Bug #747

Kernel Core dumps whrn loading snd_ich

Added by wesley.hearn over 6 years ago. Updated over 6 years ago.

Status:ClosedStart date:
Priority:HighDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

I am using 1.11.0-DEVELOPMENT from Jul 25. I have a coredump if anyone
wants it, the following is from bt within kgdb, if you need anything
else let me know.

#0 dumpsys () at thread.h:83
#1 0xc02eb14b in boot (howto=260)
at /usr/src/sys/kern/kern_shutdown.c:371 #2 0xc02eb8d4 in panic
(fmt=0xc0562c65 "from debugger")
at /usr/src/sys/kern/kern_shutdown.c:796 #3 0xc0166a7e in db_panic
(addr=-1070612402, have_addr=0, count=1, modif=0xc6e796ac "")
at /usr/src/sys/ddb/db_command.c:447 #4 0xc0166a13 in db_command
(last_cmdp=0xc0634710, cmd_table=0xc05c7280, aux_cmd_tablep=0xc05be774,
aux_cmd_tablep_end=0xc05be790) at /usr/src/sys/ddb/db_command.c:343 #5
0xc0166af3 in db_command_loop () at /usr/src/sys/ddb/db_command.c:469
#6 0xc0169688 in db_trap (type=12, code=0)
at /usr/src/sys/ddb/db_trap.c:71 #7 0xc05050f8 in kdb_trap (type=12,
code=0, regs=0xc6e79838)
at /usr/src/sys/platform/pc32/i386/db_interface.c:148 #8 0xc0518575 in
trap_fatal (frame=0xc6e79838, eva=0)
at /usr/src/sys/platform/pc32/i386/trap.c:1092 #9 0xc051823e in
trap_pfault (frame=0xc6e79838, usermode=0, eva=28)
at /usr/src/sys/platform/pc32/i386/trap.c:998 #10 0xc0517e56 in trap
(frame=0xc6e79838) at /usr/src/sys/platform/pc32/i386/trap.c:681 #11
0xc0506146 in calltrap ()
at /usr/src/sys/platform/pc32/i386/exception.s:783 #12 0xc02fc04e in
devclass_get_maxunit (dc=0x0) at /usr/src/sys/kern/subr_bus.c:363 #13
0xc6e8c16b in ?? () #14 0x00000000 in ?? () #15 0x10000010 in ?? () #16
0xc6594e00 in ?? () #17 0xc6e798b8 in ?? () #18 0xc6e92311 in ?? () #19
0xc6d7b0a8 in ?? () #20 0x00000000 in ?? () #21 0xc0af3f50 in ?? () #22
0xc6e798ec in ?? () #23 0x40044d04 in ?? () #24 0xc664f800 in ?? () #25
0x00000004 in ?? () #26 0xc6e798ec in ?? ()
#27 0xc6e9253f in ?? ()
#28 0xc6d7b0a8 in ?? ()
#29 0x00000000 in ?? ()
#30 0xc6e7990c in ?? ()
#31 0xc6e798dc in ?? ()
#32 0xc6594e00 in ?? ()
#33 0xc6e7990c in ?? ()
#34 0xffffffff in ?? ()
#35 0xc6e798ec in ?? ()
#36 0x10000010 in ?? ()
#37 0xc6e69000 in ?? ()
#38 0x00000007 in ?? ()
#39 0xc6e79964 in ?? ()
#40 0xc6e8bea5 in ?? ()
#41 0xc6e79918 in ?? ()
#42 0x10000010 in ?? ()
#43 0xc6e9b640 in ?? ()
#44 0x0000001f in ?? ()
#45 0xc6e7e110 in ?? ()
#46 0x00000040 in ?? ()
#47 0x00006464 in ?? ()
#48 0x10000010 in ?? ()
#49 0x00000000 in ?? ()
#50 0x0000007d in ?? ()
#51 0xc6d7b0a8 in ?? ()
#52 0x40044d04 in ?? ()
#53 0xc6e7990c in ?? ()
#54 0xffffffff in ?? ()
#55 0x00000000 in ?? ()
#56 0xc6e79944 in ?? ()
#57 0xc02d4507 in dev_dclone (dev=0xc6d7b0a8)
at /usr/src/sys/kern/kern_device.c:210 Previous frame inner to this
frame (corrupt stack?)

init-devclass.diff Magnifier (978 Bytes) corecode, 07/29/2007 10:12 AM

History

#1 Updated by corecode over 6 years ago

could you please use kldstat and asf(8) to add the module info?

