Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 24 Apr 2009 08:07:03 +0200
From:      Hans Petter Selasky <hselasky@c2i.net>
To:        freebsd-current@freebsd.org
Cc:        freebsd-usb@freebsd.org, wsk <wsk@gddsn.org.cn>
Subject:   Re: boot panic on current(04.20)
Message-ID:  <200904240807.04844.hselasky@c2i.net>
In-Reply-To: <49F1017C.7060805@gddsn.org.cn>
References:  <49ED3E7D.8080606@gddsn.org.cn> <200904231436.43735.hselasky@c2i.net> <49F1017C.7060805@gddsn.org.cn>

next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 24 April 2009, wsk wrote:
> Hans Petter Selasky =E5=86=99=E9=81=93:
> > On Thursday 23 April 2009, Gustau Perez wrote:
> >> Hans Petter Selasky wrote:
> >>> On Tuesday 21 April 2009, wsk wrote:
> >>>> lists
> >>>>   boot panic on current(2009.04.20).it seems caused by usbus4
> >>>>
> >>>> Root mount waiting for: usbus4
> >>>> uhub4: 8 ports with 8 removable, self powered
> >>>> Root mount waiting for: usbus4
> >>>> ugen4.2: <NEC> at usbus4
> >>>> Fatal trap 12: page fault while in kernel mode
> >>>> cpuid =3D 0; apic id =3D 00
> >>>> fault virtual address   =3D 0x0
> >>>> fault code              =3D supervisor read, page not present
> >>>> instruction pointer     =3D 0x20:0xc08ed3a3
> >>>> stack pointer           =3D 0x28:0xe4c38b40
> >>>> frame pointer           =3D 0x28:0xe4c38b44
> >>>> code segment            =3D base 0x0, limit 0xfffff, type 0x1b
> >>>>                         =3D DPL 0,pres 1, def32 1, gran 1
> >>>> processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
> >>>> current process         =3D 28 (usbus4)
> >>>> trap number             =3D 12
> >>>> panic: page fault
> >>>> cpuid =3D 0
> >>>> uptime: 5s
> >>>> Cannot dump. Device not defined or unavailable.
> >>>
> >>> Can you compile a kernel with debugging and get a backtrace?
> >>
> >>    I'm trying to get the dump saved to /var/crash but seems it is not
> >> working. As the crash happens before /etc/rc.d/dumpon executes, dumpon
> >> doesn't get executed,so dumpdev doesn't point to the place where to sa=
ve
> >> the dump.
> >>
> >>   I tried booting single user without loading both uhci and ehci. I
> >> booted fined. I tried launching swapon /dev/ad4s3b and /etc/rc.d/dumpon
> >> start. Looking at /dev/dumpdev it points to /dev/ad4s3b, fine. Compiled
> >> the kernel with ;
> >>
> >> # Debugging for use in -current
> >> options 	KDB			# Enable kernel debugger support.
> >> options 	DDB			# Support DDB.
> >>
> >>    and changed sysctl kern.coredump=3D1.
> >>
> >>    Loading uchi throws me to the debugger (ok, that's what I wanted),
> >> but the core is not saved to /dev/ad4s3b. Is there something I'm doing
> >> wrong ? Am I missing something ?
> >>
> >>> Is the panic reproducible?
> >>
> >>    Yes it is. When uhci.ko is loaded is panics.
> >
> > If you type "bt" in the debugger, what are the USB functions being
> > called?
> >
> > --HPS
>
> Stopped at    strcmp+0x23:   movzbl   0(%ebx),%edx
> db>bt
> Tracing pid 28 tid 100054 td 0xc4d6c690
> strcmp(0,c0c0bded,2,c4d7cc00,e4c44ba8,...) at strcmp+0x23
> malloc_desc2type(c0c0bded,c0895b50,e4c44b78,a,e4c44bb4,...) at
> malloc_desc2type+0x24
> usb2_notify_addq(c0c2de6d,c4d7cef8,c4d7cf7e,c4a9ba10,2,...) at
> usb2_notify_addq+0x5d
> usb2_alloc_device(c4ca8a00,c4b32c50,c4d72400,1,6,...) at
> usb_alloc_device+0xce3
> uhub_explore(c4d72400,1,3,0,c4b32d84,...) at uhub_explore+0x50f
> usb2_bus_explore(c4b32d34,14,c0c35681,4d,0,...) at usb2_bus_explore+0xf9
> usb2_process(c4b32cd4,e4c44d38,0,0,0,...) at usb2_process+0xfc
> fork_exit(c07a5490,c4b32cd4,e4c44d38) at fork_exit+0x91
> fork_trampoline() at fork_trampoline+0x8
> --- trap 0, eip =3D0,esp =3D0xe4c44d70,ebp =3D 0 ---
>

The problem appears to be that there is a "struct malloc_type" ( See=20
MALLOC_DEFINE()) in the kernel having a NULL string. Please check the sourc=
e=20
code.

And easy way to figure out the real problem is to add:

sys/kern/kern_malloc.c

malloc_init(void *data)
{
        struct malloc_type_internal *mtip;
        struct malloc_type *mtp;

        KASSERT(cnt.v_page_count !=3D 0, ("malloc_register before vm_init")=
);

        mtp =3D data;
        KASSERT(mtp->ks_magic =3D=3D M_MAGIC,
            ("malloc_init: bad malloc type magic"));

+         KASSERT(mtp->ks_shortdesc !=3D NULL,
+            ("malloc_init: bad short description"));

       mtip =3D uma_zalloc(mt_zone, M_WAITOK | M_ZERO);
        mtp->ks_handle =3D mtip;

        mtx_lock(&malloc_mtx);
        mtp->ks_next =3D kmemstatistics;
        kmemstatistics =3D mtp;
        kmemcount++;
        mtx_unlock(&malloc_mtx);
}


=2D-HPS



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200904240807.04844.hselasky>