Date: 16 Oct 2003 17:50:19 -0000 From: Daniel@leo.org, "Lang <dl"@leo.org To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/58139: -CURRENT panics on Thinkpad A31p while configuring fxp0 or wi0 interface Message-ID: <20031016175019.53927.qmail@mail.leo.org> Resent-Message-ID: <200310161800.h9GI0Ot9092329@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 58139 >Category: kern >Synopsis: -CURRENT panics on Thinkpad A31p while configuring fxp0 or wi0 interface >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Oct 16 11:00:24 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Daniel Lang >Release: FreeBSD 5.1-CURRENT-20031015-JPSNAP >Organization: TU-Muenchen >Environment: FreeBSD laprbg8.informatik.tu-muenchen.de 5.1-CURRENT-20031015-JPSNAP FreeBSD 5.1-CURRENT-20031015-JPSNAP #0: Thu Oct 16 16:04:37 CEST 2003 root@laprbg8.informatik.tu-muenchen.de:/usr/obj/usr/src/sys/BATLETH i386 Copyright (c) 1992-2003 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.1-CURRENT-20031015-JPSNAP #0: Thu Oct 16 16:04:37 CEST 2003 root@laprbg8.informatik.tu-muenchen.de:/usr/obj/usr/src/sys/BATLETH Preloaded elf kernel "/boot/kernel/kernel" at 0xc0a4f000. Preloaded elf module "/boot/kernel/acpi.ko" at 0xc0a4f26c. Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Mobile Intel(R) Pentium(R) 4 - M CPU 2.00GHz (1998.32-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0xf29 Stepping = 9 Features=0xbfebf9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE> real memory = 536281088 (511 MB) avail memory = 511238144 (487 MB) Pentium Pro MTRR support enabled npx0: [FAST] npx0: <math processor> on motherboard npx0: INT 16 interface acpi0: <IBM TP-1N > on motherboard acpi_ec0: <Embedded Controller: ECDT, GPE 0x1c, GLK> port 0x66,0x62 on acpi0 pcibios: BIOS version 2.10 Using $PIR table, 14 entries at 0xc00fdeb0 acpi0: Power Button (fixed) Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0 acpi_cpu0: <CPU> on acpi0 acpi_tz0: <Thermal Zone> on acpi0 acpi_lid0: <Control Method Lid Switch> on acpi0 acpi_button0: <Sleep Button> on acpi0 pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0 pci0: <ACPI PCI bus> on pcib0 pcib0: slot 29 INTA is routed to irq 11 pcib0: slot 29 INTB is routed to irq 11 pcib0: slot 29 INTC is routed to irq 11 pcib0: slot 31 INTB is routed to irq 11 pcib0: slot 31 INTB is routed to irq 11 pcib0: slot 31 INTB is routed to irq 11 agp0: <Intel 82845 host to AGP bridge> mem 0xe0000000-0xe3ffffff at device 0.0 on pci0 pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0 pci1: <ACPI PCI bus> on pcib1 pcib1: slot 0 INTA is routed to irq 11 pci1: <display, VGA> at device 0.0 (no driver attached) uhci0: <Intel 82801CA/CAM (ICH3) USB controller USB-A> port 0x1800-0x181f irq 11 at device 29.0 on pci0 usb0: <Intel 82801CA/CAM (ICH3) USB controller USB-A> on uhci0 usb0: USB revision 1.0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1: <Intel 82801CA/CAM (ICH3) USB controller USB-B> port 0x1820-0x183f irq 11 at device 29.1 on pci0 usb1: <Intel 82801CA/CAM (ICH3) USB controller USB-B> on uhci1 usb1: USB revision 1.0 uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2: <Intel 82801CA/CAM (ICH3) USB controller USB-C> port 0x1840-0x185f irq 11 at device 29.2 on pci0 usb2: <Intel 82801CA/CAM (ICH3) USB controller USB-C> on uhci2 usb2: USB revision 1.0 uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered pcib2: <ACPI PCI-PCI bridge> at device 30.0 on pci0 pci2: <ACPI PCI bus> on pcib2 pcib2: slot 0 INTA is routed to irq 11 pcib2: slot 0 INTB is routed to irq 11 pcib2: slot 0 INTC is routed to irq 11 pcib2: slot 