0xdeadcode in dev2udev and ohci strangeness

From: Sergey Zaharchenko <doublef-ctm_at_yandex.ru>
Date: Sun, 14 Jan 2007 11:26:38 +0300
Hello list,

Today while fooling around with some USB devices (recent GENERIC kernel
compiled with options USB_DEBUG; single-user mode; a Transcend USB
Flash, an Acorp card reader (umass) and a Prolific COM port (uplcom),
all plugged in/out randomly) and sysctls (hw.usb.debug=1,
hw.usb.(ohci|uhci|ehci|umass|uplcom).debug=1), I triggered the following
page fault (retyped from a camera shot) by a lowly `sysctl -a|grep usb':

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic i = 00
fault virtual address   = 0xdeadc19e
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc0676f25
stack pointer           = 0x28:0xdd345aac
frame pointer           = 0x28:0xdd345aac
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 76 (sysctl)
[thread pid 76 tid 100042 ]
Stopped at      dev2udev+0x11:  movl 0xc0(%eax),%eax
db> bt
Tracing pid 76 tid 100042 td 0xc36bb000
dev2udev(c3790d00,88,0,0,0,...) at dev2udev+0x11
sysctl_kern_ttys(c09ebf80,0,0,dd345b98,c09ebf80,...) at sysctl_kern_ttys+0xab
sysctl_root(0,dd345c18,2,dd345b98) at sysctl_root+0x12f
userland_sysctl(c36bb000,dd345c18,2,0,bfbfdbbc,0,0,0,dd345c14,c0a3c408,0,c093c5c8,522) at userland_sysctl+0xf4
__sysctl(c36bb000,dd345d00) at __sysctl+0x77
syscall(dd345d38) at syscall+0x256
Xint0x80_syscall() at Xint0x80_syscall+0x20
--- syscall (-1077943200), eip = 0x2, esp = 0x296, ebp = 0xbfbfdbbc ---

sys/fs/devfs/devfs_vnops.c:

dev_t
dev2udev(struct cdev *x)
{
        if (x == NULL)
                return (NODEV);
        return (x->si_priv->cdp_inode); <-- dev2udev+0x11 is here
}

Looks like si_priv for a non-NULL x is 0xdeadcode somewhere...

I've also stumbled across a reproducible strange situation: after
plugging in and out the Prolific several times and leaving it out, the
kernel prints (with ohci.debug=1) this every second or so:

ohci_rhsc: sc=0xc369f000 xfer=0xc354c800 hstatus=0x00000000
ohci_rhsc: change=0x04

Is this normal? Should I ask on freebsd-usb_at_?

-- 
DoubleF
No virus detected in this message. Ehrm, wait a minute...
/kernel: pid 56921 (antivirus), uid 32000: exited on signal 9
Oh yes, no virus:)
Received on Sun Jan 14 2007 - 07:26:43 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:04 UTC