NetBSD Problem Report #46884

From www@NetBSD.org  Fri Aug 31 09:43:40 2012
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	by www.NetBSD.org (Postfix) with ESMTP id 1885063B8E6
	for <gnats-bugs@gnats.NetBSD.org>; Fri, 31 Aug 2012 09:43:40 +0000 (UTC)
Message-Id: <20120831094339.0550F63B86D@www.NetBSD.org>
Date: Fri, 31 Aug 2012 09:43:38 +0000 (UTC)
From: rodo@bloerp.de
Reply-To: rodo@bloerp.de
To: gnats-bugs@NetBSD.org
Subject: Compaq Armada E500 not booting 6.0 RC1
X-Send-Pr-Version: www-1.0

>Number:         46884
>Category:       port-i386
>Synopsis:       Compaq Armada E500 not booting 6.0 RC1
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-i386-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Aug 31 09:45:00 +0000 2012
>Last-Modified:  Sun May 07 02:15:00 +0000 2017
>Originator:     Robert Doerfler
>Release:        6.0 RC 1
>Organization:
>Environment:
>Description:
Compaq Armada E500 stops booting with:

esm0: ac97: ext id 0x8080(SECONDARY,SDAC)
uvm_fault(0xc0c8d960, 0x4000, 1) -> 0xe
fatal page fault in supervisor mode
trag type 6 code 0 eip c077efb3 cs 8 eflags 10282 cr2 4b26 ilevel 8
kernel: supervisor trag page fault, code=0
Stopped in pid 0.1 (system) at  netbsd:config_cf_driver_lookup+0x1e:  cmpb%
dl,0(%eax)


( old dmesg of 5.1.2 -> http://www.bloerp.de/temp/dmesg.armada.txt )

>How-To-Repeat:
Booting again ;)
>Fix:

>Audit-Trail:
From: Jeff Rizzo <riz@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc: rodo@bloerp.de, port-i386-maintainer@netbsd.org, 
 netbsd-bugs@netbsd.org
Subject: Re: port-i386/46884: Compaq Armada E500 not booting 6.0 RC1
Date: Sat, 01 Sep 2012 09:34:10 -0700

 On 8/31/12 2:45 AM, rodo@bloerp.de wrote:
 >> Number:         46884
 >> Category:       port-i386
 >> Synopsis:       Compaq Armada E500 not booting 6.0 RC1
 >>
 > Compaq Armada E500 stops booting with:
 >
 > esm0: ac97: ext id 0x8080(SECONDARY,SDAC)
 > uvm_fault(0xc0c8d960, 0x4000, 1) -> 0xe
 > fatal page fault in supervisor mode
 > trag type 6 code 0 eip c077efb3 cs 8 eflags 10282 cr2 4b26 ilevel 8
 > kernel: supervisor trag page fault, code=0
 > Stopped in pid 0.1 (system) at  netbsd:config_cf_driver_lookup+0x1e:  cmpb%
 > dl,0(%eax)
 >
 >
 > ( old dmesg of 5.1.2 -> http://www.bloerp.de/temp/dmesg.armada.txt )
 >
 >

 Can you try disabling the esm(4) driver with userconf and booting 
 again?  I want to narrow down the crash before I start looking.

  From the boot prompt, type "boot -c" to enter userconf, then "disable 
 esm" and "quit" to boot without esm(4) support, and let us know what 
 happens.

 Thanks!

