kern/58139: -CURRENT panics on Thinkpad A31p while configuring
fxp0 or wi0 interface
Daniel Lang
dl at leo.org
Mon Nov 10 14:40:18 PST 2003
The following reply was made to PR kern/58139; it has been noted by GNATS.
From: Daniel Lang <dl at leo.org>
To: freebsd-gnats-submit at FreeBSD.org
Cc: dl at leo.org
Subject: Re: kern/58139: -CURRENT panics on Thinkpad A31p while configuring fxp0 or wi0 interface
Date: Mon, 10 Nov 2003 23:30:53 +0100
--CE+1k2dSO48ffgeK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
For sake of completeness, I include more email
exchange to the audit trail, as well as some
information requested by John Baldwin
--
IRCnet: Mr-Spock - Work is for people, who don't surf -
Daniel Lang * dl at leo.org * +49 89 289 18532 * http://www.leo.org/~dl/
--CE+1k2dSO48ffgeK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=crashmails
[..]
I have digged a bit further, but cannot find the integer
divide fault, possibly due to the fact, that exca_mem_getb
and exca_getb are inline functions.
I have the structs available but now I'm stuck, since I don't know
what values of a (struct cbb_softc*) and a (struct exca_softc*)
within are sensible and which could point to a problem.
I stumbled across your comment in dev/pccbb/pccbb.c:cbb_intr()
about the "old ExCA register for card status change".
Maybe this additional poll could cause the problems?
On the other hand, I also had a crash in exca_putb(), so
it seems the problem is near that thing, but not quite.
[..]
> a boot -v dmesg output would be good too.
[..]
Attached to this mail. I included a pciconf -v -l as well.
I also tried your recent fix regarding MP_SAFE. It did not
help (probably expected on a non-SMP system?).
Some more information: Sometimes it panics during boot.
During the probe of the wi0 interface, but this only seems to happen
after I crashed the box ifconfig'in wi0 the session before.
Some garbage left in some registers there?
And today it happened twice that it resetted (no panic) close
to the end of the kernel probe/boot stage with a message like:
cbb0: unsupported device detected
I don't know the exact message, since it resettet, the screen went blank
right after it happened. This did not happen before... :-/
(No changes to the system, your patch went in after this happened).
[ dmesg -v omitted, since it's already included in the PR]
agp0 at pci0:0:0: class=0x060000 card=0x00000000 chip=0x1a308086 rev=0x04 hdr=0x00
vendor = 'Intel Corporation'
device = '82845/E/MP/MZ Brookdale CPU to I/O Bridge'
class = bridge
subclass = HOST-PCI
pcib1 at pci0:1:0: class=0x060400 card=0x00000000 chip=0x1a318086 rev=0x04 hdr=0x01
vendor = 'Intel Corporation'
device = '82845/E/MP/MZ Brookdale CPU to AGP Bridge'
class = bridge
subclass = PCI-PCI
uhci0 at pci0:29:0: class=0x0c0300 card=0x02201014 chip=0x24828086 rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
device = '82801CA/CAM (ICH3-S/ICH3-M) USB Controller #1'
class = serial bus
subclass = USB
uhci1 at pci0:29:1: class=0x0c0300 card=0x02201014 chip=0x24848086 rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
device = '82801CA/CAM (ICH3-S/ICH3-M) USB Controller #2'
class = serial bus
subclass = USB
uhci2 at pci0:29:2: class=0x0c0300 card=0x02201014 chip=0x24878086 rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
device = '82801CA/CAM (ICH3-S/ICH3-M) USB Controller #3'
class = serial bus
subclass = USB
pcib2 at pci0:30:0: class=0x060400 card=0x00000000 chip=0x24488086 rev=0x42 hdr=0x01
vendor = 'Intel Corporation'
device = '82801BAM/CAM (ICH2/3) PCI to I/O Hub Bridge (2448)'
class = bridge
subclass = PCI-PCI
isab0 at pci0:31:0: class=0x060100 card=0x00000000 chip=0x248c8086 rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
device = '82801CAM LPC Interface or ISA bridge: see Notes'
class = bridge
subclass = PCI-ISA
atapci0 at pci0:31:1: class=0x01018a card=0x02201014 chip=0x248a8086 rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
device = '82801CAM (ICH3-M) UltraATA/100 EIDE Controller'
class = mass storage
subclass = ATA
none0 at pci0:31:3: class=0x0c0500 card=0x02201014 chip=0x24838086 rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
device = '82801CA/CAM (ICH3-S/ICH3-M) SMBus Controller'
class = serial bus
subclass = SMBus
none1 at pci0:31:5: class=0x040100 card=0x05081014 chip=0x24858086 rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
device = '82801CA/CAM (ICH3-S/ICH3-M) AC'97 Audio Controller'
class = multimedia
subclass = audio
none2 at pci0:31:6: class=0x070300 card=0x02271014 chip=0x24868086 rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
device = '82801CA/CAM (ICH3-S/ICH3-M) AC'97 Modem Controller'
class = simple comms
none3 at pci1:0:0: class=0x030000 card=0x05181014 chip=0x4c581002 rev=0x00 hdr=0x00
vendor = 'ATI Technologies'
device = 'FireGL Mobility'
class = display
subclass = VGA
cbb0 at pci2:0:0: class=0x060700 card=0x01851014 chip=0x04761180 rev=0xa8 hdr=0x02
vendor = 'Communication Automation Corporation'
device = 'RL5C476 II CardBus controller'
class = bridge
subclass = PCI-CardBus
cbb1 at pci2:0:1: class=0x060700 card=0x01851014 chip=0x04761180 rev=0xa8 hdr=0x02
vendor = 'Communication Automation Corporation'
device = 'RL5C476 II CardBus controller'
class = bridge
subclass = PCI-CardBus
none4 at pci2:0:2: class=0x0c0010 card=0x05111014 chip=0x05521180 rev=0x00 hdr=0x00
vendor = 'Communication Automation Corporation'
device = 'RL5c552 FireWire (IEEE1394) Controller. IBM A31p'
class = serial bus
subclass = FireWire
wi0 at pci2:2:0: class=0x028000 card=0x04061668 chip=0x38731260 rev=0x01 hdr=0x00
vendor = 'Intersil Americas Inc (Was: Harris Semiconductor)'
device = 'PRISM 2.5 802.11b 11Mbps Wireless Controller'
class = network
fxp0 at pci2:8:0: class=0x020000 card=0x02091014 chip=0x10318086 rev=0x42 hdr=0x00
vendor = 'Intel Corporation'
device = '82801CAM (ICH3) PRO/100 VE (LOM) Network Connection'
class = network
subclass = ethernet
[ The following is german conversation with Joerg Wunsch
Short summary in English:
The faulty instruction pointer is in cbb_intr(),
more precisely in exca_mem_getb() which is inlined
in cbb_intr().
