The attached panic has happened once on S10 x86 GA + 118844-20
kernel patch when hotremoving a firewire cardbus card. There was
never a firewire device connected to the firewire cardbus controller, I
just hotplugged the firewire card card, then hotremoved it.
This panic has happened exactly once so far. In all other cases the
notebook freezes when hotremoving the firewire cardbus card and it has
to be power cycled.
It seems as if hci1394_ixl_interrupt() was called with a bad second argument,
maybe pointing to freed memory. Unfortunatelly the kernel was running without
kmem heap checking so it's probably difficult to find out exactly has has gone
wrong.
Unfortunatelly the firewire bug category is not visible on bugs.opensolaris.org,
so I cannot check if this is a known issue.
This message posted from opensolaris.org
-------------- next part --------------
# mdb -k 0
Loading modules: [ unix krtld genunix specfs dtrace ufs ip sctp usba uhci s1394
fctl lofs random nfs audiosup ptm ]
> ::status
debugging crash dump vmcore.0 (32-bit) from max
operating system: 5.10 Generic_118844-20 (i86pc)
panic message:
BAD TRAP: type=e (#pf Page fault) rp=d3202ccc addr=c6b50278 occurred in module
"hci1394" due to an illegal access to a user address
dump content: kernel pages only
> $c
hci1394_ixl_dma_sync+0x27(d49830c0, d49a61e0)
hci1394_ixl_interrupt+0xeb(d49830c0, d49a61e0, 0)
hci1394_isr_isoch_it+0x67(d49830c0)
hci1394_isr+0x57(d49830c0, 0)
cpu_halt+0x9d()
idle+0x3b(0, 0)
> ::msgbuf
MESSAGE
PCI-device: pci1179,ff10 at 1f,5, audioi8100
audioi8100 is /pci at 0,0/pci1179,ff10 at 1f,5
PCI-device: pci1179,ff10, audioi8100, ICH4:82801DB/M (rev. 0x03) at irq 11
NOTICE: IRQ11 is being shared by drivers with different interrupt levels.
This may result in reduced system performance.
AC97: primary codec, rev. 2.1 or earlier, vendor id1:0x4144,id2:0x5363,
Headphone out, 16-bit DAC, 16-bit ADC, 3D-stereo mode 1, aux HP_OUT
AC97: extid 0x0001, powerdown status 0x000f
pseudo-device: vol0
vol0 is /pseudo/vol at 0
ATAPI device at targ 0, lun 0 lastlun 0x0
model DW-224E
ATA/ATAPI-5 supported, majver 0x3c minver 0x0
PCI-device: ide at 1, ata1
ata1 is /pci at 0,0/pci-ide at 1f,1/ide at 1
UltraDMA mode 2 selected
UltraDMA mode 2 selected
sd0 at ata1: target 0 lun 0
sd0 is /pci at 0,0/pci-ide at 1f,1/ide at 1/sd at 0,0
device pciclass,030000 at 0(display#0) keeps up device sd at 0,0(sd#0), but the
latter is not power managed
pseudo-device: devinfo0
devinfo0 is /pseudo/devinfo at 0
PCI-device: pci1179,ff10 at 1f,5, audioi8100
audioi8100 is /pci at 0,0/pci1179,ff10 at 1f,5
PCI-device: pci1179,ff10, audioi8100, ICH4:82801DB/M (rev. 0x03) at irq 11
NOTICE: IRQ11 is being shared by drivers with different interrupt levels.
This may result in reduced system performance.
AC97: primary codec, rev. 2.1 or earlier, vendor id1:0x4144,id2:0x5363,
Headphone out, 16-bit DAC, 16-bit ADC, 3D-stereo mode 1, aux HP_OUT
AC97: extid 0x0001, powerdown status 0x000f
pseudo-device: pool0
pool0 is /pseudo/pool at 0
pciclass,0607001: ........................................