2 INTA is routed to irq 11 pcib2: slot 8 INTA is routed to irq 11 cbb0: <RF5C476 PCI-CardBus Bridge> mem 0x50000000-0x50000fff irq 11 at device 0.0 on pci2 cardbus0: <CardBus bus> on cbb0 pccard0: <16-bit PCCard bus> on cbb0 cbb0: [MPSAFE] cbb1: <RF5C476 PCI-CardBus Bridge> mem 0x50100000-0x50100fff irq 11 at device 0.1 on pci2 cbb1: failed to enable memory mapping! cardbus1: <CardBus bus> on cbb1 pccard1: <16-bit PCCard bus> on cbb1 cbb1: [MPSAFE] fwohci0: <Ricoh R5C552> mem 0xd0201000-0xd02017ff irq 11 at device 0.2 on pci2 fwohci0: [MPSAFE] fwohci0: OHCI version 0.8 (ROM=0) fwohci0: invalid OHCI version fwohci0: FireWire init failed device_probe_and_attach: fwohci0 attach returned 5 wi0: <Intersil Prism2.5> mem 0xf8000000-0xf8000fff irq 11 at device 2.0 on pci2 wi0: 802.11 address: 00:20:e0:4d:08:b5 wi0: using RF:PRISM2.5 MAC:ISL3874A(Mini-PCI) wi0: Intersil Firmware: Primary (1.1.0), Station (1.4.2) wi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps fxp0: <Intel 82801CAM (ICH3) Pro/100 VE Ethernet> port 0x8000-0x803f mem 0xd0200000-0xd0200fff irq 11 at device 8.0 on pci2 fxp0: Ethernet address 00:02:8a:a5:3e:f2 miibus0: <MII bus> on fxp0 inphy0: <i82562ET 10/100 media interface> on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto isab0: <PCI-ISA bridge> at device 31.0 on pci0 isa0: <ISA bus> on isab0 atapci0: <Intel ICH3 UDMA100 controller> port 0x1860-0x186f,0x374-0x377,0x170-0x177,0x3f4-0x3f7,0x1f0-0x1f7 at device 31.1 on pci0 ata0: at 0x1f0 irq 14 on atapci0 ata0: [MPSAFE] ata1: at 0x170 irq 15 on atapci0 ata1: [MPSAFE] pci0: <serial bus, SMBus> at device 31.3 (no driver attached) pci0: <multimedia, audio> at device 31.5 (no driver attached) pci0: <simple comms> at device 31.6 (no driver attached) atkbdc0: <Keyboard controller (i8042)> port 0x64,0x60 irq 1 on acpi0 atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0 kbd0 at atkbd0 psm0: <PS/2 Mouse> irq 12 on atkbdc0 psm0: model Generic PS/2 mouse, device ID 0 fdc0: <Enhanced floppy controller (i82077, NE72065 or clone)> port 0x3f7,0x3f0-0x3f5 irq 6 drq 2 on acpi0 fdc0: FIFO enabled, 8 bytes threshold fd0: <1440-KB 3.5" drive> on fdc0 drive 0 sio0: configured irq 4 not in bitmap of probed irqs 0 sio0: port may not be enabled sio0 port 0x3f8-0x3ff irq 4 on acpi0 sio0: type 8250 or not responding ppc0 port 0x3bc-0x3c3 irq 7 on acpi0 ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode ppbus0: <Parallel port bus> on ppc0 plip0: <PLIP network interface> on ppbus0 lpt0: <Printer> on ppbus0 lpt0: Interrupt-driven port ppi0: <Parallel I/O> on ppbus0 sio1: configured irq 3 not in bitmap of probed irqs 0 sio1: port may not be enabled acpi_cmbat0: <Control Method Battery> on acpi0 acpi_cmbat1: <Control Method Battery> on acpi0 acpi_acad0: <AC Adapter> on acpi0 sio1: configured irq 3 not in bitmap of probed irqs 0 sio1: port may not be enabled orm0: <Option ROMs> at iomem 0xe0000-0xeffff,0xdc000-0xdffff,0xd1000-0xd1fff,0xd0000-0xd0fff,0xc0000-0xcffff on isa0 pmtimer0 on isa0 sc0: <System console> at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio1: configured irq 3 not in bitmap of probed irqs 0 sio1: port may not be enabled vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 Timecounter "TSC" frequency 1998316340 Hz quality 800 Timecounters tick every 10.000 msec acpi_cpu: throttling enabled, 8 steps (100% to 12.5%), currently 100.0% cbb0: Unsupported card type detected cbb1: Unsupported card type detected GEOM: create disk ad0 dp=0xc48c3670 ad0: 76319MB <IC25N080ATMR04-0> [155061/16/63] at ata0-master UDMA100 acd0: CDRW <HL-DT-STCD-RW/DVD DRIVE