kern/58139: -CURRENT panics on Thinkpad A31p while configuring fxp0
or wi0 interface
Daniel at leo.org
Daniel at leo.org
Thu Oct 16 11:00:47 PDT 2003
>Number: 58139
>Category: kern
>Synopsis: -CURRENT panics on Thinkpad A31p while configuring fxp0 or wi0 interface
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Oct 16 11:00:24 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Daniel Lang
>Release: FreeBSD 5.1-CURRENT-20031015-JPSNAP
>Organization:
TU-Muenchen
>Environment:
FreeBSD laprbg8.informatik.tu-muenchen.de 5.1-CURRENT-20031015-JPSNAP FreeBSD 5.1-CURRENT-20031015-JPSNAP #0: Thu Oct 16 16:04:37 CEST 2003 root at laprbg8.informatik.tu-muenchen.de:/usr/obj/usr/src/sys/BATLETH i386
Copyright (c) 1992-2003 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 5.1-CURRENT-20031015-JPSNAP #0: Thu Oct 16 16:04:37 CEST 2003
root at laprbg8.informatik.tu-muenchen.de:/usr/obj/usr/src/sys/BATLETH
Preloaded elf kernel "/boot/kernel/kernel" at 0xc0a4f000.
Preloaded elf module "/boot/kernel/acpi.ko" at 0xc0a4f26c.
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Mobile Intel(R) Pentium(R) 4 - M CPU 2.00GHz (1998.32-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0xf29 Stepping = 9
Features=0xbfebf9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
real memory = 536281088 (511 MB)
avail memory = 511238144 (487 MB)
Pentium Pro MTRR support enabled
npx0: [FAST]
npx0: <math processor> on motherboard
npx0: INT 16 interface
acpi0: <IBM TP-1N > on motherboard
acpi_ec0: <Embedded Controller: ECDT, GPE 0x1c, GLK> port 0x66,0x62 on acpi0
pcibios: BIOS version 2.10
Using $PIR table, 14 entries at 0xc00fdeb0
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0
acpi_cpu0: <CPU> on acpi0
acpi_tz0: <Thermal Zone> on acpi0
acpi_lid0: <Control Method Lid Switch> on acpi0
acpi_button0: <Sleep Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib0: slot 29 INTA is routed to irq 11
pcib0: slot 29 INTB is routed to irq 11
pcib0: slot 29 INTC is routed to irq 11
pcib0: slot 31 INTB is routed to irq 11
pcib0: slot 31 INTB is routed to irq 11
pcib0: slot 31 INTB is routed to irq 11
agp0: <Intel 82845 host to AGP bridge> mem 0xe0000000-0xe3ffffff at device 0.0 on pci0
pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0
pci1: <ACPI PCI bus> on pcib1
pcib1: slot 0 INTA is routed to irq 11
pci1: <display, VGA> at device 0.0 (no driver attached)
uhci0: <Intel 82801CA/CAM (ICH3) USB controller USB-A> port 0x1800-0x181f irq 11 at device 29.0 on pci0
usb0: <Intel 82801CA/CAM (ICH3) USB controller USB-A> on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1: <Intel 82801CA/CAM (ICH3) USB controller USB-B> port 0x1820-0x183f irq 11 at device 29.1 on pci0
usb1: <Intel 82801CA/CAM (ICH3) USB controller USB-B> on uhci1
usb1: USB revision 1.0
uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2: <Intel 82801CA/CAM (ICH3) USB controller USB-C> port 0x1840-0x185f irq 11 at device 29.2 on pci0
usb2: <Intel 82801CA/CAM (ICH3) USB controller USB-C> on uhci2
usb2: USB revision 1.0
uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
pcib2: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci2: <ACPI PCI bus> on pcib2
pcib2: slot 0 INTA is routed to irq 11
pcib2: slot 0 INTB is routed to irq 11
pcib2: slot 0 INTC is routed to irq 11
pcib2: slot 2 INTA is routed to irq 11
pcib2: slot 8 INTA is routed to irq 11
cbb0: <RF5C476 PCI-CardBus Bridge> mem 0x50000000-0x50000fff irq 11 at device 0.0 on pci2
cardbus0: <CardBus bus> on cbb0
pccard0: <16-bit PCCard bus> on cbb0
cbb0: [MPSAFE]
cbb1: <RF5C476 PCI-CardBus Bridge> mem 0x50100000-0x50100fff irq 11 at device 0.1 on pci2
cbb1: failed to enable memory mapping!