The arguments to exca_mem_getb(), that is '*sc'
and 'reg' are therefore not available in this
context. However, I could trace *sc in the frame above,
and have examined it, which is documented earlier in
the PR. ]
Joerg Wunsch wrote on Fri, Oct 24, 2003 at 03:06:22PM +0200:
[..]
> =DCber nm -n /kernel solltest Du zumindest herausfinden k=F6nnen, in
> welcher Funktion die EIP-Adressen liegen, an denen es knallt.
cbb_intr()
Bei dem 2. crash im dem PR kommt das auch im Trace vor.
Im PR habe ich auch den 2. crash etwas analysiert und ausserdem
einen Link auf debug-kernel und core-file hinterlegt.
Dort schauts nun so aus, dass es zwar in cbb_intr kracht, aber
scheinbar der integeger divide fault wieder an einer anderen
Adresse passiert, naemlich in dem Fall in exca_mem_getb()
Das dumme ist (ist auch im PR dokumentiert), dass der Aufruf
in cbb_intr() an der Stelle:
[..]
131 static __inline uint8_t
132 exca_getb(struct exca_softc *sc, int reg)
133 {
134 return (sc->getb(sc, reg));
135 }
[..]
eine Inline-Funktion ist, und ich daher die Symbole nicht
hab. Also 'sc' und 'reg' is nicht.
Ok. Mal weiter sehen. Ich hab das Argument was cbb_intr kriegt,
dass muss vom Typ struct cbb_softc* sein.
Und aufgerufen wird: exca_getb(&sc->exca, EXCA_CSC)
mal kucken....
Ahja, struct cbb_softc und struct exca_softc sind natuerlich
Monster-Strukturen. Da hab ich nun keinen Schimmer, was
von den Attributen da welchen Wert haben muss. Immerhin
interessant ist der Comment in cbb_intr() ueber dem
Aufruf von exca_getb().
--CE+1k2dSO48ffgeK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="jhb.info"
Script started on Mon Nov 10 22:56:46 2003
laprbg8#
laprbg8# gdb -k kernel.debug vmcore.1
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: integer divide fault
panic messages:
---
Fatal trap 18: integer divide fault while in kernel mode
instruction pointer = 0x8:0xc0516ca8
stack pointer = 0x10:0xd77b1cb8
frame pointer = 0x10:0xd77b1cb8
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, IOPL = 0
current process = 25 (irq11: cbb0 cbb1+++)
trap number = 18
panic: integer divide fault
[..]
---
Reading symbols from /usr/obj/usr/src/sys/BATLETH/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done.
Loaded symbols for /usr/obj/usr/src/sys/BATLETH/modules/usr/src/sys/modules/acpi/acpi.ko.debug
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
240 dumping++;
(kgdb) l 0xc0516ca8
Function "0xc0516ca8" not defined.
(kgdb) x 0xc0516ca8
0xc0516ca8 <exca_mem_getb+40>: 0x0fc0b60f
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: integer divide fault
panic messages:
---
Fatal trap 18: integer divide fault while in kernel mode
instruction pointer = 0x8:0xc0580cd2
stack pointer = 0x10:0xd77b1cc0
frame pointer = 0x10:0xd77b1ce0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, IOPL = 0
current process = 25 (irq11: cbb0 cbb1+++)
trap number = 18
panic: integer divide fault
[..]
---
Reading symbols from /usr/obj/usr/src/sys/BATLETH/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done.
Loaded symbols for /usr/obj/usr/src/sys/BATLETH/modules/usr/src/sys/modules/acpi/acpi.ko.debug
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
240 dumping++;
(kgdb) l 0xc0580cd2
Function "0xc0580cd2" not defined.
(kgdb) x 0xc0580cd2
0xc0580cd2 <cbb_intr+34>: 0xc085c689
(kgdb) l cbb_intr
warning: Source file is more recent than executable.
1104 /* Interrupt Handler */
1105 /************************************************************************/
1106
1107 static void
1108 cbb_intr(void *arg)
1109 {
1110 struct cbb_softc *sc = arg;
1111 uint32_t sockevent;
1112 struct cbb_intrhand *ih;
1113
--CE+1k2dSO48ffgeK--
More information about the freebsd-bugs
mailing list