Date: Mon, 10 Nov 2003 14:40:16 -0800 (PST) From: Daniel Lang <dl@leo.org> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/58139: -CURRENT panics on Thinkpad A31p while configuring fxp0 or wi0 interface Message-ID: <200311102240.hAAMeGvx082355@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/58139; it has been noted by GNATS. From: Daniel Lang <dl@leo.org> To: freebsd-gnats-submit@FreeBSD.org Cc: dl@leo.org Subject: Re: kern/58139: -CURRENT panics on Thinkpad A31p while configuring fxp0 or wi0 interface Date: Mon, 10 Nov 2003 23:30:53 +0100 --CE+1k2dSO48ffgeK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline For sake of completeness, I include more email exchange to the audit trail, as well as some information requested by John Baldwin -- IRCnet: Mr-Spock - Work is for people, who don't surf - Daniel Lang * dl@leo.org * +49 89 289 18532 * http://www.leo.org/~dl/ --CE+1k2dSO48ffgeK Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=crashmails [..] I have digged a bit further, but cannot find the integer divide fault, possibly due to the fact, that exca_mem_getb and exca_getb are inline functions. I have the structs available but now I'm stuck, since I don't know what values of a (struct cbb_softc*) and a (struct exca_softc*) within are sensible and which could point to a problem. I stumbled across your comment in dev/pccbb/pccbb.c:cbb_intr() about the "old ExCA register for card status change". Maybe this additional poll could cause the problems? On the other hand, I also had a crash in exca_putb(), so it seems the problem is near that thing, but not quite. [..] > a boot -v dmesg output would be good too. [..] Attached to this mail. I included a pciconf -v -l as well. I also tried your recent fix regarding MP_SAFE. It did not help (probably expected on a non-SMP system?). Some more information: Sometimes it panics during boot. During the probe of the wi0 interface, but this only seems to happen after I crashed the box ifconfig'in wi0 the session before. Some garbage left in some registers there? And today it happened twice that it resetted (no panic) close to the end of the kernel probe/boot stage with a message like: cbb0: unsupported device detected I don't know the exact message, since it resettet, the screen went blank right after it happened. This did not happen before... :-/ (No changes to the system, your patch went in after this happened). [ dmesg -v omitted, since it's already included in the PR] agp0@pci0:0:0: class=0x060000 card=0x00000000 chip=0x1a308086 rev=0x04 hdr=0x00 vendor = 'Intel Corporation' device = '82845/E/MP/MZ Brookdale CPU to I/O Bridge' class = bridge subclass = HOST-PCI pcib1@pci0:1:0: class=0x060400 card=0x00000000 chip=0x1a318086 rev=0x04 hdr=0x01 vendor = 'Intel Corporation' device = '82845/E/MP/MZ Brookdale CPU to AGP Bridge' class = bridge subclass = PCI-PCI uhci0@pci0:29:0: class=0x0c0300 card=0x02201014 chip=0x24828086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' device = '82801CA/CAM (ICH3-S/ICH3-M) USB Controller #1' class = serial bus subclass = USB uhci1@pci0:29:1: class=0x0c0300 card=0x02201014 chip=0x24848086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' device = '82801CA/CAM (ICH3-S/ICH3-M) USB Controller #2' class = serial bus subclass = USB uhci2@pci0:29:2: class=0x0c0300 card=0x02201014 chip=0x24878086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' device = '82801CA/CAM (ICH3-S/ICH3-M) USB Controller #3' class = serial bus subclass = USB pcib2@pci0:30:0: class=0x060400 card=0x00000000 chip=0x24488086 rev=0x42 hdr=0x01 vendor = 'Intel Corporation' device = '82801BAM/CAM (ICH2/3) PCI to I/O Hub Bridge (2448)' class = bridge subclass = PCI-PCI isab0@pci0:31:0: class=0x060100 card=0x00000000 chip=0x248c8086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' device = '82801CAM LPC Interface or ISA bridge: see Notes' class = bridge subclass = PCI-ISA atapci0@pci0:31:1: class=0x01018a card=0x02201014 chip=0x248a8086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' device = '82801CAM (ICH3-M) UltraATA/100 EIDE Controller' class = mass storage subclass = ATA none0@pci0:31:3: class=0x0c0500 card=0x02201014 chip=0x24838086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' device = '82801CA/CAM (ICH3-S/ICH3-M) SMBus Controller' class = serial bus subclass = SMBus none1@pci0:31:5: class=0x040100 card=0x05081014 chip=0x24858086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' device = '82801CA/CAM (ICH3-S/ICH3-M) AC'97 Audio Controller' class = multimedia subclass = audio none2@pci0:31:6: class=0x070300 card=0x02271014 chip=0x24868086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' device = '82801CA/CAM (ICH3-S/ICH3-M) AC'97 Modem Controller' class = simple comms none3@pci1:0:0: class=0x030000 card=0x05181014 chip=0x4c581002 rev=0x00 hdr=0x00 vendor = 'ATI Technologies' device = 'FireGL Mobility' class = display subclass = VGA cbb0@pci2:0:0: class=0x060700 card=0x01851014 chip=0x04761180 rev=0xa8 hdr=0x02 vendor = 'Communication Automation Corporation' device = 'RL5C476 II CardBus controller' class = bridge subclass = PCI-CardBus cbb1@pci2:0:1: class=0x060700 card=0x01851014 chip=0x04761180 rev=0xa8 hdr=0x02 vendor = 'Communication Automation Corporation' device = 'RL5C476 II CardBus controller' class = bridge subclass = PCI-CardBus none4@pci2:0:2: class=0x0c0010 card=0x05111014 chip=0x05521180 rev=0x00 hdr=0x00 vendor = 'Communication Automation Corporation' device = 'RL5c552 FireWire (IEEE1394) Controller. IBM A31p' class = serial bus subclass = FireWire wi0@pci2:2:0: class=0x028000 card=0x04061668 chip=0x38731260 rev=0x01 hdr=0x00 vendor = 'Intersil Americas Inc (Was: Harris Semiconductor)' device = 'PRISM 2.5 802.11b 11Mbps Wireless Controller' class = network fxp0@pci2:8:0: class=0x020000 card=0x02091014 chip=0x10318086 rev=0x42 hdr=0x00 vendor = 'Intel Corporation' device = '82801CAM (ICH3) PRO/100 VE (LOM) Network Connection' class = network subclass = ethernet [ The following is german conversation with Joerg Wunsch Short summary in English: The faulty instruction pointer is in cbb_intr(), more precisely in exca_mem_getb() which is inlined in cbb_intr(). The arguments to exca_mem_getb(), that is '*sc' and 'reg' are therefore not available in this context. However, I could trace *sc in the frame above, and have examined it, which is documented earlier in the PR. ] Joerg Wunsch wrote on Fri, Oct 24, 2003 at 03:06:22PM +0200: [..] > =DCber nm -n /kernel solltest Du zumindest herausfinden k=F6nnen, in > welcher Funktion die EIP-Adressen liegen, an denen es knallt. cbb_intr() Bei dem 2. crash im dem PR kommt das auch im Trace vor. Im PR habe ich auch den 2. crash etwas analysiert und ausserdem einen Link auf debug-kernel und core-file hinterlegt. Dort schauts nun so aus, dass es zwar in cbb_intr kracht, aber scheinbar der integeger divide fault wieder an einer anderen Adresse passiert, naemlich in dem Fall in exca_mem_getb() Das dumme ist (ist auch im PR dokumentiert), dass der Aufruf in cbb_intr() an der Stelle: [..] 131 static __inline uint8_t 132 exca_getb(struct exca_softc *sc, int reg) 133 { 134 return (sc->getb(sc, reg)); 135 } [..] eine Inline-Funktion ist, und ich daher die Symbole nicht hab. Also 'sc' und 'reg' is nicht. Ok. Mal weiter sehen. Ich hab das Argument was cbb_intr kriegt, dass muss vom Typ struct cbb_softc* sein. Und aufgerufen wird: exca_getb(&sc->exca, EXCA_CSC) mal kucken.... Ahja, struct cbb_softc und struct exca_softc sind natuerlich Monster-Strukturen. Da hab ich nun keinen Schimmer, was von den Attributen da welchen Wert haben muss. Immerhin interessant ist der Comment in cbb_intr() ueber dem Aufruf von exca_getb(). --CE+1k2dSO48ffgeK Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="jhb.info" Script started on Mon Nov 10 22:56:46 2003 laprbg8# laprbg8# gdb -k kernel.debug vmcore.1 GNU gdb 5.2.1 (FreeBSD) Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-undermydesk-freebsd"... panic: integer divide fault panic messages: --- Fatal trap 18: integer divide fault while in kernel mode instruction pointer = 0x8:0xc0516ca8 stack pointer = 0x10:0xd77b1cb8 frame pointer = 0x10:0xd77b1cb8 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, IOPL = 0 current process = 25 (irq11: cbb0 cbb1+++) trap number = 18 panic: integer divide fault [..] --- Reading symbols from /usr/obj/usr/src/sys/BATLETH/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done. Loaded symbols for /usr/obj/usr/src/sys/BATLETH/modules/usr/src/sys/modules/acpi/acpi.ko.debug #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 240 dumping++; (kgdb) l 0xc0516ca8 Function "0xc0516ca8" not defined. (kgdb) x 0xc0516ca8 0xc0516ca8 <exca_mem_getb+40>: 0x0fc0b60f GNU gdb 5.2.1 (FreeBSD) Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-undermydesk-freebsd"... panic: integer divide fault panic messages: --- Fatal trap 18: integer divide fault while in kernel mode instruction pointer = 0x8:0xc0580cd2 stack pointer = 0x10:0xd77b1cc0 frame pointer = 0x10:0xd77b1ce0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, IOPL = 0 current process = 25 (irq11: cbb0 cbb1+++) trap number = 18 panic: integer divide fault [..] --- Reading symbols from /usr/obj/usr/src/sys/BATLETH/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done. Loaded symbols for /usr/obj/usr/src/sys/BATLETH/modules/usr/src/sys/modules/acpi/acpi.ko.debug #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 240 dumping++; (kgdb) l 0xc0580cd2 Function "0xc0580cd2" not defined. (kgdb) x 0xc0580cd2 0xc0580cd2 <cbb_intr+34>: 0xc085c689 (kgdb) l cbb_intr warning: Source file is more recent than executable. 1104 /* Interrupt Handler */ 1105 /************************************************************************/ 1106 1107 static void 1108 cbb_intr(void *arg) 1109 { 1110 struct cbb_softc *sc = arg; 1111 uint32_t sockevent; 1112 struct cbb_intrhand *ih; 1113 --CE+1k2dSO48ffgeK--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200311102240.hAAMeGvx082355>