boot panic on current(04.20)
Hans Petter Selasky
hselasky at c2i.net
Fri Apr 24 06:04:36 UTC 2009
On Friday 24 April 2009, wsk wrote:
> Hans Petter Selasky 写道:
> > On Thursday 23 April 2009, Gustau Perez wrote:
> >> Hans Petter Selasky wrote:
> >>> On Tuesday 21 April 2009, wsk wrote:
> >>>> lists
> >>>> boot panic on current(2009.04.20).it seems caused by usbus4
> >>>>
> >>>> Root mount waiting for: usbus4
> >>>> uhub4: 8 ports with 8 removable, self powered
> >>>> Root mount waiting for: usbus4
> >>>> ugen4.2: <NEC> at usbus4
> >>>> Fatal trap 12: page fault while in kernel mode
> >>>> cpuid = 0; apic id = 00
> >>>> fault virtual address = 0x0
> >>>> fault code = supervisor read, page not present
> >>>> instruction pointer = 0x20:0xc08ed3a3
> >>>> stack pointer = 0x28:0xe4c38b40
> >>>> frame pointer = 0x28:0xe4c38b44
> >>>> code segment = base 0x0, limit 0xfffff, type 0x1b
> >>>> = DPL 0,pres 1, def32 1, gran 1
> >>>> processor eflags = interrupt enabled, resume, IOPL = 0
> >>>> current process = 28 (usbus4)
> >>>> trap number = 12
> >>>> panic: page fault
> >>>> cpuid = 0
> >>>> uptime: 5s
> >>>> Cannot dump. Device not defined or unavailable.
> >>>
> >>> Can you compile a kernel with debugging and get a backtrace?
> >>
> >> I'm trying to get the dump saved to /var/crash but seems it is not
> >> working. As the crash happens before /etc/rc.d/dumpon executes, dumpon
> >> doesn't get executed,so dumpdev doesn't point to the place where to save
> >> the dump.
> >>
> >> I tried booting single user without loading both uhci and ehci. I
> >> booted fined. I tried launching swapon /dev/ad4s3b and /etc/rc.d/dumpon
> >> start. Looking at /dev/dumpdev it points to /dev/ad4s3b, fine. Compiled
> >> the kernel with ;
> >>
> >> # Debugging for use in -current
> >> options KDB # Enable kernel debugger support.
> >> options DDB # Support DDB.
> >>
> >> and changed sysctl kern.coredump=1.
> >>
> >> Loading uchi throws me to the debugger (ok, that's what I wanted),
> >> but the core is not saved to /dev/ad4s3b. Is there something I'm doing
> >> wrong ? Am I missing something ?
> >>
> >>> Is the panic reproducible?
> >>
> >> Yes it is. When uhci.ko is loaded is panics.
> >
> > If you type "bt" in the debugger, what are the USB functions being
> > called?
> >
> > --HPS
>
> Stopped at strcmp+0x23: movzbl 0(%ebx),%edx
> db>bt
> Tracing pid 28 tid 100054 td 0xc4d6c690
> strcmp(0,c0c0bded,2,c4d7cc00,e4c44ba8,...) at strcmp+0x23
> malloc_desc2type(c0c0bded,c0895b50,e4c44b78,a,e4c44bb4,...) at
> malloc_desc2type+0x24
> usb2_notify_addq(c0c2de6d,c4d7cef8,c4d7cf7e,c4a9ba10,2,...) at
> usb2_notify_addq+0x5d
> usb2_alloc_device(c4ca8a00,c4b32c50,c4d72400,1,6,...) at
> usb_alloc_device+0xce3
> uhub_explore(c4d72400,1,3,0,c4b32d84,...) at uhub_explore+0x50f
> usb2_bus_explore(c4b32d34,14,c0c35681,4d,0,...) at usb2_bus_explore+0xf9
> usb2_process(c4b32cd4,e4c44d38,0,0,0,...) at usb2_process+0xfc
> fork_exit(c07a5490,c4b32cd4,e4c44d38) at fork_exit+0x91
> fork_trampoline() at fork_trampoline+0x8
> --- trap 0, eip =0,esp =0xe4c44d70,ebp = 0 ---
>
The problem appears to be that there is a "struct malloc_type" ( See
MALLOC_DEFINE()) in the kernel having a NULL string. Please check the source
code.
And easy way to figure out the real problem is to add:
sys/kern/kern_malloc.c
malloc_init(void *data)
{
struct malloc_type_internal *mtip;
struct malloc_type *mtp;
KASSERT(cnt.v_page_count != 0, ("malloc_register before vm_init"));
mtp = data;
KASSERT(mtp->ks_magic == M_MAGIC,
("malloc_init: bad malloc type magic"));
+ KASSERT(mtp->ks_shortdesc != NULL,
+ ("malloc_init: bad short description"));
mtip = uma_zalloc(mt_zone, M_WAITOK | M_ZERO);
mtp->ks_handle = mtip;
mtx_lock(&malloc_mtx);
mtp->ks_next = kmemstatistics;
kmemstatistics = mtp;
kmemcount++;
mtx_unlock(&malloc_mtx);
}
--HPS
More information about the freebsd-current
mailing list