pciclass,0607001: Pri Bus = [0x2]
pciclass,0607001: Sec Bus = [0x3]
pciclass,0607001: Sub Bus = [0x3]
pciclass,0607001: Cardbus Lattimer = [0x40]
pciclass,0607001: Cache Linesz= [0x10]
pciclass,0607001: Lattimer= [0x20]
pciclass,0607001: Command = [0x7]
pciclass,0607001: BAR0 = [0xdf000]
pciclass,0607001: mem Base 0 = [0x0]
pciclass,0607001: mem Lim 0 = [0x0]
pciclass,0607001: mem Base 1 = [0x0]
pciclass,0607001: mem Lim 1 = [0x0]
pciclass,0607001: I/0 Base 0 = [0x0]
pciclass,0607001: I/O Lim 0 = [0x0]
pciclass,0607001: I/O Base 1 = [0x0]
pciclass,0607001: I/O Lim 1 = [0x0]
pciclass,0607001: Sec. Status = [0x200]
pciclass,0607001: Intr Line = [0xb]
pciclass,0607001: Intr Pin = [0x2]
pciclass,0607001: BrIdge CTL 0x3e = [0x420]
pciclass,0607001: Subsys Venid= [0x1179]
pciclass,0607001: Subsys ID = [0xff10]
pciclass,0607001: PCCARD I/F = [0x1]
pciclass,0607001: SYS CTL 0x80 = [0x844d021]
pciclass,0607001: GEN CTL 0x86 = [0x0]
pciclass,0607001: G Purpos 0x88 = [0x0]
pciclass,0607001: MF-routing 0x8c = [0x1000222]
pciclass,0607001: Card CTL 0x91 = [0x2]
pciclass,0607001: DEV CTL 0x92 = [0x44]
pciclass,0607001: DIAG 0x93 = [0x60]
pciclass,0607001: ........................................
pcic(1),0xda3066d8: pcic1: Odd card insertion indication on socket 0
pcic(1),0xda3066d8: pcic1: Odd card insertion indication on socket 0
pcic(1),0xda3066d8: pcic1: Odd card insertion indication on socket 0
pci574,86c,0xd3a88a20: cardbus_update_assigned_prop: creating prop
pci574,86c,0xd3a88a20: cardbus_update_assigned_prop: found prop len 20
pci574,86c,0xd3a88a20: cardbus_update_assigned_prop: found prop len 40
hci1394,0xd3a88a20: Creating empty ppd
NOTICE: IRQ11 is being shared by drivers with different interrupt levels.
This may result in reduced system performance.
Bus 3 Device 0 Function 0 Vendor 0x1106 Device 0x3044 Name
pciclass,0c0010hci13940 is /pci at 0,0/pci8086,2448 at 1e/pci1179,ff10 at
9/pci574,86c at 0
/pci at 0,0/pci8086,2448 at 1e/pci1179,ff10 at 9/pci574,86c at 0 (hci13940)
online
pciclass,0607000: ........................................
pciclass,0607000: Pri Bus = [0x2]
pciclass,0607000: Sec Bus = [0x3]
pciclass,0607000: Sub Bus = [0x3]
pciclass,0607000: Cardbus Lattimer = [0x40]
pciclass,0607000: Cache Linesz= [0x10]
pciclass,0607000: Lattimer= [0x20]
pciclass,0607000: Command = [0x7]
pciclass,0607000: BAR0 = [0xde000]
pciclass,0607000: mem Base 0 = [0xd0002000]
pciclass,0607000: mem Lim 0 = [0xd0002000]
pciclass,0607000: mem Base 1 = [0x0]
pciclass,0607000: mem Lim 1 = [0x0]
pciclass,0607000: I/0 Base 0 = [0xb000]
pciclass,0607000: I/O Lim 0 = [0xb07c]
pciclass,0607000: I/O Base 1 = [0x0]
pciclass,0607000: I/O Lim 1 = [0x0]
pciclass,0607000: Sec. Status = [0x200]
pciclass,0607000: Intr Line = [0xb]
pciclass,0607000: Intr Pin = [0x1]
pciclass,0607000: BrIdge CTL 0x3e = [0x420]
pciclass,0607000: Subsys Venid= [0x1179]
pciclass,0607000: Subsys ID = [0xff10]
pciclass,0607000: PCCARD I/F = [0x1]
pciclass,0607000: SYS CTL 0x80 = [0x844f021]
pciclass,0607000: GEN CTL 0x86 = [0x0]
pciclass,0607000: G Purpos 0x88 = [0x0]
pciclass,0607000: MF-routing 0x8c = [0x1000222]
pciclass,0607000: Card CTL 0x91 = [0x3]
pciclass,0607000: DEV CTL 0x92 = [0x44]
pciclass,0607000: DIAG 0x93 = [0x60]
pciclass,0607000: ........................................
pciclass,0c00100: ........................................