GCC-4240N> at ata1-master PIO4 Mounting root from ufs:/dev/ad0s3a >Description: If I try to configure any of the on-board interfaces fxp0 or wi0 with an IP address (using DHCP or manually) I get a panic. Setting wepmode and SSID ob the wi0 works without panic. Both work if FreeBSD 4.9-RC2 is used. I was able to get crashdumps and provide some data: Crash-Dump analysis from the fxp0 crash follows: ---------------- Good dump found on device /dev/ad0s3b Architecture: i386 Architecture version: 1 Dump length: 536281088B (511 MB) Blocksize: 512 Dumptime: Thu Oct 16 16:30:24 2003 Hostname: laprbg8.informatik.tu-muenchen.de Versionstring: FreeBSD 5.1-CURRENT-20031015-JPSNAP #0: Thu Oct 16 16:04:37 CEST 2003 root@laprbg8.informatik.tu-muenchen.de:/usr/obj/usr/src/sys/BATLETH Panicstring: integer divide fault Bounds: 0 Script started on Thu Oct 16 16:46:38 2003 laprbg8# laprbg8# gdb -k /usr/obj/usr/src/sys/BATLETH/kernel.debug vmcore.0 GNU gdb 5.2.1 (FreeBSD) Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-undermydesk-freebsd"... panic: integer divide fault panic messages: --- Fatal trap 18: integer divide fault while in kernel mode instruction pointer = 0x8:0xc0580cd2 stack pointer = 0x10:0xd77b1cc0 frame pointer = 0x10:0xd77b1ce0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, IOPL = 0 current process = 25 (irq11: cbb0 cbb1+++) trap number = 18 panic: integer divide fault syncing disks, buffers remaining... 465 465 465 465 465 465 465 465 465 465 465 465 465 465 465 465 465 465 465 465 giving up on 367 buffers Uptime: 3m25s Dumping 511 MB 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496 --- Reading symbols from /usr/obj/usr/src/sys/BATLETH/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done. Loaded symbols for /usr/obj/usr/src/sys/BATLETH/modules/usr/src/sys/modules/acpi/acpi.ko.debug #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 240 dumping++; (kgdb) bt #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 #1 0xc0631802 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:372 #2 0xc0631b58 in panic () at /usr/src/sys/kern/kern_shutdown.c:550 #3 0xc07cb9cc in trap_fatal (frame=0xd77b1c80, eva=0) at /usr/src/sys/i386/i386/trap.c:820 #4 0xc07cb422 in trap (frame= {tf_fs = -1043267560, tf_es = -997916656, tf_ds = -679804912, tf_edi = -1043225408, tf_esi = -997881600, tf_ebp = -679797536, tf_isp = -679797588, tf_ebx = -997736448, tf_edx = -593453056, tf_ecx = -593457152, tf_eax = -803205120, tf_trapno = 18, tf_err = 0, tf_eip = -1067971374, tf_cs = 8, tf_eflags = 514, tf_esp = -1043250684, tf_ss = 4}) at /usr/src/sys/i386/i386/trap.c:617 #5 0xc07bc128 in calltrap () at {standard input}:102 #6 0xc061e062 in ithread_loop (arg=0xc4858900) at /usr/src/sys/kern/kern_intr.c:534 #7 0xc061d05f in fork_exit (callout=0xc061ded0 <ithread_loop>, arg=0x0, frame=0x0) at /usr/src/sys/kern/kern_fork.c:796 (kgdb) up 6 #6 0xc061e062 in ithread_loop (arg=0xc4858900) at /usr/src/sys/kern/kern_intr.c:534 534 ih->ih_handler(ih->ih_argument); (kgdb) l 529 mtx_unlock(&ithd->it_lock); 530 goto restart; 531 } 532 if ((ih->ih_flags & IH_MPSAFE) == 0) 533 mtx_lock(&Giant); 534 ih->ih_handler(ih->ih_argument); 535 if ((ih->ih_flags & IH_MPSAFE) == 0) 536 mtx_unlock(&Giant); 537 } 538 } (kgdb) p *ih $1 = {ih_handler = 0xc485d600, ih_argument = 0xc485d600, ih_flags = 0, ih_name = 0x0, ih_ithread = 0x0, ih_need = 0, ih_next = {tqe_next = 0x0, tqe_prev = 0x0}, ih_pri = 0 '\0'} (kgdb) p *ihup No symbol "ihup" in current context. (kgdb) up #7 0xc061d05f in fork_exit (callout=0xc061ded0 <ithread_loop>, arg=0x0, frame=0x0) at /usr/src/sys/kern/kern_fork.c:796 796 callout(arg, frame); (kgdb) l 791 * cpu_set_fork_handler intercepts this function call to 792 * have this call a non-return function to stay in kernel mode. 793 * initproc has its own fork handler, but it does return. 