I wrote:
> It seems as if hci1394_ixl_interrupt() was called with a bad second argument,
> maybe pointing to freed memory. Unfortunatelly the kernel was running without
> kmem heap checking so it's probably difficult to find out exactly has has
> gone wrong.
The theory with access to a freed kernel memory block appears to be correct.
I've got another panic now (see the attachment), with kmem heap checking enabled
and the Solaris 10 firewire kernel modules are accessing "deadbeef" memory,
after
an attempt to modunload the hci1394 kernel module. It seems this is a bug in
the
Solaris 10 firewire kernel modules.
This message posted from opensolaris.org
-------------- next part --------------
S10 x86, 118844-20, + cardbus kernel module
1. /etc/system:
set kmem_flags = 0xf
set pcic:pcic_debug = 1
set cardbus:cardbus_debug = 1
2. hotplug firewire cardbus card
3. find out hci1394 kernel module's id, for modunload:
modinfo | grep hci1394
4. modunload -i ${hci1394_module_id}
5. panic
# mdb -k /tmp/unix.0 /tmp/vmcore.0
Loading modules: [ unix krtld genunix specfs dtrace ufs ip sctp usba uhci s1394
fctl lofs random nfs audiosup ptm ]
> $c
0xf900c295(deadbeef)
0xf9006297(d56bf900, 0)
cpu_halt+0x9d()
idle+0x3b(0, 0)
> ::status
debugging crash dump /tmp/vmcore.0 (32-bit) from max
operating system: 5.10 Generic_118844-20 (i86pc)
panic message: BAD TRAP: type=e (#pf Page fault) rp=d3241d3c addr=deadbf67
dump content: kernel pages only
> ::msgbuf
MESSAGE
pciclass,0607001: mem Base 1 = [0x0]
pciclass,0607001: mem Lim 1 = [0x0]
pciclass,0607001: I/0 Base 0 = [0x0]
pciclass,0607001: I/O Lim 0 = [0x0]
pciclass,0607001: I/O Base 1 = [0x0]
pciclass,0607001: I/O Lim 1 = [0x0]
pciclass,0607001: Sec. Status = [0x200]
pciclass,0607001: Intr Line = [0xb]
pciclass,0607001: Intr Pin = [0x2]
pciclass,0607001: BrIdge CTL 0x3e = [0x420]
pciclass,0607001: Subsys Venid= [0x1179]
pciclass,0607001: Subsys ID = [0xff10]
pciclass,0607001: PCCARD I/F = [0x1]
pciclass,0607001: SYS CTL 0x80 = [0x844d021]
pciclass,0607001: GEN CTL 0x86 = [0x0]
pciclass,0607001: G Purpos 0x88 = [0x0]
pciclass,0607001: MF-routing 0x8c = [0x1000222]
pciclass,0607001: Card CTL 0x91 = [0x2]
pciclass,0607001: DEV CTL 0x92 = [0x44]
pciclass,0607001: DIAG 0x93 = [0x60]
pciclass,0607001: ........................................
NOTICE: IRQ11 is being shared by drivers with different interrupt levels.
This may result in reduced system performance.
Ethernet address = 0:a0:d1:d5:bc:b4
iprb0: Intel 82558/82559 Ver 0.010.6 Driver: type "ether" mac address
00:a0:d1:d5:bc:b4
PCI-device: pci1179,ff01 at 8, iprb0
iprb0 is /pci at 0,0/pci8086,2448 at 1e/pci1179,ff01 at 8
WARNING: iprb0: no MII link detected
WARNING: rc4_init failed (1c)
NOTICE: IRQ11 is being shared by drivers with different interrupt levels.
