Skip site navigation (1)Skip section navigation (2) 
Date:      17 May 1999 04:33:12 +0200
From:      Assar Westerlund <assar@sics.se>
To:        current@FreeBSD.ORG
Subject:   zzz crashing in current OR inthand_remove not removing handlers properly
Message-ID:  <5lr9ogzaqf.fsf@assaris.sics.se>
next in thread | raw e-mail | index | archive | help 
Hi, on a -current from around a week ago `zzz' always managed to crash
my machine.  The relevant parts from the panic and the backtrace are
included below.

It seems that the cause of this was a stray interrupt was arriving
after having unloaded the driver.  For some reason it wasn't handled
by isa_strayintr, and the reason for that was that inthand_remove
didn't manage to remove the interrupt (and get it replaced by the
stray function) correctly.  After applying the patch at the end of
this mail I can once again sleep my laptop succesfully.

/assar

----------------------------------------------------------------------
from dmesg:

ep0: utp/bnc[*UTP*] address 00:a0:24:af:cc:7e
APM ioctl: cmd = 0x20005001
DEVICE_SUSPEND error 6, ignored
Execute APM hook "pcm suspend handler."
Called APM sound suspend hook for unit 0
Execute APM hook "Cirrus Logic PD672X."
Execute APM hook "Cirrus Logic PD672X."
ep0: unload
Return IRQ=11

from the panic:

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x0
fault code              = supervisor write, page not present
instruction pointer     = 0x8:0xc0256ff3
stack pointer           = 0x10:0xc39a6cdc
frame pointer           = 0x10:0xc39a6ce4
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 951 (zzz)
interrupt mask          = net tty 

and the backtrace:

#9  0xc02020ef in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16, tf_edi = 0, 
      tf_esi = -2147483648, tf_ebp = -1013289756, tf_isp = -1013289784, 
      tf_ebx = -1068408832, tf_edx = -1071675062, tf_ecx = 10, 
      tf_eax = -1071288448, tf_trapno = 12, tf_err = 2, tf_eip = -1071288333, 
      tf_cs = 8, tf_eflags = 68103, tf_esp = -1071576167, tf_ss = -559038242})
    at ../../i386/i386/trap.c:436
#10 0xc0256ff3 in M_TEMP ()
#11 0xc02106ce in splx (ipl=3223270597) at ../../i386/isa/ipl_funcs.c:106
#12 0xc01f34c5 in apm_execute_hook (list=0xc0511c00)
    at ../../i386/apm/apm.c:351
#13 0xc01f3650 in apm_suspend (state=2) at ../../i386/apm/apm.c:466
#14 0xc01f3f98 in apmioctl (dev=9984, cmd=536891393, addr=0xc39a6edc "", 
    flag=3, p=0xc3639520) at ../../i386/apm/apm.c:991
#15 0xc0165fae in spec_ioctl (ap=0xc39a6e18)
    at ../../miscfs/specfs/spec_vnops.c:440
#16 0xc0165839 in spec_vnoperate (ap=0xc39a6e18)
    at ../../miscfs/specfs/spec_vnops.c:129
#17 0xc01d8ebd in ufs_vnoperatespec (ap=0xc39a6e18)
    at ../../ufs/ufs/ufs_vnops.c:2327
#18 0xc015d0b5 in vn_ioctl (fp=0xc08ab680, com=536891393, data=0xc39a6edc "", 
    p=0xc3639520) at vnode_if.h:395
#19 0xc013f1b7 in ioctl (p=0xc3639520, uap=0xc39a6f90)
    at ../../kern/sys_generic.c:564
#20 0xc0202a56 in syscall (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, 
      tf_edi = 3, tf_esi = -1077944864, tf_ebp = -1077945212, 
      tf_isp = -1013288988, tf_ebx = 0, tf_edx = -1077944868, tf_ecx = 0, 
      tf_eax = 54, tf_trapno = 7, tf_err = 2, tf_eip = 671703256, tf_cs = 31, 
      tf_eflags = 514, tf_esp = -1077945228, tf_ss = 47})
    at ../../i386/i386/trap.c:1066
#21 0xc01f79b0 in Xint0x80_syscall ()
----------------------------------------------------------------------



Index: sys/i386/isa/intr_machdep.c
===================================================================
RCS file: /src/fbsd-repository/src/sys/i386/isa/intr_machdep.c,v
retrieving revision 1.21
diff -u -w -u -w -r1.21 intr_machdep.c
--- intr_machdep.c	1999/05/04 21:18:20	1.21
+++ intr_machdep.c	1999/05/17 02:15:18
@@ -823,12 +823,11 @@
 
 		oldspl = splq(1 << irq);
 
-		/* we want to remove the list head, which was known to intr_mux */
-		icu_unset(irq, intr_mux);
 
 		/* check whether the new list head is the only element on list */
 		head = intreclist_head[irq];
 		if (head != NULL) {
+			icu_unset(irq, intr_mux);
 			if (head->next != NULL) {
 				/* install the multiplex handler with new list head as argument */
 				errcode = icu_setup(irq, intr_mux, head, 0, 0);
@@ -842,6 +841,8 @@
 				if (errcode == 0)
 					update_intrname(irq, head->name);
 			}
+		} else {
+			icu_unset(irq, idesc->handler);
 		}
 		splx(oldspl);
 	}


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5lr9ogzaqf.fsf>