794 */ 795 KASSERT(callout != NULL, ("NULL callout in fork_exit")); 796 callout(arg, frame); 797 798 /* 799 * Check if a kernel thread misbehaved and returned from its main 800 * function. (kgdb) p arg $2 = (void *) 0x0 (kgdb) p frame $3 = (struct trapframe *) 0x0 (kgdb) down #6 0xc061e062 in ithread_loop (arg=0xc4858900) at /usr/src/sys/kern/kern_intr.c:534 534 ih->ih_handler(ih->ih_argument); (kgdb) l 529 mtx_unlock(&ithd->it_lock); 530 goto restart; 531 } 532 if ((ih->ih_flags & IH_MPSAFE) == 0) 533 mtx_lock(&Giant); 534 ih->ih_handler(ih->ih_argument); 535 if ((ih->ih_flags & IH_MPSAFE) == 0) 536 mtx_unlock(&Giant); 537 } 538 } (kgdb) p arg $4 = (void *) 0xc4858900 (kgdb) $5 = (void *) 0xc4858900 (kgdb) p td $6 = (struct thread *) 0xc1d1a4c0 (kgdb) p *td $7 = {td_proc = 0xc48541e4, td_ksegrp = 0xc1d1d300, td_plist = { tqe_next = 0x0, tqe_prev = 0xc48541f4}, td_kglist = {tqe_next = 0x0, tqe_prev = 0xc1d1d31c}, td_slpq = {tqe_next = 0x0, tqe_prev = 0xc08ef158}, td_lockq = {tqe_next = 0x0, tqe_prev = 0x0}, td_runq = {tqe_next = 0x0, tqe_prev = 0x0}, td_selq = {tqh_first = 0x0, tqh_last = 0x0}, td_flags = 65538, td_inhibitors = 0, td_pflags = 0, td_last_kse = 0xc1d1b940, td_kse = 0xc1d1b940, td_dupfd = 0, td_wchan = 0x0, td_wmesg = 0x0, td_lastcpu = 0 '\0', td_oncpu = 0 '\0', td_locks = 0, td_blocked = 0x0, td_ithd = 0xc4858900, td_lockname = 0x0, td_contested = { lh_first = 0x0}, td_sleeplocks = 0x0, td_intr_nesting_level = 0, td_mailbox = 0x0, td_ucred = 0xc1d04e80, td_standin = 0x0, td_prticks = 0, td_upcall = 0x0, td_sticks = 0, td_uuticks = 0, td_usticks = 0, td_intrval = 0, td_oldsigmask = {__bits = {0, 0, 0, 0}}, td_sigmask = { __bits = {0, 0, 0, 0}}, td_siglist = {__bits = {0, 0, 0, 0}}, td_waitset = 0x0, td_umtx = {tqe_next = 0x0, tqe_prev = 0x0}, td_generation = 11180, td_base_pri = 4 '\004', td_priority = 76 'L', td_pcb = 0xd77b1da0, td_state = TDS_RUNNING, td_retval = {0, 0}, td_slpcallout = {c_links = {sle = {sle_next = 0xceb77088}, tqe = { tqe_next = 0xceb77088, tqe_prev = 0xceb7f0f8}}, c_time = 20491, c_arg = 0xc1d1a4c0, c_func = 0, c_flags = 8}, td_frame = 0xd77b1d48, td_kstack_obj = 0xc1030534, td_kstack = 3615162368, td_kstack_pages = 2, td_altkstack_obj = 0x0, td_altkstack = 0, td_altkstack_pages = 0, td_critnest = 0, td_md = <incomplete type>, td_sched = 0xc1d1a5ec} (kgdb) p *p $8 = {p_list = {le_next = 0xc48543c8, le_prev = 0xc4854000}, p_ksegrps = { tqh_first = 0xc1d1d300, tqh_last = 0xc1d1d304}, p_threads = { tqh_first = 0xc1d1a4c0, tqh_last = 0xc1d1a4c8}, p_suspended = { tqh_first = 0x0, tqh_last = 0xc48541fc}, p_ucred = 0xc1d04e80, p_fd = 0xc4814a00, p_fdtol = 0x0, p_stats = 0xd89cb000, p_limit = 0xc08e9ac0, p_upages_obj = 0xc1032e74, p_sigacts = 0xc483d000, p_flag = 516, p_sflag = 1, p_state = PRS_NORMAL, p_pid = 25, p_hash = { le_next = 0x0, le_prev = 0xc1ce3064}, p_pglist = {le_next = 0xc48543c8, le_prev = 0xc4854054}, p_pptr = 0xc08e9400, p_sibling = { le_next = 0xc48543c8, le_prev = 0xc4854060}, p_children = { lh_first = 0x0}, p_mtx = {mtx_object = {lo_class = 0xc0884dcc, lo_name = 0xc082f6b2 "process lock", lo_type = 0xc082f6b2 "process lock", lo_flags = 4390912, lo_list = { tqe_next = 0xc4854434, tqe_prev = 0xc485407c}, lo_witness = 0xc08f2040}, mtx_lock = 4, mtx_recurse = 0, mtx_blocked = { tqh_first = 0x0, tqh_last = 0xc4854274}, mtx_contested = {le_next = 