This may result in reduced system performance.
ipw0: Intel Wireless PRO/2100 driver $Revision: 1.26 $: type "ether" mac
address 00:04:23:4f:69:bf
PCI-device: pci8086,2581 at 4, ipw0
ipw0 is /pci at 0,0/pci8086,2448 at 1e/pci8086,2581 at 4
dump on /dev/dsk/c0d0s1 size 513 MB
ip: joining multicasts failed (4) on ipw0 - will use link layer broadcasts for
multicast
pseudo-device: pm0
pm0 is /pseudo/pm at 0
pseudo-device: devinfo0
devinfo0 is /pseudo/devinfo at 0
pseudo-device: dtrace0
dtrace0 is /pseudo/dtrace at 0
xsvc0 at root
xsvc0 is /xsvc
ISA-device: asy0
asy0 is /isa/asy at 1,3f8
PCI-device: pci1179,ff10 at 1f,5, audioi8100
audioi8100 is /pci at 0,0/pci1179,ff10 at 1f,5
PCI-device: pci1179,ff10, audioi8100, ICH4:82801DB/M (rev. 0x03) at irq 11
NOTICE: IRQ11 is being shared by drivers with different interrupt levels.
This may result in reduced system performance.
AC97: primary codec, rev. 2.1 or earlier, vendor id1:0x4144,id2:0x5363,
Headphone out, 16-bit DAC, 16-bit ADC, 3D-stereo mode 1, aux HP_OUT
AC97: extid 0x0001, powerdown status 0x000f
pseudo-device: vol0
vol0 is /pseudo/vol at 0
ATAPI device at targ 0, lun 0 lastlun 0x0
model DW-224E
ATA/ATAPI-5 supported, majver 0x3c minver 0x0
PCI-device: ide at 1, ata1
ata1 is /pci at 0,0/pci-ide at 1f,1/ide at 1
UltraDMA mode 2 selected
UltraDMA mode 2 selected
sd0 at ata1: target 0 lun 0
sd0 is /pci at 0,0/pci-ide at 1f,1/ide at 1/sd at 0,0
device pciclass,030000 at 0(display#0) keeps up device sd at 0,0(sd#0), but the
latter is not power managed
pseudo-device: devinfo0
devinfo0 is /pseudo/devinfo at 0
PCI-device: pci1179,ff10 at 1f,5, audioi8100
audioi8100 is /pci at 0,0/pci1179,ff10 at 1f,5
PCI-device: pci1179,ff10, audioi8100, ICH4:82801DB/M (rev. 0x03) at irq 11
NOTICE: IRQ11 is being shared by drivers with different interrupt levels.
This may result in reduced system performance.
AC97: primary codec, rev. 2.1 or earlier, vendor id1:0x4144,id2:0x5363,
Headphone out, 16-bit DAC, 16-bit ADC, 3D-stereo mode 1, aux HP_OUT
AC97: extid 0x0001, powerdown status 0x000f
pseudo-device: pool0
pool0 is /pseudo/pool at 0
NOTICE: IRQ11 is being shared by drivers with different interrupt levels.
This may result in reduced system performance.
Bus 3 Device 0 Function 0 Vendor 0x1106 Device 0x3044 Name
pciclass,0c0010hci13940 is /pci at 0,0/pci8086,2448 at 1e/pci1179,ff10 at
9/pci574,86c at 0
/pci at 0,0/pci8086,2448 at 1e/pci1179,ff10 at 9/pci574,86c at 0 (hci13940)
online
pciclass,0607000: ........................................
