Date: Fri, 24 Apr 2009 08:07:03 +0200 From: Hans Petter Selasky <hselasky@c2i.net> To: freebsd-current@freebsd.org Cc: Gustau Perez <gperez@entel.upc.edu>, freebsd-usb@freebsd.org, wsk <wsk@gddsn.org.cn> Subject: Re: boot panic on current(04.20) Message-ID: <200904240807.04844.hselasky@c2i.net> In-Reply-To: <49F1017C.7060805@gddsn.org.cn> References: <49ED3E7D.8080606@gddsn.org.cn> <200904231436.43735.hselasky@c2i.net> <49F1017C.7060805@gddsn.org.cn>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 24 April 2009, wsk wrote: > Hans Petter Selasky =E5=86=99=E9=81=93: > > On Thursday 23 April 2009, Gustau Perez wrote: > >> Hans Petter Selasky wrote: > >>> On Tuesday 21 April 2009, wsk wrote: > >>>> lists > >>>> boot panic on current(2009.04.20).it seems caused by usbus4 > >>>> > >>>> Root mount waiting for: usbus4 > >>>> uhub4: 8 ports with 8 removable, self powered > >>>> Root mount waiting for: usbus4 > >>>> ugen4.2: <NEC> at usbus4 > >>>> Fatal trap 12: page fault while in kernel mode > >>>> cpuid =3D 0; apic id =3D 00 > >>>> fault virtual address =3D 0x0 > >>>> fault code =3D supervisor read, page not present > >>>> instruction pointer =3D 0x20:0xc08ed3a3 > >>>> stack pointer =3D 0x28:0xe4c38b40 > >>>> frame pointer =3D 0x28:0xe4c38b44 > >>>> code segment =3D base 0x0, limit 0xfffff, type 0x1b > >>>> =3D DPL 0,pres 1, def32 1, gran 1 > >>>> processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > >>>> current process =3D 28 (usbus4) > >>>> trap number =3D 12 > >>>> panic: page fault > >>>> cpuid =3D 0 > >>>> uptime: 5s > >>>> Cannot dump. Device not defined or unavailable. > >>> > >>> Can you compile a kernel with debugging and get a backtrace? > >> > >> I'm trying to get the dump saved to /var/crash but seems it is not > >> working. As the crash happens before /etc/rc.d/dumpon executes, dumpon > >> doesn't get executed,so dumpdev doesn't point to the place where to sa= ve > >> the dump. > >> > >> I tried booting single user without loading both uhci and ehci. I > >> booted fined. I tried launching swapon /dev/ad4s3b and /etc/rc.d/dumpon > >> start. Looking at /dev/dumpdev it points to /dev/ad4s3b, fine. Compiled > >> the kernel with ; > >> > >> # Debugging for use in -current > >> options KDB # Enable kernel debugger support. > >> options DDB # Support DDB. > >> > >> and changed sysctl kern.coredump=3D1. > >> > >> Loading uchi throws me to the debugger (ok, that's what I wanted), > >> but the core is not saved to /dev/ad4s3b. Is there something I'm doing > >> wrong ? Am I missing something ? > >> > >>> Is the panic reproducible? > >> > >> Yes it is. When uhci.ko is loaded is panics. > > > > If you type "bt" in the debugger, what are the USB functions being > > called? > > > > --HPS > > Stopped at strcmp+0x23: movzbl 0(%ebx),%edx > db>bt > Tracing pid 28 tid 100054 td 0xc4d6c690 > strcmp(0,c0c0bded,2,c4d7cc00,e4c44ba8,...) at strcmp+0x23 > malloc_desc2type(c0c0bded,c0895b50,e4c44b78,a,e4c44bb4,...) at > malloc_desc2type+0x24 > usb2_notify_addq(c0c2de6d,c4d7cef8,c4d7cf7e,c4a9ba10,2,...) at > usb2_notify_addq+0x5d > usb2_alloc_device(c4ca8a00,c4b32c50,c4d72400,1,6,...) at > usb_alloc_device+0xce3 > uhub_explore(c4d72400,1,3,0,c4b32d84,...) at uhub_explore+0x50f > usb2_bus_explore(c4b32d34,14,c0c35681,4d,0,...) at usb2_bus_explore+0xf9 > usb2_process(c4b32cd4,e4c44d38,0,0,0,...) at usb2_process+0xfc > fork_exit(c07a5490,c4b32cd4,e4c44d38) at fork_exit+0x91 > fork_trampoline() at fork_trampoline+0x8 > --- trap 0, eip =3D0,esp =3D0xe4c44d70,ebp =3D 0 --- > The problem appears to be that there is a "struct malloc_type" ( See=20 MALLOC_DEFINE()) in the kernel having a NULL string. Please check the sourc= e=20 code. And easy way to figure out the real problem is to add: sys/kern/kern_malloc.c malloc_init(void *data) { struct malloc_type_internal *mtip; struct malloc_type *mtp; KASSERT(cnt.v_page_count !=3D 0, ("malloc_register before vm_init")= ); mtp =3D data; KASSERT(mtp->ks_magic =3D=3D M_MAGIC, ("malloc_init: bad malloc type magic")); + KASSERT(mtp->ks_shortdesc !=3D NULL, + ("malloc_init: bad short description")); mtip =3D uma_zalloc(mt_zone, M_WAITOK | M_ZERO); mtp->ks_handle =3D mtip; mtx_lock(&malloc_mtx); mtp->ks_next =3D kmemstatistics; kmemstatistics =3D mtp; kmemcount++; mtx_unlock(&malloc_mtx); } =2D-HPS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200904240807.04844.hselasky>