cardbus1: <CardBus bus> on cbb1
pccard1: <16-bit PCCard bus> on cbb1
cbb1: [MPSAFE]
fwohci0: <Ricoh R5C552> mem 0xd0201000-0xd02017ff irq 11 at device 0.2 on pci2
fwohci0: [MPSAFE]
fwohci0: OHCI version 0.8 (ROM=0)
fwohci0: invalid OHCI version
fwohci0: FireWire init failed
device_probe_and_attach: fwohci0 attach returned 5
wi0: <Intersil Prism2.5> mem 0xf8000000-0xf8000fff irq 11 at device 2.0 on pci2
wi0: 802.11 address: 00:20:e0:4d:08:b5
wi0: using RF:PRISM2.5 MAC:ISL3874A(Mini-PCI)
wi0: Intersil Firmware: Primary (1.1.0), Station (1.4.2)
wi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
fxp0: <Intel 82801CAM (ICH3) Pro/100 VE Ethernet> port 0x8000-0x803f mem 0xd0200000-0xd0200fff irq 11 at device 8.0 on pci2
fxp0: Ethernet address 00:02:8a:a5:3e:f2
miibus0: <MII bus> on fxp0
inphy0: <i82562ET 10/100 media interface> on miibus0
inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel ICH3 UDMA100 controller> port 0x1860-0x186f,0x374-0x377,0x170-0x177,0x3f4-0x3f7,0x1f0-0x1f7 at device 31.1 on pci0
ata0: at 0x1f0 irq 14 on atapci0
ata0: [MPSAFE]
ata1: at 0x170 irq 15 on atapci0
ata1: [MPSAFE]
pci0: <serial bus, SMBus> at device 31.3 (no driver attached)
pci0: <multimedia, audio> at device 31.5 (no driver attached)
pci0: <simple comms> at device 31.6 (no driver attached)
atkbdc0: <Keyboard controller (i8042)> port 0x64,0x60 irq 1 on acpi0
atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
kbd0 at atkbd0
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: model Generic PS/2 mouse, device ID 0
fdc0: <Enhanced floppy controller (i82077, NE72065 or clone)> port 0x3f7,0x3f0-0x3f5 irq 6 drq 2 on acpi0
fdc0: FIFO enabled, 8 bytes threshold
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
sio0: configured irq 4 not in bitmap of probed irqs 0
sio0: port may not be enabled
sio0 port 0x3f8-0x3ff irq 4 on acpi0
sio0: type 8250 or not responding
ppc0 port 0x3bc-0x3c3 irq 7 on acpi0
ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode
ppbus0: <Parallel port bus> on ppc0
plip0: <PLIP network interface> on ppbus0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
acpi_cmbat0: <Control Method Battery> on acpi0
acpi_cmbat1: <Control Method Battery> on acpi0
acpi_acad0: <AC Adapter> on acpi0
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
orm0: <Option ROMs> at iomem 0xe0000-0xeffff,0xdc000-0xdffff,0xd1000-0xd1fff,0xd0000-0xd0fff,0xc0000-0xcffff on isa0
pmtimer0 on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 1998316340 Hz quality 800
Timecounters tick every 10.000 msec
acpi_cpu: throttling enabled, 8 steps (100% to 12.5%), currently 100.0%
cbb0: Unsupported card type detected
cbb1: Unsupported card type detected
GEOM: create disk ad0 dp=0xc48c3670
ad0: 76319MB <IC25N080ATMR04-0> [155061/16/63] at ata0-master UDMA100
acd0: CDRW <HL-DT-STCD-RW/DVD DRIVE GCC-4240N> at ata1-master PIO4
Mounting root from ufs:/dev/ad0s3a
>Description:
If I try to configure any of the on-board interfaces fxp0 or wi0
with an IP address (using DHCP or manually) I get a panic.
Setting wepmode and SSID ob the wi0 works without panic.
Both work if FreeBSD 4.9-RC2 is used.
I was able to get crashdumps and provide some data:
Crash-Dump analysis from the fxp0 crash follows:
----------------
Good dump found on device /dev/ad0s3b
Architecture: i386
Architecture version: 1
Dump length: 536281088B (511 MB)
Blocksize: 512
Dumptime: Thu Oct 16 16:30:24 2003
Hostname: laprbg8.informatik.tu-muenchen.de
Versionstring: FreeBSD 5.1-CURRENT-20031015-JPSNAP #0: Thu Oct 16 16:04:37 CEST 2003
root at laprbg8.informatik.tu-muenchen.de:/usr/obj/usr/src/sys/BATLETH
Panicstring: integer divide fault
Bounds: 0
Script started on Thu Oct 16 16:46:38 2003
laprbg8#
laprbg8# gdb -k /usr/obj/usr/src/sys/BATLETH/kernel.debug vmcore.0
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: integer divide fault
panic messages:
---
Fatal trap 18: integer divide fault while in kernel mode
instruction pointer = 0x8:0xc0580cd2
stack pointer = 0x10:0xd77b1cc0
frame pointer = 0x10:0xd77b1ce0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, IOPL = 0
current process = 25 (irq11: cbb0 cbb1+++)
trap number = 18
panic: integer divide fault
syncing disks, buffers remaining... 465 465 465 465 465 465 465 465 465 465 465 465 465 465 465 465 465 465 465 465
giving up on 367 buffers
Uptime: 3m25s
Dumping 511 MB
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496
---
Reading symbols from /usr/obj/usr/src/sys/BATLETH/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done.