pciclass,0c00100: VendorId = [0x1106]
pciclass,0c00100: DeviceId = [0x3044]
pciclass,0c00100: Command = [0x1c7]
pciclass,0c00100: CacheLineSz = [0x10]
pciclass,0c00100: LatencyTmr = [0x0]
pciclass,0c00100: BAR0 = [0xd0002000]
pciclass,0c00100: BAR1 = [0xb001]
pciclass,0c00100: BAR2 = [0xd0002800]
pciclass,0c00100: BAR3 = [0x0]
pciclass,0c00100: BAR4 = [0x0]
pciclass,0c00100: CIS = [0x0]
pciclass,0c00100: ILINE = [0xb]
pciclass,0c00100: IPIN = [0x1]
pcic(0),0xda3067f8: pcic0: Odd card insertion indication on socket 0
pcic(0),0xda3067f8: pcic0: Odd card insertion indication on socket 0
pcic(0),0xda3067f8: pcic0: Odd card insertion indication on socket 0
panic[cpu0]/thread=d3202de0:
BAD TRAP: type=e (#pf Page fault) rp=d3202ccc addr=c6b50278 occurred in module
"hci1394" due to an illegal access to a user address
sched:
#pf Page fault
Bad kernel fault at addr=0xc6b50278
pid=0, pc=0xf900927d, sp=0xffffffff, eflags=0x10286
cr0: 8005003b<pg,wp,ne,et,ts,mp,pe> cr4: 6d8<xmme,fxsr,pge,mce,pse,de>
cr2: c6b50278 cr3: 3601000
gs: d3a801b0 fs: d3200000 es: fe920160 ds: da300160
edi: ffffffff esi: d49a61f0 ebp: d3202d28 esp: d3202cfc
ebx: c6b50278 edx: d3202de0 ecx: d49ab83c eax: c6b50278
trp: e err: 0 eip: f900927d cs: 158
efl: 10286 usp: ffffffff ss: d49a61f0
d3202c2c unix:die+a7 (e, d3202ccc, c6b502)
d3202cb8 unix:trap+fc8 (d3202ccc, c6b50278,)
d3202ccc unix:cmntrap+83 ()
d3202d28 hci1394:hci1394_ixl_dma_sync+27 (d49830c0, d49a61e0)
d3202d58 hci1394:hci1394_ixl_interrupt+eb (d49830c0, d49a61e0,)
d3202d80 hci1394:hci1394_isr_isoch_it+67 (d49830c0)
d3202db0 hci1394:hci1394_isr+57 (d49830c0, 0)
syncing file systems...
done
dumping to /dev/dsk/c0d0s1, offset 107806720, content: kernel
> hci1394_ixl_dma_sync,15?ia
hci1394_ixl_dma_sync:pushl %ebp
hci1394_ixl_dma_sync+1: movl %esp,%ebp
hci1394_ixl_dma_sync+3: subl $0xc,%esp
hci1394_ixl_dma_sync+6: pushl %ebx
hci1394_ixl_dma_sync+7: pushl %esi
hci1394_ixl_dma_sync+8: pushl %edi
hci1394_ixl_dma_sync+9: xorl %ebx,%ebx
hci1394_ixl_dma_sync+0xb: movl 0xc(%ebp),%ecx
hci1394_ixl_dma_sync+0xe: movl 0x38(%ecx),%eax
hci1394_ixl_dma_sync+0x11: movl %eax,-0xc(%ebp)
hci1394_ixl_dma_sync+0x14: movw 0x4c(%ecx),%cx
hci1394_ixl_dma_sync+0x18: movw %cx,-0x8(%ebp)
hci1394_ixl_dma_sync+0x1c: testl %eax,%eax
hci1394_ixl_dma_sync+0x1e: je +0xd1 <hci1394_ixl_dma_sync+0xef>
hci1394_ixl_dma_sync+0x24: movl -0xc(%ebp),%ebx
hci1394_ixl_dma_sync+0x27: movl (%ebx),%eax
hci1394_ixl_dma_sync+0x29: movl %eax,-0xc(%ebp)
hci1394_ixl_dma_sync+0x2c: movzwl 0xa(%ebx),%eax
hci1394_ixl_dma_sync+0x30: andl $0xffff7fff,%eax
hci1394_ixl_dma_sync+0x35: movzwl %ax,%eax
hci1394_ixl_dma_sync+0x38: testl $0x800,%eax
hci1394_ixl_dma_sync+0x3d:
> d49830c0::print hci1394_state_t
{
ohci = 0xd4d49970
async = 0xd4a5d910
vendor = 0xd4684700
csr = 0xd468a198
isoch = 0xd49a6000
sl_selfid_buf = 0xd48e3000
drvinfo = {
di_dip = 0xd3a88a20
di_sl_private = 0xd4d5f000
di_instance = 0
di_gencnt = 0xff
di_drvstate = {
ds_state = 1 (HCI1394_BUS_RESET)
ds_mutex = {
_opaque = [ 0, 0 ]
}
}
di_stats = {
st_bus_reset_count = 0x2
st_selfid_count = 0x2
st_phy_isr = 0
st_phy_loop_err = 0
st_phy_pwrfail_err = 0
st_phy_timeout_err = 0
st_phy_portevt_err = 0
}
di_iblock_cookie = 9
di_reg_attr = {
devacc_attr_version = 0x1
devacc_attr_endian_flags = 0x1