pciclass,0607000: Pri Bus = [0x2]
pciclass,0607000: Sec Bus = [0x3]
pciclass,0607000: Sub Bus = [0x3]
pciclass,0607000: Cardbus Lattimer = [0x40]
pciclass,0607000: Cache Linesz= [0x10]
pciclass,0607000: Lattimer= [0x20]
pciclass,0607000: Command = [0x7]
pciclass,0607000: BAR0 = [0xde000]
pciclass,0607000: mem Base 0 = [0xd0002000]
pciclass,0607000: mem Lim 0 = [0xd0002000]
pciclass,0607000: mem Base 1 = [0x0]
pciclass,0607000: mem Lim 1 = [0x0]
pciclass,0607000: I/0 Base 0 = [0xb000]
pciclass,0607000: I/O Lim 0 = [0xb07c]
pciclass,0607000: I/O Base 1 = [0x0]
pciclass,0607000: I/O Lim 1 = [0x0]
pciclass,0607000: Sec. Status = [0x200]
pciclass,0607000: Intr Line = [0xb]
pciclass,0607000: Intr Pin = [0x1]
pciclass,0607000: BrIdge CTL 0x3e = [0x420]
pciclass,0607000: Subsys Venid= [0x1179]
pciclass,0607000: Subsys ID = [0xff10]
pciclass,0607000: PCCARD I/F = [0x1]
pciclass,0607000: SYS CTL 0x80 = [0x844f021]
pciclass,0607000: GEN CTL 0x86 = [0x0]
pciclass,0607000: G Purpos 0x88 = [0x0]
pciclass,0607000: MF-routing 0x8c = [0x1000222]
pciclass,0607000: Card CTL 0x91 = [0x3]
pciclass,0607000: DEV CTL 0x92 = [0x44]
pciclass,0607000: DIAG 0x93 = [0x60]
pciclass,0607000: ........................................
pciclass,0c00100: ........................................
pciclass,0c00100: VendorId = [0x1106]
pciclass,0c00100: DeviceId = [0x3044]
pciclass,0c00100: Command = [0x1c7]
pciclass,0c00100: CacheLineSz = [0x10]
pciclass,0c00100: LatencyTmr = [0x0]
pciclass,0c00100: BAR0 = [0xd0002000]
pciclass,0c00100: BAR1 = [0xb001]
pciclass,0c00100: BAR2 = [0xd0002800]
pciclass,0c00100: BAR3 = [0x0]
pciclass,0c00100: BAR4 = [0x0]
pciclass,0c00100: CIS = [0x0]
pciclass,0c00100: ILINE = [0xb]
pciclass,0c00100: IPIN = [0x1]
panic[cpu0]/thread=d3241de0:
BAD TRAP: type=e (#pf Page fault) rp=d3241d3c addr=deadbf67
sched:
#pf Page fault
Bad kernel fault at addr=0xdeadbf67
pid=0, pc=0xf900c295, sp=0xd3241db0, eflags=0x10246
cr0: 8005003b<pg,wp,ne,et,ts,mp,pe> cr4: 6d8<xmme,fxsr,pge,mce,pse,de>
cr2: deadbf67 cr3: 4b9f000
gs: 1b0 fs: d3240000 es: fe820160 ds: 160
edi: 0 esi: 0 ebp: d3241d80 esp: d3241d6c
ebx: d56bf900 edx: f900627f ecx: deadbeef eax: 6c
trp: e err: 0 eip: f900c295 cs: 158
efl: 10246 usp: d3241db0 ss: f9006297
d3241c9c unix:die+c1 (e, d3241d3c, deadbf)
d3241d28 unix:trap+fc8 (d3241d3c, deadbf67,)
d3241d3c unix:cmntrap+83 ()
d3241d80 f900c295 (deadbeef)
d3241db0 f9006297 (d56bf900, 0)
syncing file systems...
done
dumping to /dev/dsk/c0d0s1, offset 107806720, content: kernel
>
> autovect+8*0t11/XX
autovect+0x58: d5a43f40 10009
> *./Xp
0xd5a43f40: d4fde820 0xf900627f
> *.
0xd4fde820: d40fb848 ehci_intr
> *.
0xd40fb848: d4260878 gld_intr
> *.
0xd4260878: d3b0d630 gld_intr
> *.
0xd3b0d630: d3b0d8d0 pcic_intr
> *.
0xd3b0d8d0: d3895b80 pcic_intr
> *.
0xd3895b80: d3895d00 uhci_intr
> *.
0xd3895d00: d3895e80 uhci_intr
> *.
0xd3895e80: d37340f8 uhci_intr
> *.