Loaded symbols for /usr/obj/usr/src/sys/BATLETH/modules/usr/src/sys/modules/acpi/acpi.ko.debug
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
240 dumping++;
(kgdb) bt
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
#1 0xc0631802 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:372
#2 0xc0631b58 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
#3 0xc07cb9cc in trap_fatal (frame=0xd77b1c80, eva=0)
at /usr/src/sys/i386/i386/trap.c:820
#4 0xc07cb422 in trap (frame=
{tf_fs = -1043267560, tf_es = -997916656, tf_ds = -679804912, tf_edi = -1043225408, tf_esi = -997881600, tf_ebp = -679797536, tf_isp = -679797588, tf_ebx = -997736448, tf_edx = -593453056, tf_ecx = -593457152, tf_eax = -803205120, tf_trapno = 18, tf_err = 0, tf_eip = -1067971374, tf_cs = 8, tf_eflags = 514, tf_esp = -1043250684, tf_ss = 4}) at /usr/src/sys/i386/i386/trap.c:617
#5 0xc07bc128 in calltrap () at {standard input}:102
#6 0xc061e062 in ithread_loop (arg=0xc4858900)
at /usr/src/sys/kern/kern_intr.c:534
#7 0xc061d05f in fork_exit (callout=0xc061ded0 <ithread_loop>, arg=0x0,
frame=0x0) at /usr/src/sys/kern/kern_fork.c:796
(kgdb) up 6
#6 0xc061e062 in ithread_loop (arg=0xc4858900)
at /usr/src/sys/kern/kern_intr.c:534
534 ih->ih_handler(ih->ih_argument);
(kgdb) l
529 mtx_unlock(&ithd->it_lock);
530 goto restart;
531 }
532 if ((ih->ih_flags & IH_MPSAFE) == 0)
533 mtx_lock(&Giant);
534 ih->ih_handler(ih->ih_argument);
535 if ((ih->ih_flags & IH_MPSAFE) == 0)
536 mtx_unlock(&Giant);
537 }
538 }
(kgdb) p *ih
$1 = {ih_handler = 0xc485d600, ih_argument = 0xc485d600, ih_flags = 0,
ih_name = 0x0, ih_ithread = 0x0, ih_need = 0, ih_next = {tqe_next = 0x0,
tqe_prev = 0x0}, ih_pri = 0 '\0'}
(kgdb) p *ihup
No symbol "ihup" in current context.
(kgdb) up
#7 0xc061d05f in fork_exit (callout=0xc061ded0 <ithread_loop>, arg=0x0,
frame=0x0) at /usr/src/sys/kern/kern_fork.c:796
796 callout(arg, frame);
(kgdb) l
791 * cpu_set_fork_handler intercepts this function call to
792 * have this call a non-return function to stay in kernel mode.
793 * initproc has its own fork handler, but it does return.
794 */
795 KASSERT(callout != NULL, ("NULL callout in fork_exit"));
796 callout(arg, frame);
797
798 /*
799 * Check if a kernel thread misbehaved and returned from its main
800 * function.
(kgdb) p arg
$2 = (void *) 0x0
(kgdb) p frame
$3 = (struct trapframe *) 0x0
(kgdb) down
#6 0xc061e062 in ithread_loop (arg=0xc4858900)
at /usr/src/sys/kern/kern_intr.c:534
534 ih->ih_handler(ih->ih_argument);
(kgdb) l
529 mtx_unlock(&ithd->it_lock);
530 goto restart;
531 }
532 if ((ih->ih_flags & IH_MPSAFE) == 0)
533 mtx_lock(&Giant);
534 ih->ih_handler(ih->ih_argument);
535 if ((ih->ih_flags & IH_MPSAFE) == 0)
536 mtx_unlock(&Giant);
537 }
538 }
(kgdb) p arg
$4 = (void *) 0xc4858900
(kgdb)
$5 = (void *) 0xc4858900
(kgdb) p td
$6 = (struct thread *) 0xc1d1a4c0
(kgdb) p *td
$7 = {td_proc = 0xc48541e4, td_ksegrp = 0xc1d1d300, td_plist = {
tqe_next = 0x0, tqe_prev = 0xc48541f4}, td_kglist = {tqe_next = 0x0,
tqe_prev = 0xc1d1d31c}, td_slpq = {tqe_next = 0x0, tqe_prev = 0xc08ef158},
td_lockq = {tqe_next = 0x0, tqe_prev = 0x0}, td_runq = {tqe_next = 0x0,