thanks
simon

#2 Updated by wesley.hearn over 6 years ago

On Fri, 27 Jul 2007 20:06:01 -0000
Simon 'corecode' Schubert <> wrote:

(kgdb) back
#0 dumpsys () at thread.h:83
#1 0xc02eb14b in boot (howto=260)
at /usr/src/sys/kern/kern_shutdown.c:371 #2 0xc02eb8d4 in panic
(fmt=0xc0562c65 "from debugger")
at /usr/src/sys/kern/kern_shutdown.c:796 #3 0xc0166a7e in db_panic
(addr=-1070612402, have_addr=0, count=1, modif=0xc6e796ac "")
at /usr/src/sys/ddb/db_command.c:447 #4 0xc0166a13 in db_command
(last_cmdp=0xc0634710, cmd_table=0xc05c7280, aux_cmd_tablep=0xc05be774,
aux_cmd_tablep_end=0xc05be790) at /usr/src/sys/ddb/db_command.c:343 #5
0xc0166af3 in db_command_loop () at /usr/src/sys/ddb/db_command.c:469
#6 0xc0169688 in db_trap (type=12, code=0)
at /usr/src/sys/ddb/db_trap.c:71 #7 0xc05050f8 in kdb_trap (type=12,
code=0, regs=0xc6e79838)
at /usr/src/sys/platform/pc32/i386/db_interface.c:148 #8 0xc0518575 in
trap_fatal (frame=0xc6e79838, eva=0)
at /usr/src/sys/platform/pc32/i386/trap.c:1092 #9 0xc051823e in
trap_pfault (frame=0xc6e79838, usermode=0, eva=28)
at /usr/src/sys/platform/pc32/i386/trap.c:998 #10 0xc0517e56 in trap
(frame=0xc6e79838) at /usr/src/sys/platform/pc32/i386/trap.c:681 #11
0xc0506146 in calltrap ()
at /usr/src/sys/platform/pc32/i386/exception.s:783 #12 0xc02fc04e in
devclass_get_maxunit (dc=0x0) at /usr/src/sys/kern/subr_bus.c:363 #13
0xc6e8c16b in dsp_get_info (dev=0x0)
at /usr/src/sys/dev/sound/pcm/dsp.c:71 #14 0xc6e92311 in vchanvolume
(i_dev=0x0, write=0, volume=0xc6e7990c, ret=0xc6e798dc, td=0xc6594e00)
at /usr/src/sys/dev/sound/pcm/mixer.c:587 #15 0xc6e9253f in mixer_ioctl
(ap=0x0) at thread.h:80 #16 0xc6e8bea5 in chn_buildfeeder
(c=0xc6e69000) at /usr/src/sys/dev/sound/pcm/channel.c:1436 #17
0xc6e8b492 in chn_tryformat (c=0xc6e69000, fmt=0)
at /usr/src/sys/dev/sound/pcm/channel.c:1041 #18 0xc6e8b54c in
chn_setformat (c=0xc6e69000, fmt=0)
at /usr/src/sys/dev/sound/pcm/channel.c:1060 #19 0xc6e8ac51 in
chn_reset (c=0xc6e69000, fmt=268435472)
at /usr/src/sys/dev/sound/pcm/channel.c:780 #20 0xc6e951b1 in
vchan_create (parent=0xc6e69000)
at /usr/src/sys/dev/sound/pcm/vchan.c:447 #21 0xc6e9326d in
pcm_setvchans (d=0xc65f5a00, newcnt=1)
at /usr/src/sys/dev/sound/pcm/sound.c:221 #22 0xc6e93f49 in
pcm_setstatus (dev=0x0, str=0x0)
at /usr/src/sys/dev/sound/pcm/sound.c:818 #23 0xc6e7c54a in
ich_setstatus (sc=0xc6e05d48)
at /usr/src/sys/dev/sound/driver/ich/../../../../dev/sound/pci/ich.c:726
#24 0xc6e7c803 in ich_calibrate (arg=0xc6e05d48)
at /usr/src/sys/dev/sound/driver/ich/../../../../dev/sound/pci/ich.c:834
#25 0xc6e7d44e in ich_pci_attach (dev=0xc622bbb8)
at /usr/src/sys/dev/sound/driver/ich/../../../../dev/sound/pci/ich.c:1114
#26 0xc02fd05f in device_doattach (dev=0xc622bbb8) at device_if.h:39
#27 0xc02fcf73 in device_probe_and_attach (dev=0xc622bbb8)
at /usr/src/sys/kern/subr_bus.c:1114 #28 0xc02fe8ef in
bus_generic_driver_added (dev=0xc622b858, driver=0xc6e7e210)
at /usr/src/sys/kern/subr_bus.c:2095 #29 0xc02fbde1 in
devclass_add_driver (dc=0xc0ad9020, driver=0xc6e7e210) at bus_if.h:71
#30 0xc02ffdad in driver_module_handler (mod=0xc6224d20,
what=-957881840, arg=0xc6e7e228) at /usr/src/sys/kern/subr_bus.c:2621
#31 0xc02cd6f8 in module_register_init (arg=0xc6e7e23c)
at /usr/src/sys/kern/kern_module.c:110 #32 0xc02cdd84 in
linker_file_sysinit (lf=0xc6dcdfe8)
at /usr/src/sys/kern/kern_linker.c:157 #33 0xc02ce039 in
linker_load_file (filename=0xc623bc00 "snd_ich", result=0xc6e79cac)
at /usr/src/sys/kern/kern_linker.c:286 #34 0xc02ce978 in sys_kldload
(uap=0xc6e79cf8) at /usr/src/sys/kern/kern_linker.c:744 #35 0xc05188d0
in syscall2 (frame=0xc6e79d40)
at /usr/src/sys/platform/pc32/i386/trap.c:1340 #36 0xc05061e5 in
Xint0x80_syscall () at /usr/src/sys/platform/pc32/i386/exception.s:872
#37 0x080487b8 in ?? () #38 0xbfbffadc in ?? () #39 0x0000002f in ?? ()
#40 0x00000000 in ?? () #41 0x00000000 in ?? () #42 0x00000000 in ?? ()
#43 0x00000000 in ?? () #44 0x02600000 in ?? () #45 0xc6594e00 in ?? ()
#46 0xff8003a4 in ?? () #47 0xc6e79930 in ?? () #48 0xc6e79910 in ?? ()
#49 0xff800000 in ?? () #50 0xc02f2ccd in lwkt_switch ()
at /usr/src/sys/kern/lwkt_thread.c:752 Previous frame inner to this
frame (corrupt stack?)