0xd37340f8: 0 audioi810_intr
> 0xf900627f,10?ia
0xf900627f: pushl %ebp
0xf9006280: movl %esp,%ebp
0xf9006282: subl $0x18,%esp
0xf9006285: andl $0xfffffff8,%esp
0xf9006288: pushl %ebx
0xf9006289: pushl %esi
0xf900628a: pushl %edi
0xf900628b: xorl %esi,%esi
0xf900628d: movl 0x8(%ebp),%ebx
0xf9006290: pushl (%ebx)
0xf9006292: call +0x5ffd <0xf900c28f>
0xf9006297: addl $0x4,%esp
0xf900629a: movl %eax,%edi
0xf900629c: testl $0x20000,%edi
0xf90062a2: je +0x10 <0xf90062b2>
0xf90062a4: pushl %ebx
0xf90062a5:
> hci1394_isr?i
mdb: failed to dereference symbol: unknown symbol name
> ::modinfo
ID LOADADDR SIZE REV MODULE NAME
0 fe800000 ab430 0 unix (?)
1 fe86ca20 f212 0 krtld (?)
2 fe877998 13d2f8 0 genunix (?)
3 0 0 0 cl_bootstrap (?)
4 fe97e000 3b08 1 specfs (filesystem for specfs)
5 f91b7000 125a0 1 dtrace (Dynamic Tracing)
6 fe981978 34a0 1 devfs (devices filesystem 1.13)
7 0 0 0 swapgeneric (?)
8 fe985ce4 2aa4 1 TS (time sharing sched class)
9 fe9882e8 87c 1 TS_DPTBL (Time sharing dispatch table)
10 0 0 0 sysinit (?)
11 fe988344 ebc 1 pci_autoconfig (PCI BIOS interface 1.41)
12 fe989168 2d6f8 1 ufs (filesystem for ufs)
13 fe9b4530 15c 1 fssnap_if (File System Snapshot Interface)
14 fe9b462c 343c 1 rootnex (i86pc root nexus 1.124)
15 fe9b7890 1a84 1 busra (Bus Resource Allocator (BUSRA) )
16 fe9b90a4 124 1 options (options driver)
17 fe9b9158 1054 1 sad (STREAMS Administrative Driver ')
18 fe9ba02c 63c 1 objmgr (Object Manager 1.27)
19 fe9ba548 7bc 1 pseudo (nexus driver for 'pseudo' 1.27)
20 fe9bab6c 464 1 clone (Clone Pseudodriver 'clone')
21 fe9bae80 a51c 1 scsi_vhci (SCSI VHCI Driver 1.36)
22 fe9c4594 bfb8 1 scsi (SCSI Bus Utility Routines)
23 fe9c976c 1eec 1 cmdk (Common Direct Access Disk Drive)
24 fe9cb1b8 22cc 1 snlb (Solaris Disk Label Object)
25 fe9cd39c 1c84 1 dadk (Direct Attached Disk Object)
26 fe9ce9e0 68c 1 gda (Generic Direct Attached Device )
27 fe9cefb4 1b3c 1 strategy (Device Strategy Objects)
28 fe9d07c0 9e7c 1 ata (ATA AT-bus attachment disk cont)
29 fe9d9cec b04 1 pci-ide (pciide nexus driver for 'PCI-ID)
30 fe9da5b0 19bc 1 pci (host to PCI nexus driver 1.63)
31 fe9dbe14 41ec 1 pcihp (PCI nexus hotplug support v1.57)
32 fe9dfd68 ba4 1 hpcsvc (hot-plug controller services v1)
33 fe9e0894 500 1 ich4lpc (ICH4 LPC Bridge)
34 fe9e0cbc e258 1 acpi_intp (ACPI Interpreter)
35 fe9eafbc 3a4c 1 uppc (UniProcessor PC)
36 0 0 0 pcplusmp (?)
37 fe9ee7e8 2b90 1 ctfs (contract filesystem)
38 fe9f0e30 11c48 1 procfs (filesystem for proc)
39 fea022a8 1990 1 mntfs (mount information file system)
40 fea03b20 d2a8 1 tmpfs (filesystem for tmpfs)
41 fea08958 1820 1 objfs (kernel object filesystem)
42 0 0 0 c2audit (?)
43 fea17508 137a8 1 sockfs (filesystem for sockfs)
44 fea2a8e8 c4608 1 ip (IP STREAMS driver 1.47)
45 feade1b8 1f54 1 md5 (MD5 Message-Digest Algorithm)
46 feadfefc 1250c 1 kcf (Kernel Crypto Framework 1.8)
47 feaf1f40 1124 1 swrand (Kernel Random number Provider 1)
48 feaf2b14 29dc 1 sha1 (SHA1 Message-Digest Algorithm)
49 0 0 0 strplumb (?)
50 fea0afcc 3cc 1 ip6 (IP6 STREAMS driver 1.9)
51 fea0b1f0 40c 1 tcp (TCP STREAMS driver 1.50)
52 fea0b414 414 1 tcp6 (TCP6 STREAMS driver 1.10)
53 fea0b638 8ed8 1 udp (UDP STREAMS driver 1.42)
54 fea12530 3d4 1 udp6 (UDP6 STREAMS driver 1.8)
55 fea1275c 3c4 1 sctp (SCTP device)
56 fea12980 3c4 1 sctp6 (SCTP6 device)
57 feaf52e0 7a20 1 icmp (ICMP STREAMS driver 1.43)
58 fea12ba4 3dc 1 icmp6 (ICMP6 STREAMS driver 1.10)
59 fea12dd0 4f04 1 arp (ARP STREAMS driver 1.40)
60 feafae88 394c 1 timod (transport interface str mod)
61 0 0 0 consconfig (?)
62 feafdd3c 3424 1 consconfig_dacf (Consconfig DACF 1.29)
63 feb00240 1dac 1 conskbd (Console kbd Multiplexer driver )
64 feb01d64 35fc 1 kbtrans (kbtrans (key translation) 1.35)
65 feb03ee0 12bc 1 consms (Mouse Driver for Sun 'consms' 5)
66 feb04f3c e5c 1 wc (Workstation multiplexer Driver )
67 feb05b60 3c2c 1 terminal-emulator (ANSI Terminal Emulator)
68 feb0872c a3c 1 iwscn (Workstation Redirection driver )
69 feb09058 c54 1 pci_pci (PCI to PCI bridge nexus driver )
70 feb09afc 2a64 1 vgatext (VGA text driver v1.24)
71 feb0af48 1378 1 isa (isa nexus driver for 'ISA' 1.35)
72 feb0bfb0 b2c 1 i8042 (i8042 nexus driver 1.27)
73 feb0c9d4 1e7c 1 kb8042 (PS/2 Keyboard 1.58, 05/06/01)
74 feb0d918 6c4 1 mouse8042 (PS/2 Mouse 1.43, 05/06/01)
75 feb0de64 199c 1 vuid3ps2 (mouse events to vuid events)
76 feb0f6d0 e0e0 1 ehci (USB EHCI Driver 1.14)
77 feb1b7e8 18854 1 usba (USBA: USB Architecture 2.0 1.57)
78 feb2f84c 9508 1 uhci (USB UHCI Controller Driver 1.45)
79 0 0 0 ohci (?)
80 0 0 0 hci1394 (?) <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
81 f9153000 300c 1 elfexec (exec module for elf)
82 feb377bc 265a4 1 s1394 (IEEE 1394 Services Library 1.0)
83 feb60f8c 2da8 1 hid (USB HID Client Driver 1.35)
84 feb634fc 2964 1 hidparser (HID PARSER 1.12)
85 0 0 0 tavor (?)
86 feb656a0 20a4 1 usbms (USB mouse streams 1.16)
87 0 0 0 ib (?)
