From owner-freebsd-current@FreeBSD.ORG Sat May 8 20:35:38 2010 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 74F6C106566B for ; Sat, 8 May 2010 20:35:38 +0000 (UTC) (envelope-from xcllnt@mac.com) Received: from asmtpout025.mac.com (asmtpout025.mac.com [17.148.16.100]) by mx1.freebsd.org (Postfix) with ESMTP id 5C7C78FC08 for ; Sat, 8 May 2010 20:35:38 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; charset=us-ascii Received: from macbook-pro.lan.xcllnt.net (mail.xcllnt.net [75.101.29.67]) by asmtp025.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTPSA id <0L2400GYHBVCUC30@asmtp025.mac.com>; Sat, 08 May 2010 13:35:37 -0700 (PDT) X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=5.0.0-0908210000 definitions=main-1005080124 From: Marcel Moolenaar In-reply-to: <20100508200032.GB31100@weongyo> Date: Sat, 08 May 2010 13:35:36 -0700 Message-id: References: <20100508200032.GB31100@weongyo> To: Weongyo Jeong X-Mailer: Apple Mail (2.1078) Cc: current@freebsd.org Subject: Re: a panic on uart_z8530_class? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 May 2010 20:35:38 -0000 On May 8, 2010, at 1:00 PM, Weongyo Jeong wrote: > Hello, > > Anyone encountered this panic on recent CURRENT kernel? > > [root@test ~]# uname -a > FreeBSD test 9.0-CURRENT FreeBSD 9.0-CURRENT #16: Sun May 2 00:24:12 PDT 2010 root@test:/usr/obj/usr/src/sys/GENERIC amd64 > > [root@test /home/freebsd/sys/modules/bwn]# ifconfig wlan0 create wlandev bwn0 > > Fatal trap 12: page fault while in kernel mode > cpuid = 0; apic id = 00 > fault virtual address = 0x0 > fault code = supervisor read instruction, page not present > instruction pointer = 0x20:0x0 > stack pointer = 0x28:0xffffff8073cdd810 > frame pointer = 0x28:0xffffff8073cdd8e0 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 1795 (ifconfig) > [ thread pid 1795 tid 100096 ] > Stopped at 0: *** error reading from address 0 *** > db> bt > Tracing pid 1795 tid 100096 td 0xffffff0003d8b390 > uart_z8530_class() at 0 > ifc_simple_create() at ifc_simple_create+0x89 > if_clone_createif() at if_clone_createif+0x64 > ifioctl() at ifioctl+0x685 > kern_ioctl() at kern_ioctl+0xc5 > ioctl() at ioctl+0xfd > syscall() at syscall+0x102 > Xfast_syscall() at Xfast_syscall+0xe1 > --- syscall (54, FreeBSD ELF64, ioctl), rip = 0x800b86d0c, rsp = 0x7fffffffe2e8, rbp = 0x7fffffffee36 --- I think what you have is a simple NULL function pointer dereference (i.e. calling a function pointer that's NULL). The uart_z8530_class shows first in the backtrace because that symbol has address 0 (it's weak and you typically don't have the Z8530 SCC driver on amd64), so it's being returned when DDB looks up symbols at address 0. This then implies that ifc_simple_create() called a NULL function pointer. FYI, -- Marcel Moolenaar xcllnt@mac.com