tqe_prev = 0x0}, td_selq = {tqh_first = 0x0, tqh_last = 0x0},
td_flags = 65538, td_inhibitors = 0, td_pflags = 0,
td_last_kse = 0xc1d1b940, td_kse = 0xc1d1b940, td_dupfd = 0, td_wchan = 0x0,
td_wmesg = 0x0, td_lastcpu = 0 '\0', td_oncpu = 0 '\0', td_locks = 0,
td_blocked = 0x0, td_ithd = 0xc4858900, td_lockname = 0x0, td_contested = {
lh_first = 0x0}, td_sleeplocks = 0x0, td_intr_nesting_level = 0,
td_mailbox = 0x0, td_ucred = 0xc1d04e80, td_standin = 0x0, td_prticks = 0,
td_upcall = 0x0, td_sticks = 0, td_uuticks = 0, td_usticks = 0,
td_intrval = 0, td_oldsigmask = {__bits = {0, 0, 0, 0}}, td_sigmask = {
__bits = {0, 0, 0, 0}}, td_siglist = {__bits = {0, 0, 0, 0}},
td_waitset = 0x0, td_umtx = {tqe_next = 0x0, tqe_prev = 0x0},
td_generation = 11180, td_base_pri = 4 '\004', td_priority = 76 'L',
td_pcb = 0xd77b1da0, td_state = TDS_RUNNING, td_retval = {0, 0},
td_slpcallout = {c_links = {sle = {sle_next = 0xceb77088}, tqe = {
tqe_next = 0xceb77088, tqe_prev = 0xceb7f0f8}}, c_time = 20491,
c_arg = 0xc1d1a4c0, c_func = 0, c_flags = 8}, td_frame = 0xd77b1d48,
td_kstack_obj = 0xc1030534, td_kstack = 3615162368, td_kstack_pages = 2,
td_altkstack_obj = 0x0, td_altkstack = 0, td_altkstack_pages = 0,
td_critnest = 0, td_md = <incomplete type>, td_sched = 0xc1d1a5ec}
(kgdb) p *p
$8 = {p_list = {le_next = 0xc48543c8, le_prev = 0xc4854000}, p_ksegrps = {
tqh_first = 0xc1d1d300, tqh_last = 0xc1d1d304}, p_threads = {
tqh_first = 0xc1d1a4c0, tqh_last = 0xc1d1a4c8}, p_suspended = {
tqh_first = 0x0, tqh_last = 0xc48541fc}, p_ucred = 0xc1d04e80,
p_fd = 0xc4814a00, p_fdtol = 0x0, p_stats = 0xd89cb000,
p_limit = 0xc08e9ac0, p_upages_obj = 0xc1032e74, p_sigacts = 0xc483d000,
p_flag = 516, p_sflag = 1, p_state = PRS_NORMAL, p_pid = 25, p_hash = {
le_next = 0x0, le_prev = 0xc1ce3064}, p_pglist = {le_next = 0xc48543c8,
le_prev = 0xc4854054}, p_pptr = 0xc08e9400, p_sibling = {
le_next = 0xc48543c8, le_prev = 0xc4854060}, p_children = {
lh_first = 0x0}, p_mtx = {mtx_object = {lo_class = 0xc0884dcc,
lo_name = 0xc082f6b2 "process lock",
lo_type = 0xc082f6b2 "process lock", lo_flags = 4390912, lo_list = {
tqe_next = 0xc4854434, tqe_prev = 0xc485407c},
lo_witness = 0xc08f2040}, mtx_lock = 4, mtx_recurse = 0, mtx_blocked = {
tqh_first = 0x0, tqh_last = 0xc4854274}, mtx_contested = {le_next = 0x0,
le_prev = 0x0}}, p_oppid = 0, p_vmspace = 0xc08e9800, p_swtime = 192,
p_realtimer = {it_interval = {tv_sec = 0, tv_usec = 0}, it_value = {
tv_sec = 0, tv_usec = 0}}, p_runtime = {sec = 14,
frac = 17061346334720090368}, p_uu = 0, p_su = 0, p_iu = 0, p_uticks = 0,
p_sticks = 0, p_iticks = 10969, p_profthreads = 0, p_maxthrwaits = 0,
p_traceflag = 0, p_tracevp = 0x0, p_tracecred = 0x0, p_textvp = 0x0,
p_siglist = {__bits = {0, 0, 0, 0}}, p_lock = 1 '\001', p_klist = {
slh_first = 0x0}, p_sigiolst = {slh_first = 0x0}, p_sigparent = 20,
---Type <return> to continue, or q <return> to quit---
p_sig = 0, p_code = 0, p_stops = 0, p_stype = 0, p_step = 0 '\0',
p_pfsflags = 0 '\0', p_nlminfo = 0x0, p_aioinfo = 0x0, p_singlethread = 0x0,
p_suspcount = 0, p_sigstk = {ss_sp = 0x0, ss_size = 0, ss_flags = 0},
