Re: port-i386/37434: kernel trap when trying to power down via apm

[Martin Husemann <martin%duskware.de@localhost>]

The following reply was made to PR port-i386/37434; it has been noted by GNATS.

From: Martin Husemann <martin%duskware.de@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: port-i386/37434: kernel trap when trying to power down via apm
Date: Tue, 18 Mar 2008 11:43:24 +0100

 I just verified it still happens with -current. Here is some more info:
 
 unmounting file systems... done
 APM set power state <2ff,3>: unrecognized device ID (0x907)
 uvm_fault(0xc9b95d04, 0x8000, 1) -> 0xe
 kernel: supervisor trap page fault, code=0
 Stopped in pid 4.1 (poweroff) at        netbsd:trap+0x6d5:      movb    
0(%edx),
 %al
 db> sh reg
 ds          0x10
 es          0x10
 fs          0x30
 gs          0x10
 edi         0x1
 esi         0xc9b909f0
 ebp         0xcac69b22
 ebx         0x4
 edx         0x8726
 ecx         0
 eax         0xcac69b2e
 eip         0xc023a579  trap+0x6d5
 cs          0x8
 eflags      0x10056
 esp         0xcac69aba
 ss          0x10
 netbsd:trap+0x6d5:      movb    0(%edx),%al
 db> x/x,4 0xcac69aba
 0xcac69b0a:     210000      0           91a80000    c08b0001
 db> 
 0xcac69b1a:     cac6813a    1           67890000    c0103098
 db> 
 0xcac69b2a:     cac69b2e    9ea80010    30          8000010
 db> 
 0xcac69b3a:     dead0058    1           cac6813a    67890000
 db> 
 0xcac69b4a:     c08b0001    9069c1c     21          fdfc
 db> 
 0xcac69b5a:     4           fdfc        8726        50
 db> 
 0xcac69b6a:     10002       82d90058    1           cac6813a
 db> 
 0xcac69b7a:     67890000    cac69b92    c08b0001    9069c1c
 db> 
 0xcac69b8a:     3           5307        300010      580010
 db> 
 0xcac69b9a:     9bf08129    80cd80fc    10          80360016
 db> 
 
 And gdb says:
 
 0xc023a579 is in trap (../../../../arch/i386/i386/trap.c:428).
 423                      * a fast interrupt.  This should not be possible.  It 
can be
 424                      * fixed by rearranging the trap frame so that the 
stack format
 425                      * at this point is the same as on exit from a `slow'
 426                      * interrupt.
 427                      */
 428                     switch (*(u_char *)frame->tf_eip) {
 429                     case 0xcf:      /* iret */
 430                             vframe = (void *)((int)&frame->tf_esp -
 431                                 offsetof(struct trapframe, tf_eip));
 432                             resume = (int)resume_iret;
 
 (gdb) x/23i 0xc023a530
 0xc023a530 <trap+1676>: add    %cl,(%edi)
 0xc023a532 <trap+1678>: xchg   %edx,%ebx
 0xc023a534 <trap+1680>: add    %eax,(%eax)
 0xc023a536 <trap+1682>: add    %al,0x840f02fa(%ebx)
 0xc023a53c <trap+1688>: pop    %edi
 0xc023a53d <trap+1689>: add    (%eax),%al
 0xc023a53f <trap+1691>: add    %al,0x840f04fa(%ebx)
 0xc023a545 <trap+1697>: les    (%edx),%eax
 0xc023a547 <trap+1699>: add    %al,(%eax)
 0xc023a549 <trap+1701>: dec    %edx
 0xc023a54a <trap+1702>: je     0xc023a556 <trap+1714>
 0xc023a54c <trap+1704>: xor    %eax,%eax
 0xc023a54e <trap+1706>: mov    %eax,0xffffffd4(%ebp)
 0xc023a551 <trap+1709>: jmp    0xc023a160 <trap+700>
 0xc023a556 <trap+1714>: mov    $0x7,%eax
 0xc023a55b <trap+1719>: jmp    0xc023a54e <trap+1706>
 0xc023a55d <trap+1721>: lea    0x0(%esi),%esi
 0xc023a560 <trap+1724>: movl   $0x0,0xffffffa4(%ebp)
 0xc023a567 <trap+1731>: movl   $0x0,0xffffffa8(%ebp)
 0xc023a56e <trap+1738>: jmp    0xc0239ed7 <trap+51>
 0xc023a573 <trap+1743>: mov    0x8(%ebp),%eax
 0xc023a576 <trap+1746>: mov    0x34(%eax),%edx
 0xc023a579 <trap+1749>: mov    (%edx),%al
 
 Is that what you wanted to know?
 
 Martin