From bloom@jbloom.jbloom.org  Wed Mar 28 17:04:00 2001
Return-Path: <bloom@jbloom.jbloom.org>
Received: from jbloom.jbloom.org (reyim.ne.mediaone.net [24.218.251.241])
	by hub.freebsd.org (Postfix) with ESMTP id 9ED5937B71E
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 28 Mar 2001 17:03:59 -0800 (PST)
	(envelope-from bloom@jbloom.jbloom.org)
Received: (from bloom@localhost)
	by jbloom.jbloom.org (8.11.2/8.11.2) id f2T12gT39746;
	Wed, 28 Mar 2001 20:02:43 -0500 (EST)
	(envelope-from bloom)
Message-Id: <200103290102.f2T12gT39746@jbloom.jbloom.org>
Date: Wed, 28 Mar 2001 20:02:43 -0500 (EST)
From: bloom@acm.org
Reply-To: bloom@acm.org
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Kernel page fault in mpu attach
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         26188
>Category:       kern
>Synopsis:       Kernel page fault in mpu attach
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 28 17:10:02 PST 2001
>Closed-Date:    Mon Apr 2 22:16:13 PDT 2001
>Last-Modified:  Mon Apr 02 22:17:09 PDT 2001
>Originator:     Jim Bloom
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD jbloom.jbloom.org 5.0-CURRENT FreeBSD 5.0-CURRENT #95: Mon Mar 26 21:21:35 EST 2001 bloom@jbloom.jbloom.org:/usr/src/sys/compile/JMB i386

THe critical piece of hardware is a SoundBlaster AWE 64 ISA with appropriate 
configuration entries in the kernel.
>Description:
There is a page fault in the kernel while booting my machine.  This occurs
while trying the attach the mpu on my sound card.  The back trace indicates
that the page fualt is in _mtx_lock_sleep.

This problem has been occuring since around Feb 25 most likely related to
adding the mutex locking.  A later fix initialized the mutex, but still too
late.

A bit of research shows that that mutex is never initialized before attempting
to lock the mutex.  Looking at the code, the mutex is initialized after it is
first used.  In addition, I added a mutex_destroy call when cleaning up after
errors.
>How-To-Repeat:
I just boot the machine.
>Fix:

Index: mpu.c
===================================================================
RCS file: /users/ncvs/src/sys/dev/sound/isa/mpu.c,v
retrieving revision 1.5
diff -u -r1.5 mpu.c
--- mpu.c	2001/03/14 07:29:46	1.5
+++ mpu.c	2001/03/27 02:20:29
@@ -358,6 +358,8 @@
 
 	DEB(printf("mpu: attaching.\n"));
 
+	mtx_init(&scp->mtx, "mpumid", MTX_DEF);
+
 	/* Allocate the resources, switch to uart mode. */
 	if (mpu_allocres(scp, dev) || mpu_uartmode(scp)) {
 		mpu_releaseres(scp, dev);
@@ -368,7 +370,6 @@
 
 	/* Fill the softc. */
 	scp->dev = dev;
-	mtx_init(&scp->mtx, "mpumid", MTX_DEF);
 	scp->devinfo = devinfo = create_mididev_info_unit(MDT_MIDI, &mpu_op_desc, &midisynth_op_desc);
 
 	/* Fill the midi info. */
@@ -751,6 +752,7 @@
 		bus_release_resource(dev, SYS_RES_IOPORT, scp->io_rid, scp->io);
 		scp->io = NULL;
 	}
+	mtx_destroy(&scp->mtx);
 }
 
 static device_method_t mpu_methods[] = {
>Release-Note:
>Audit-Trail:

From: Jim Bloom <bloom@acm.org>
To: freebsd-gnats-submit@FreeBSD.org, bloom@acm.org
Cc:  
Subject: Re: kern/26188: Kernel page fault in mpu attach
Date: Wed, 28 Mar 2001 20:26:40 -0500

 Here are the error messages:
 
 Fatal trap 12: page fault while in kernel mode
 fault virtual address   = 0x1a0
 fault code              = supervisor read, page not present
 instruction pointer     = 0x8:0xc01c8006
 stack pointer           = 0x10:0xc04e66dc
 frame pointer           = 0x10:0xc04e66db>
 
 trace
 _mtx_lock_sleep(c0ecda08,0,c036d471,268) at _mtx_lock_sleep+0x29a
 mpu_uartmode(c0ecda00) at mpu_uartmode+0x63
 mpu_attach(c0ebd100,c0ebd100,c0ebd100,c0e67080,c04e675c) at
 mpu_attach+0x25
 mpusbc_attach(c0ebd100,c0ebd100,c0ea5ac0,c036e926,1) at
 mpusbc_attach+0x19
 device_probe_and_attach(c0ebd100) at device_probe_and_attach+0x9a
 bus_generic_attach(c0ea2000,c0ebd080,c0ea5ac0,c0ea2000,c036e935) at
 bus_generic_attach+0x16
 sbc_attach(c0ea2000,c0eadb00,c0ea2000,7,0) at sbc_attach+0x3cc
 device_probe_and_attach(c0ea2000,c0404c4c,c03f9030,4eb000,c0eadb00) at
 device_probe_and_attach+0x9a
 isa_probe_children(c0ea2980,c04e6ff8,c01b1f74,0,4e4c00) at
 isa_probe_children+0x143
 configure(0,4e4c00,4e4000,0,c01277d2) at configure+0x39
 mi_startup() at mi_startup+0x68
 begin() at begin+0x29
State-Changed-From-To: open->closed 
State-Changed-By: tanimura 
State-Changed-When: Mon Apr 2 22:16:13 PDT 2001 
State-Changed-Why:  
Fixed in src/sys/dev/sound/isa/mpu.c rev 1.7, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=26188 
>Unformatted:
