From owner-acpi-jp@jp.FreeBSD.org Thu Dec 12 06:28:11 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id gBBLSBC54635;
	Thu, 12 Dec 2002 06:28:11 +0900 (JST)
	(envelope-from owner-acpi-jp@jp.FreeBSD.org)
Received: from disk.fnug.net (213.237.71.107.adsl.amb.worldonline.dk [213.237.71.107])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id gBBLS7254445
	for <acpi-jp@jp.freebsd.org>; Thu, 12 Dec 2002 06:28:07 +0900 (JST)
	(envelope-from paul@fnug.net)
Received: from fnug.net (unknown [192.168.1.4])
	by disk.fnug.net (Postfix) with ESMTP
	id 9B8914494; Wed, 11 Dec 2002 22:28:03 +0100 (CET)
Message-ID: <3DF7AD8A.7080307@fnug.net>
From: "Paul A. Mayer" <paul@fnug.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: acpi-jp@jp.FreeBSD.org
Cc: jhb@freebsd.org, Koop Mast <einekoai@chello.nl>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Reply-To: acpi-jp@jp.FreeBSD.org
Precedence: list
Date: Wed, 11 Dec 2002 22:26:34 +0100
X-Sequence: acpi-jp 2039
Subject: [acpi-jp 2039] Crash with 5.0-RC1 
Errors-To: owner-acpi-jp@jp.FreeBSD.org
Sender: owner-acpi-jp@jp.FreeBSD.org
X-Originator: paul@fnug.net
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+021210

Greetings,

Below is the output of an acpi-related crashdump on 5.0-RC1.  The kernel 
has acpi compiled in after nearly identical results with the generic 
kernel & the acpi module.

This problem is being posted to this list at the suggestion of John 
Baldwin < jhb () FreeBSD ! org >.  Help with this issue will be greatly 
appreciated.

Please send follup mail to my personal address as I am not a list member.

Regards,

Paul

-------- Original Message --------
Subject: Re: Crash with 5.0-RC1
Date: Wed, 11 Dec 2002 15:15:14 -0500 (EST)
From: John Baldwin <jhb@FreeBSD.org>
To: "Paul A. Mayer" <paul@fnug.net>