devacc_attr_dataorder = 0
devacc_attr_access = 0
}
di_buf_attr = {
devacc_attr_version = 0x1
devacc_attr_endian_flags = 0x1
devacc_attr_dataorder = 0
devacc_attr_access = 0
}
}
vendor_info = {
vendor_id = 0x1106
device_id = 0x3044
revision_id = 0x46
ohci_version = 0x1010000
ohci_vendor_id = 0x4063
vendor_reg_count = 0
}
pci_config = 0xd4d49a10
swap_data = 1 (B_TRUE)
halinfo = {
hal_private = 0xd49830c0
dip = 0xd3a88a20
hal_events = {
hal_version = 0x1
reserved = 0
shutdown = hci1394_s1394if_shutdown
send_phy_configuration_packet = hci1394_s1394if_phy
read = hci1394_s1394if_read
read_response = hci1394_s1394if_read_response
write = hci1394_s1394if_write
write_response = hci1394_s1394if_write_response
response_complete = hci1394_s1394if_response_complete
lock = hci1394_s1394if_lock
lock_response = hci1394_s1394if_lock_response
alloc_isoch_dma = hci1394_alloc_isoch_dma
free_isoch_dma = hci1394_free_isoch_dma
start_isoch_dma = hci1394_start_isoch_dma
stop_isoch_dma = hci1394_stop_isoch_dma
update_isoch_dma = hci1394_update_isoch_dma
update_config_rom = hci1394_s1394if_update_config_rom
bus_reset = hci1394_s1394if_reset_bus
short_bus_reset = hci1394_s1394if_short_bus_reset
set_contender_bit = hci1394_s1394if_set_contender_bit
set_root_holdoff_bit = hci1394_s1394if_set_root_holdoff_bit
set_gap_count = hci1394_s1394if_set_gap_count
csr_read = hci1394_s1394if_csr_read
csr_write = hci1394_s1394if_csr_write
csr_cswap32 = hci1394_s1394if_csr_cswap32
physical_arreq_enable_set = hci1394_s1394if_phy_filter_set
physical_arreq_enable_clr = hci1394_s1394if_phy_filter_clr
node_power_state_change = hci1394_s1394if_power_state_change
}
hw_interrupt = 9
acc_attr = {
devacc_attr_version = 0x1
devacc_attr_endian_flags = 0x1
devacc_attr_dataorder = 0
devacc_attr_access = 0
}
dma_attr = {
dma_attr_version = 0
dma_attr_addr_lo = 0
dma_attr_addr_hi = 0xffffffff
dma_attr_count_max = 0xffffffff
dma_attr_align = 0x40
dma_attr_burstsizes = 0x3ff
dma_attr_minxfer = 0x1
dma_attr_maxxfer = 0xffffffff
dma_attr_seg = 0x7fff
dma_attr_sgllen = 0x7fffffff
dma_attr_granular = 0x4
dma_attr_flags = 0
}
phy = 1 (H1394_PHY_1394A)
hal_overhead = 0x80
bus_capabilities = 0xf8009202
guid = 0x11060000003d73
node_capabilities = 0x83c0
max_generation = 0xff
addr_map = hci1394_addr_map
addr_map_num_entries = 0x4
resv_map = 0xd46846c0
resv_map_num_entries = 0x3
}
}
> d49a61e0::print hci1394_iso_ctxt_t
{
ctxt_index = 0x4
ctxt_io_mode = 0x90ef3c37
ctxt_flags = 0
intr_flags = 0xdfa5b64b
intrprocmutex = {
_opaque = [ 0, 0xbaba7d88 ]
}
intr_cv = {
_opaque = 0
}
isospd = 0xe9d7
isochan = 0xc3af
ctxt_regsp = 0x888ed9b0
xcs_firstp = 0xba5dd9ab
dma_firstp = 0x5b89eaf2
dma_mem_execp = 0x9a3ee81b
reserved = 0x74227f50
ixl_firstp = 0xa747890a
ixl_execp = 0xc6b50278
ixl_exec_depth = 0x2e0d8203
max_dma_skips = 0x949f371
max_noadv_intrs = 0x8a16608e
rem_noadv_intrs = 0x5641ddc4
dma_last_time = 0xb83c
default_tag = 0x93e2
default_sync = 0x261d
default_skipmode = 0x24e4
default_skiplabelp = 0x9d77c4d8
default_skipxferp = 0xd98dd2b5
global_callback_arg = 0x95f0b50
idma_evt_arg = 0xde309db2
isoch_dma_stopped = 0xb3ef6648
}
> d49a61e0::whatis
d49a61e0 is d49a6000+1e0, allocated from kmem_alloc_8192
> d49830c0::whatis
d49830c0 is d49830c0+0, allocated from kmem_alloc_384
>
