Panic on S3 suspend

Peter Jeremy peterjeremy at optushome.com.au
Thu Jan 26 12:40:14 PST 2006 

I'm not sure if this is most applicable here, -acpi or -mobile.

6-STABLE/amd64 from last weekend running on an HP nx6125 laptop.
I tried setting the lid switch to S3 and then closing the lid
whilst there was network activity (pinging the system) and it
panic'd.  I have a crash dump but 

I'm not especially familiar with the amd64 memory map so I'm not
sure what the fault address suggests - it doesn't look like a
NULL dereference or truncated address so I guess it's garbage.

Is this just of case of suspend not disabling interrupts fast enough?

Unread portion of the kernel message buffer:
fwohci0: fwohci_pci_suspend
fwohci0: device physically ejected?

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x78572a2f0
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xffffffff801b8c91
stack pointer           = 0x10:0xffffffffa181fb70
frame pointer           = 0x10:0xffffffffa181fbb0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 33 (irq23: bge0)
trap number             = 12
panic: page fault
KDB: stack backtrace:
kdb_backtrace() at kdb_backtrace+0x37
panic() at panic+0x164
trap_fatal() at trap_fatal+0x378
trap_pfault() at trap_pfault+0x1cf
trap() at trap+0x2f3
calltrap() at calltrap+0x5
--- trap 0xc, rip = 0xffffffff801b8c91, rsp = 0xffffffffa181fb70, rbp = 0xffffffffa181fbb0 ---
bge_start_locked() at bge_start_locked+0x61
bge_intr() at bge_intr+0x283
ithread_loop() at ithread_loop+0x169
fork_exit() at fork_exit+0x95
fork_trampoline() at fork_trampoline+0xe

(kgdb) where
#0  doadump () at pcpu.h:172
#1  0xffffffff8026894f in boot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:399
#2  0xffffffff80268cfb in panic (fmt=0xffffffff803cf38c "%s")
    at /usr/src/sys/kern/kern_shutdown.c:555
#3  0xffffffff80384af8 in trap_fatal (frame=0xffffffffa181fac0, 
    eva=32303653616) at /usr/src/sys/amd64/amd64/trap.c:660
#4  0xffffffff8038474f in trap_pfault (frame=0xffffffffa181fac0, usermode=0)
    at /usr/src/sys/amd64/amd64/trap.c:573
#5  0xffffffff803843f3 in trap (frame=
      {tf_rdi = -1099501924352, tf_rsi = -1098605723040, tf_rdx = -1099501753856, tf_rcx = 0, tf_r8 = -1585316592, tf_r9 = 0, tf_rax = 4294967295, tf_rbx = -1099501924352, tf_rbp = -1585316944, tf_r10 = 3, tf_r11 = -1098803534592, tf_r12 = -1099501924352, tf_r13 = -2056097792, tf_r14 = 0, tf_r15 = -1098605848128, tf_trapno = 12, tf_addr = 32303653616, tf_flags = -2144881357, tf_err = 0, tf_rip = -2145678191, tf_cs = 8, tf_rflags = 66050, tf_rsp = -1585316992, tf_ss = 16})
    at /usr/src/sys/amd64/amd64/trap.c:352
#6  0xffffffff8037431b in calltrap ()
    at /usr/src/sys/amd64/amd64/exception.S:168
#7  0xffffffff801b8c91 in bge_start_locked (ifp=0xffffff0000941000)
    at /usr/src/sys/dev/bge/if_bge.c:3362
#8  0xffffffff801b8763 in bge_intr (xsc=0xffffff0000941000)
    at /usr/src/sys/dev/bge/if_bge.c:3091
#9  0xffffffff80253369 in ithread_loop (arg=0xffffff0000941000)
    at /usr/src/sys/kern/kern_intr.c:547
#10 0xffffffff80252475 in fork_exit (
    callout=0xffffffff80253200 <ithread_loop>, arg=0xffffff0000029500, 
    frame=0xffffffffa181fc50) at /usr/src/sys/kern/kern_fork.c:789
#11 0xffffffff8037467e in fork_trampoline ()
    at /usr/src/sys/amd64/amd64/exception.S:394
#12 0x0000000000000000 in ?? ()
Previous frame identical to this frame (corrupt stack?)
...
#7  0xffffffff801b8c91 in bge_start_locked (ifp=0xffffff0000941000)
    at /usr/src/sys/dev/bge/if_bge.c:3362
3362                    BPF_MTAP(ifp, m_head);
Current language:  auto; currently c
(kgdb) p ifp
$1 = (struct ifnet *) 0xffffff0000941000
(kgdb) p m_head
$2 = (struct mbuf *) 0xffffff0000941000