0x0, le_prev = 0x0}}, p_oppid = 0, p_vmspace = 0xc08e9800, p_swtime = 192, p_realtimer = {it_interval = {tv_sec = 0, tv_usec = 0}, it_value = { tv_sec = 0, tv_usec = 0}}, p_runtime = {sec = 14, frac = 17061346334720090368}, p_uu = 0, p_su = 0, p_iu = 0, p_uticks = 0, p_sticks = 0, p_iticks = 10969, p_profthreads = 0, p_maxthrwaits = 0, p_traceflag = 0, p_tracevp = 0x0, p_tracecred = 0x0, p_textvp = 0x0, p_siglist = {__bits = {0, 0, 0, 0}}, p_lock = 1 '\001', p_klist = { slh_first = 0x0}, p_sigiolst = {slh_first = 0x0}, p_sigparent = 20, ---Type <return> to continue, or q <return> to quit--- p_sig = 0, p_code = 0, p_stops = 0, p_stype = 0, p_step = 0 '\0', p_pfsflags = 0 '\0', p_nlminfo = 0x0, p_aioinfo = 0x0, p_singlethread = 0x0, p_suspcount = 0, p_sigstk = {ss_sp = 0x0, ss_size = 0, ss_flags = 0}, p_magic = 3203398350, p_comm = "irq11: cbb0 cbb1+++", p_pgrp = 0xc08e9980, p_sysent = 0xc0880bc0, p_args = 0x0, p_cpulimit = 9223372036854775807, p_xstat = 0, p_numthreads = 1, p_numksegrps = 1, p_md = {md_ldt = 0x0}, p_itcallout = {c_links = {sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, tqe_prev = 0x0}}, c_time = 0, c_arg = 0x0, c_func = 0, c_flags = 8}, p_uarea = 0xd89cb000, p_acflag = 1, p_ru = 0x0, p_peers = 0x0, p_leader = 0xc48541e4, p_emuldata = 0x0, p_label = {l_flags = 0, l_perpolicy = {{l_ptr = 0x0, l_long = 0}, {l_ptr = 0x0, l_long = 0}, { l_ptr = 0x0, l_long = 0}, {l_ptr = 0x0, l_long = 0}}}, p_sched = 0xc48543c8} (kgdb) p *ithd $9 = {it_lock = {mtx_object = {lo_class = 0xc0884dcc, lo_name = 0xc082dd86 "ithread", lo_type = 0xc082dd86 "ithread", lo_flags = 196608, lo_list = {tqe_next = 0xc483daa8, tqe_prev = 0xc4814444}, lo_witness = 0xc08f16e0}, mtx_lock = 4, mtx_recurse = 0, mtx_blocked = {tqh_first = 0x0, tqh_last = 0xc4858924}, mtx_contested = {le_next = 0x0, le_prev = 0x0}}, it_td = 0xc1d1a4c0, it_list = {le_next = 0x0, le_prev = 0x0}, it_handlers = { tqh_first = 0xc481d480, tqh_last = 0xc4816158}, it_interrupted = 0x0, it_disable = 0xc07cf4e0 <ithread_disable>, it_enable = 0xc07cf470 <ithread_enable>, it_md = 0x0, it_flags = 0, it_need = 0, it_vector = 11, it_name = "irq11:", '\0' <repeats 13 times>} (kgdb) p ih->ih_flags $10 = 0 (kgdb) p Giant $11 = {mtx_object = {lo_class = 0xc0884dcc, lo_name = 0xc082f6a1 "Giant", lo_type = 0xc082f6a1 "Giant", lo_flags = 720896, lo_list = { tqe_next = 0xc08ecea0, tqe_prev = 0xc0888010}, lo_witness = 0xc08f2108}, mtx_lock = 4, mtx_recurse = 0, mtx_blocked = {tqh_first = 0x0, tqh_last = 0xc08ecf04}, mtx_contested = {le_next = 0x0, le_prev = 0xc4c419e8}} (kgdb) quit laprbg8# exit Script done on Thu Oct 16 16:52:23 2003 ============================== Analysis of the wi0 crash follows: ----------------------------------- Good dump found on device /dev/ad0s3b Architecture: i386 Architecture version: 1 Dump length: 536281088B (511 MB) Blocksize: 512 Dumptime: Thu Oct 16 18:44:49 2003 Hostname: laprbg8.informatik.tu-muenchen.de Versionstring: FreeBSD 5.1-CURRENT-20031015-JPSNAP #0: Thu Oct 16 16:04:37 CEST 2003 root@laprbg8.informatik.tu-muenchen.de:/usr/obj/usr/src/sys/BATLETH Panicstring: integer divide fault Bounds: 1 Script started on Thu Oct 16 18:55:35 2003 laprbg8# gdb -k kernel.debug vmcore.1 GNU gdb 5.2.1 (FreeBSD) Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-undermydesk-freebsd"... panic: integer divide fault panic messages: --- Fatal trap 18: integer divide fault while in kernel mode instruction pointer = 0x8:0xc0516ca8 stack pointer = 0x10:0xd77b1cb8 frame pointer = 0x10:0xd77b1cb8 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, IOPL = 0 current process = 25 (irq11: cbb0 cbb1+++) trap number = 18 panic: integer divide fault syncing disks, buffers remaining... 