Bug 27694

Summary: [sound] Panic in csa(4)
Product: Base System Reporter: Jesper Skriver <jesper>
Component: kernAssignee: freebsd-multimedia (Nobody) <multimedia>
Status: Closed FIXED    
Severity: Affects Only Me CC: jesper
Priority: Normal    
Version: 5.0-CURRENT   
Hardware: Any   
OS: Any   

Description Jesper Skriver freebsd_committer freebsd_triage 2001-05-27 23:30:00 UTC 
	About every other time I boot my IBM ThinkPad 600E I get this panic
(hand typed, as I don't have a second machine here to be able to use a
serial console).

Fatal trap 12: page fault while in kernel mode
Fault virtual address   = 0x28
Fault code                      = supervisor read, page not present
instruction pointer             = 0x8:0xc0159bd3
stack pointer                   = 0x10:0xc5e3ef44
frame pointer                   = 0x10:0xc5e3ef48
code segment                    = base rx0, limit 0xfffff, type 0x1b
                                = DPL 0, pres 1, def21 1, gran 1
processor eflags                = interrupt enabled, resume, IOPL=0
current process                 = 16 (irq11: pccbb0+++)
kernel: type 12 trap, code=0
Stopped at      csa_readio+0x17:        movl 0x28(%eax),%edx
db> trace
csa_readio(c0d0c804,0,c0d0c700,c0d1f400,4) at csa_readio+0x17
csa_intr(c0d0c800) at csa_intr+0x14
ithread_loop(c0d1f400,c5e3efa0) at ithread_loop+0x23f
fork_exit(c018dd20,c0d1f400,c4e2efa8) at fork_exit+0x59
fork_trampoline() at fork_trampoline+0x8

When I see this, I just power it off, and boot again, and usually it
will boot.

(kgdb) l *csa_readio+0x17
0xc0159cd3 is in csa_readio (machine/bus_at386.h:205).
200     }
201
202     static __inline u_int32_t
203     bus_space_read_4(bus_space_tag_t tag, bus_space_handle_t handle,
204                      bus_size_t offset)
205     {
206     #if defined(_I386_BUS_PIO_H_)
207     #if defined(_I386_BUS_MEMIO_H_)
208             if (tag == I386_BUS_SPACE_IO)
209     #endif
(kgdb) l *csa_intr+0x14
0xc015a5ec is in csa_intr (/usr/src/sys/dev/sound/pci/csapcm.c:685).
680     csa_intr (void *p)
681     {
682             struct csa_info *csa = p;
683
684             if ((csa->binfo->hisr & HISR_VC0) != 0)
685                     chn_intr(csa->pch.channel);
686             if ((csa->binfo->hisr & HISR_VC1) != 0)
687                     chn_intr(csa->rch.channel);
688     }
689
(kgdb) l *ithread_loop+0x23f
0xc018e077 is in ithread_loop (/usr/src/sys/kern/kern_intr.c:518).
513                                             free(ih, M_ITHREAD);
514                                             mtx_unlock(&Giant);
515                                             goto restart;
516                                     }
517                                     ih->ih_handler(ih->ih_argument);
518                                     if ((ih->ih_flags & IH_MPSAFE) == 0)
519                                             mtx_unlock(&Giant);
520                             }
521                     }
522
(kgdb) l *fork_exit+0x59
0xc018d221 is in fork_exit (/usr/src/sys/kern/kern_fork.c:737).
732
733             /*
734              * Check if a kernel thread misbehaved and returned from its main
735              * function.
736              */
737             PROC_LOCK(p);
738             if (p->p_flag & P_KTHREAD) {
739                     PROC_UNLOCK(p);
740                     mtx_lock(&Giant);
741                     printf("Kernel thread \"%s\" (pid %d) exited prematurely.\n",
(kgdb) l *fork_trampoline+0x8
No source file for address 0xc0299f6c.

looking in src/sys/dev/sound/pci/csa.c at the csa_readio() function,
bus_space_read_4() is called once:

        if (offset < BA0_AC97_RESET)
                return bus_space_read_4(rman_get_bustag(resp->io), rman_get_bushandle(resp->io), offset) & 0xffffffff;
        else {
                if (csa_readcodec(resp, offset, &ul))
                        ul = 0;
                return (ul);
        }

So it's probably where it goes wrong, any idea why ?

Fix: 

None known.
How-To-Repeat: 	I can reproduce relative easy, but it could be related to my specific HW.
Comment 1 Jesper Skriver freebsd_committer freebsd_triage 2001-05-27 23:40:17 UTC 
Responsible Changed
From-To: freebsd-bugs->cg@FreeBSD.org

Over to the maintainer
Comment 2 ru freebsd_committer freebsd_triage 2001-07-03 15:08:29 UTC 
Responsible Changed
From-To: cg@FreeBSD.org->cg

Removed @FreeBSD.org part so that Cameron gets notified about this by peter's weekly notification script.
Comment 3 Mark Linimon freebsd_committer freebsd_triage 2004-09-09 20:30:55 UTC 
Responsible Changed
From-To: cg->sound

With permission, reassign to mailing list alias.
Comment 4 Alexander Leidinger freebsd_committer freebsd_triage 2005-09-11 10:42:20 UTC 
State Changed
From-To: open->feedback

Is this still the case with 5.[34] or -current? There are a lot of 
changes to the bus space functions and to the sound system since then.
Comment 5 Jesper Skriver freebsd_committer freebsd_triage 2005-09-11 11:33:47 UTC 
State Changed
From-To: feedback->open
Comment 6 Jesper Skriver freebsd_committer freebsd_triage 2005-09-11 11:34:17 UTC 
State Changed
From-To: open->closed

I no longer have access to the hardware where the problem was found, so 
I have no way of knowing if the problem is fixed. 

Closing the PR, if others still see the problem on 5-STABLE, please re-open 
with updated information.