Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 08 May 2010 13:35:36 -0700
From:      Marcel Moolenaar <xcllnt@mac.com>
To:        Weongyo Jeong <weongyo@freebsd.org>
Cc:        current@freebsd.org
Subject:   Re: a panic on uart_z8530_class?
Message-ID:  <DCD6FF8C-06CB-436A-ABDB-DC11F1797252@mac.com>
In-Reply-To: <20100508200032.GB31100@weongyo>
References:  <20100508200032.GB31100@weongyo>
next in thread | previous in thread | raw e-mail | index | archive | help 

On May 8, 2010, at 1:00 PM, Weongyo Jeong wrote:

> Hello,
> 
> Anyone encountered this panic on recent CURRENT kernel?
> 
> [root@test ~]# uname -a
> FreeBSD test 9.0-CURRENT FreeBSD 9.0-CURRENT #16: Sun May  2 00:24:12 PDT 2010     root@test:/usr/obj/usr/src/sys/GENERIC  amd64
> 
> [root@test /home/freebsd/sys/modules/bwn]# ifconfig wlan0 create wlandev bwn0
> 
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 00
> fault virtual address   = 0x0
> fault code              = supervisor read instruction, page not present
> instruction pointer     = 0x20:0x0
> stack pointer           = 0x28:0xffffff8073cdd810
> frame pointer           = 0x28:0xffffff8073cdd8e0
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                        = DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 1795 (ifconfig)
> [ thread pid 1795 tid 100096 ]
> Stopped at      0:      *** error reading from address 0 ***
> db> bt
> Tracing pid 1795 tid 100096 td 0xffffff0003d8b390
> uart_z8530_class() at 0
> ifc_simple_create() at ifc_simple_create+0x89
> if_clone_createif() at if_clone_createif+0x64
> ifioctl() at ifioctl+0x685
> kern_ioctl() at kern_ioctl+0xc5
> ioctl() at ioctl+0xfd
> syscall() at syscall+0x102
> Xfast_syscall() at Xfast_syscall+0xe1
> --- syscall (54, FreeBSD ELF64, ioctl), rip = 0x800b86d0c, rsp = 0x7fffffffe2e8, rbp = 0x7fffffffee36 ---


I think what you have is a simple NULL function pointer
dereference (i.e. calling a function pointer that's NULL).

The uart_z8530_class shows first in the backtrace because
that symbol has address 0 (it's weak and you typically don't
have the Z8530 SCC driver on amd64), so it's being returned
when DDB looks up symbols at address 0. This then implies
that ifc_simple_create() called a NULL function pointer.

FYI,

-- 
Marcel Moolenaar
xcllnt@mac.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DCD6FF8C-06CB-436A-ABDB-DC11F1797252>