p_magic = 3203398350, p_comm = "irq11: cbb0 cbb1+++", p_pgrp = 0xc08e9980,
p_sysent = 0xc0880bc0, p_args = 0x0, p_cpulimit = 9223372036854775807,
p_xstat = 0, p_numthreads = 1, p_numksegrps = 1, p_md = {md_ldt = 0x0},
p_itcallout = {c_links = {sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0,
tqe_prev = 0x0}}, c_time = 0, c_arg = 0x0, c_func = 0, c_flags = 8},
p_uarea = 0xd89cb000, p_acflag = 1, p_ru = 0x0, p_peers = 0x0,
p_leader = 0xc48541e4, p_emuldata = 0x0, p_label = {l_flags = 0,
l_perpolicy = {{l_ptr = 0x0, l_long = 0}, {l_ptr = 0x0, l_long = 0}, {
l_ptr = 0x0, l_long = 0}, {l_ptr = 0x0, l_long = 0}}},
p_sched = 0xc48543c8}
(kgdb) p *ithd
$9 = {it_lock = {mtx_object = {lo_class = 0xc0884dcc,
lo_name = 0xc082dd86 "ithread", lo_type = 0xc082dd86 "ithread",
lo_flags = 196608, lo_list = {tqe_next = 0xc483daa8,
tqe_prev = 0xc4814444}, lo_witness = 0xc08f16e0}, mtx_lock = 4,
mtx_recurse = 0, mtx_blocked = {tqh_first = 0x0, tqh_last = 0xc4858924},
mtx_contested = {le_next = 0x0, le_prev = 0x0}}, it_td = 0xc1d1a4c0,
it_list = {le_next = 0x0, le_prev = 0x0}, it_handlers = {
tqh_first = 0xc481d480, tqh_last = 0xc4816158}, it_interrupted = 0x0,
it_disable = 0xc07cf4e0 <ithread_disable>,
it_enable = 0xc07cf470 <ithread_enable>, it_md = 0x0, it_flags = 0,
it_need = 0, it_vector = 11, it_name = "irq11:", '\0' <repeats 13 times>}
(kgdb) p ih->ih_flags
$10 = 0
(kgdb) p Giant
$11 = {mtx_object = {lo_class = 0xc0884dcc, lo_name = 0xc082f6a1 "Giant",
lo_type = 0xc082f6a1 "Giant", lo_flags = 720896, lo_list = {
tqe_next = 0xc08ecea0, tqe_prev = 0xc0888010}, lo_witness = 0xc08f2108},
mtx_lock = 4, mtx_recurse = 0, mtx_blocked = {tqh_first = 0x0,
tqh_last = 0xc08ecf04}, mtx_contested = {le_next = 0x0,
le_prev = 0xc4c419e8}}
(kgdb) quit
laprbg8# exit
Script done on Thu Oct 16 16:52:23 2003
==============================
Analysis of the wi0 crash follows:
-----------------------------------
Good dump found on device /dev/ad0s3b
Architecture: i386
Architecture version: 1
Dump length: 536281088B (511 MB)
Blocksize: 512
Dumptime: Thu Oct 16 18:44:49 2003
Hostname: laprbg8.informatik.tu-muenchen.de
Versionstring: FreeBSD 5.1-CURRENT-20031015-JPSNAP #0: Thu Oct 16 16:04:37 CEST 2003
root at laprbg8.informatik.tu-muenchen.de:/usr/obj/usr/src/sys/BATLETH
Panicstring: integer divide fault
Bounds: 1
Script started on Thu Oct 16 18:55:35 2003
laprbg8# gdb -k kernel.debug vmcore.1
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: integer divide fault
panic messages:
---
Fatal trap 18: integer divide fault while in kernel mode
instruction pointer = 0x8:0xc0516ca8
stack pointer = 0x10:0xd77b1cb8
frame pointer = 0x10:0xd77b1cb8
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, IOPL = 0
current process = 25 (irq11: cbb0 cbb1+++)
trap number = 18
panic: integer divide fault
syncing disks, buffers remaining... 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839
giving up on 55 buffers
Uptime: 31m18s
Dumping 511 MB
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496
---
Reading symbols from /usr/obj/usr/src/sys/BATLETH/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done.