From: Robert Doerfler <rodo@bloerp.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: port-i386/46884: Compaq Armada E500 not booting 6.0 RC1
Date: Tue, 4 Sep 2012 12:00:27 +0200

 Hi,

 * Jeff Rizzo <riz@netbsd.org> [120901 18:35]:
 > The following reply was made to PR port-i386/46884; it has been noted by GNATS.
 > 
 > From: Jeff Rizzo <riz@netbsd.org>
 > To: gnats-bugs@NetBSD.org
 > Cc: rodo@bloerp.de, port-i386-maintainer@netbsd.org, 
 >  netbsd-bugs@netbsd.org
 > Subject: Re: port-i386/46884: Compaq Armada E500 not booting 6.0 RC1
 > Date: Sat, 01 Sep 2012 09:34:10 -0700
 > 
 >  On 8/31/12 2:45 AM, rodo@bloerp.de wrote:
 >  >> Number:         46884
 >  >> Category:       port-i386
 >  >> Synopsis:       Compaq Armada E500 not booting 6.0 RC1
 >  >>
 >  > Compaq Armada E500 stops booting with:
 >  >
 >  > esm0: ac97: ext id 0x8080(SECONDARY,SDAC)
 >  > uvm_fault(0xc0c8d960, 0x4000, 1) -> 0xe
 >  > fatal page fault in supervisor mode
 >  > trag type 6 code 0 eip c077efb3 cs 8 eflags 10282 cr2 4b26 ilevel 8
 >  > kernel: supervisor trag page fault, code=0
 >  > Stopped in pid 0.1 (system) at  netbsd:config_cf_driver_lookup+0x1e:  cmpb%
 >  > dl,0(%eax)
 >  >
 >  >
 >  > ( old dmesg of 5.1.2 -> http://www.bloerp.de/temp/dmesg.armada.txt )
 >  >
 >  >
 >  
 >  Can you try disabling the esm(4) driver with userconf and booting 
 >  again?  I want to narrow down the crash before I start looking.
 >  
 >   From the boot prompt, type "boot -c" to enter userconf, then "disable 
 >  esm" and "quit" to boot without esm(4) support, and let us know what 
 >  happens.

 It works without esm.

From: Jeff Rizzo <riz@boogers.sf.ca.us>
To: gnats-bugs@NetBSD.org
Cc: Robert Doerfler <rodo@bloerp.de>, port-i386-maintainer@netbsd.org, 
 netbsd-bugs@netbsd.org
Subject: Re: port-i386/46884: Compaq Armada E500 not booting 6.0 RC1
Date: Tue, 04 Sep 2012 12:24:29 -0700

 On 9/4/12 3:05 AM, Robert Doerfler wrote:
 >   
 >   It works without esm.
 >   

 OK, great - I should have asked this before, but can you please append a 
 backtrace?  When it crashes, at the db> prompt, type "bt" and copy the 
 list of function names.  A photo of the screen would work in a pinch if 
 you can't easily copy it.

 +j

From: matthew green <mrg@eterna.com.au>
To: gnats-bugs@NetBSD.org
Cc: port-i386-maintainer@netbsd.org, gnats-admin@netbsd.org,
    netbsd-bugs@netbsd.org
Subject: re: port-i386/46884: Compaq Armada E500 not booting 6.0 RC1
Date: Wed, 05 Sep 2012 05:25:24 +1000

 > esm0: ac97: ext id 0x8080(SECONDARY,SDAC)
 > uvm_fault(0xc0c8d960, 0x4000, 1) -> 0xe
 > fatal page fault in supervisor mode
 > trag type 6 code 0 eip c077efb3 cs 8 eflags 10282 cr2 4b26 ilevel 8
 > kernel: supervisor trag page fault, code=0
 > Stopped in pid 0.1 (system) at  netbsd:config_cf_driver_lookup+0x1e:  cmpb%
 > dl,0(%eax)

 can you type "bt" here and reply with the result?  only the functions and
 their offsets are necessary.  thanks.


 .mrg.