88 0 0 0 ibdm (?)
89 feb750ac c134 1 ibtl (IB Transport Layer v1.11)
90 0 0 0 ibmf (?)
91 0 0 0 cpqhpc (?)
92 0 0 0 fp (?)
93 0 0 0 fcp (?)
94 f90cb000 6cd0 1 fctl (SunFC Transport v20051025-1.50)
95 0 0 0 qlc (?)
96 f9106000 de74 1 pcic (PCMCIA/Cardbus nexus v1.43, Nov)
97 f9113000 17d7c 1 pcmcia (PCMCIA Nexus Support 1.139)
98 f9129000 fb08 1 cardbus (Cardbus Configurator v1.27, Nov)
99 0 0 0 pcs (?)
100 0 0 0 bscv (?)
101 0 0 0 bscbus (?)
102 f9143000 d950 1 ldterm (terminal line discipline)
103 f9151000 1724 1 ttcompat (alt ioctl calls)
104 0 0 0 asy (?)
105 0 0 0 ptsl (?)
106 0 0 0 ptc (?)
107 f915b000 16fc 1 rts (PF_ROUTE socket STREAMS driver )
108 0 0 0 ipsecesp (?)
109 0 0 0 ipsecah (?)
110 f916d000 52d4 1 tl (TPI Local Transport (tl) 1.71)
111 f9172000 36bc 1 keysock (PF_KEY socket STREAMS driver 1.)
112 f9175000 3e60 1 spdsock (PF_POLICY socket STREAMS driver)
113 f9179000 2a38 1 fifofs (filesystem for fifo)
114 f91123f4 1244 1 sysmsg (System message redirection (fan)
115 f9021b54 5d4 1 cn (Console redirection driver 5.61)
116 f9178220 ea8 1 mm (memory driver 1.81)
117 f9152624 94c 1 kstat (kernel statistics driver 1.24)
118 fea17248 24c 1 pipe (pipe(2) syscall)
119 f917c000 39c0 1 doorfs (doors)
120 f9180000 1510 1 namefs (filesystem for namefs)
121 f9182000 2350 1 portfs (event ports)
122 f9181368 d34 1 sysevent (sysevent driver 1.5)
123 f924dc9c 37c 1 intpexec (exec mod for interp)
124 f9185000 6f18 1 iprb (Intel 82558/82559 Ver 0.010.6 D)
125 f918c000 8538 1 gld (Generic LAN Driver (v2) 1.94)
126 f9194000 2740 1 lofs (filesystem for lofs)
127 f9197000 458b8 1 ipw (ipw $Revision: 1.26 $)
128 f90a3bbc 414 1 random (random number device v1.11)
129 0 0 0 dump (?)
130 f9159000 1554 1 openeepr (OPENPROM/NVRAM Driver v1.18)
131 f918b3f8 cd0 1 fdfs (filesystem for fd)
132 0 0 0 pm (?)
133 f91af000 136c 1 cryptoadm (Cryptographic Administrative In)
134 feb67594 3fc8 1 devinfo (DEVINFO Driver 1.66)
135 f90a5988 744 1 log (streams log driver)
136 f91b5000 2444 1 FX (Fixed priority sched class)
137 f9181fa4 274 1 FX_DPTBL (Fixed priority dispatch table)
138 f91ca000 690d0 1 nfs (NFS syscall, client, and common)
139 f922f000 13de8 1 rpcmod (RPC syscall)
140 f9241000 1758 1 tlimod (KTLI misc module)
141 f9243000 3d94 1 rpcsec (kernel RPC security module.)
142 f9157ad8 5d1 1 sy (Indirect driver for tty 'sy' 1.)
