Date: Sun, 14 Jan 2007 11:26:38 +0300 From: Sergey Zaharchenko <doublef-ctm@yandex.ru> To: current@freebsd.org Subject: 0xdeadcode in dev2udev and ohci strangeness Message-ID: <20070114082638.GA1820@shark.localdomain>
next in thread | raw e-mail | index | archive | help
--dDRMvlgZJXvWKvBx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello list, Today while fooling around with some USB devices (recent GENERIC kernel compiled with options USB_DEBUG; single-user mode; a Transcend USB Flash, an Acorp card reader (umass) and a Prolific COM port (uplcom), all plugged in/out randomly) and sysctls (hw.usb.debug=3D1, hw.usb.(ohci|uhci|ehci|umass|uplcom).debug=3D1), I triggered the following page fault (retyped from a camera shot) by a lowly `sysctl -a|grep usb': Fatal trap 12: page fault while in kernel mode cpuid =3D 0; apic i =3D 00 fault virtual address =3D 0xdeadc19e fault code =3D supervisor read, page not present instruction pointer =3D 0x20:0xc0676f25 stack pointer =3D 0x28:0xdd345aac frame pointer =3D 0x28:0xdd345aac code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, def32 1, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 76 (sysctl) [thread pid 76 tid 100042 ] Stopped at dev2udev+0x11: movl 0xc0(%eax),%eax db> bt Tracing pid 76 tid 100042 td 0xc36bb000 dev2udev(c3790d00,88,0,0,0,...) at dev2udev+0x11 sysctl_kern_ttys(c09ebf80,0,0,dd345b98,c09ebf80,...) at sysctl_kern_ttys+0x= ab sysctl_root(0,dd345c18,2,dd345b98) at sysctl_root+0x12f userland_sysctl(c36bb000,dd345c18,2,0,bfbfdbbc,0,0,0,dd345c14,c0a3c408,0,c0= 93c5c8,522) at userland_sysctl+0xf4 __sysctl(c36bb000,dd345d00) at __sysctl+0x77 syscall(dd345d38) at syscall+0x256 Xint0x80_syscall() at Xint0x80_syscall+0x20 --- syscall (-1077943200), eip =3D 0x2, esp =3D 0x296, ebp =3D 0xbfbfdbbc -= -- sys/fs/devfs/devfs_vnops.c: dev_t dev2udev(struct cdev *x) { if (x =3D=3D NULL) return (NODEV); return (x->si_priv->cdp_inode); <-- dev2udev+0x11 is here } Looks like si_priv for a non-NULL x is 0xdeadcode somewhere... I've also stumbled across a reproducible strange situation: after plugging in and out the Prolific several times and leaving it out, the kernel prints (with ohci.debug=3D1) this every second or so: ohci_rhsc: sc=3D0xc369f000 xfer=3D0xc354c800 hstatus=3D0x00000000 ohci_rhsc: change=3D0x04 Is this normal? Should I ask on freebsd-usb@? --=20 DoubleF No virus detected in this message. Ehrm, wait a minute... /kernel: pid 56921 (antivirus), uid 32000: exited on signal 9 Oh yes, no virus:) --dDRMvlgZJXvWKvBx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.1 (FreeBSD) iD8DBQFFqek9wo7hT/9lVdwRAjSyAJ43zo4/pgWBQMXrLQrsBDPRBjkRVACdGSof myGwB+gn1F0KLZXTomXPNLk= =57Rq -----END PGP SIGNATURE----- --dDRMvlgZJXvWKvBx--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070114082638.GA1820>