[haiku-bugs] Re: [Haiku] #7898: Executing install-wifi-firmwares.sh results in page fault

  • From: "bonefish" <trac@xxxxxxxxxxxx>
  • Date: Thu, 04 Aug 2011 15:22:42 -0000

#7898: Executing install-wifi-firmwares.sh results in page fault
-----------------------------+----------------------------
   Reporter:  taos           |      Owner:  axeld
       Type:  bug            |     Status:  new
   Priority:  normal         |  Milestone:  R1
  Component:  System/Kernel  |    Version:  R1/Development
 Resolution:                 |   Keywords:
 Blocked By:                 |   Blocking:
Has a Patch:  0              |   Platform:  All
-----------------------------+----------------------------

Comment (by bonefish):

 The `_user_get_team_info()` is unrelated. As can be seen in the stack
 trace, it just happens to be preempted by a hardware interrupt (vector
 42). The fault address is the eip, which is likely caused by a jump/return
 to not mapped or non-executable memory. The return case would likely be
 due to a stack corruption. The jump case could be bad function pointer or
 a virtual function call on an invalid/deleted object. I don't know what
 the script does, but if it causes a driver to be unloaded and that driver
 doesn't unregister its hardware interrupt callback, a call to already
 unmapped code would happen.

 I suppose the output of `ints` would be interesting. Furthermore, if this
 is a call of a bad/stale function pointer (the likely case IMO), the
 innermost function (i.e. the one doing the call) is not shown in the stack
 trace (since the called function is responsible for creating a stack frame
 referring back to the caller). The return address will be on the stack,
 though. It should be right after the topmost iframe, i.e. in the stack
 trace where it says "kernel iframe at ... (end = ...)", the end address
 should be the stack address at which the return is stored (in the case
 `0x81709d1c`). The return address can be read via `expr *0x81709d1c`.
 Passing the return address as an argument to `ls` will print the function
 it belongs to.

-- 
Ticket URL: <http://dev.haiku-os.org/ticket/7898#comment:3>
Haiku <http://dev.haiku-os.org>
Haiku - the operating system.

Other related posts:

  1. Home
  2. haiku-bugs
  3. Archive
  4. 08-2011