Script done on Sat Jan 19 10:04:19 2013
--mP3DRpeJDSE+ciuQ
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)
iQEcBAEBCAAGBQJQ+rd+AAoJEFJPDDeguUajEpUH/jTWrhMCe4eXDEYIRyzukpTY
K/pjnk4AuWAhIKISg9ubcngoZ3HxB2htNuyyO1krQmSOJNbg1YZOByaaEdAajIT2
71slwFYeQxlXIUXvtN3TQw1RXlSW+rSIwxW8uS3wNWGNBAJhYXsuv8Zk+8Gq0Y44
YJ7PrzLfYd5OKBOyJKiAGA3H9N9G3ZEcb7JKVi0aeqkmXZRg0wErjmc5nzFy3HSs
rTB03mTJvtrH52+XHVM1Wq0x3pgPVrjTPZht5Cy3IsPB/WadD6oak2GxYvxjMlcF
tU7rdxTvr7Po0mr/wzENnqBqY4X3lWmvFD4IhHe0GTQocP9K7N8blYNQ5h/2FdM=
=gNHE
-----END PGP SIGNATURE-----
--mP3DRpeJDSE+ciuQ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130119151054.GA1301>