From owner-freebsd-usb@FreeBSD.ORG Fri Apr 24 06:04:35 2009 Return-Path: Delivered-To: freebsd-usb@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7B3CE106566C; Fri, 24 Apr 2009 06:04:35 +0000 (UTC) (envelope-from hselasky@c2i.net) Received: from swip.net (mailfe14.swip.net [212.247.155.161]) by mx1.freebsd.org (Postfix) with ESMTP id AA8698FC1B; Fri, 24 Apr 2009 06:04:34 +0000 (UTC) (envelope-from hselasky@c2i.net) X-Cloudmark-Score: 0.000000 [] X-Cloudmark-Analysis: v=1.0 c=1 a=nyMGgD1UoDIA:10 a=MXw7gxVQKqGXY79tIT8aFQ==:17 a=8uKjYMwKAuvQ0CG8GLEA:9 a=KBXdi-o6sJCTm3P5Kr0A:7 a=2Q6ddn9jNLdls6xRlsdab2CX9RIA:4 a=B23eqXVrMiiuMpBT:21 a=0rM6ID-eqgIXm8hl:21 Received: from [62.113.132.61] (account mc467741@c2i.net HELO laptop) by mailfe14.swip.net (CommuniGate Pro SMTP 5.2.13) with ESMTPA id 487229619; Fri, 24 Apr 2009 08:04:32 +0200 From: Hans Petter Selasky To: freebsd-current@freebsd.org Date: Fri, 24 Apr 2009 08:07:03 +0200 User-Agent: KMail/1.9.7 References: <49ED3E7D.8080606@gddsn.org.cn> <200904231436.43735.hselasky@c2i.net> <49F1017C.7060805@gddsn.org.cn> In-Reply-To: <49F1017C.7060805@gddsn.org.cn> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200904240807.04844.hselasky@c2i.net> Cc: freebsd-usb@freebsd.org, wsk Subject: Re: boot panic on current(04.20) X-BeenThere: freebsd-usb@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: FreeBSD support for USB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2009 06:04:36 -0000 On Friday 24 April 2009, wsk wrote: > Hans Petter Selasky =E5=86=99=E9=81=93: > > On Thursday 23 April 2009, Gustau Perez wrote: > >> Hans Petter Selasky wrote: > >>> On Tuesday 21 April 2009, wsk wrote: > >>>> lists > >>>> boot panic on current(2009.04.20).it seems caused by usbus4 > >>>> > >>>> Root mount waiting for: usbus4 > >>>> uhub4: 8 ports with 8 removable, self powered > >>>> Root mount waiting for: usbus4 > >>>> ugen4.2: at usbus4 > >>>> Fatal trap 12: page fault while in kernel mode > >>>> cpuid =3D 0; apic id =3D 00 > >>>> fault virtual address =3D 0x0 > >>>> fault code =3D supervisor read, page not present > >>>> instruction pointer =3D 0x20:0xc08ed3a3 > >>>> stack pointer =3D 0x28:0xe4c38b40 > >>>> frame pointer =3D 0x28:0xe4c38b44 > >>>> code segment =3D base 0x0, limit 0xfffff, type 0x1b > >>>> =3D DPL 0,pres 1, def32 1, gran 1 > >>>> processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > >>>> current process =3D 28 (usbus4) > >>>> trap number =3D 12 > >>>> panic: page fault > >>>> cpuid =3D 0 > >>>> uptime: 5s > >>>> Cannot dump. Device not defined or unavailable. > >>> > >>> Can you compile a kernel with debugging and get a backtrace? > >> > >> I'm trying to get the dump saved to /var/crash but seems it is not > >> working. As the crash happens before /etc/rc.d/dumpon executes, dumpon > >> doesn't get executed,so dumpdev doesn't point to the place where to sa= ve > >> the dump. > >> > >> I tried booting single user without loading both uhci and ehci. I > >> booted fined. I tried launching swapon /dev/ad4s3b and /etc/rc.d/dumpon > >> start. Looking at /dev/dumpdev it points to /dev/ad4s3b, fine. Compiled > >> the kernel with ; > >> > >> # Debugging for use in -current > >> options KDB # Enable kernel debugger support. > >> options DDB # Support DDB. > >> > >> and changed sysctl kern.coredump=3D1. > >> > >> Loading uchi throws me to the debugger (ok, that's what I wanted), > >> but the core is not saved to /dev/ad4s3b. Is there something I'm doing > >> wrong ? Am I missing something ? > >> > >>> Is the panic reproducible? > >> > >> Yes it is. When uhci.ko is loaded is panics. > > > > If you type "bt" in the debugger, what are the USB functions being > > called? > > > > --HPS > > Stopped at strcmp+0x23: movzbl 0(%ebx),%edx > db>bt > Tracing pid 28 tid 100054 td 0xc4d6c690 > strcmp(0,c0c0bded,2,c4d7cc00,e4c44ba8,...) at strcmp+0x23 > malloc_desc2type(c0c0bded,c0895b50,e4c44b78,a,e4c44bb4,...) at > malloc_desc2type+0x24 > usb2_notify_addq(c0c2de6d,c4d7cef8,c4d7cf7e,c4a9ba10,2,...) at > usb2_notify_addq+0x5d > usb2_alloc_device(c4ca8a00,c4b32c50,c4d72400,1,6,...) at > usb_alloc_device+0xce3 > uhub_explore(c4d72400,1,3,0,c4b32d84,...) at uhub_explore+0x50f > usb2_bus_explore(c4b32d34,14,c0c35681,4d,0,...) at usb2_bus_explore+0xf9 > usb2_process(c4b32cd4,e4c44d38,0,0,0,...) at usb2_process+0xfc > fork_exit(c07a5490,c4b32cd4,e4c44d38) at fork_exit+0x91 > fork_trampoline() at fork_trampoline+0x8 > --- trap 0, eip =3D0,esp =3D0xe4c44d70,ebp =3D 0 --- > The problem appears to be that there is a "struct malloc_type" ( See=20 MALLOC_DEFINE()) in the kernel having a NULL string. Please check the sourc= e=20 code. And easy way to figure out the real problem is to add: sys/kern/kern_malloc.c malloc_init(void *data) { struct malloc_type_internal *mtip; struct malloc_type *mtp; KASSERT(cnt.v_page_count !=3D 0, ("malloc_register before vm_init")= ); mtp =3D data; KASSERT(mtp->ks_magic =3D=3D M_MAGIC, ("malloc_init: bad malloc type magic")); + KASSERT(mtp->ks_shortdesc !=3D NULL, + ("malloc_init: bad short description")); mtip =3D uma_zalloc(mt_zone, M_WAITOK | M_ZERO); mtp->ks_handle =3D mtip; mtx_lock(&malloc_mtx); mtp->ks_next =3D kmemstatistics; kmemstatistics =3D mtp; kmemcount++; mtx_unlock(&malloc_mtx); } =2D-HPS