From: Robert Doerfler <rodo@bloerp.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: port-i386/46884: Compaq Armada E500 not booting 6.0 RC1
Date: Wed, 5 Sep 2012 09:04:25 +0200

 Hi,

 * Jeff Rizzo <riz@boogers.sf.ca.us> [120904 21:25]:
 > The following reply was made to PR port-i386/46884; it has been noted by GNATS.
 > 
 > From: Jeff Rizzo <riz@boogers.sf.ca.us>
 > To: gnats-bugs@NetBSD.org
 > Cc: Robert Doerfler <rodo@bloerp.de>, port-i386-maintainer@netbsd.org, 
 >  netbsd-bugs@netbsd.org
 > Subject: Re: port-i386/46884: Compaq Armada E500 not booting 6.0 RC1
 > Date: Tue, 04 Sep 2012 12:24:29 -0700
 > 
 >  On 9/4/12 3:05 AM, Robert Doerfler wrote:
 >  >   
 >  >   It works without esm.
 >  >   
 >  
 >  OK, great - I should have asked this before, but can you please append a 
 >  backtrace?  When it crashes, at the db> prompt, type "bt" and copy the 
 >  list of function names.  A photo of the screen would work in a pinch if 
 >  you can't easily copy it.

 Ok, here they are. Sorry for the bad quality.

 http://www.bloerp.de/temp/netbsd/0.jpg
 http://www.bloerp.de/temp/netbsd/bt1.jpg
 http://www.bloerp.de/temp/netbsd/bt2.jpg
 http://www.bloerp.de/temp/netbsd/st.jpg


 Greetings,
 Robert

From: matthew green <mrg@eterna.com.au>
To: gnats-bugs@NetBSD.org
Cc: port-i386-maintainer@netbsd.org, gnats-admin@netbsd.org,
    netbsd-bugs@netbsd.org, rodo@bloerp.de
Subject: re: port-i386/46884: Compaq Armada E500 not booting 6.0 RC1
Date: Thu, 06 Sep 2012 05:42:00 +1000

 OK, so these show that:

 	config_cfdriver_lookup+0x1e
 	config_cfattach_lookup
 	config_match
 	config_search_loc
 	config_found_sm_loc
 	config_found
 	audio_attach_mi
 	esm_attach

 is the stack trace.  and this is the code and asm:

 struct cfdriver *
 config_cfdriver_lookup(const char *name)
 {
         struct cfdriver *cd;

         LIST_FOREACH(cd, &allcfdrivers, cd_list) {
                 if (STREQ(cd->cd_name, name))
                         return cd;
         }

         return NULL;
 }

 Dump of assembler code for function config_cfdriver_lookup:
    0xc077fbf5 <+0>:     push   %ebp
    0xc077fbf6 <+1>:     mov    %esp,%ebp
    0xc077fbf8 <+3>:     push   %edi
    0xc077fbf9 <+4>:     push   %esi
    0xc077fbfa <+5>:     push   %ebx
    0xc077fbfb <+6>:     sub    $0x1c,%esp
    0xc077fbfe <+9>:     mov    0x8(%ebp),%edi
    0xc077fc01 <+12>:    mov    0xc0c3ecd0,%ebx
    0xc077fc07 <+18>:    test   %ebx,%ebx
    0xc077fc09 <+20>:    je     0xc077fc2d <config_cfdriver_lookup+56>
    0xc077fc0b <+22>:    movzbl (%edi),%esi
    0xc077fc0e <+25>:    mov    0x10(%ebx),%eax
    0xc077fc11 <+28>:    mov    %esi,%edx
 >> 0xc077fc13 <+30>:    cmp    %dl,(%eax)                                
    0xc077fc15 <+32>:    jne    0xc077fc27 <config_cfdriver_lookup+50>
    0xc077fc17 <+34>:    mov    %edi,0x4(%esp)
    0xc077fc1b <+38>:    mov    %eax,(%esp)
    0xc077fc1e <+41>:    call   0xc0906af0 <strcmp>
    0xc077fc23 <+46>:    test   %eax,%eax
    0xc077fc25 <+48>:    je     0xc077fc2d <config_cfdriver_lookup+56>
    0xc077fc27 <+50>:    mov    (%ebx),%ebx
    0xc077fc29 <+52>:    test   %ebx,%ebx
    0xc077fc2b <+54>:    jne    0xc077fc0e <config_cfdriver_lookup+25>
    0xc077fc2d <+56>:    mov    %ebx,%eax
    0xc077fc2f <+58>:    add    $0x1c,%esp
    0xc077fc32 <+61>:    pop    %ebx
    0xc077fc33 <+62>:    pop    %esi
    0xc077fc34 <+63>:    pop    %edi
    0xc077fc35 <+64>:    pop    %ebp
    0xc077fc36 <+65>:    ret