143 f9247000 742c 1 klmmod (lock mgr common module)
144 f90a3ed8 1ec 1 connld (Streams-based pipes)
145 f91963f0 bc4 1 xsvc (xserver svc)
146 feb6ae34 4a8c 1 audioi810 (i810 audio driver)
147 f9253000 216c 1 audiosup (Audio Device Support 1.23)
148 f9255000 1262c 1 mixer (Audio Mixer 1.63)
149 f91c9290 b2ec 1 amsrc2 (Audio Sample Rate Conv. #2 1.2)
150 f9260000 264b8 1 nfssrv (NFS server module)
151 f9285000 5d40 1 autofs (AUTOFS syscall)
152 f928b000 1134 1 pset (processor sets)
153 f915a5ec ae4 1 pts (Slave Stream Pseudo Terminal dr)
154 f928d000 51dc 1 vol (Volume Management Driver, 1.98)
155 f9292000 1e560 1 sd (SCSI Disk Driver 1.481)
156 0 0 0 crypto (?)
157 f9178f98 bc 1 IA (interactive scheduling class)
158 f9242708 a64 1 ptm (Master streams driver 'ptm' 1.4)
159 f92b3000 110c 1 ptem (pty hardware emulator)
160 feb7df14 1c9 1 redirmod (redirection module)
161 f91b0274 df4 1 pool (pool driver 1.6)
[ Comparing that code with hci1394_isr after the system
was rebooted shows exactly the same code:
hci1394_isr,10?ia
hci1394_isr: pushl %ebp
hci1394_isr+1: movl %esp,%ebp
hci1394_isr+3: subl $0x18,%esp
hci1394_isr+6: andl $0xfffffff8,%esp
hci1394_isr+9: pushl %ebx
hci1394_isr+0xa:pushl %esi
hci1394_isr+0xb:pushl %edi
hci1394_isr+0xc:xorl %esi,%esi
hci1394_isr+0xe:movl 0x8(%ebp),%ebx
hci1394_isr+0x11: pushl (%ebx)
hci1394_isr+0x13: call +0x5ffd <hci1394_ohci_intr_asserted>
hci1394_isr+0x18: addl $0x4,%esp
hci1394_isr+0x1b: movl %eax,%edi
hci1394_isr+0x1d: testl $0x20000,%edi
hci1394_isr+0x23: je +0x10 <hci1394_isr+0x33>
hci1394_isr+0x25: pushl %ebx
hci1394_isr+0x26:
Apparently the hci1394 module was uninstalled and removed from memory,
but the interrupt handler wasn't removed?
Yes, appears to be correct. The following function call appears to be
missing in S10 1394 kernel modules:
usr/src/uts/common/io/1394/adapters/hci1394_detach.c, function
hci1394_detach():
70 /* unregister interrupt handler */
71 hci1394_isr_handler_fini(soft_state);
Replacing S10-x86 1394 kernel modules with snv_27 1394 modules fixes
the problem.
]
> $c
0xf900c295(deadbeef)
0xf9006297(d56bf900, 0)
cpu_halt+0x9d()
idle+0x3b(0, 0)
> d56bf900::print hci1394_state_t
mdb: failed to look up type hci1394_state_t: no symbol corresponds to address
> d56bf900/4X
0xd56bf900: deadbeef deadbeef deadbeef deadbeef
> d56bf900::whatis
d56bf900 is d56bf900+0, bufctl d56d23d8 freed from kmem_alloc_384
> d56d23d8$<bufctl_audit
ADDR BUFADDR TIMESTAMP THREAD
CACHE LASTLOG CONTENTS
d56d23d8 d56bf900 717060c771 d3375de0
da0356f0 da92cf20 daf8aaa0
kmem_cache_free_debug+0xf5
kmem_cache_free+0x2c
kmem_free+0x10c
ddi_soft_state_free+0xb4
0xf9004cad
devi_detach+0x76
detach_node+0x4f
i_ndi_unconfig_node+0x88
i_ddi_detachchild+0x2f
devi_detach_node+0x5e
unconfig_immediate_children+0x76
devi_unconfig_common+0xe9
mt_config_thread+0x7e