On 11-Dec-2002 Paul A. Mayer wrote:
 > -bash-2.05b$ gdb -k kernel.debug.2 vmcore.2
 > GNU gdb 5.2.1 (FreeBSD)
 > Copyright 2002 Free Software Foundation, Inc.
 > GDB is free software, covered by the GNU General Public License, and 
you are
 > welcome to change it and/or distribute copies of it under certain
 > conditions.
 > Type "show copying" to see the conditions.
 > There is absolutely no warranty for GDB.  Type "show warranty" for 
details.
 > This GDB was configured as "i386-undermydesk-freebsd"...
 > panic: from debugger
 > panic messages:
 > ---
 > Fatal trap 12: page fault while in kernel mode
 > fault virtual address   = 0x42
 > fault code              = supervisor read, page not present
 > instruction pointer     = 0x8:0xc045aaf7
 > stack pointer           = 0x10:0xdf0d19e4
 > frame pointer           = 0x10:0xdf0d19fc
 > code segment            = base 0x0, limit 0xfffff, type 0x1b
 >                          = DPL 0, pres 1, def32 1, gran 1
 > processor eflags        = interrupt enabled, resume, IOPL = 0
 > current process         = 21 (acpi_thermal)
 > panic: from debugger
 >
 >
 > Fatal trap 3: breakpoint instruction fault while in kernel mode
 > instruction pointer     = 0x8:0xc048b7d4
 > stack pointer           = 0x10:0xdf0d1764
 > frame pointer           = 0x10:0xdf0d1770
 > code segment            = base 0x0, limit 0xfffff, type 0x1b
 >                          = DPL 0, pres 1, def32 1, gran 1
 > processor eflags        = IOPL = 0
 > current process         = 21 (acpi_thermal)
 > panic: from debugger
 > Uptime: 31s
 > Dumping 1023 MB
 > ata0: resetting devices ..
 > done
 >   16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304
 > 320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592
 > 608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880
 > 896 912 928 944 960 976 992 1008Copyright (c) 1992-2002 The FreeBSD 
Project.
 > Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
 >          The Regents of the University of California. All rights 
reserved.
 > FreeBSD 5.0-RC1 #0: Wed Dec 11 19:39:16 GMT 2002
 >      root@asus:/usr/obj/work/src/sys/ASUS
 > Preloaded elf kernel "/boot/kernel/kernel" at 0xc06ac000.
 > Timecounter "i8254"  frequency 1193182 Hz
 > Timecounter "TSC"  frequency 2000082456 Hz
 > CPU: Pentium 4 (2000.08-MHz 686-class CPU)
 >    Origin = "GenuineIntel"  Id = 0xf27  Stepping = 7
 >
 > 
Features=0xffffffffbfebf9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLF
 > LUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,<b31>>
 > real memory  = 1073713152 (1023 MB)
 > avail memory = 1036218368 (988 MB)
 > Initializing GEOMetry subsystem
 > Pentium Pro MTRR support enabled
 > acpi0: <ASUS   P4_L3CS > on motherboard
 >      ACPI-0625: *** Info: GPE Block0 defined as GPE0 to GPE15
 >      ACPI-0625: *** Info: GPE Block1 defined as GPE16 to GPE31
 > Using $PIR table, 6 entries at 0xc00f13b0
 > acpi0: power button is handled as a fixed feature programming model.
 > Timecounter "ACPI-fast"  frequency 3579545 Hz
 > acpi_timer0: <24-bit timer at 3.579545MHz> port 0xe408-0xe40b on acpi0
 > acpi_cpu0: <CPU> on acpi0
 > acpi_tz0: <thermal zone> on acpi0
 > acpi_button0: <Sleep Button> on acpi0
 > acpi_acad0: <AC adapter> on acpi0
 > acpi_cmbat0: <Control method Battery> on acpi0
 > acpi_lid0: <Control Method Lid Switch> on acpi0
 > pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
 > pci0: <ACPI PCI bus> on pcib0
 > agp0: <Intel 82845 host to AGP bridge> mem 0xe0000000-0xefffffff at
 > device 0.0 on pci0
 > pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0
 > pci1: <ACPI PCI bus> on pcib1
 > pci1: <display, VGA> at device 0.0 (no driver attached)
 > uhci0: <Intel 82801CA/CAM (ICH3) USB controller USB-A> port
 > 0xb800-0xb81f irq 5 at device 29.0 on pci0
 > usb0: <Intel 82801CA/CAM (ICH3) USB controller USB-A> on uhci0
 > usb0: USB revision 1.0
 > uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
 > uhub0: 2 ports with 2 removable, self powered
 > uhci1: <Intel 82801CA/CAM (ICH3) USB controller USB-B> port
 > 0xb400-0xb41f irq 9 at device 29.1 on pci0
 > usb1: <Intel 82801CA/CAM (ICH3) USB controller USB-B> on uhci1
 > usb1: USB revision 1.0
 > uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
 > uhub1: 2 ports with 2 removable, self powered
 > pcib2: <ACPI PCI-PCI bridge> at device 30.0 on pci0
 > pci2: <ACPI PCI bus> on pcib2
 > rl0: <RealTek 8139 10/100BaseTX> port 0xa800-0xa8ff mem
 > 0xd6800000-0xd68000ff irq 9 at device 5.0 on pci2
 > rl0: Realtek 8139B detected. Warning, this may be unstable in autoselect
 > mode
 > rl0: Ethernet address: 00:e0:18:bc:f6:85
 > miibus0: <MII bus> on rl0
 > rlphy0: <RealTek internal media interface> on miibus0
 > rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
 > cbb0: <RF5C476 PCI-CardBus Bridge> irq 5 at device 7.0 on pci2
 > cardbus0: <CardBus bus> on cbb0
 > pccard0: <16-bit PCCard bus> on cbb0
 > cbb1: <RF5C476 PCI-CardBus Bridge> irq 11 at device 7.1 on pci2
 > cardbus1: <CardBus bus> on cbb1
 > pccard1: <16-bit PCCard bus> on cbb1
 > pci2: <serial bus, FireWire> at device 7.2 (no driver attached)
 > isab0: <PCI-ISA bridge> at device 31.0 on pci0
 > isa0: <ISA bus> on isab0
 > atapci0: <Intel ICH3 ATA100 controller> port
 > 0x8400-0x840f,0x8800-0x8803,0x9000-0x9007,0x9400-0x9403,0x9800-0x9807
 > mem 0xd5800000-0xd58003ff irq 9 at device 31.1 on pci0
 > ata0: at 0x1f0 irq 14 on atapci0
 > ata1: at 0x170 irq 15 on atapci0
 > pci0: <multimedia, audio> at device 31.5 (no driver attached)
 > pci0: <simple comms> at device 31.6 (no driver attached)
 > fdc0: <Enhanced floppy controller (i82077, NE72065 or clone)> port