 >> marks the faulting instruction.  so something is wrong with 
 the allcfdrivers list here, i think.  robo, can you run these
 command from the db> prompt:

 db> p $eax

 db> x 0xc0bc2bfd

 the STREQ() macro checks that the first char matches first, before
 calling strcmp() directly (side comment: this seems like a strange
 optimisation for autoconf code.)

 i'm not sure what is happening here, but the allcfdrivers list
 appears broken some how.  or perhaps a cfdriver entry.  i don't
 know autoconf code very well.


 .mrg.

From: Robert Doerfler <rodo@bloerp.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: port-i386/46884: Compaq Armada E500 not booting 6.0 RC1
Date: Thu, 6 Sep 2012 06:33:16 +0200

 * matthew green <mrg@eterna.com.au> [120905 21:45]:
 > The following reply was made to PR port-i386/46884; it has been noted by GNATS.
 > 
 > From: matthew green <mrg@eterna.com.au>
 > To: gnats-bugs@NetBSD.org
 > Cc: port-i386-maintainer@netbsd.org, gnats-admin@netbsd.org,
 >     netbsd-bugs@netbsd.org, rodo@bloerp.de
 > Subject: re: port-i386/46884: Compaq Armada E500 not booting 6.0 RC1
 > Date: Thu, 06 Sep 2012 05:42:00 +1000
 > 
 >  OK, so these show that:
 >  
 >  	config_cfdriver_lookup+0x1e
 >  	config_cfattach_lookup
 >  	config_match
 >  	config_search_loc
 >  	config_found_sm_loc
 >  	config_found
 >  	audio_attach_mi
 >  	esm_attach
 >  
 >  is the stack trace.  and this is the code and asm:
 >  
 >  struct cfdriver *
 >  config_cfdriver_lookup(const char *name)
 >  {
 >          struct cfdriver *cd;
 >  
 >          LIST_FOREACH(cd, &allcfdrivers, cd_list) {
 >                  if (STREQ(cd->cd_name, name))
 >                          return cd;
 >          }
 >  
 >          return NULL;
 >  }
 >  
 >  Dump of assembler code for function config_cfdriver_lookup:
 >     0xc077fbf5 <+0>:     push   %ebp
 >     0xc077fbf6 <+1>:     mov    %esp,%ebp
 >     0xc077fbf8 <+3>:     push   %edi
 >     0xc077fbf9 <+4>:     push   %esi
 >     0xc077fbfa <+5>:     push   %ebx
 >     0xc077fbfb <+6>:     sub    $0x1c,%esp
 >     0xc077fbfe <+9>:     mov    0x8(%ebp),%edi
 >     0xc077fc01 <+12>:    mov    0xc0c3ecd0,%ebx
 >     0xc077fc07 <+18>:    test   %ebx,%ebx
 >     0xc077fc09 <+20>:    je     0xc077fc2d <config_cfdriver_lookup+56>
 >     0xc077fc0b <+22>:    movzbl (%edi),%esi
 >     0xc077fc0e <+25>:    mov    0x10(%ebx),%eax
 >     0xc077fc11 <+28>:    mov    %esi,%edx
 >  >> 0xc077fc13 <+30>:    cmp    %dl,(%eax)                                
 >     0xc077fc15 <+32>:    jne    0xc077fc27 <config_cfdriver_lookup+50>
 >     0xc077fc17 <+34>:    mov    %edi,0x4(%esp)
 >     0xc077fc1b <+38>:    mov    %eax,(%esp)
 >     0xc077fc1e <+41>:    call   0xc0906af0 <strcmp>
 >     0xc077fc23 <+46>:    test   %eax,%eax
 >     0xc077fc25 <+48>:    je     0xc077fc2d <config_cfdriver_lookup+56>
 >     0xc077fc27 <+50>:    mov    (%ebx),%ebx
 >     0xc077fc29 <+52>:    test   %ebx,%ebx
 >     0xc077fc2b <+54>:    jne    0xc077fc0e <config_cfdriver_lookup+25>
 >     0xc077fc2d <+56>:    mov    %ebx,%eax
 >     0xc077fc2f <+58>:    add    $0x1c,%esp
 >     0xc077fc32 <+61>:    pop    %ebx
 >     0xc077fc33 <+62>:    pop    %esi
 >     0xc077fc34 <+63>:    pop    %edi
 >     0xc077fc35 <+64>:    pop    %ebp
 >     0xc077fc36 <+65>:    ret
 >  
 >  >> marks the faulting instruction.  so something is wrong with 
 >  the allcfdrivers list here, i think.  robo, can you run these
 >  command from the db> prompt:


 Sure, here they are:

 >  db> p $eax

 4b26


 >  db> x 0xc0bc2bfd

 netbsd:gcscide_cd+0x1d: e0c09082


 >  the STREQ() macro checks that the first char matches first, before
 >  calling strcmp() directly (side comment: this seems like a strange
 >  optimisation for autoconf code.)
 >  
 >  i'm not sure what is happening here, but the allcfdrivers list
 >  appears broken some how.  or perhaps a cfdriver entry.  i don't
 >  know autoconf code very well.

From: matthew green <mrg@eterna.com.au>
To: gnats-bugs@NetBSD.org
Cc: port-i386-maintainer@netbsd.org, gnats-admin@netbsd.org,
    netbsd-bugs@netbsd.org, rodo@bloerp.de
Subject: re: port-i386/46884: Compaq Armada E500 not booting 6.0 RC1
Date: Thu, 06 Sep 2012 15:58:26 +1000

 [ ... ]
 >  >     0xc077fc0b <+22>:    movzbl (%edi),%esi
 >  >     0xc077fc0e <+25>:    mov    0x10(%ebx),%eax
 >  >     0xc077fc11 <+28>:    mov    %esi,%edx
 >  >  >> 0xc077fc13 <+30>:    cmp    %dl,(%eax)                                
 >  >     0xc077fc15 <+32>:    jne    0xc077fc27 <config_cfdriver_lookup+50>
 >  >     0xc077fc17 <+34>:    mov    %edi,0x4(%esp)
 >  >     0xc077fc1b <+38>:    mov    %eax,(%esp)
 [ ... ]
 >  >  
 >  >  >> marks the faulting instruction.  so something is wrong with 
 >  >  the allcfdrivers list here, i think.  robo, can you run these
 >  >  command from the db> prompt:
 >    
 >  Sure, here they are:
 >  
 >  >  db> p $eax
 >  
 >  4b26

 so this explains the fault.  there's nothing mapped there.

 >  >  db> x 0xc0bc2bfd
 >  
 >  netbsd:gcscide_cd+0x1d: e0c09082

 FWIW, this number came from the screenshots.  eg:

 	db{0}> bt
 	config_cfdriver_lookup(c0bc2bfd, ...)

 this number seems corrupted.  gcscide_cd+0x1d is 1 byte after the
 start of gcscide_cd->cd_attrs.  it *should* be a pointer to the
 string "esm" i thought.  what does this print?

  db> x/s 0xc0bc2bfd

 i'd expect random garbage.  but not "esm".

 but i'm not really that great with i386 asm, nor autoconf... any
 one else have a clue here?