Loaded symbols for /usr/obj/usr/src/sys/BATLETH/modules/usr/src/sys/modules/acpi/acpi.ko.debug
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
240 dumping++;
(kgdb) bt
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
#1 0xc0631802 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:372
#2 0xc0631b58 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
#3 0xc07cb9cc in trap_fatal (frame=0xd77b1c78, eva=0)
at /usr/src/sys/i386/i386/trap.c:820
#4 0xc07cb422 in trap (frame=
{tf_fs = -997785576, tf_es = -803209200, tf_ds = -679804912, tf_edi = -997736448, tf_esi = -803205120, tf_ebp = -679797576, tf_isp = -679797596, tf_ebx = -997736448, tf_edx = 2052, tf_ecx = -593453056, tf_eax = 4, tf_trapno = 18, tf_err = 0, tf_eip = -1068405592, tf_cs = 8, tf_eflags = 514, tf_esp = -679797536, tf_ss = -1067971052}) at /usr/src/sys/i386/i386/trap.c:617
#5 0xc07bc128 in calltrap () at {standard input}:102
#6 0xc0580e14 in cbb_intr (arg=0xc487c000)
at /usr/src/sys/dev/exca/excavar.h:134
#7 0xc061e062 in ithread_loop (arg=0xc4858900)
at /usr/src/sys/kern/kern_intr.c:534
#8 0xc061d05f in fork_exit (callout=0xc061ded0 <ithread_loop>, arg=0x0,
frame=0x0) at /usr/src/sys/kern/kern_fork.c:796
(kgdb) up 6
#6 0xc0580e14 in cbb_intr (arg=0xc487c000)
at /usr/src/sys/dev/exca/excavar.h:134
134 return (sc->getb(sc, reg));
(kgdb) l
129 int rid, struct resource *res);
130
131 static __inline uint8_t
132 exca_getb(struct exca_softc *sc, int reg)
133 {
134 return (sc->getb(sc, reg));
135 }
136
137 static __inline void
138 exca_putb(struct exca_softc *sc, int reg, uint8_t val)
(kgdb) p sc
$1 = (struct cbb_softc *) 0xc487c000
(kgdb) p *sc
$2 = {dev = 0xc485d600, exca = {dev = 0xc485d600, memalloc = 0, mem = {{
memt = 0, memh = 0, addr = 0, size = 0, realsize = 0, cardaddr = 0,
kind = 0}, {memt = 0, memh = 0, addr = 0, size = 0, realsize = 0,
cardaddr = 0, kind = 0}, {memt = 0, memh = 0, addr = 0, size = 0,
realsize = 0, cardaddr = 0, kind = 0}, {memt = 0, memh = 0, addr = 0,
size = 0, realsize = 0, cardaddr = 0, kind = 0}, {memt = 0, memh = 0,
addr = 0, size = 0, realsize = 0, cardaddr = 0, kind = 0}},
ioalloc = 0, io = {{iot = 0, ioh = 0, addr = 0, size = 0, flags = 0,
width = 0}, {iot = 0, ioh = 0, addr = 0, size = 0, flags = 0,
width = 0}}, bst = 1, bsh = 3701514240, flags = 2, offset = 2048,
chipset = 0, getb = 0xc0516c80 <exca_mem_getb>,
putb = 0xc0516cb0 <exca_mem_putb>, event_thread = 0x0, mtx = {
mtx_object = {lo_class = 0x0, lo_name = 0x0, lo_type = 0x0,
lo_flags = 0, lo_list = {tqe_next = 0x0, tqe_prev = 0x0},
lo_witness = 0x0}, mtx_lock = 0, mtx_recurse = 0, mtx_blocked = {
tqh_first = 0x0, tqh_last = 0x0}, mtx_contested = {le_next = 0x0,
le_prev = 0x0}}, cv = {cv_waitq = {tqh_first = 0x0, tqh_last = 0x0},
cv_mtx = 0x0, cv_description = 0x0}, pccarddev = 0xc4881900},
base_res = 0xc481d200, irq_res = 0xc481a480, intrhand = 0xc4816d80, bst = 1,
bsh = 3701514240, secbus = 1 '\001', subbus = 1 '\001', mtx = {mtx_object = {
lo_class = 0xc0884dcc, lo_name = 0xc4853e70 "cbb1",
lo_type = 0xc080dcf4 "cbb", lo_flags = 196608, lo_list = {
tqe_next = 0xc4879aa8, tqe_prev = 0xc484e644},
lo_witness = 0xc08f1410}, mtx_lock = 4, mtx_recurse = 0, mtx_blocked = {
---Type <return> to continue, or q <return> to quit---
tqh_first = 0x0, tqh_last = 0xc487c170}, mtx_contested = {le_next = 0x0,
le_prev = 0x0}}, cv = {cv_waitq = {tqh_first = 0xc1d1abe0,
tqh_last = 0xc1d1abf8}, cv_mtx = 0xc487c14c,
cv_description = 0xc081ee1c "cbb cv"}, flags = 1342177280, chipset = 4,
rl = {slh_first = 0x0}, intr_handlers = {stqh_first = 0x0,
stqh_last = 0xc487c19c}, cbdev = 0xc4881980, event_thread = 0xc47475ac}
(kgdb) p reg
No symbol "reg" in current context.
(kgdb) l
139 {
140 sc->putb(sc, reg, val);
141 }
142
143 static __inline void
144 exca_setb(struct exca_softc *sc, int reg, uint8_t mask)
145 {
146 exca_putb(sc, reg, exca_getb(sc, reg) | mask);
147 }
148
(kgdb) l
129 int rid, struct resource *res);
130
131 static __inline uint8_t
132 exca_getb(struct exca_softc *sc, int reg)
133 {
134 return (sc->getb(sc, reg));
135 }
136
137 static __inline void
138 exca_putb(struct exca_softc *sc, int reg, uint8_t val)
(kgdb) p reg
No symbol "reg" in current context.
