From owner-freebsd-mobile@FreeBSD.ORG Thu Jul 1 18:43:55 2010 Return-Path: Delivered-To: freebsd-mobile@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7C1041065670 for ; Thu, 1 Jul 2010 18:43:55 +0000 (UTC) (envelope-from lists@yamagi.org) Received: from mail.yamagi.org (yamagi.org [88.198.78.242]) by mx1.freebsd.org (Postfix) with ESMTP id 3B9F58FC16 for ; Thu, 1 Jul 2010 18:43:55 +0000 (UTC) Received: from [192.168.1.150] (f054132006.adsl.alicedsl.de [78.54.132.6]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yamagi.org (Postfix) with ESMTP id D93B71083A17; Thu, 1 Jul 2010 20:43:53 +0200 (CEST) Date: Thu, 1 Jul 2010 20:43:52 +0200 (CEST) From: Yamagi Burmeister X-X-Sender: yamagi@maka.home.yamagi.org To: freebsd-mobile@freebsd.org In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Christoph Mallon , jkim@freebsd.org Subject: PATCH: Crash while suspending on FreeBSD/amd64 8.1-RC2 X-BeenThere: freebsd-mobile@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Mobile computing with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jul 2010 18:43:55 -0000 Okay, with the help of a friend of mine I managed to track this down. > (kgdb) bt > #0 doadump () at pcpu.h:223 > #1 0xffffffff8020dfe9 in boot (howto=260) at > /usr/src/sys/kern/kern_shutdown.c:416 > #2 0xffffffff8020e41c in panic (fmt=0xffffffff8044ebbb "%s") > at /usr/src/sys/kern/kern_shutdown.c:590 > #3 0xffffffff80408bc8 in trap_fatal (frame=0xffffff0004a4e000, > eva=Variable "eva" is not available. > ) > at /usr/src/sys/amd64/amd64/trap.c:777 > #4 0xffffffff80408f94 in trap_pfault (frame=0xffffff803da285e0, > usermode=0) > at /usr/src/sys/amd64/amd64/trap.c:693 > #5 0xffffffff804097da in trap (frame=0xffffff803da285e0) > at /usr/src/sys/amd64/amd64/trap.c:451 > #6 0xffffffff803ef543 in calltrap () at > /usr/src/sys/amd64/amd64/exception.S:223 > #7 0xffffffff80406f16 in bcopy () at > /usr/src/sys/amd64/amd64/support.S:124 > #8 0xffffffff80745fb7 in vesa_bios_save_restore (code=1, > p=0xffffff80002a6004, > size=4928) at /usr/src/sys/modules/vesa/../../dev/fb/vesa.c:551 > #9 0xffffffff80746059 in vesa_save_state (adp=Variable "adp" is not > available. > ) > at /usr/src/sys/modules/vesa/../../dev/fb/vesa.c:1429 > #10 0xffffffff80424144 in vga_suspend (dev=0xffffff0001632a00) > at /usr/src/sys/isa/vga_isa.c:81 > #11 0xffffffff804241d7 in isavga_suspend (dev=0xffffff0001632a00) > at /usr/src/sys/isa/vga_isa.c:234 The problem is on stack level 8. Line 538 in sys/dev/fb/vesa.c returns NULL because x86bios_alloc(&offs, size); couldn't allocate memory. In line 551 the nullpointer is passed to bcopy(), causing the crash. A simple sollution is to add a nullpointer check like the attached patch does. But I'm not sure if that's the right solution, since the VGA state will not be saved if the check triggers. --- vesa.c_ 2010-07-01 20:38:54.000000000 +0200 +++ vesa.c 2010-07-01 20:38:03.000000000 +0200 @@ -536,6 +536,8 @@ return (1); buf = x86bios_alloc(&offs, size); + if (buf == NULL) + return (1); x86bios_init_regs(®s); regs.R_AX = 0x4f04; -- Homepage: www.yamagi.org Jabber: yamagi@yamagi.org GnuPG/GPG: 0xEFBCCBCB