From jrh@cimborrio.ipv6.it.uc3m.es  Fri Jun 18 11:23:40 2004
Return-Path: <jrh@cimborrio.ipv6.it.uc3m.es>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 78F0816A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 18 Jun 2004 11:23:40 +0000 (GMT)
Received: from smtp03.uc3m.es (smtp03.uc3m.es [163.117.136.123])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 819AE43D41
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 18 Jun 2004 11:23:39 +0000 (GMT)
	(envelope-from jrh@cimborrio.ipv6.it.uc3m.es)
Received: from smtp03.uc3m.es (localhost [127.0.0.1])
	by localhost.uc3m.es (Postfix) with ESMTP id AA5462A1B4
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 18 Jun 2004 13:22:45 +0200 (CEST)
Received: from arpa.it.uc3m.es (arpa.it.uc3m.es [163.117.139.120])
	by smtp03.uc3m.es (Postfix) with ESMTP id 86E3C2A1A7
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 18 Jun 2004 13:22:45 +0200 (CEST)
Received: from lmserv2.lab.it.uc3m.es (root@lmserv2.it.uc3m.es [163.117.139.238])
	by arpa.it.uc3m.es (8.9.3/8.9.3) with ESMTP id NAA23574
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 18 Jun 2004 13:22:45 +0200
Received: from cimborrio.ipv6.it.uc3m.es (cimborrio.it.uc3m.es [163.117.139.95])
	by lmserv2.lab.it.uc3m.es (8.9.3/8.9.3) with ESMTP id NAA12005
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 18 Jun 2004 13:22:44 +0200
Received: from cimborrio.ipv6.it.uc3m.es (localhost [127.0.0.1])
	by cimborrio.ipv6.it.uc3m.es (8.12.11/8.12.11) with ESMTP id i5IBM9D8000875
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 18 Jun 2004 13:22:09 +0200 (CEST)
	(envelope-from jrh@cimborrio.ipv6.it.uc3m.es)
Received: (from root@localhost)
	by cimborrio.ipv6.it.uc3m.es (8.12.11/8.12.11/Submit) id i5IBM4gE000874;
	Fri, 18 Jun 2004 13:22:04 +0200 (CEST)
	(envelope-from jrh)
Message-Id: <200406181122.i5IBM4gE000874@cimborrio.ipv6.it.uc3m.es>
Date: Fri, 18 Jun 2004 13:22:04 +0200 (CEST)
From: Juan.Fco.Rodriguez.Hervella@cimborrio.ipv6.it.uc3m.es,
	jrh@it.uc3m.es
Reply-To: Juan.Fco.Rodriguez.Hervella@cimborrio.ipv6.it.uc3m.es,
	jrh@it.uc3m.es
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Page fault when the sequence "kldunload ucom", "kldunload uplcom" is executed
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         68076
>Category:       kern
>Synopsis:       [modules] Page fault when the sequence "kldunload ucom", "kldunload uplcom" is executed
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 18 11:30:27 GMT 2004
>Closed-Date:    Thu Dec 30 16:54:08 UTC 2010
>Last-Modified:  Thu Dec 30 16:54:08 UTC 2010
>Originator:     Juan Fco Rodriguez Hervella
>Release:        FreeBSD 4.10-STABLE i386
>Organization:
University Carlos III of Madrid (Spain)
>Environment:
System: FreeBSD cimborrio.ipv6.it.uc3m.es 4.10-STABLE FreeBSD 4.10-STABLE #7: Fri May 28 17:23:51 CEST 2004 root@cimborrio.ipv6.it.uc3m.es:/usr/src/sys/compile/JUANILLO i386


	hp/compaq nx9010
>Description:
	I've got a USB to serial cable. It works quite well. When I unload "uplcom",
	there is no problem, and automatically the "ucom" module dissapears. When
	I do it the other way, firstly "kldunload ucom" and afterwards "kldunload uplcom",
	a page faul appears and the laptop reboots. I've made a small debugging and
	the problem seems to be that it tries to unload the "ucom" driver, because it's
	a dependency, but it doesn't find it and something goes wrong... This is
	an excerpt of the debugging, in case it helps:

(kgdb) bt
#0  dumpsys () at ../../kern/kern_shutdown.c:487
#1  0xc026b17f in boot (howto=256) at ../../kern/kern_shutdown.c:316
#2  0xc026b5a4 in poweroff_wait (junk=0xc047e26c, howto=-1069032081) at ../../kern/kern_shutdown.c:595
#3  0xc03e2d5a in trap_fatal (frame=0xcc76beac, eva=334) at ../../i386/i386/trap.c:974
#4  0xc03e2a2d in trap_pfault (frame=0xcc76beac, usermode=0, eva=334) at ../../i386/i386/trap.c:867
#5  0xc03e25eb in trap (frame={tf_fs = 16, tf_es = -864681968, tf_ds = -1071251440, tf_edi = 0, tf_esi = -1061824384,
      tf_ebp = -864633092, tf_isp = -864633128, tf_ebx = 1, tf_edx = 318, tf_ecx = -868313824, tf_eax = 0, tf_trapno = 12,
      tf_err = 2, tf_eip = -1071271779, tf_cs = 8, tf_eflags = 66050, tf_esp = 1, tf_ss = -1061824128})
    at ../../i386/i386/trap.c:466
#6  0xc025b09d in linker_file_unload (file=0xc0b5d880) at ../../kern/kern_linker.c:438
#7  0xc025b0df in linker_file_unload (file=0xc0b5d980) at ../../kern/kern_linker.c:442
#8  0xc025b4d5 in kldunload (p=0xcc3e9520, uap=0xcc76bf80) at ../../kern/kern_linker.c:713
#9  0xc03e3009 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 2, tf_esi = -1077936790,
      tf_ebp = -1077937072, tf_isp = -864632876, tf_ebx = 0, tf_edx = 0, tf_ecx = 0, tf_eax = 305, tf_trapno = 12,
      tf_err = 2, tf_eip = 134514400, tf_cs = 31, tf_eflags = 647, tf_esp = -1077938172, tf_ss = 47})
    at ../../i386/i386/trap.c:1175
#10 0xc03d3b95 in Xint0x80_syscall ()
#11 0x804813e in ?? ()