(kgdb) f
#6 0xc0580e14 in cbb_intr (arg=0xc487c000)
at /usr/src/sys/dev/exca/excavar.h:134
134 return (sc->getb(sc, reg));
(kgdb) p sc->getb
There is no member named getb.
(kgdb) up
#7 0xc061e062 in ithread_loop (arg=0xc4858900)
at /usr/src/sys/kern/kern_intr.c:534
534 ih->ih_handler(ih->ih_argument);
(kgdb) p *ih
$3 = {ih_handler = 0xc0580cb0 <cbb_intr>, ih_argument = 0xc487c000,
ih_flags = -2147483648, ih_name = 0xc4853e70 "cbb1",
ih_ithread = 0xc4858900, ih_need = 0, ih_next = {tqe_next = 0xc4816dc0,
tqe_prev = 0xc481d498}, ih_pri = 4 '\004'}
(kgdb) p *ih->ih_argument
Attempt to dereference a generic pointer.
(kgdb) p *ih->ih_handler
$4 = {void (void *)} 0xc0580cb0 <cbb_intr>
(kgdb) p *p
$5 = {p_list = {le_next = 0xc48543c8, le_prev = 0xc4854000}, p_ksegrps = {
tqh_first = 0xc1d1d300, tqh_last = 0xc1d1d304}, p_threads = {
tqh_first = 0xc1d1a4c0, tqh_last = 0xc1d1a4c8}, p_suspended = {
tqh_first = 0x0, tqh_last = 0xc48541fc}, p_ucred = 0xc1d04e80,
p_fd = 0xc4814a00, p_fdtol = 0x0, p_stats = 0xd89cb000,
p_limit = 0xc08e9ac0, p_upages_obj = 0xc1032e74, p_sigacts = 0xc483d000,
p_flag = 516, p_sflag = 1, p_state = PRS_NORMAL, p_pid = 25, p_hash = {
le_next = 0x0, le_prev = 0xc1ce3064}, p_pglist = {le_next = 0xc48543c8,
le_prev = 0xc4854054}, p_pptr = 0xc08e9400, p_sibling = {
le_next = 0xc48543c8, le_prev = 0xc4854060}, p_children = {
lh_first = 0x0}, p_mtx = {mtx_object = {lo_class = 0xc0884dcc,
lo_name = 0xc082f6b2 "process lock",
lo_type = 0xc082f6b2 "process lock", lo_flags = 4390912, lo_list = {
tqe_next = 0xc4854434, tqe_prev = 0xc485407c},
lo_witness = 0xc08f2040}, mtx_lock = 4, mtx_recurse = 0, mtx_blocked = {
tqh_first = 0x0, tqh_last = 0xc4854274}, mtx_contested = {le_next = 0x0,
le_prev = 0x0}}, p_oppid = 0, p_vmspace = 0xc08e9800, p_swtime = 1865,
p_realtimer = {it_interval = {tv_sec = 0, tv_usec = 0}, it_value = {
tv_sec = 0, tv_usec = 0}}, p_runtime = {sec = 14,
frac = 12793881406428493952}, p_uu = 0, p_su = 0, p_iu = 0, p_uticks = 0,
p_sticks = 0, p_iticks = 10968, p_profthreads = 0, p_maxthrwaits = 0,
p_traceflag = 0, p_tracevp = 0x0, p_tracecred = 0x0, p_textvp = 0x0,
p_siglist = {__bits = {0, 0, 0, 0}}, p_lock = 1 '\001', p_klist = {
slh_first = 0x0}, p_sigiolst = {slh_first = 0x0}, p_sigparent = 20,
---Type <return> to continue, or q <return> to quit---
p_sig = 0, p_code = 0, p_stops = 0, p_stype = 0, p_step = 0 '\0',
p_pfsflags = 0 '\0', p_nlminfo = 0x0, p_aioinfo = 0x0, p_singlethread = 0x0,
p_suspcount = 0, p_sigstk = {ss_sp = 0x0, ss_size = 0, ss_flags = 0},
p_magic = 3203398350, p_comm = "irq11: cbb0 cbb1+++", p_pgrp = 0xc08e9980,
p_sysent = 0xc0880bc0, p_args = 0x0, p_cpulimit = 9223372036854775807,
p_xstat = 0, p_numthreads = 1, p_numksegrps = 1, p_md = {md_ldt = 0x0},
p_itcallout = {c_links = {sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0,
tqe_prev = 0x0}}, c_time = 0, c_arg = 0x0, c_func = 0, c_flags = 8},
p_uarea = 0xd89cb000, p_acflag = 1, p_ru = 0x0, p_peers = 0x0,
p_leader = 0xc48541e4, p_emuldata = 0x0, p_label = {l_flags = 0,
l_perpolicy = {{l_ptr = 0x0, l_long = 0}, {l_ptr = 0x0, l_long = 0}, {
