Project

General

Profile

Actions

Bug #1873

open

Panic upon usb mouse detach and reattaching

Added by rumcic about 11 years ago. Updated almost 11 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

After several detaches and reattaches, the machine paniced with "Fatal trap 12:
page fault while in kernel mode"

The core dump is available at leaf:~rumko/crash/ums/*.0

#0 _get_mycpu (di=0xc04ff620) at ./machine/thread.h:83
#1 md_dumpsys (di=0xc04ff620)
at /usr/src/sys/platform/pc32/i386/dump_machdep.c:263
#2 0xc01e46cd in dumpsys () at /usr/src/sys/kern/kern_shutdown.c:880
#3 0xc01e4c8d in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:387
#4 0xc01e4f56 in panic (fmt=0xc0443534 "%s")
at /usr/src/sys/kern/kern_shutdown.c:786
#5 0xc040ffcb in trap_fatal (frame=0xea434808, eva=<value optimized out>)
at /usr/src/sys/platform/pc32/i386/trap.c:1117
#6 0xc04100d9 in trap_pfault (frame=0xea434808, usermode=0, eva=12)
at /usr/src/sys/platform/pc32/i386/trap.c:1018
#7 0xc0410b44 in trap (frame=0xea434808)
at /usr/src/sys/platform/pc32/i386/trap.c:699
#8 0xc03fcf17 in calltrap ()
at /usr/src/sys/platform/pc32/i386/exception.s:785
#9 0xc01d0854 in knote_remove (klist=0xd4292224, kn=0xea366ea0)
at /usr/src/sys/kern/kern_event.c:1370
#10 0xc0312c44 in devfs_detached_filter_detach (kn=0xea366ea0)
at /usr/src/sys/vfs/devfs/devfs_core.c:2234
#11 0xc01d0de7 in knote_detach_and_drop (kn=0xea366ea0)
at /usr/src/sys/kern/kern_event.c:1258
#12 0xc01d157b in kqueue_register (kq=0xea3965b4, kev=0xea4348b8)
at /usr/src/sys/kern/kern_event.c:933
#13 0xc020b2f3 in poll_copyout (arg=0xea434c9c, kevp=0xea4349b4, count=2,
res=0xea434cf0) at /usr/src/sys/kern/sys_generic.c:1325
#14 0xc01d20c5 in kern_kevent (kq=0xea3965b4, nevents=2147483647,
res=0xea434cf0, uap=0xea434c9c, kevent_copyinfn=0xc020b4a5 <poll_copyin>,
kevent_copyoutfn=0xc020b290 <poll_copyout>, tsp_in=0xea434cb0)
at /usr/src/sys/kern/kern_event.c:697
#15 0xc020b031 in dopoll (uap=0xea434cf0)
at /usr/src/sys/kern/sys_generic.c:1474
#16 sys_poll (uap=0xea434cf0) at /usr/src/sys/kern/sys_generic.c:1228
#17 0xc04113d2 in syscall2 (frame=0xea434d40)
at /usr/src/sys/platform/pc32/i386/trap.c:1310
#18 0xc03fcfc6 in Xint0x80_syscall ()
at /usr/src/sys/platform/pc32/i386/exception.s:876
#19 0x0000001f in ?? ()
--
Please do not CC me, since I already receive everything from these MLs.

Regards,
Rumko


Files

Actions #1

Updated by rumcic almost 11 years ago

A workaround has been provided by sjg ... by commenting out knote_remove, the
panic will not occur but small amounts of memory will be leaked.

Actions #2

Updated by nthery almost 11 years ago

Could you make vmcore.0 and info.0 readable please?

On 16 October 2010 20:13, Rumko <> wrote:

After several detaches and reattaches, the machine paniced with "Fatal trap 12:
page fault while in kernel mode"

