netbsd-bugs: kern/23584: uvm_fault in clcs(4) after unclean reboot

Subject: kern/23584: uvm_fault in clcs(4) after unclean reboot
To: None <gnats-bugs@gnats.netbsd.org>
From: Lubomir Sedlacik <salo@Xtrmntr.org>
List: netbsd-bugs
Date: 11/27/2003 23:58:07
>Number:         23584
>Category:       kern
>Synopsis:       uvm_fault in clcs(4) after unclean reboot
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Nov 27 22:59:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Lubomir Sedlacik
>Release:        NetBSD 1.6ZF
>Organization:
>Environment:
System: NetBSD 1.6ZF Tue Nov 25 00:55:07 CET 2003
Architecture: i386
Machine: i386
Model: IBM ThinkPad T22
     $NetBSD: cs4280.c,v 1.26 2003/05/03 18:11:33 wiz Exp $
     $NetBSD: cs428x.c,v 1.6 2003/05/03 18:11:33 wiz Exp $
>Description:

NetBSD 1.6ZF (KROWAK-ACPI) #1: Tue Nov 25 00:55:07 CET 2003
	salo@krowak:/opt/obj/sys/arch/i386/compile/KROWAK-ACPI
total memory = 255 MB
avail memory = 232 MB
using 3296 buffers containing 13184 KB of memory
BIOS32 rev. 0 found at 0xfd820
PCI BIOS rev. 2.1 found at 0xfd94f
PCI IRQ Routing Table rev. 1.0 found at 0xfdee0, size 208 bytes (11 entries)
PCI Interrupt Router at 000:07:0 (Intel 82371FB PCI-to-ISA Bridge (PIIX))
mainbus0 (root)
cpu0 at mainbus0: (uniprocessor)
cpu0: Intel Pentium III (686-class), 896.15 MHz, id 0x68a
cpu0: features 383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR>
cpu0: features 383f9ff<PGE,MCA,CMOV,PAT,PSE36,MMX>
cpu0: features 383f9ff<FXSR,SSE>
cpu0: I-cache 16 KB 32b/line 4-way, D-cache 16 KB 32b/line 4-way
cpu0: L2 cache 256 KB 32b/line 8-way
cpu0: ITLB 32 4 KB entries 4-way, 2 4 MB entries fully associative
cpu0: DTLB 64 4 KB entries 4-way, 8 4 MB entries 4-way
cpu0: 8 page colors
acpi0 at mainbus0
acpi0: using Intel ACPI CA subsystem version 20031029
acpi0: X/RSDT: OemId <PTLTD ,  RSDT  ,06041060>, AslId < LTP,00000000>
acpi0: SCI interrupting at int 9
acpi0: fixed-feature power button present
ACPI Object Type 'Processor' (0x0c) at acpi0 not configured
PNP0C0F at acpi0 not configured
PNP0C0F at acpi0 not configured
PNP0C0F at acpi0 not configured
PNP0C0F at acpi0 not configured
PNP0C01 at acpi0 not configured
acpilid0 at acpi0 (PNP0C0D): ACPI Lid Switch
acpibut0 at acpi0 (PNP0C0E): ACPI Sleep Button
PNP0A03 at acpi0 not configured
PNP0C02 at acpi0 not configured
PNP0000 at acpi0 not configured
PNP0100 at acpi0 not configured
PNP0200 at acpi0 not configured
PNP0800 at acpi0 not configured
npx0 at acpi0 (PNP0C04)
npx0: io 0xf0-0xff irq 13
npx0: using exception 16
PNP0B00 at acpi0 not configured
pckbc0 at acpi0 (PNP0303): kbd port
pckbc0: io 0x60,0x64 irq 1
pckbc1 at acpi0 (IBM3780): aux port
pckbc1: irq 12
PNP0C02 at acpi0 not configured
ACPI Object Type 'Power' (0x0b) at acpi0 not configured
PNP0C02 at acpi0 not configured
ACPI Object Type 'Power' (0x0b) at acpi0 not configured
PNP0700 at acpi0 not configured
com0 at acpi0 (PNP0501)
com0: io 0x2f8-0x2ff irq 3
com0: ns16550a, working fifo
lpt0 at acpi0 (PNP0400)
lpt0: io 0x3bc-0x3bf irq 7
com1 at acpi0 (IBM0071)
com1: io 0x3f8-0x3ff irq 4 drq 3
com1: ns16550a, working fifo
acpiec0 at acpi0 (PNP0C09): ACPI Embedded Controller
acpiec0: io 0x62,0x66
acpibat0 at acpi0 (PNP0C0A-0): ACPI Battery (Control Method)
acpiacad0 at acpi0 (ACPI0003-0): ACPI AC Adapter
IBM0068 at acpi0 not configured
acpitz0 at acpi0: ACPI Thermal Zone
