Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 9 May 2002 16:53:33 +0100
From:      Josef Karthauser <joe@tao.org.uk>
To:        John Baldwin <jhb@FreeBSD.org>
Cc:        cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org
Subject:   Re: cvs commit: src/sys/dev/usb usb_port.h
Message-ID:  <20020509155333.GA442@genius.tao.org.uk>
In-Reply-To: <XFMail.20020509105145.jhb@FreeBSD.org>
References:  <20020509143357.GA428@genius.tao.org.uk> <XFMail.20020509105145.jhb@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help

--YZ5djTAD1cGYuMQK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, May 09, 2002 at 10:51:45AM -0400, John Baldwin wrote:

> >> Hmm, if you could stick ddb in and get a backtrace and the actual error
> >> message that would be nice.  Easiest to do if you can get a serial con=
sole
> >> setup on the box.
> >=20
> > Two different ones for you:
> >=20
> >     acpi0: <DELL   I 5000 > on motherboard
> >     Timecounter "ACPI-safe"  frequency 3579545 Hz
> >     free(9)'ing unaligned pointer 0xce4eb0d3
> >     Debugger("Don't do that...")
> >     Stopped at      Debugger+0x41:  xorl    %eax,%eax
> >     db> reset
>=20
> Please get a trace of this one next time if you can.

Sorry; I thought I'd removed that one.  I booted on the wrong kernel by
accident.  Phk and Jeff fixed that one I believe.
=20
> >     Timecounter "ACPI-safe"  frequency 3579545 Hz
> >     acpi_cpu0: <CPU> on acpi0
> >     acpi_tz0: <thermal zone> on acpi0
> >=20
> >=20
> >     Fatal trap 12: page fault while in kernel mode
> >     fault virtual address   =3D 0x99
> >     fault code              =3D supervisor read, page not present
> >     instruction pointer     =3D 0x8:0xc01e2b8f
> >     stack pointer           =3D 0x10:0xc04eeb48
> >     frame pointer           =3D 0x10:0xc04eeb50
> >     code segment            =3D base 0x0, limit 0xfffff, type 0x1b
> >                           =3D DPL 0, pres 1, def32 1, gran 1
> >     processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
> >     current process         =3D 0 (swapper)
> >     kernel: type 12 trap, code=3D0
> >     Stopped at      _mtx_lock_sleep+0x11b:  movb    0x79(%edx),%al
> >     db> trace
> >     _mtx_lock_sleep(c082ace4,0,c031d431,65e) at _mtx_lock_sleep+0x11b
> >     _mtx_lock_flags(c082ace4,0,c031d431,65e,ce4eef6c) at _mtx_lock_flag=
s+0x39
> >     uma_zfree_arg(c082ac00,ce4eef6c,ce4eef6c) at uma_zfree_arg+0x3e
> >     free(ce4eef6c,c03534c0,c04eebe4,c0498342,ce4eef6c) at free+0xa7
> >     freeenv(ce4eef6c,c04eec0c,d7c3e200,1,c04eec18) at freeenv+0x1a
> >     acpi_avoid(d7c113a8,34d,c04eec0c,0,d7c113a8) at acpi_avoid+0x9e
>=20
> I'm guessing freeenv() is passing in a bogus address here.  Yes, it is.=
=20
> acpi_disabled() used to have the same bug but was fixed.  Try this patch:
>=20
> RCS file: /usr/cvs/src/sys/dev/acpica/acpi.c,v
> retrieving revision 1.61
> diff -u -r1.61 acpi.c
> --- acpi.c      24 Apr 2002 17:49:21 -0000      1.61
> +++ acpi.c      9 May 2002 14:47:45 -0000
> @@ -1556,16 +1556,17 @@
>  int
>  acpi_avoid(ACPI_HANDLE handle)
>  {
> -    char       *cp, *np;
> +    char       *cp, *env, *np;
>      int                len;
> =20
>      np =3D acpi_name(handle);
>      if (*np =3D=3D '\\')
>         np++;
> -    if ((cp =3D getenv("debug.acpi.avoid")) =3D=3D NULL)
> +    if ((env =3D getenv("debug.acpi.avoid")) =3D=3D NULL)
>         return(0);
> =20
>      /* scan the avoid list checking for a match */
> +    cp =3D env;
>      for (;;) {
>         while ((*cp !=3D 0) && isspace(*cp))
>             cp++;
> @@ -1575,12 +1576,12 @@
>         while ((cp[len] !=3D 0) && !isspace(cp[len]))
>             len++;
>         if (!strncmp(cp, np, len)) {
> -           freeenv(cp);
> +           freeenv(env);
>             return(1);
>         }
>         cp +=3D len;
>      }
> -    freeenv(cp);
> +    freeenv(env);
>      return(0);
>  }

I've applied this, but of course it doesn't get that far yet because of
below.


> >     Fatal trap 12: page fault while in kernel mode
> >     fault virtual address   =3D 0x0
> >     fault code              =3D supervisor read, page not present
> >     instruction pointer     =3D 0x8:0xc01ef5e3
> >     stack pointer           =3D 0x10:0xc04fbd54
> >     frame pointer           =3D 0x10:0xc04fbd5c
> >     code segment            =3D base 0x0, limit 0xfffff, type 0x1b
> >                           =3D DPL 0, pres 1, def32 1, gran 1
> >     processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
> >     current process         =3D 0 ()
> >     kernel: type 12 trap, code=3D0
> >     Stopped at      0xc01ef5e3:     movl    0(%eax),%ebx
> >     db> trace
> >     (null)(c02e50ce,0,c032aa3c,c032bb8c,c04fbd84) at 0xc01ef5e3
> >     (null)(c0333380) at 0xc01ef62c
> >     (null)(0,4f8c00,4f8000,0,c0128e7c) at 0xc01efb70
> >     (null)() at 0xc01cf7c5
> >     (null)() at 0xc0128e7c
> >     db>
>=20
> If you have kernel.debug lying around for this one, try using
> addr2line (or gdb) to get the file and line of those addresses
> in the backtrace.  Probably just the first one is needed as this
> is a simple NULL pointer dereference.

Ok.  Here's a trace from a remote debug:

    Program received signal SIGSEGV, Segmentation fault.
    sysctl_find_oidname (name=3D0xc02e50ce "ata_dma", list=3D0x0)
	at /usr/src/sys/kern/kern_sysctl.c:79
    79              SLIST_FOREACH(oidp, list, oid_link) {
    (gdb) bt
    #0  sysctl_find_oidname (name=3D0xc02e50ce "ata_dma", list=3D0x0)
	at /usr/src/sys/kern/kern_sysctl.c:79
    #1  0xc01ef62c in sysctl_register_oid (oidp=3D0xc0333380)
	at /usr/src/sys/kern/kern_sysctl.c:104
    #2  0xc01efb70 in sysctl_register_all (arg=3D0x0)
	at /usr/src/sys/kern/kern_sysctl.c:402
    #3  0xc01cf7c5 in mi_startup () at /usr/src/sys/kern/init_main.c:208
    (gdb)

Joe

--YZ5djTAD1cGYuMQK
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjzam3wACgkQXVIcjOaxUBbATwCcCnhxlYG9LPReKkfOW06J9J6S
Hl0AoLSSMHVf5sOcAjv9Xu+ai5ekR41K
=kHpK
-----END PGP SIGNATURE-----

--YZ5djTAD1cGYuMQK--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020509155333.GA442>