That definitely doesn't look correct.  Printing the contents of both
suggests tat it shuld be ifp:
(kgdb) p *ifp
$3 = {if_softc = 0xffffffff85727000, if_l2com = 0xffffff0000968840, if_link = {
    tqe_next = 0xffffff00009f5000, tqe_prev = 0xffffffff8057b730}, 
  if_xname = "bge0", '\0' <repeats 11 times>, 
  if_dname = 0xffffff00007bf5d8 "bge", if_dunit = 0, if_addrhead = {
    tqh_first = 0xffffff000094e200, tqh_last = 0xffffff002ab252b8}, 
  if_klist = {kl_list = {slh_first = 0x0}, 
    kl_lock = 0xffffffff8024d490 <knlist_mtx_lock>, 
    kl_unlock = 0xffffffff8024d4b0 <knlist_mtx_unlock>, 
    kl_locked = 0xffffffff8024d4d0 <knlist_mtx_locked>, 
    kl_lockarg = 0xffffffff8056dbe0}, if_pcount = 0, if_carp = 0x0, 
  if_bpf = 0x0, if_index = 1, if_timer = 0, if_nvlans = 0, if_flags = 34819, 
  if_capabilities = 26, if_capenable = 26, if_linkmib = 0x0, 
  if_linkmiblen = 0, if_data = {ifi_type = 6 '\006', ifi_physical = 0 '\0', 
    ifi_addrlen = 6 '\006', ifi_hdrlen = 14 '\016', ifi_link_state = 2 '\002', 
    ifi_recvquota = 0 '\0', ifi_xmitquota = 0 '\0', ifi_datalen = 152 '\230', 
    ifi_mtu = 1500, ifi_metric = 0, ifi_baudrate = 10000000, 
    ifi_ipackets = 38910, ifi_ierrors = 0, ifi_opackets = 12023, 
    ifi_oerrors = 0, ifi_collisions = 0, ifi_ibytes = 50025442, 
    ifi_obytes = 4410559, ifi_imcasts = 350, ifi_omcasts = 0, ifi_iqdrops = 0, 
    ifi_noproto = 0, ifi_hwassist = 7, ifi_epoch = 0, ifi_lastchange = {
      tv_sec = 1138272696, tv_usec = 308610}}, if_multiaddrs = {
    tqh_first = 0xffffff0035cb2c40, tqh_last = 0xffffff0035cb2d40}, 
  if_amcount = 0, if_output = 0xffffffff802dd820 <ether_output>, 
  if_input = 0xffffffff802de190 <ether_input>, 
  if_start = 0xffffffff801b8fc0 <bge_start>, 
  if_ioctl = 0xffffffff801b9670 <bge_ioctl>, 
  if_watchdog = 0xffffffff801b9990 <bge_watchdog>, 
  if_init = 0xffffffff801b9370 <bge_init>, 
  if_resolvemulti = 0xffffffff802deb70 <ether_resolvemulti>, if_spare1 = 0x0, 
  if_spare2 = 0x0, if_spare3 = 0x0, if_drv_flags = 64, if_spare_flags2 = 0, 
  if_snd = {ifq_head = 0xffffff002a34a500, ifq_tail = 0xffffff002a34a500, 
    ifq_len = 1, ifq_maxlen = 511, ifq_drops = 0, ifq_mtx = {mtx_object = {
        lo_class = 0xffffffff8053a340, lo_name = 0xffffff0000941020 "bge0", 
        lo_type = 0xffffffff803f685d "if send queue", lo_flags = 196608, 
        lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, 
      mtx_lock = 4, mtx_recurse = 0}, ifq_drv_head = 0x0, ifq_drv_tail = 0x0, 
    ifq_drv_len = 0, ifq_drv_maxlen = 511, altq_type = 0, altq_flags = 1, 
    altq_disc = 0x0, altq_ifp = 0xffffff0000941000, altq_enqueue = 0, 
    altq_dequeue = 0, altq_request = 0, altq_clfier = 0x0, altq_classify = 0, 
    altq_tbr = 0x0, altq_cdnr = 0x0}, 
  if_broadcastaddr = 0xffffffff803f6b60 "ÿÿÿÿÿÿ", if_bridge = 0x0, 
  lltables = 0x0, if_label = 0x0, if_prefixhead = {tqh_first = 0x0, 
    tqh_last = 0xffffff00009412b0}, if_afdata = {0x0 <repeats 37 times>}, 
  if_afdata_initialized = 2, if_afdata_mtx = {mtx_object = {
      lo_class = 0xffffffff8053a340, lo_name = 0xffffffff803f684d "if_afdata", 
      lo_type = 0xffffffff803f684d "if_afdata", lo_flags = 196608, lo_list = {
        tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, 
    mtx_recurse = 0}, if_starttask = {ta_link = {stqe_next = 0x0}, 
    ta_pending = 0, ta_priority = 0, 
    ta_func = 0xffffffff802dcab0 <if_start_deferred>, 
    ta_context = 0xffffff0000941000}, if_linktask = {ta_link = {
      stqe_next = 0x0}, ta_pending = 0, ta_priority = 0, 
    ta_func = 0xffffffff802dab00 <do_link_state_change>, 
    ta_context = 0xffffff0000941000}, if_addr_mtx = {mtx_object = {
      lo_class = 0xffffffff8053a340, 
      lo_name = 0xffffffff803f6841 "if_addr_mtx", 
      lo_type = 0xffffffff803f6841 "if_addr_mtx", lo_flags = 196608, 
      lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, 
    mtx_lock = 4, mtx_recurse = 0}}
(kgdb)


-- 
Peter Jeremy

More information about the freebsd-stable mailing list