The core dump is available at leaf:~rumko/crash/ums/*.0

#0  _get_mycpu (di=0xc04ff620) at ./machine/thread.h:83
#1  md_dumpsys (di=0xc04ff620)
at /usr/src/sys/platform/pc32/i386/dump_machdep.c:263
#2  0xc01e46cd in dumpsys () at /usr/src/sys/kern/kern_shutdown.c:880
#3  0xc01e4c8d in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:387
#4  0xc01e4f56 in panic (fmt=0xc0443534 "%s")
at /usr/src/sys/kern/kern_shutdown.c:786
#5  0xc040ffcb in trap_fatal (frame=0xea434808, eva=<value optimized out>)
at /usr/src/sys/platform/pc32/i386/trap.c:1117
#6  0xc04100d9 in trap_pfault (frame=0xea434808, usermode=0, eva=12)
at /usr/src/sys/platform/pc32/i386/trap.c:1018
#7  0xc0410b44 in trap (frame=0xea434808)
at /usr/src/sys/platform/pc32/i386/trap.c:699
#8  0xc03fcf17 in calltrap ()
at /usr/src/sys/platform/pc32/i386/exception.s:785
#9  0xc01d0854 in knote_remove (klist=0xd4292224, kn=0xea366ea0)
at /usr/src/sys/kern/kern_event.c:1370
#10 0xc0312c44 in devfs_detached_filter_detach (kn=0xea366ea0)
at /usr/src/sys/vfs/devfs/devfs_core.c:2234
#11 0xc01d0de7 in knote_detach_and_drop (kn=0xea366ea0)
at /usr/src/sys/kern/kern_event.c:1258
#12 0xc01d157b in kqueue_register (kq=0xea3965b4, kev=0xea4348b8)
at /usr/src/sys/kern/kern_event.c:933
#13 0xc020b2f3 in poll_copyout (arg=0xea434c9c, kevp=0xea4349b4, count=2,
res=0xea434cf0) at /usr/src/sys/kern/sys_generic.c:1325
#14 0xc01d20c5 in kern_kevent (kq=0xea3965b4, nevents=2147483647,
res=0xea434cf0, uap=0xea434c9c, kevent_copyinfn=0xc020b4a5 <poll_copyin>,
   kevent_copyoutfn=0xc020b290 <poll_copyout>, tsp_in=0xea434cb0)
at /usr/src/sys/kern/kern_event.c:697
#15 0xc020b031 in dopoll (uap=0xea434cf0)
at /usr/src/sys/kern/sys_generic.c:1474
#16 sys_poll (uap=0xea434cf0) at /usr/src/sys/kern/sys_generic.c:1228
#17 0xc04113d2 in syscall2 (frame=0xea434d40)
at /usr/src/sys/platform/pc32/i386/trap.c:1310
#18 0xc03fcfc6 in Xint0x80_syscall ()
at /usr/src/sys/platform/pc32/i386/exception.s:876
#19 0x0000001f in ?? ()
--
Please do not CC me, since I already receive everything from these MLs.

Regards,
Rumko

Actions #3

Updated by nthery almost 11 years ago

It tries to read at address 0xC which is the offset of kn_next so
it probably crashes while dereferencing kn_next in SLIST_REMOVE().
This could happen if SLIST_REMOVE() reaches the end of the list
without finding the knode in the klist. I can't figure out how this
could happen though.

Could you chmod vmcore.0 so I can analyse the dump please?

On 16 October 2010 20:13, Rumko <> wrote:

After several detaches and reattaches, the machine paniced with "Fatal trap 12:
page fault while in kernel mode"

The core dump is available at leaf:~rumko/crash/ums/*.0

#0  _get_mycpu (di=0xc04ff620) at ./machine/thread.h:83
#1  md_dumpsys (di=0xc04ff620)
at /usr/src/sys/platform/pc32/i386/dump_machdep.c:263
#2  0xc01e46cd in dumpsys () at /usr/src/sys/kern/kern_shutdown.c:880
#3  0xc01e4c8d in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:387
#4  0xc01e4f56 in panic (fmt=0xc0443534 "%s")
at /usr/src/sys/kern/kern_shutdown.c:786
#5  0xc040ffcb in trap_fatal (frame=0xea434808, eva=<value optimized out>)
at /usr/src/sys/platform/pc32/i386/trap.c:1117
#6  0xc04100d9 in trap_pfault (frame=0xea434808, usermode=0, eva=12)
at /usr/src/sys/platform/pc32/i386/trap.c:1018
#7  0xc0410b44 in trap (frame=0xea434808)
at /usr/src/sys/platform/pc32/i386/trap.c:699
#8  0xc03fcf17 in calltrap ()
at /usr/src/sys/platform/pc32/i386/exception.s:785
#9  0xc01d0854 in knote_remove (klist=0xd4292224, kn=0xea366ea0)
at /usr/src/sys/kern/kern_event.c:1370
#10 0xc0312c44 in devfs_detached_filter_detach (kn=0xea366ea0)
at /usr/src/sys/vfs/devfs/devfs_core.c:2234
#11 0xc01d0de7 in knote_detach_and_drop (kn=0xea366ea0)
at /usr/src/sys/kern/kern_event.c:1258
#12 0xc01d157b in kqueue_register (kq=0xea3965b4, kev=0xea4348b8)
at /usr/src/sys/kern/kern_event.c:933
#13 0xc020b2f3 in poll_copyout (arg=0xea434c9c, kevp=0xea4349b4, count=2,
res=0xea434cf0) at /usr/src/sys/kern/sys_generic.c:1325
#14 0xc01d20c5 in kern_kevent (kq=0xea3965b4, nevents=2147483647,
res=0xea434cf0, uap=0xea434c9c, kevent_copyinfn=0xc020b4a5 <poll_copyin>,
   kevent_copyoutfn=0xc020b290 <poll_copyout>, tsp_in=0xea434cb0)
at /usr/src/sys/kern/kern_event.c:697
#15 0xc020b031 in dopoll (uap=0xea434cf0)
at /usr/src/sys/kern/sys_generic.c:1474
#16 sys_poll (uap=0xea434cf0) at /usr/src/sys/kern/sys_generic.c:1228
#17 0xc04113d2 in syscall2 (frame=0xea434d40)
at /usr/src/sys/platform/pc32/i386/trap.c:1310
#18 0xc03fcfc6 in Xint0x80_syscall ()
at /usr/src/sys/platform/pc32/i386/exception.s:876
#19 0x0000001f in ?? ()
--
Please do not CC me, since I already receive everything from these MLs.

Regards,
Rumko

Actions #4

Updated by rumcic almost 11 years ago

Done

Actions

Also available in: Atom PDF