閱讀文章 - 看板 DFBSD_bugs

發信人Nicolas Thery <nthery@gmail.com>,

看板DFBSD_bugs

標題Re: Panic upon usb mouse detach and reattaching

發信站(null) (Tue Feb 1 18:38:38 2011)

轉信站ptt!crater_reader.dragonflybsd.org!crater.dragonflybsd.org!127.0.0.1.M

It tries to read at address 0xC which is the offset of kn_next so it probably crashes while dereferencing kn_next in SLIST_REMOVE(). This could happen if SLIST_REMOVE() reaches the end of the list without finding the knode in the klist. I can't figure out how this could happen though. Could you chmod vmcore.0 so I can analyse the dump please? On 16 October 2010 20:13, Rumko <rumcic@gmail.com> wrote: > After several detaches and reattaches, the machine paniced with "Fatal trap 12: > page fault while in kernel mode" > > The core dump is available at leaf:~rumko/crash/ums/*.0 > > #0 揸get_mycpu (di=0xc04ff620) at ./machine/thread.h:83 > #1 滟d_dumpsys (di=0xc04ff620) > at /usr/src/sys/platform/pc32/i386/dump_machdep.c:263 > #2 ꀰxc01e46cd in dumpsys () at /usr/src/sys/kern/kern_shutdown.c:880 > #3 ꀰxc01e4c8d in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:387 > #4 ꀰxc01e4f56 in panic (fmt=0xc0443534 "%s") > at /usr/src/sys/kern/kern_shutdown.c:786 > #5 ꀰxc040ffcb in trap_fatal (frame=0xea434808, eva=<value optimized out>) > at /usr/src/sys/platform/pc32/i386/trap.c:1117 > #6 ꀰxc04100d9 in trap_pfault (frame=0xea434808, usermode=0, eva=12) > at /usr/src/sys/platform/pc32/i386/trap.c:1018 > #7 ꀰxc0410b44 in trap (frame=0xea434808) > at /usr/src/sys/platform/pc32/i386/trap.c:699 > #8 ꀰxc03fcf17 in calltrap () > at /usr/src/sys/platform/pc32/i386/exception.s:785 > #9 ꀰxc01d0854 in knote_remove (klist=0xd4292224, kn=0xea366ea0) > at /usr/src/sys/kern/kern_event.c:1370 > #10 0xc0312c44 in devfs_detached_filter_detach (kn=0xea366ea0) > at /usr/src/sys/vfs/devfs/devfs_core.c:2234 > #11 0xc01d0de7 in knote_detach_and_drop (kn=0xea366ea0) > at /usr/src/sys/kern/kern_event.c:1258 > #12 0xc01d157b in kqueue_register (kq=0xea3965b4, kev=0xea4348b8) > at /usr/src/sys/kern/kern_event.c:933 > #13 0xc020b2f3 in poll_copyout (arg=0xea434c9c, kevp=0xea4349b4, count=2, > res=0xea434cf0) at /usr/src/sys/kern/sys_generic.c:1325 > #14 0xc01d20c5 in kern_kevent (kq=0xea3965b4, nevents=2147483647, > res=0xea434cf0, uap=0xea434c9c, kevent_copyinfn=0xc020b4a5 <poll_copyin>, > ꀠ溆event_copyoutfn=0xc020b290 <poll_copyout>, tsp_in=0xea434cb0) > at /usr/src/sys/kern/kern_event.c:697 > #15 0xc020b031 in dopoll (uap=0xea434cf0) > at /usr/src/sys/kern/sys_generic.c:1474 > #16 sys_poll (uap=0xea434cf0) at /usr/src/sys/kern/sys_generic.c:1228 > #17 0xc04113d2 in syscall2 (frame=0xea434d40) > at /usr/src/sys/platform/pc32/i386/trap.c:1310 > #18 0xc03fcfc6 in Xint0x80_syscall () > at /usr/src/sys/platform/pc32/i386/exception.s:876 > #19 0x0000001f in ?? () > -- > Please do not CC me, since I already receive everything from these MLs. > > Regards, > Rumko >