From: Robert Doerfler <rodo@bloerp.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: port-i386/46884: Compaq Armada E500 not booting 6.0 RC1
Date: Thu, 6 Sep 2012 08:26:53 +0200

 * matthew green <mrg@eterna.com.au> [120906 08:00]:
 > The following reply was made to PR port-i386/46884; it has been noted by GNATS.
 > 
 > From: matthew green <mrg@eterna.com.au>
 > To: gnats-bugs@NetBSD.org
 > Cc: port-i386-maintainer@netbsd.org, gnats-admin@netbsd.org,
 >     netbsd-bugs@netbsd.org, rodo@bloerp.de
 > Subject: re: port-i386/46884: Compaq Armada E500 not booting 6.0 RC1
 > Date: Thu, 06 Sep 2012 15:58:26 +1000
 > 
 >  [ ... ]
 >  >  >     0xc077fc0b <+22>:    movzbl (%edi),%esi
 >  >  >     0xc077fc0e <+25>:    mov    0x10(%ebx),%eax
 >  >  >     0xc077fc11 <+28>:    mov    %esi,%edx
 >  >  >  >> 0xc077fc13 <+30>:    cmp    %dl,(%eax)                                
 >  >  >     0xc077fc15 <+32>:    jne    0xc077fc27 <config_cfdriver_lookup+50>
 >  >  >     0xc077fc17 <+34>:    mov    %edi,0x4(%esp)
 >  >  >     0xc077fc1b <+38>:    mov    %eax,(%esp)
 >  [ ... ]
 >  >  >  
 >  >  >  >> marks the faulting instruction.  so something is wrong with 
 >  >  >  the allcfdrivers list here, i think.  robo, can you run these
 >  >  >  command from the db> prompt:
 >  >    
 >  >  Sure, here they are:
 >  >  
 >  >  >  db> p $eax
 >  >  
 >  >  4b26
 >  
 >  so this explains the fault.  there's nothing mapped there.
 >  
 >  >  >  db> x 0xc0bc2bfd
 >  >  
 >  >  netbsd:gcscide_cd+0x1d: e0c09082
 >  
 >  FWIW, this number came from the screenshots.  eg:
 >  
 >  	db{0}> bt
 >  	config_cfdriver_lookup(c0bc2bfd, ...)
 >  
 >  this number seems corrupted.  gcscide_cd+0x1d is 1 byte after the
 >  start of gcscide_cd->cd_attrs.  it *should* be a pointer to the
 >  string "esm" i thought.  what does this print?
 >  
 >   db> x/s 0xc0bc2bfd
 >  
 >  i'd expect random garbage.  but not "esm".
 >  
 >  but i'm not really that great with i386 asm, nor autoconf... any
 >  one else have a clue here?

 result:

 netbsd:gcscide_cd+0x1d: \202\220\300\340+\274\300 ,\274\300'\307\275\300


 Greetings,

 Robert

From: matthew green <mrg@eterna.com.au>
To: port-i386-maintainer@netbsd.org, gnats-admin@netbsd.org,
    netbsd-bugs@netbsd.org, rodo@bloerp.de, gnats-bugs@NetBSD.org
Cc: 
Subject: re: port-i386/46884: Compaq Armada E500 not booting 6.0 RC1
Date: Fri, 07 Sep 2012 13:43:03 +1000

 one other thing i notice about the esm(4) changes between
 netbsd-5 and netbsd-6 is that esm_attach() destroys mutuxes
 upon failure when it should leave that for detach (or let
 detach know not to do that.)


 .mrg.

From: Kaz Blocks <kazbloxmc@gmail.com>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: port-i386/46884
Date: Sat, 6 May 2017 04:24:38 -0400

 --001a11492210a6afdc054ed6bc5c
 Content-Type: text/plain; charset=UTF-8

 I'm not the original poster, but hear me out.

 It's been close to 5 years already, and I'm still getting this exact bug on
 a Armada M300. This being that I was using NetBSD 7.1 with the INSTALL
 kernel.

 Nothing seems to have changed, and the pointers are still getting corrupt.
 Can someone please do a checkup on the esm driver?

