From owner-cvs-all Thu May 9 8:54:11 2002 Delivered-To: cvs-all@freebsd.org Received: from tao.org.uk (genius.tao.org.uk [212.135.162.51]) by hub.freebsd.org (Postfix) with ESMTP id 1CA1337B401; Thu, 9 May 2002 08:53:55 -0700 (PDT) Received: by tao.org.uk (Postfix, from userid 100) id 57F2D207; Thu, 9 May 2002 16:53:33 +0100 (BST) Date: Thu, 9 May 2002 16:53:33 +0100 From: Josef Karthauser To: John Baldwin Cc: cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org Subject: Re: cvs commit: src/sys/dev/usb usb_port.h Message-ID: <20020509155333.GA442@genius.tao.org.uk> References: <20020509143357.GA428@genius.tao.org.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YZ5djTAD1cGYuMQK" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.28i Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --YZ5djTAD1cGYuMQK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, May 09, 2002 at 10:51:45AM -0400, John Baldwin wrote: > >> Hmm, if you could stick ddb in and get a backtrace and the actual error > >> message that would be nice. Easiest to do if you can get a serial con= sole > >> setup on the box. > >=20 > > Two different ones for you: > >=20 > > acpi0: on motherboard > > Timecounter "ACPI-safe" frequency 3579545 Hz > > free(9)'ing unaligned pointer 0xce4eb0d3 > > Debugger("Don't do that...") > > Stopped at Debugger+0x41: xorl %eax,%eax > > db> reset >=20 > Please get a trace of this one next time if you can. Sorry; I thought I'd removed that one. I booted on the wrong kernel by accident. Phk and Jeff fixed that one I believe. =20 > > Timecounter "ACPI-safe" frequency 3579545 Hz > > acpi_cpu0: on acpi0 > > acpi_tz0: on acpi0 > >=20 > >=20 > > Fatal trap 12: page fault while in kernel mode > > fault virtual address =3D 0x99 > > fault code =3D supervisor read, page not present > > instruction pointer =3D 0x8:0xc01e2b8f > > stack pointer =3D 0x10:0xc04eeb48 > > frame pointer =3D 0x10:0xc04eeb50 > > code segment =3D base 0x0, limit 0xfffff, type 0x1b > > =3D DPL 0, pres 1, def32 1, gran 1 > > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > > current process =3D 0 (swapper) > > kernel: type 12 trap, code=3D0 > > Stopped at _mtx_lock_sleep+0x11b: movb 0x79(%edx),%al > > db> trace > > _mtx_lock_sleep(c082ace4,0,c031d431,65e) at _mtx_lock_sleep+0x11b > > _mtx_lock_flags(c082ace4,0,c031d431,65e,ce4eef6c) at _mtx_lock_flag= s+0x39 > > uma_zfree_arg(c082ac00,ce4eef6c,ce4eef6c) at uma_zfree_arg+0x3e > > free(ce4eef6c,c03534c0,c04eebe4,c0498342,ce4eef6c) at free+0xa7 > > freeenv(ce4eef6c,c04eec0c,d7c3e200,1,c04eec18) at freeenv+0x1a > > acpi_avoid(d7c113a8,34d,c04eec0c,0,d7c113a8) at acpi_avoid+0x9e >=20 > I'm guessing freeenv() is passing in a bogus address here. Yes, it is.= =20 > acpi_disabled() used to have the same bug but was fixed. Try this patch: >=20 > RCS file: /usr/cvs/src/sys/dev/acpica/acpi.c,v > retrieving revision 1.61 > diff -u -r1.61 acpi.c > --- acpi.c 24 Apr 2002 17:49:21 -0000 1.61 > +++ acpi.c 9 May 2002 14:47:45 -0000 > @@ -1556,16 +1556,17 @@ > int > acpi_avoid(ACPI_HANDLE handle) > { > - char *cp, *np; > + char *cp, *env, *np; > int len; > =20 > np =3D acpi_name(handle); > if (*np =3D=3D '\\') > np++; > - if ((cp =3D getenv("debug.acpi.avoid")) =3D=3D NULL) > + if ((env =3D getenv("debug.acpi.avoid")) =3D=3D NULL) > return(0); > =20 > /* scan the avoid list checking for a match */ > + cp =3D env; > for (;;) { > while ((*cp !=3D 0) && isspace(*cp)) > cp++; > @@ -1575,12 +1576,12 @@ > while ((cp[len] !=3D 0) && !isspace(cp[len])) > len++; > if (!strncmp(cp, np, len)) { > - freeenv(cp); > + freeenv(env); > return(1); > } > cp +=3D len; > } > - freeenv(cp); > + freeenv(env); > return(0); > } I've applied this, but of course it doesn't get that far yet because of below. > > Fatal trap 12: page fault while in kernel mode > > fault virtual address =3D 0x0 > > fault code =3D supervisor read, page not present > > instruction pointer =3D 0x8:0xc01ef5e3 > > stack pointer =3D 0x10:0xc04fbd54 > > frame pointer =3D 0x10:0xc04fbd5c > > code segment =3D base 0x0, limit 0xfffff, type 0x1b > > =3D DPL 0, pres 1, def32 1, gran 1 > > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > > current process =3D 0 () > > kernel: type 12 trap, code=3D0 > > Stopped at 0xc01ef5e3: movl 0(%eax),%ebx > > db> trace > > (null)(c02e50ce,0,c032aa3c,c032bb8c,c04fbd84) at 0xc01ef5e3 > > (null)(c0333380) at 0xc01ef62c > > (null)(0,4f8c00,4f8000,0,c0128e7c) at 0xc01efb70 > > (null)() at 0xc01cf7c5 > > (null)() at 0xc0128e7c > > db> >=20 > If you have kernel.debug lying around for this one, try using > addr2line (or gdb) to get the file and line of those addresses > in the backtrace. Probably just the first one is needed as this > is a simple NULL pointer dereference. Ok. Here's a trace from a remote debug: Program received signal SIGSEGV, Segmentation fault. sysctl_find_oidname (name=3D0xc02e50ce "ata_dma", list=3D0x0) at /usr/src/sys/kern/kern_sysctl.c:79 79 SLIST_FOREACH(oidp, list, oid_link) { (gdb) bt #0 sysctl_find_oidname (name=3D0xc02e50ce "ata_dma", list=3D0x0) at /usr/src/sys/kern/kern_sysctl.c:79 #1 0xc01ef62c in sysctl_register_oid (oidp=3D0xc0333380) at /usr/src/sys/kern/kern_sysctl.c:104 #2 0xc01efb70 in sysctl_register_all (arg=3D0x0) at /usr/src/sys/kern/kern_sysctl.c:402 #3 0xc01cf7c5 in mi_startup () at /usr/src/sys/kern/init_main.c:208 (gdb) Joe --YZ5djTAD1cGYuMQK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjzam3wACgkQXVIcjOaxUBbATwCcCnhxlYG9LPReKkfOW06J9J6S Hl0AoLSSMHVf5sOcAjv9Xu+ai5ekR41K =kHpK -----END PGP SIGNATURE----- --YZ5djTAD1cGYuMQK-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message