 > 0x3f7,0x3f2-0x3f5 irq 6 drq 2 on acpi0
 > fdc0: FIFO enabled, 8 bytes threshold
 > fd0: <1440-KB 3.5" drive> on fdc0 drive 0
 > ppc0 port 0x778-0x77b,0x378-0x37f irq 7 drq 3 on acpi0
 > ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
 > ppc0: FIFO with 16/16/8 bytes threshold
 > plip0: <PLIP network interface> on ppbus0
 > lpt0: <Printer> on ppbus0
 > lpt0: Interrupt-driven port
 > ppi0: <Parallel I/O> on ppbus0
 > sio0 port 0x3f8-0x3ff irq 4 on acpi0
 > sio0: type 16550A
 > atkbdc0: <Keyboard controller (i8042)> port 0x64,0x60 irq 1 on acpi0
 > atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
 > kbd0 at atkbd0
 > psm0: <PS/2 Mouse> irq 12 on atkbdc0
 > psm0: model Generic PS/2 mouse, device ID 0
 > acpi_ec0: <embedded controller> port 0x66,0x62 on acpi0
 > npx0: <math processor> on motherboard
 > npx0: INT 16 interface
 > orm0: <Option ROM> at iomem 0xc0000-0xcefff on isa0
 > pmtimer0 on isa0
 > sc0: <System console> at flags 0x100 on isa0
 > sc0: VGA <16 virtual consoles, flags=0x300>
 > sio1 at port 0x2f8-0x2ff irq 3 on isa0
 > sio1: type 16550A
 > vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
 > Timecounters tick every 10.000 msec
 > acpi_cpu: CPU throttling enabled, 8 steps from 100% to 12.5%
 > ad0: 57231MB <TOSHIBA MK6021GAS> [116280/16/63] at ata0-master UDMA100
 > acd0: CD-RW <TOSHIBA DVD-ROM SD-R2212> at ata1-master PIO4
 > MBREXT Slice 5 on ad0s3:
 > 0000   00 01 81 fc 0c fe ff ff 3f 00 00 00 9d f1 30 01 |........?.....0.|
 > [0] f:00 typ:12 s(CHS):252/1/129 e(CHS):255/254/255 s:63 l:19984797
 > 0000   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
 > [1] f:00 typ:0 s(CHS):0/0/0 e(CHS):0/0/0 s:0 l:0
 > Mounting root from ufs:/dev/ad0s4a
 > WARNING: / was not properly dismounted
 > WARNING: /tmp was not properly dismounted
 > WARNING: /usr was not properly dismounted
 > WARNING: /var was not properly dismounted
 > /var: superblock summary recomputed
 > WARNING: /work was not properly dismounted
 >
 >
 > Fatal trap 12: page fault while in kernel mode
 > fault virtual address   = 0x42
 > fault code              = supervisor read, page not present
 > instruction pointer     = 0x8:0xc045aaf7
 > stack pointer           = 0x10:0xdf0cba04
 > frame pointer           = 0x10:0xdf0cba1c
 > code segment            = base 0x0, limit 0xfffff, type 0x1b
 >                          = DPL 0, pres 1, def32 1, gran 1
 > processor eflags        = interrupt enabled, resume, IOPL = 0
 > current process         = 6 (acpi_task1)
 > panic: from debugger
 >
 >
 > Fatal trap 3: breakpoint instruction fault while in kernel mode
 > instruction pointer     = 0x8:0xc048b7d4
 > stack pointer           = 0x10:0xdf0cb784
 > frame pointer           = 0x10:0xdf0cb790
 > code segment            = base 0x0, limit 0xfffff, type 0x1b
 >                          = DPL 0, pres 1, def32 1, gran 1
 > processor eflags        = IOPL = 0
 > current process         = 6 (acpi_task1)
 > panic: from debugger
 > Uptime: 31s
 > Dumping 1023 MB
 > ata0: resetting devices ..
 > done
 >   16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304
 > 320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592
 > 608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880
 > 896 912 928 944 960 976 992 1008
 > ---
 >#0  doadump () at /work/src/sys/kern/kern_shutdown.c:232
 > 232             dumping++;
 > (kgdb) where
 >#0  doadump () at /work/src/sys/kern/kern_shutdown.c:232
 >#1  0xc031b5ae in boot (howto=260) at 
/work/src/sys/kern/kern_shutdown.c:364
 >#2  0xc031b7f3 in panic () at /work/src/sys/kern/kern_shutdown.c:517
 >#3  0xc0180f82 in db_panic () at /work/src/sys/ddb/db_command.c:450
 >#4  0xc0180f02 in db_command (last_cmdp=0xc0528e00, cmd_table=0x0,
 >      aux_cmd_tablep=0xc051e954, aux_cmd_tablep_end=0xc051e96c)
 >      at /work/src/sys/ddb/db_command.c:346
 >#5  0xc0181016 in db_command_loop () at /work/src/sys/ddb/db_command.c:472
 >#6  0xc0183d0a in db_trap (type=12, code=0) at
 > /work/src/sys/ddb/db_trap.c:72
 >#7  0xc048b532 in kdb_trap (type=12, code=0, regs=0xdf0cb9c4)
 >      at /work/src/sys/i386/i386/db_interface.c:166
 >#8  0xc049c802 in trap_fatal (frame=0xdf0cb9c4, eva=0) at
 > /work/src/sys/i386/i386/trap.c:839
 >#9  0xc049c512 in trap_pfault (frame=0xdf0cb9c4, usermode=0, eva=66)
 >      at /work/src/sys/i386/i386/trap.c:758
 >#10 0xc049c08d in trap (frame=
 >        {tf_fs = 24, tf_es = 16, tf_ds = -1065156592, tf_edi =
 > -1038297720, tf_esi = 0, tf_ebp = -552814052, tf_isp = -552814096,
 > tf_ebx = 1, tf_edx = -1038322144, tf_ecx = 1, tf_eax = 1, tf_trapno =
 > 12, tf_err = 0, tf_eip = -1069176073, tf_cs = 8, tf_eflags = 66118,
 > tf_esp = -1068153440, tf_ss = 1}) at /work/src/sys/i386/i386/trap.c:445
 >#11 0xc048cd18 in calltrap () at {standard input}:98
 >#12 0xc045190d in vm_fault (map=0xc0832000, vaddr=3735928832,
 > fault_type=1 '\001',
 >      fault_flags=0) at /work/src/sys/vm/vm_fault.c:281
 >#13 0xc049c4b1 in trap_pfault (frame=0xdf0cbbc0, usermode=0, 
eva=3735929054)
 >      at /work/src/sys/i386/i386/trap.c:746
 >#14 0xc049c08d in trap (frame=
 >        {tf_fs = -1070530536, tf_es = -1068367856, tf_ds = 1039597584,
 > tf_edi = 0, tf_esi = -1068664310, tf_ebp = -552813568, tf_isp =
 > -552813588, tf_ebx = -1068664305, tf_edx = -559038242, tf_ecx = 1,
 > tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1072211376, tf_cs = 8,
 > tf_eflags = 66195, tf_esp = -552813528, tf_ss = -1072208547})
 >      at /work/src/sys/i386/i386/trap.c:445
 >#15 0xc048cd18 in calltrap () at {standard input}:98
 >#16 0xc017655d in AcpiGetHandle (Parent=0xdeadc0de, Pathname=0xc04d7a0a
 > "_PS3",
 >      RetHandle=0xdf0cbc4c) at