l_ptr = 0x0, l_long = 0}, {l_ptr = 0x0, l_long = 0}}},
p_sched = 0xc48543c8}
(kgdb) p arg
$6 = (void *) 0xc4858900
(kgdb) p *td
$7 = {td_proc = 0xc48541e4, td_ksegrp = 0xc1d1d300, td_plist = {
tqe_next = 0x0, tqe_prev = 0xc48541f4}, td_kglist = {tqe_next = 0x0,
tqe_prev = 0xc1d1d31c}, td_slpq = {tqe_next = 0x0, tqe_prev = 0xc08ef050},
td_lockq = {tqe_next = 0x0, tqe_prev = 0x0}, td_runq = {tqe_next = 0x0,
tqe_prev = 0x0}, td_selq = {tqh_first = 0x0, tqh_last = 0x0},
td_flags = 65538, td_inhibitors = 0, td_pflags = 0,
td_last_kse = 0xc1d1b940, td_kse = 0xc1d1b940, td_dupfd = 0, td_wchan = 0x0,
td_wmesg = 0x0, td_lastcpu = 0 '\0', td_oncpu = 0 '\0', td_locks = 0,
td_blocked = 0x0, td_ithd = 0xc4858900, td_lockname = 0x0, td_contested = {
lh_first = 0x0}, td_sleeplocks = 0x0, td_intr_nesting_level = 0,
td_mailbox = 0x0, td_ucred = 0xc1d04e80, td_standin = 0x0, td_prticks = 0,
td_upcall = 0x0, td_sticks = 0, td_uuticks = 0, td_usticks = 0,
td_intrval = 0, td_oldsigmask = {__bits = {0, 0, 0, 0}}, td_sigmask = {
__bits = {0, 0, 0, 0}}, td_siglist = {__bits = {0, 0, 0, 0}},
td_waitset = 0x0, td_umtx = {tqe_next = 0x0, tqe_prev = 0x0},
td_generation = 9614, td_base_pri = 4 '\004', td_priority = 76 'L',
td_pcb = 0xd77b1da0, td_state = TDS_RUNNING, td_retval = {0, 0},
td_slpcallout = {c_links = {sle = {sle_next = 0xceb77088}, tqe = {
tqe_next = 0xceb77088, tqe_prev = 0xceb85d88}}, c_time = 187805,
c_arg = 0xc1d1a4c0, c_func = 0, c_flags = 8}, td_frame = 0xd77b1d48,
td_kstack_obj = 0xc1030534, td_kstack = 3615162368, td_kstack_pages = 2,
td_altkstack_obj = 0x0, td_altkstack = 0, td_altkstack_pages = 0,
td_critnest = 0, td_md = <incomplete type>, td_sched = 0xc1d1a5ec}
(kgdb) p *ithd
$8 = {it_lock = {mtx_object = {lo_class = 0xc0884dcc,
lo_name = 0xc082dd86 "ithread", lo_type = 0xc082dd86 "ithread",
lo_flags = 196608, lo_list = {tqe_next = 0xc483daa8,
tqe_prev = 0xc4814444}, lo_witness = 0xc08f16e0}, mtx_lock = 4,
mtx_recurse = 0, mtx_blocked = {tqh_first = 0x0, tqh_last = 0xc4858924},
mtx_contested = {le_next = 0x0, le_prev = 0x0}}, it_td = 0xc1d1a4c0,
it_list = {le_next = 0x0, le_prev = 0x0}, it_handlers = {
tqh_first = 0xc481d480, tqh_last = 0xc4816158}, it_interrupted = 0x0,
it_disable = 0xc07cf4e0 <ithread_disable>,
it_enable = 0xc07cf470 <ithread_enable>, it_md = 0x0, it_flags = 0,
it_need = 0, it_vector = 11, it_name = "irq11:", '\0' <repeats 13 times>}
(kgdb) p ih->ih_flags
$9 = -2147483648
(kgdb) p Giant
$10 = {mtx_object = {lo_class = 0xc0884dcc, lo_name = 0xc082f6a1 "Giant",
lo_type = 0xc082f6a1 "Giant", lo_flags = 720896, lo_list = {
tqe_next = 0xc08ecea0, tqe_prev = 0xc0888010}, lo_witness = 0xc08f2108},
mtx_lock = 4, mtx_recurse = 0, mtx_blocked = {tqh_first = 0x0,
tqh_last = 0xc08ecf04}, mtx_contested = {le_next = 0x0,
le_prev = 0xc488cc48}}
(kgdb) quit
Script done on Thu Oct 16 19:03:45 2003
Kernel and vmcore for the wi0 crash is available on:
http://www.leo.org/~dl/freebsd/wi0-crash/
>How-To-Repeat:
Install a current snapshot on a Thinkpad A31p and try to use the
on-board interfaces.
>Fix:
None known.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list