From owner-freebsd-current  Tue Apr 17 11:25:36 2001
Delivered-To: freebsd-current@freebsd.org
Received: from meow.osd.bsdi.com (meow.osd.bsdi.com [204.216.28.88])
	by hub.freebsd.org (Postfix) with ESMTP
	id C741237B42C; Tue, 17 Apr 2001 11:25:30 -0700 (PDT)
	(envelope-from jhb@FreeBSD.org)
Received: from laptop.baldwin.cx (john@jhb-laptop.osd.bsdi.com [204.216.28.241])
	by meow.osd.bsdi.com (8.11.2/8.11.2) with ESMTP id f3HIPNG12925;
	Tue, 17 Apr 2001 11:25:23 -0700 (PDT)
	(envelope-from jhb@FreeBSD.org)
Message-ID: <XFMail.010417112446.jhb@FreeBSD.org>
X-Mailer: XFMail 1.4.0 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <20010417201638.A23027@skriver.dk>
Date: Tue, 17 Apr 2001 11:24:46 -0700 (PDT)
From: John Baldwin <jhb@FreeBSD.org>
To: Jesper Skriver <jesper@skriver.dk>
Subject: Re: kernel panic in -current, ithread or newcard related ?
Cc: current@FreeBSD.org, cg@FreeBSD.org
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On 17-Apr-01 Jesper Skriver wrote:
> On Mon, Apr 16, 2001 at 08:10:37PM -0700, John Baldwin wrote:
>> 
>> On 15-Apr-01 Jesper Skriver wrote:
>> > About every other time I boot my IBM ThinkPad 600E I get this panic
>> > (hand typed, as I don't have a second machine here to be able to use a
>> > serial console).
>> > 
>> > Fatal trap 12: page fault while in kernel mode
>> > Fault virtual address = 0x28
>> 
>> It's a null pointer dereference.  If you've compiled a debug kernel then do
>> 'gdb -k /usr/obj/usr/src/sys/TAM2/kernel.debug' and then do
>> 'l *csa_readio+0x17' to find the offending line.  It's usually pretty easy
>> to
>> figure out then.
> 
> I's not obvious to me, newbee in kernel debugging, how is the below
> (from the trace) related ?
> 
> /Jesper
> 
> (kgdb) l *csa_readio+0x17
> 0xc0159cd3 is in csa_readio (machine/bus_at386.h:205).
> 200     }
> 201
> 202     static __inline u_int32_t
> 203     bus_space_read_4(bus_space_tag_t tag, bus_space_handle_t handle,
> 204                      bus_size_t offset)
> 205     {
> 206     #if defined(_I386_BUS_PIO_H_)
> 207     #if defined(_I386_BUS_MEMIO_H_)
> 208             if (tag == I386_BUS_SPACE_IO)
> 209     #endif

Hmm, well, looking in dev/sound/pci/csa.c at the csa_readio() function,
bus_space_read_4() is called once:

        if (offset < BA0_AC97_RESET)
                return bus_space_read_4(rman_get_bustag(resp->io), rman_get_bush
andle(resp->io), offset) & 0xffffffff;
        else {
                if (csa_readcodec(resp, offset, &ul))
                        ul = 0;
                return (ul);
        }

My guess is that resp is NULL here.  At this point, you may want to poke
Cameron Grant <cg@FreeBSD.org> with a bug report as he is Mr. Sound and he
probably knows what has gone wrong at this point.

-- 

John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/
PGP Key: http://www.baldwin.cx/~john/pgpkey.asc
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message