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 3839 giving up on 55 buffers Uptime: 31m18s Dumping 511 MB 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496 --- Reading symbols from /usr/obj/usr/src/sys/BATLETH/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done. Loaded symbols for /usr/obj/usr/src/sys/BATLETH/modules/usr/src/sys/modules/acpi/acpi.ko.debug #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 240 dumping++; (kgdb) bt #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 #1 0xc0631802 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:372 #2 0xc0631b58 in panic () at /usr/src/sys/kern/kern_shutdown.c:550 #3 0xc07cb9cc in trap_fatal (frame=0xd77b1c78, eva=0) at /usr/src/sys/i386/i386/trap.c:820 #4 0xc07cb422 in trap (frame= {tf_fs = -997785576, tf_es = -803209200, tf_ds = -679804912, tf_edi = -997736448, tf_esi = -803205120, tf_ebp = -679797576, tf_isp = -679797596, tf_ebx = -997736448, tf_edx = 2052, tf_ecx = -593453056, tf_eax = 4, tf_trapno = 18, tf_err = 0, tf_eip = -1068405592, tf_cs = 8, tf_eflags = 514, tf_esp = -679797536, tf_ss = -1067971052}) at /usr/src/sys/i386/i386/trap.c:617 #5 0xc07bc128 in calltrap () at {standard input}:102 #6 0xc0580e14 in cbb_intr (arg=0xc487c000) at /usr/src/sys/dev/exca/excavar.h:134 #7 0xc061e062 in ithread_loop (arg=0xc4858900) at /usr/src/sys/kern/kern_intr.c:534 #8 0xc061d05f in fork_exit (callout=0xc061ded0 <ithread_loop>, arg=0x0, frame=0x0) at /usr/src/sys/kern/kern_fork.c:796 (kgdb) up 6 #6 0xc0580e14 in cbb_intr (arg=0xc487c000) at /usr/src/sys/dev/exca/excavar.h:134 134 return (sc->getb(sc, reg)); (kgdb) l 129 int rid, struct resource *res); 130 131 static __inline uint8_t 132 exca_getb(struct exca_softc *sc, int reg) 133 { 134 return (sc->getb(sc, reg)); 135 } 136 137 static __inline void 138 exca_putb(struct exca_softc *sc, int reg, uint8_t val) (kgdb) p sc $1 = (struct cbb_softc *) 0xc487c000 (kgdb) p *sc $2 = {dev = 0xc485d600, exca = {dev = 0xc485d600, memalloc = 0, mem = {{ memt = 0, memh = 0, addr = 0, size = 0, realsize = 0, cardaddr = 0, kind = 0}, {memt = 0, memh = 0, addr = 0, size = 0, realsize = 0, cardaddr = 0, kind = 0}, {memt = 0, memh = 0, addr = 0, size = 0, realsize = 0, cardaddr = 0, kind = 0}, {memt = 0, memh = 0, addr = 0, size = 0, realsize = 0, cardaddr = 0, kind = 0}, {memt = 0, memh = 0, addr = 0, size = 0, realsize = 0, cardaddr = 0, kind = 0}}, ioalloc = 0, io = {{iot = 0, ioh = 0, addr = 0, size = 0, flags = 0, width = 0}, {iot = 0, ioh = 0, addr = 0, size = 0, flags = 0, width = 0}}, bst = 1, bsh = 3701514240, flags = 2, offset = 2048, chipset = 0, getb = 0xc0516c80 <exca_mem_getb>, putb = 0xc0516cb0 <exca_mem_putb>, event_thread = 0x0, mtx = { mtx_object = {lo_class = 0x0, lo_name = 0x0, lo_type = 0x0, lo_flags = 0, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 0, mtx_recurse = 0, mtx_blocked = { tqh_first = 0x0, tqh_last = 0x0}, mtx_contested = {le_next = 0x0, le_prev = 0x0}}, cv = {cv_waitq = {tqh_first = 0x0, tqh_last = 0x0}, cv_mtx = 0x0, cv_description = 0x0}, pccarddev = 0xc4881900}, base_res = 0xc481d200, irq_res = 0xc481a480, intrhand = 0xc4816d80, bst = 1, bsh = 3701514240, secbus = 1 '\001', subbus = 1 '\001', mtx = {mtx_object = { lo_class = 0xc0884dcc, lo_name = 0xc4853e70 "cbb1", lo_type = 0xc080dcf4 "cbb", lo_flags = 196608, lo_list = { tqe_next = 0xc4879aa8, tqe_prev = 0xc484e644}, lo_witness = 0xc08f1410}, mtx_lock = 4, mtx_recurse = 0, mtx_blocked = { ---Type <return> to continue, or q <return> to quit--- tqh_first = 0x0, tqh_last = 0xc487c170}, mtx_contested = {le_next = 0x0, le_prev = 0x0}}, cv = {cv_waitq = {tqh_first = 0xc1d1abe0, tqh_last = 0xc1d1abf8}, cv_mtx = 0xc487c14c, cv_description = 0xc081ee1c "cbb cv"}, flags = 1342177280, chipset = 4, rl = {slh_first = 0x0}, intr_handlers = {stqh_first = 0x0, stqh_last = 0xc487c19c}, cbdev = 0xc4881980, event_thread = 0xc47475ac} (kgdb) p reg No symbol "reg" in current context. (kgdb) l 139 { 140 sc->putb(sc, reg, val); 141 } 142 143 static __inline void 144 exca_setb(struct exca_softc *sc, int reg, uint8_t mask) 145 { 146 exca_putb(sc, reg, exca_getb(sc, reg) | mask); 147 } 148 (kgdb) l 129 int rid, struct resource *res); 130 131 static __inline uint8_t 132 exca_getb(struct exca_softc *sc, int reg) 133 { 134 return (sc->getb(sc, reg)); 135 } 136 137 static __inline void 138 exca_putb(struct exca_softc *sc, int reg, uint8_t val) (kgdb) p reg No symbol "reg" in current context. (kgdb) f #6 0xc0580e14 in cbb_intr (arg=0xc487c000) at /usr/src/sys/dev/exca/excavar.h:134 134 return (sc->getb(sc, reg)); (kgdb) p sc->getb There is no member named getb. (kgdb) up #7 0xc061e062 in ithread_loop (arg=0xc4858900) at /usr/src/sys/kern/kern_intr.c:534 534 ih->ih_handler(ih->ih_argument); (kgdb) p *ih $3 = {ih_handler = 0xc0580cb0 <cbb_intr>, ih_argument = 0xc487c000, ih_flags = -2147483648, ih_name = 0xc4853e70 "cbb1", ih_ithread = 0xc4858900, ih_need = 0, ih_next = {tqe_next = 0xc4816dc0, tqe_prev = 0xc481d498}, ih_pri = 4 '\004'} (kgdb) p *ih->ih_argument Attempt to dereference a generic pointer. (kgdb) p *ih->ih_handler $4 = {void (void *)} 0xc0580cb0 <cbb_intr> (kgdb) p *p $5 = {p_list = {le_next = 0xc48543c8, le_prev = 0xc4854000}, p_ksegrps = { tqh_first = 0xc1d1d300, tqh_last = 0xc1d1d304}, p_threads = { tqh_first = 0xc1d1a4c0, tqh_last = 0xc1d1a4c8}, p_suspended = { tqh_first = 0x0, tqh_last = 0xc48541fc}, p_ucred = 0xc1d04e80, p_fd = 0xc4814a00, p_fdtol = 0x0, p_stats = 0xd89cb000, p_limit = 0xc08e9ac0, p_upages_obj = 0xc1032e74, p_sigacts = 0xc483d000, p_flag = 516, p_sflag = 1, p_state = PRS_NORMAL, p_pid = 25, p_hash = { le_next = 0x0, le_prev = 0xc1ce3064}, p_pglist = {le_next = 0xc48543c8, le_prev = 0xc4854054}, p_pptr = 0xc08e9400, p_sibling = { le_next = 0xc48543c8, le_prev = 0xc4854060}, p_children = { lh_first = 0x0}, p_mtx = {mtx_object = {lo_class = 0xc0884dcc, lo_name = 0xc082f6b2 "process lock", lo_type = 0xc082f6b2 "process lock", lo_flags = 4390912, lo_list = { tqe_next = 0xc4854434, tqe_prev = 0xc485407c}, lo_witness = 0xc08f2040}, mtx_lock = 4, mtx_recurse = 0, mtx_blocked = { tqh_first = 0x0, tqh_last = 0xc4854274}, mtx_contested = {le_next = 0x0, le_prev = 0x0}}, p_oppid = 0, p_vmspace = 0xc08e9800, p_swtime = 1865, p_realtimer = {it_interval = {tv_sec = 0, tv_usec = 0}, it_value = { tv_sec = 0, tv_usec = 0}}, p_runtime = {sec = 14, frac = 12793881406428493952}, p_uu = 0, p_su = 0, p_iu = 0, p_uticks = 0, p_sticks = 0, p_iticks = 10968, p_profthreads = 0, p_maxthrwaits = 0, p_traceflag = 0, p_tracevp = 0x0, p_tracecred = 0x0, p_textvp = 0x0, p_siglist = {__bits = {0, 0, 0, 0}}, p_lock = 1 '\001', p_klist = { slh_first = 0x0}, p_sigiolst = {slh_first = 0x0}, p_sigparent = 20, ---Type <return> to continue, or q <return> to quit--- p_sig = 0, p_code = 0, p_stops = 0, p_stype = 0, p_step = 0 '\0', p_pfsflags = 0 '\0', p_nlminfo = 0x0, p_aioinfo = 0x0, p_singlethread = 0x0, p_suspcount = 0, p_sigstk = {ss_sp = 0x0, ss_size = 0, ss_flags = 0}, p_magic = 3203398350, p_comm = "irq11: cbb0 cbb1+++", p_pgrp = 0xc08e9980, p_sysent = 0xc0880bc0, p_args = 