 --001a11492210a6afdc054ed6bc5c
 Content-Type: text/html; charset=UTF-8
 Content-Transfer-Encoding: quoted-printable

 <div dir=3D"ltr">I&#39;m not the original poster, but hear me out.<br><br>I=
 t&#39;s been close to 5 years already, and I&#39;m still getting this exact=
  bug on a Armada M300. This being that I was using NetBSD 7.1 with the INST=
 ALL kernel.<br><br>Nothing seems to have changed, and the pointers are stil=
 l getting corrupt. Can someone please do a checkup on the esm driver?<br></=
 div>

 --001a11492210a6afdc054ed6bc5c--

From: Paul Goyette <paul@whooppee.com>
To: gnats-bugs@NetBSD.org
Cc: matthew green <mrg@eterna.com.au>
Subject: re: port-i386/46884: Compaq Armada E500 not booting 6.0 RC1
Date: Sun, 7 May 2017 10:11:22 +0800 (+08)

 > Dump of assembler code for function config_cfdriver_lookup:
 >     0xc077fbf5 <+0>:     push   %ebp
 >     0xc077fbf6 <+1>:     mov    %esp,%ebp
 >     0xc077fbf8 <+3>:     push   %edi
 >     0xc077fbf9 <+4>:     push   %esi
 >     0xc077fbfa <+5>:     push   %ebx
 >     0xc077fbfb <+6>:     sub    $0x1c,%esp
 >     0xc077fbfe <+9>:     mov    0x8(%ebp),%edi
 >     0xc077fc01 <+12>:    mov    0xc0c3ecd0,%ebx
 >     0xc077fc07 <+18>:    test   %ebx,%ebx
 >     0xc077fc09 <+20>:    je     0xc077fc2d <config_cfdriver_lookup+56>
 >     0xc077fc0b <+22>:    movzbl (%edi),%esi
 >     0xc077fc0e <+25>:    mov    0x10(%ebx),%eax
 >     0xc077fc11 <+28>:    mov    %esi,%edx
 >  >> 0xc077fc13 <+30>:    cmp    %dl,(%eax)
 >     0xc077fc15 <+32>:    jne    0xc077fc27 <config_cfdriver_lookup+50>
 >     0xc077fc17 <+34>:    mov    %edi,0x4(%esp)
 >     0xc077fc1b <+38>:    mov    %eax,(%esp)
 >     0xc077fc1e <+41>:    call   0xc0906af0 <strcmp>
 >     0xc077fc23 <+46>:    test   %eax,%eax
 >     0xc077fc25 <+48>:    je     0xc077fc2d <config_cfdriver_lookup+56>
 >     0xc077fc27 <+50>:    mov    (%ebx),%ebx
 >     0xc077fc29 <+52>:    test   %ebx,%ebx
 >     0xc077fc2b <+54>:    jne    0xc077fc0e <config_cfdriver_lookup+25>
 >     0xc077fc2d <+56>:    mov    %ebx,%eax
 >     0xc077fc2f <+58>:    add    $0x1c,%esp
 >     0xc077fc32 <+61>:    pop    %ebx
 >     0xc077fc33 <+62>:    pop    %esi
 >     0xc077fc34 <+63>:    pop    %edi
 >     0xc077fc35 <+64>:    pop    %ebp
 >     0xc077fc36 <+65>:    ret
 >
 > >> marks the faulting instruction.  so something is wrong with
 > the allcfdrivers list here, i think.   ...

 My understanding of the disassembly shows that the list is being
 traversed with the current entry pointed to by %ebx (see <+50> for
 the code that links to the next list entry).

 So, %eax would be the pointer to the name for which we are searching.

 So maybe something got corrupted in the new device's cf_data (from
 which config_match() obtains the new driver's name and passes it to
 config_cfattach_lookup()) ?



 +------------------+--------------------------+----------------------------+
 | Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:          |
 | (Retired)        | FA29 0E3B 35AF E8AE 6651 | paul at whooppee dot com   |
 | Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd dot org |
 +------------------+--------------------------+----------------------------+

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.