Date: Sun, 14 Jan 2007 11:26:38 +0300 From: Sergey Zaharchenko <doublef-ctm@yandex.ru> To: current@freebsd.org Subject: 0xdeadcode in dev2udev and ohci strangeness Message-ID: <20070114082638.GA1820@shark.localdomain>
next in thread | raw e-mail | index | archive | help
--dDRMvlgZJXvWKvBx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hello list,
Today while fooling around with some USB devices (recent GENERIC kernel
compiled with options USB_DEBUG; single-user mode; a Transcend USB
Flash, an Acorp card reader (umass) and a Prolific COM port (uplcom),
all plugged in/out randomly) and sysctls (hw.usb.debug=3D1,
hw.usb.(ohci|uhci|ehci|umass|uplcom).debug=3D1), I triggered the following
page fault (retyped from a camera shot) by a lowly `sysctl -a|grep usb':
Fatal trap 12: page fault while in kernel mode
cpuid =3D 0; apic i =3D 00
fault virtual address =3D 0xdeadc19e
fault code =3D supervisor read, page not present
instruction pointer =3D 0x20:0xc0676f25
stack pointer =3D 0x28:0xdd345aac
frame pointer =3D 0x28:0xdd345aac
code segment =3D base 0x0, limit 0xfffff, type 0x1b
=3D DPL 0, pres 1, def32 1, gran 1
processor eflags =3D interrupt enabled, resume, IOPL =3D 0
current process =3D 76 (sysctl)
[thread pid 76 tid 100042 ]
Stopped at dev2udev+0x11: movl 0xc0(%eax),%eax
db> bt
Tracing pid 76 tid 100042 td 0xc36bb000
dev2udev(c3790d00,88,0,0,0,...) at dev2udev+0x11
sysctl_kern_ttys(c09ebf80,0,0,dd345b98,c09ebf80,...) at sysctl_kern_ttys+0x=
ab
sysctl_root(0,dd345c18,2,dd345b98) at sysctl_root+0x12f
userland_sysctl(c36bb000,dd345c18,2,0,bfbfdbbc,0,0,0,dd345c14,c0a3c408,0,c0=
93c5c8,522) at userland_sysctl+0xf4
__sysctl(c36bb000,dd345d00) at __sysctl+0x77
syscall(dd345d38) at syscall+0x256
Xint0x80_syscall() at Xint0x80_syscall+0x20
--- syscall (-1077943200), eip =3D 0x2, esp =3D 0x296, ebp =3D 0xbfbfdbbc -=
--
sys/fs/devfs/devfs_vnops.c:
dev_t
dev2udev(struct cdev *x)
{
if (x =3D=3D NULL)
return (NODEV);
return (x->si_priv->cdp_inode); <-- dev2udev+0x11 is here
}
Looks like si_priv for a non-NULL x is 0xdeadcode somewhere...
I've also stumbled across a reproducible strange situation: after
plugging in and out the Prolific several times and leaving it out, the
kernel prints (with ohci.debug=3D1) this every second or so:
ohci_rhsc: sc=3D0xc369f000 xfer=3D0xc354c800 hstatus=3D0x00000000
ohci_rhsc: change=3D0x04
Is this normal? Should I ask on freebsd-usb@?
--=20
DoubleF
No virus detected in this message. Ehrm, wait a minute...
/kernel: pid 56921 (antivirus), uid 32000: exited on signal 9
Oh yes, no virus:)
--dDRMvlgZJXvWKvBx
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.1 (FreeBSD)
iD8DBQFFqek9wo7hT/9lVdwRAjSyAJ43zo4/pgWBQMXrLQrsBDPRBjkRVACdGSof
myGwB+gn1F0KLZXTomXPNLk=
=57Rq
-----END PGP SIGNATURE-----
--dDRMvlgZJXvWKvBx--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070114082638.GA1820>