0x0, p_cpulimit = 9223372036854775807, p_xstat = 0, p_numthreads = 1, p_numksegrps = 1, p_md = {md_ldt = 0x0}, p_itcallout = {c_links = {sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, tqe_prev = 0x0}}, c_time = 0, c_arg = 0x0, c_func = 0, c_flags = 8}, p_uarea = 0xd89cb000, p_acflag = 1, p_ru = 0x0, p_peers = 0x0, p_leader = 0xc48541e4, p_emuldata = 0x0, p_label = {l_flags = 0, l_perpolicy = {{l_ptr = 0x0, l_long = 0}, {l_ptr = 0x0, l_long = 0}, { l_ptr = 0x0, l_long = 0}, {l_ptr = 0x0, l_long = 0}}}, p_sched = 0xc48543c8} (kgdb) p arg $6 = (void *) 0xc4858900 (kgdb) p *td $7 = {td_proc = 0xc48541e4, td_ksegrp = 0xc1d1d300, td_plist = { tqe_next = 0x0, tqe_prev = 0xc48541f4}, td_kglist = {tqe_next = 0x0, tqe_prev = 0xc1d1d31c}, td_slpq = {tqe_next = 0x0, tqe_prev = 0xc08ef050}, td_lockq = {tqe_next = 0x0, tqe_prev = 0x0}, td_runq = {tqe_next = 0x0, tqe_prev = 0x0}, td_selq = {tqh_first = 0x0, tqh_last = 0x0}, td_flags = 65538, td_inhibitors = 0, td_pflags = 0, td_last_kse = 0xc1d1b940, td_kse = 0xc1d1b940, td_dupfd = 0, td_wchan = 0x0, td_wmesg = 0x0, td_lastcpu = 0 '\0', td_oncpu = 0 '\0', td_locks = 0, td_blocked = 0x0, td_ithd = 0xc4858900, td_lockname = 0x0, td_contested = { lh_first = 0x0}, td_sleeplocks = 0x0, td_intr_nesting_level = 0, td_mailbox = 0x0, td_ucred = 0xc1d04e80, td_standin = 0x0, td_prticks = 0, td_upcall = 0x0, td_sticks = 0, td_uuticks = 0, td_usticks = 0, td_intrval = 0, td_oldsigmask = {__bits = {0, 0, 0, 0}}, td_sigmask = { __bits = {0, 0, 0, 0}}, td_siglist = {__bits = {0, 0, 0, 0}}, td_waitset = 0x0, td_umtx = {tqe_next = 0x0, tqe_prev = 0x0}, td_generation = 9614, td_base_pri = 4 '\004', td_priority = 76 'L', td_pcb = 0xd77b1da0, td_state = TDS_RUNNING, td_retval = {0, 0}, td_slpcallout = {c_links = {sle = {sle_next = 0xceb77088}, tqe = { tqe_next = 0xceb77088, tqe_prev = 0xceb85d88}}, c_time = 187805, c_arg = 0xc1d1a4c0, c_func = 0, c_flags = 8}, td_frame = 0xd77b1d48, td_kstack_obj = 0xc1030534, td_kstack = 3615162368, td_kstack_pages = 2, td_altkstack_obj = 0x0, td_altkstack = 0, td_altkstack_pages = 0, td_critnest = 0, td_md = <incomplete type>, td_sched = 0xc1d1a5ec} (kgdb) p *ithd $8 = {it_lock = {mtx_object = {lo_class = 0xc0884dcc, lo_name = 0xc082dd86 "ithread", lo_type = 0xc082dd86 "ithread", lo_flags = 196608, lo_list = {tqe_next = 0xc483daa8, tqe_prev = 0xc4814444}, lo_witness = 0xc08f16e0}, mtx_lock = 4, mtx_recurse = 0, mtx_blocked = {tqh_first = 0x0, tqh_last = 0xc4858924}, mtx_contested = {le_next = 0x0, le_prev = 0x0}}, it_td = 0xc1d1a4c0, it_list = {le_next = 0x0, le_prev = 0x0}, it_handlers = { tqh_first = 0xc481d480, tqh_last = 0xc4816158}, it_interrupted = 0x0, it_disable = 0xc07cf4e0 <ithread_disable>, it_enable = 0xc07cf470 <ithread_enable>, it_md = 0x0, it_flags = 0, it_need = 0, it_vector = 11, it_name = "irq11:", '\0' <repeats 13 times>} (kgdb) p ih->ih_flags $9 = -2147483648 (kgdb) p Giant $10 = {mtx_object = {lo_class = 0xc0884dcc, lo_name = 0xc082f6a1 "Giant", lo_type = 0xc082f6a1 "Giant", lo_flags = 720896, lo_list = { tqe_next = 0xc08ecea0, tqe_prev = 0xc0888010}, lo_witness = 0xc08f2108}, mtx_lock = 4, mtx_recurse = 0, mtx_blocked = {tqh_first = 0x0, tqh_last = 0xc08ecf04}, mtx_contested = {le_next = 0x0, le_prev = 0xc488cc48}} (kgdb) quit Script done on Thu Oct 16 19:03:45 2003 Kernel and vmcore for the wi0 crash is available on: http://www.leo.org/~dl/freebsd/wi0-crash/ >How-To-Repeat: Install a current snapshot on a Thinkpad A31p and try to use the on-board interfaces. >Fix: None known. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031016175019.53927.qmail>