acpitz0: unable to get polling interval; using default of 30.0s
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pci0 at mainbus0 bus 0: configuration mode 1
pci0: i/o space, memory space enabled, rd/line, rd/mult, wr/inv ok
pchb0 at pci0 dev 0 function 0
pchb0: Intel 82443BX Host Bridge/Controller (rev. 0x03)
agp0 at pchb0: aperture at 0xf8000000, size 0x4000000
ppb0 at pci0 dev 1 function 0: Intel 82443BX AGP Interface (rev. 0x03)
pci1 at ppb0 bus 1
pci1: i/o space, memory space enabled
vga0 at pci1 dev 0 function 0: S3 Savage/IX+MV (rev. 0x13)
wsdisplay0 at vga0 kbdmux 1: console (80x25, vt100 emulation), using wskbd0
wsmux1: connecting to wsdisplay0
cbb0 at pci0 dev 2 function 0: Texas Instruments PCI1450 PCI-CardBus Bridge (rev. 0x03)
cbb1 at pci0 dev 2 function 1: Texas Instruments PCI1450 PCI-CardBus Bridge (rev. 0x03)
fxp0 at pci0 dev 3 function 0: i82550 Ethernet, rev 12
fxp0: interrupting at irq 11
fxp0: Ethernet address 00:03:47:b8:16:b6
inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 4
inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
Lucent Technologies product 0x045c (serial communications, revision 0x01) at pci0 dev 3 function 1 not configured
clcs0 at pci0 dev 5 function 0: Cirrus Logic CS4280 CrystalClear Audio Interface (rev. 0x01)
clcs0: interrupting at irq 11
clcs0: ac97: Crystal CS4297A codec; headphone, 20 bit DAC, 18 bit ADC, Crystal Semi 3D
clcs0: ac97: ext id 200<AMAP>
audio0 at clcs0: full duplex, independent
midi0 at clcs0: CS4280 MIDI UART
pcib0 at pci0 dev 7 function 0
pcib0: Intel 82371AB PCI-to-ISA Bridge (PIIX4) (rev. 0x02)
piixide0 at pci0 dev 7 function 1
piixide0: Intel 82371AB IDE controller (PIIX4) (rev. 0x01)
piixide0: bus-master DMA support present
piixide0: primary channel wired to compatibility mode
piixide0: primary channel interrupting at irq 14
atabus0 at piixide0 channel 0
piixide0: secondary channel wired to compatibility mode
piixide0: secondary channel interrupting at irq 15
atabus1 at piixide0 channel 1
uhci0 at pci0 dev 7 function 2: Intel 82371AB USB Host Controller (PIIX4) (rev. 0x01)
uhci0: interrupting at irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
Intel 82371AB Power Management Controller (PIIX4) (miscellaneous bridge, revision 0x03) at pci0 dev 7 function 3 not configured
cbb0: interrupting at irq 11
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 2 device 0
pcmcia0 at cardslot0
cbb1: interrupting at irq 11
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 5 device 0
pcmcia1 at cardslot1
isa0 at pcib0
pcppi0 at isa0 port 0x61
midi1 at pcppi0: PC speaker
spkr0 at pcppi0
sysbeep0 at pcppi0
unexpected play intr
uvm_fault(0xc0477780, 0, 0, 1) -> 0xe
kernel: page fault trap, code=0
Stopped in pid 0.1 (swapper) at netbsd:cs4280_intr+0xaa:    movl   0x4(%eax),%ebx
db> bt
cs4280_intr(c09e3b00,0,c0980019,30,c0470010) at netbsd:cs4280_intr+0xaa
Xintr_legacy11() at netbsd:Xintr_legacy11+0xa8
--- interrupt ---
Bad frame pointer: 0xc09d0d18
0x3131:
db> ps/a
 PID     COMMAND     STRUCT PROC *        UAREA *     VMSPACE/VM_MAP
>How-To-Repeat:
- boot 1.6ZF on an IBM ThinkPad T22
- crash the machine in X...
- reboot blindly from ddb
- see it crash on next boot
>Fix:
n/a
>Release-Note:
>Audit-Trail:
>Unformatted:
 Tue Nov 25 00:55:07 CET 2003
 >0       swapper        0xc0477960     0xc04e5000         0xc0477780
 db>