From jesper@skriver.dk  Sun May 27 15:23:59 2001
Return-Path: <jesper@skriver.dk>
Received: from freesbee.wheel.dk (freesbee.wheel.dk [193.162.159.97])
	by hub.freebsd.org (Postfix) with ESMTP
	id A5DDB37B422; Sun, 27 May 2001 15:23:58 -0700 (PDT)
	(envelope-from jesper@skriver.dk)
Received: by freesbee.wheel.dk (Postfix, from userid 1001)
	id 2F7AD5D5B; Mon, 28 May 2001 00:25:45 +0200 (CEST)
Message-Id: <20010528002545.A15786@skriver.dk>
Date: Mon, 28 May 2001 00:25:45 +0200
From: Jesper Skriver <jesper@freebsd.org>
Reply-To: Jesper Skriver <jesper@freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Jesper Skriver <jesper@freebsd.org>
Subject: Panic in csa(4)
X-Send-Pr-Version: 3.113
X-GNATS-Notify: Jesper Skriver <jesper@FreeBSD.org>

>Number:         27694
>Category:       kern
>Synopsis:       [sound] Panic in csa(4)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-multimedia
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun May 27 15:30:00 PDT 2001
>Closed-Date:    Sun Sep 11 10:35:08 GMT 2005
>Last-Modified:  Sun Sep 11 10:35:08 GMT 2005
>Originator:     Jesper Skriver
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD tam 5.0-CURRENT FreeBSD 5.0-CURRENT #4: Sat May 26 20:54:27 CEST 2001 root@tam:/usr/obj/usr/src/sys/TAM2 i386


>Description:
	About every other time I boot my IBM ThinkPad 600E I get this panic
(hand typed, as I don't have a second machine here to be able to use a
serial console).

Fatal trap 12: page fault while in kernel mode
Fault virtual address   = 0x28
Fault code                      = supervisor read, page not present
instruction pointer             = 0x8:0xc0159bd3
stack pointer                   = 0x10:0xc5e3ef44
frame pointer                   = 0x10:0xc5e3ef48
code segment                    = base 0x0, limit 0xfffff, type 0x1b
                                = DPL 0, pres 1, def21 1, gran 1
processor eflags                = interrupt enabled, resume, IOPL=0
current process                 = 16 (irq11: pccbb0+++)
kernel: type 12 trap, code=0
Stopped at      csa_readio+0x17:        movl 0x28(%eax),%edx
db> trace
csa_readio(c0d0c804,0,c0d0c700,c0d1f400,4) at csa_readio+0x17
csa_intr(c0d0c800) at csa_intr+0x14
ithread_loop(c0d1f400,c5e3efa0) at ithread_loop+0x23f
fork_exit(c018dd20,c0d1f400,c4e2efa8) at fork_exit+0x59
fork_trampoline() at fork_trampoline+0x8

When I see this, I just power it off, and boot again, and usually it
will boot.

(kgdb) l *csa_readio+0x17
0xc0159cd3 is in csa_readio (machine/bus_at386.h:205).
200     }
201
202     static __inline u_int32_t
203     bus_space_read_4(bus_space_tag_t tag, bus_space_handle_t handle,
204                      bus_size_t offset)
205     {
206     #if defined(_I386_BUS_PIO_H_)
207     #if defined(_I386_BUS_MEMIO_H_)
208             if (tag == I386_BUS_SPACE_IO)
209     #endif
(kgdb) l *csa_intr+0x14
0xc015a5ec is in csa_intr (/usr/src/sys/dev/sound/pci/csapcm.c:685).
680     csa_intr (void *p)
681     {
682             struct csa_info *csa = p;
683
684             if ((csa->binfo->hisr & HISR_VC0) != 0)
685                     chn_intr(csa->pch.channel);
686             if ((csa->binfo->hisr & HISR_VC1) != 0)
687                     chn_intr(csa->rch.channel);
688     }
689
(kgdb) l *ithread_loop+0x23f
0xc018e077 is in ithread_loop (/usr/src/sys/kern/kern_intr.c:518).
513                                             free(ih, M_ITHREAD);
514                                             mtx_unlock(&Giant);
515                                             goto restart;
516                                     }
517                                     ih->ih_handler(ih->ih_argument);
518                                     if ((ih->ih_flags & IH_MPSAFE) == 0)
519                                             mtx_unlock(&Giant);
520                             }
521                     }
522
(kgdb) l *fork_exit+0x59
0xc018d221 is in fork_exit (/usr/src/sys/kern/kern_fork.c:737).
732
733             /*
734              * Check if a kernel thread misbehaved and returned from its main
735              * function.
736              */
737             PROC_LOCK(p);
738             if (p->p_flag & P_KTHREAD) {
739                     PROC_UNLOCK(p);
740                     mtx_lock(&Giant);
741                     printf("Kernel thread \"%s\" (pid %d) exited prematurely.\n",
(kgdb) l *fork_trampoline+0x8
No source file for address 0xc0299f6c.

looking in src/sys/dev/sound/pci/csa.c at the csa_readio() function,
bus_space_read_4() is called once:

        if (offset < BA0_AC97_RESET)
                return bus_space_read_4(rman_get_bustag(resp->io), rman_get_bushandle(resp->io), offset) & 0xffffffff;
        else {
                if (csa_readcodec(resp, offset, &ul))
                        ul = 0;
                return (ul);
        }

So it's probably where it goes wrong, any idea why ?

>How-To-Repeat:
	I can reproduce relative easy, but it could be related to my specific HW.
>Fix:

	None known.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->cg@FreeBSD.org 
Responsible-Changed-By: jesper 
Responsible-Changed-When: Sun May 27 15:40:17 PDT 2001 
Responsible-Changed-Why:  
Over to the maintainer 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=27694 
Responsible-Changed-From-To: cg@FreeBSD.org->cg 
Responsible-Changed-By: ru 
Responsible-Changed-When: Tue Jul 3 07:08:29 PDT 2001 
Responsible-Changed-Why:  
Removed @FreeBSD.org part so that Cameron gets notified about this by peter's weekly notification script. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=27694 
Responsible-Changed-From-To: cg->sound 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Thu Sep 9 19:30:55 GMT 2004 
Responsible-Changed-Why:  
With permission, reassign to mailing list alias. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=27694 
State-Changed-From-To: open->feedback 
State-Changed-By: netchild 
State-Changed-When: Sun Sep 11 09:42:20 GMT 2005 
State-Changed-Why:  
Is this still the case with 5.[34] or -current? There are a lot of 
changes to the bus space functions and to the sound system since then. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=27694 
State-Changed-From-To: feedback->open 
State-Changed-By: jesper 
State-Changed-When: Sun Sep 11 10:33:47 GMT 2005 
State-Changed-Why:  


http://www.freebsd.org/cgi/query-pr.cgi?pr=27694 
State-Changed-From-To: open->closed 
State-Changed-By: jesper 
State-Changed-When: Sun Sep 11 10:34:17 GMT 2005 
State-Changed-Why:  
I no longer have access to the hardware where the problem was found, so 
I have no way of knowing if the problem is fixed. 

Closing the PR, if others still see the problem on 5-STABLE, please re-open 
with updated information. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=27694 
>Unformatted:
