|
Description
|
Was testing a kernel built from OpenSolaris.org with some changes for a new module sharefs.
When I BFU'ed the system, which was running a non-debug kernel, it page faulted. The backtrace shows it to be down in the USB audio code in a ifdef DEBUG:
# mdb unix.0 vmcore.0
Loading modules: [ unix genunix specfs dtrace cpu.AuthenticAMD.15 uppc pcplusmp scsi_vhci ufs ip hook neti sctp arp usba uhci s1394 audiosup nca lofs md ]
> $c
vsnprintf+0xa3(0, 7fffffff, fffffffff811b300, ffffff00045c3758)
sprintf+0xb7()
usb_ac_setup_connections+0x450(fffffffedf45d580)
usb_ac_handle_descriptors+0x24e(fffffffedf45d580)
usb_ac_attach+0x266(fffffffec7b38800, 0)
devi_attach+0x87(fffffffec7b38800, 0)
attach_node+0x123(fffffffec7b38800)
i_ndi_config_node+0xd9(fffffffec7b38800, 6, 0)
i_ddi_attachchild+0x67(fffffffec7b38800)
devi_attach_node+0xcc(fffffffec7b38800, 4004048)
config_immediate_children+0xf2(fffffffec6324200, 4004048, ffffffffffffffff)
ndi_busop_bus_config+0xc5(fffffffec6324200, 4004048, 2, ffffffff, 0, 0)
usb_mid_bus_config+0xae(fffffffec6324200, 4004048, 2, ffffffff, 0)
devi_config_common+0x8d(fffffffec6324200, 4004048, ffffffff)
mt_config_thread+0x5c(fffffffedf046040)
thread_start+8()
usb_ac_setup_connections+0x420: call +0x38da15b <kmem_alloc>
usb_ac_setup_connections+0x425: movq %rax,%r12
usb_ac_setup_connections+0x428: movq 0x10(%r14),%rsi
usb_ac_setup_connections+0x42c:
leaq -0x37eff31b(%rip),%rdx <0xffffffffc0215cb8>
usb_ac_setup_connections+0x433: movl $0x1,%edi
usb_ac_setup_connections+0x438: xorl %eax,%eax
usb_ac_setup_connections+0x43a: call -0x5190cf <usb_dprintf3>
usb_ac_setup_connections+0x43f: leaq +0x631a(%rip),%rsi <0xfffffffff811b
300>
usb_ac_setup_connections+0x446: movq %r12,%rdi
usb_ac_setup_connections+0x449: xorl %eax,%eax
usb_ac_setup_connections+0x44b: call +0x3971cc0 <sprintf>
usb_ac_setup_connections+0x450: cmpl $0x1,0x1b8(%r14)
usb_ac_setup_connections+0x458: jbe +0x30 <usb_ac_setup_connections+0x48a>
usb_ac_setup_connections+0x45a: movl $0x5,%r15d
This roughly corresponds to:
#ifdef DEBUG
/* display topology in log buffer */
{
uint_t i, j, l;
char *buf;
l = uacp->usb_ac_max_unit * 5;
buf = kmem_alloc(l, KM_SLEEP);
USB_DPRINTF_L3(PRINT_MASK_ATTA, uacp->usb_ac_log_handle,
"unit types:");
/* two strings so they won't be replaced accidentily by tab */
(void) sprintf(&buf[0], " "" ");
for (i = 1; i < uacp->usb_ac_max_unit; i++) {
(void) sprintf(&buf[2 + (i*3)], "%02d ", i);
}
USB_DPRINTF_L3(PRINT_MASK_ATTA, uacp->usb_ac_log_handle, buf);
My guess is that the math is off.
I can provide the source and core if needed.
|