Parent of 0xdeadc0de is a bad sign.  Something is dereferenced free'd 
memory.

 > /work/src/sys/contrib/dev/acpica/nsxfname.c:177
 >#17 0xc0192973 in acpi_pwr_switch_consumer (consumer=0x0, state=3)
 >      at /work/src/sys/dev/acpica/acpi_powerres.c:359
 >#18 0xc0194128 in acpi_tz_switch_cooler_off (obj=0x0, arg=0xc21b5500)
 >      at /work/src/sys/dev/acpica/acpi_thermal.c:556

obj of NULL here is also a bad sign, but that could be due to a gdb bug.
This really should be reported to the acpi-jp@ list as it is an ACPI bug
and those guys can help figure out what the real problem is.

 >#19 0xc018a8dd in acpi_ForeachPackageObject (pkg=0xc61bc2c0,
 >      func=0xc01940d0 <acpi_tz_switch_cooler_off>, arg=0xc21b5500)
 >      at /work/src/sys/dev/acpica/acpi.c:1151
 >#20 0xc01940af in acpi_tz_all_off (sc=0xd) at
 > /work/src/sys/dev/acpica/acpi_thermal.c:512
 >#21 0xc0193a24 in acpi_tz_establish (sc=0xc61bc2c0)
 >      at /work/src/sys/dev/acpica/acpi_thermal.c:298
 >#22 0xc0195570 in acpi_task_thread (arg=0x0)
 >      at /work/src/sys/dev/acpica/Osd/OsdSchedule.c:124
 >#23 0xc0307e95 in fork_exit (callout=0xc0195470 <acpi_task_thread>,
 > arg=0x0, frame=0x0)
 >      at /work/src/sys/kern/kern_fork.c:866
 >
 > (kgdb) l *0xc045aaf7
 > 0xc045aaf7 is in vm_object_pip_add (/work/src/sys/vm/vm_object.c:285).
 > 280
 > 281     void
 > 282     vm_object_pip_add(vm_object_t object, short i)
 > 283     {
 > 284             GIANT_REQUIRED;
 > 285             object->paging_in_progress += i;
 > 286     }
 > 287
 > 288     void
 > 289     vm_object_pip_subtract(vm_object_t object, short i)
 > (kgdb)
 >