...
#7  0xc025b0df in linker_file_unload (file=0xc0b5d980) at ../../kern/kern_linker.c:442
442             linker_file_unload(file->deps[i]);
(kgdb) list
437
438         TAILQ_REMOVE(&linker_files, file, link);
439         lockmgr(&lock, LK_RELEASE, 0, curproc);
440
441         for (i = 0; i < file->ndeps; i++)
442             linker_file_unload(file->deps[i]);
443         free(file->deps, M_LINKER);
444
445         for (cp = STAILQ_FIRST(&file->common); cp;
446              cp = STAILQ_FIRST(&file->common)) {


         I think the function call "linker_file_upload(file->deps[1])"
	 is a non-sense. Look:

kgdb) p *(linker_file_t)file->deps[1]
$4 = {refs = -1061824257, userrefs = 0, flags = 0, link = {tqe_next = 0x13e, tqe_prev = 0x0}, filename = 0x0, id = 0,
  address = 0x0, size = 10, ndeps = 0, deps = 0x0, common = {stqh_first = 0x0, stqh_last = 0x0}, modules = {
    tqh_first = 0x0, tqh_last = 0x0}, priv = 0x0, ops = 0x0}
(kgdb)

Hope this helps. Thank you.

>How-To-Repeat:
	kldunload ucom
	kldunload uplcom
>Fix:

	


>Release-Note:
>Audit-Trail:

From: Juan Fco Rodriguez Hervella <jrh@cimborrio.ipv6.it.uc3m.es>
To: FreeBSD-gnats-submit@freebsd.org
Cc:  
Subject: Re: kern/68076: Page fault when the sequence "kldunload ucom", "kldunload uplcom" is executed
Date: Fri, 18 Jun 2004 15:18:53 +0200 (CEST)

 >Submitter-Id:	current-users
 >Originator:	Juan Fco Rodriguez Hervella
 >Organization:	
 >Confidential:	no 
 >Synopsis:	Re: kern/68076: Page fault when the sequence "kldunload ucom", "kldunload uplcom" is executed
 >Severity:	
 >Priority:	
 >Category:	kern
 >Class:		
 >Release:	FreeBSD 4.10-STABLE i386
 >Environment:
 
 	
 >Description:
 	Sorry my original email address was well-formed. You can reply
 	to this one, which should match the email addr. that appears on
 	this follow-up:
 		jrh@it.uc3m.es
 
 	Thanks.
 >How-To-Repeat:
 	
 >Fix:
 
 	
 
 

From: Juan Fco Rodriguez Hervella <jrh@it.uc3m.es>
To: FreeBSD-gnats-submit@freebsd.org
Cc:  
Subject: kern/68076: Page fault when the sequence "kldunload ucom", "kldunload uplcom" is executed
Date: Fri, 18 Jun 2004 15:35:18 +0200 (CEST)

 >Submitter-Id:	current-users
 >Originator:	Juan Fco Rodriguez Hervella
 >Organization:	
 >Confidential:	no 
 >Synopsis:	kern/68076: Page fault when the sequence "kldunload ucom", "kldunload uplcom" is executed
 >Severity:	
 >Priority:	
 >Category:	kern
 >Class:		
 >Release:	FreeBSD 4.10-STABLE i386
 >Environment:
 System: FreeBSD cimborrio.ipv6.it.uc3m.es 4.10-STABLE FreeBSD 4.10-STABLE #7: Fri May 28 17:23:51 CEST 2004 root@cimborrio.ipv6.it.uc3m.es:/usr/src/sys/compile/JUANILLO i386
 
 
 	
 >Description:
 	My contact email address is jrh@it.uc3m.es
 >How-To-Repeat:
 	
 >Fix:
 
 	
 
 
State-Changed-From-To: open->feedback 
State-Changed-By: jh 
State-Changed-When: Fri Nov 26 07:47:55 UTC 2010 
State-Changed-Why:  
Can you still reproduce this on a supported release? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=68076 
State-Changed-From-To: feedback->closed 
State-Changed-By: jh 
State-Changed-When: Thu Dec 30 16:54:07 UTC 2010 
State-Changed-Why:  
Feedback timeout. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=68076 
>Unformatted:
