Date: Thu, 9 May 2002 16:53:33 +0100 From: Josef Karthauser <joe@tao.org.uk> To: John Baldwin <jhb@FreeBSD.org> Cc: cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org Subject: Re: cvs commit: src/sys/dev/usb usb_port.h Message-ID: <20020509155333.GA442@genius.tao.org.uk> In-Reply-To: <XFMail.20020509105145.jhb@FreeBSD.org> References: <20020509143357.GA428@genius.tao.org.uk> <XFMail.20020509105145.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Thu, May 09, 2002 at 10:51:45AM -0400, John Baldwin wrote:
> >> Hmm, if you could stick ddb in and get a backtrace and the actual error
> >> message that would be nice. Easiest to do if you can get a serial console
> >> setup on the box.
> >
> > Two different ones for you:
> >
> > acpi0: <DELL I 5000 > on motherboard
> > Timecounter "ACPI-safe" frequency 3579545 Hz
> > free(9)'ing unaligned pointer 0xce4eb0d3
> > Debugger("Don't do that...")
> > Stopped at Debugger+0x41: xorl %eax,%eax
> > db> reset
>
> Please get a trace of this one next time if you can.
Sorry; I thought I'd removed that one. I booted on the wrong kernel by
accident. Phk and Jeff fixed that one I believe.
> > Timecounter "ACPI-safe" frequency 3579545 Hz
> > acpi_cpu0: <CPU> on acpi0
> > acpi_tz0: <thermal zone> on acpi0
> >
> >
> > Fatal trap 12: page fault while in kernel mode
> > fault virtual address = 0x99
> > fault code = supervisor read, page not present
> > instruction pointer = 0x8:0xc01e2b8f
> > stack pointer = 0x10:0xc04eeb48
> > frame pointer = 0x10:0xc04eeb50
> > code segment = base 0x0, limit 0xfffff, type 0x1b
> > = DPL 0, pres 1, def32 1, gran 1
> > processor eflags = interrupt enabled, resume, IOPL = 0
> > current process = 0 (swapper)
> > kernel: type 12 trap, code=0
> > Stopped at _mtx_lock_sleep+0x11b: movb 0x79(%edx),%al
> > db> trace
> > _mtx_lock_sleep(c082ace4,0,c031d431,65e) at _mtx_lock_sleep+0x11b
> > _mtx_lock_flags(c082ace4,0,c031d431,65e,ce4eef6c) at _mtx_lock_flags+0x39
> > uma_zfree_arg(c082ac00,ce4eef6c,ce4eef6c) at uma_zfree_arg+0x3e
> > free(ce4eef6c,c03534c0,c04eebe4,c0498342,ce4eef6c) at free+0xa7
> > freeenv(ce4eef6c,c04eec0c,d7c3e200,1,c04eec18) at freeenv+0x1a
> > acpi_avoid(d7c113a8,34d,c04eec0c,0,d7c113a8) at acpi_avoid+0x9e
>
> I'm guessing freeenv() is passing in a bogus address here. Yes, it is.
> acpi_disabled() used to have the same bug but was fixed. Try this patch:
>
> RCS file: /usr/cvs/src/sys/dev/acpica/acpi.c,v
> retrieving revision 1.61
> diff -u -r1.61 acpi.c
> --- acpi.c 24 Apr 2002 17:49:21 -0000 1.61
> +++ acpi.c 9 May 2002 14:47:45 -0000
> @@ -1556,16 +1556,17 @@
> int
> acpi_avoid(ACPI_HANDLE handle)
> {
> - char *cp, *np;
> + char *cp, *env, *np;
> int len;
>
> np = acpi_name(handle);
> if (*np == '\\')
> np++;
> - if ((cp = getenv("debug.acpi.avoid")) == NULL)
> + if ((env = getenv("debug.acpi.avoid")) == NULL)
> return(0);
>
> /* scan the avoid list checking for a match */
> + cp = env;
> for (;;) {
> while ((*cp != 0) && isspace(*cp))
> cp++;
> @@ -1575,12 +1576,12 @@
> while ((cp[len] != 0) && !isspace(cp[len]))
> len++;
> if (!strncmp(cp, np, len)) {
> - freeenv(cp);
> + freeenv(env);
> return(1);
> }
> cp += len;
> }
> - freeenv(cp);
> + freeenv(env);
> return(0);
> }
I've applied this, but of course it doesn't get that far yet because of
below.
> > Fatal trap 12: page fault while in kernel mode
> > fault virtual address = 0x0
> > fault code = supervisor read, page not present
> > instruction pointer = 0x8:0xc01ef5e3
> > stack pointer = 0x10:0xc04fbd54
> > frame pointer = 0x10:0xc04fbd5c
> > code segment = base 0x0, limit 0xfffff, type 0x1b
> > = DPL 0, pres 1, def32 1, gran 1
> > processor eflags = interrupt enabled, resume, IOPL = 0
> > current process = 0 ()
> > kernel: type 12 trap, code=0
> > Stopped at 0xc01ef5e3: movl 0(%eax),%ebx
> > db> trace
> > (null)(c02e50ce,0,c032aa3c,c032bb8c,c04fbd84) at 0xc01ef5e3
> > (null)(c0333380) at 0xc01ef62c
> > (null)(0,4f8c00,4f8000,0,c0128e7c) at 0xc01efb70
> > (null)() at 0xc01cf7c5
> > (null)() at 0xc0128e7c
> > db>
>
> If you have kernel.debug lying around for this one, try using
> addr2line (or gdb) to get the file and line of those addresses
> in the backtrace. Probably just the first one is needed as this
> is a simple NULL pointer dereference.
Ok. Here's a trace from a remote debug:
Program received signal SIGSEGV, Segmentation fault.
sysctl_find_oidname (name=0xc02e50ce "ata_dma", list=0x0)
at /usr/src/sys/kern/kern_sysctl.c:79
79 SLIST_FOREACH(oidp, list, oid_link) {
(gdb) bt
#0 sysctl_find_oidname (name=0xc02e50ce "ata_dma", list=0x0)
at /usr/src/sys/kern/kern_sysctl.c:79
#1 0xc01ef62c in sysctl_register_oid (oidp=0xc0333380)
at /usr/src/sys/kern/kern_sysctl.c:104
#2 0xc01efb70 in sysctl_register_all (arg=0x0)
at /usr/src/sys/kern/kern_sysctl.c:402
#3 0xc01cf7c5 in mi_startup () at /usr/src/sys/kern/init_main.c:208
(gdb)
Joe
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjzam3wACgkQXVIcjOaxUBbATwCcCnhxlYG9LPReKkfOW06J9J6S
Hl0AoLSSMHVf5sOcAjv9Xu+ai5ekR41K
=kHpK
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020509155333.GA442>