#3 Updated by wesley.hearn over 6 years ago

On Sat, 28 Jul 2007 20:31:21 -0400
Wesley Hearn <> wrote:

The patch didn't change anything, but at the boot prompt I goto the command line by pressing 6, load the kernel and snd_ich and it boots no problem and the module is still listed.

#4 Updated by corecode over 6 years ago

...
> #27 0xc02fcf73 in device_probe_and_attach (dev=0xc622bbb8)
> at /usr/src/sys/kern/subr_bus.c:1114
> #28 0xc02fe8ef in bus_generic_driver_added (dev=0xc622b858, driver=0xc6e7e210)
> at /usr/src/sys/kern/subr_bus.c:2095
> #29 0xc02fbde1 in devclass_add_driver (dc=0xc0ad9020, driver=0xc6e7e210) at bus_if.h:71
> #30 0xc02ffdad in driver_module_handler (mod=0xc6224d20,
> what=-957881840, arg=0xc6e7e228) at /usr/src/sys/kern/subr_bus.c:2621
> #31 0xc02cd6f8 in module_register_init (arg=0xc6e7e23c)
> at /usr/src/sys/kern/kern_module.c:110

So the problem is:

module_register_init calls devclass_add_driver first, before setting up the devclass pointer. This one however gets used lateron in the driver attachment.

I believe the correct sequence is this, but I'd appreciate if somebody could double check. The patch fixes the panic, of course.

cheers
simon

#5 Updated by corecode over 6 years ago

Matt,

could I get your review on that? I'd like to fix this before releasing.

thanks
simon

#6 Updated by dillon over 6 years ago

:Matt,
:
:could I get your review on that? I'd like to fix this before releasing.
:
:thanks
: simon

I'm struggling with vinum at the moment, but I will look at it as soon
as I can.

-Matt

#7 Updated by dillon over 6 years ago

:So the problem is:
:
:module_register_init calls devclass_add_driver first, before setting up the devclass pointer. This one however gets used lateron in the driver attachment.
:
:I believe the correct sequence is this, but I'd appreciate if somebody could double check. The patch fixes the panic, of course.
:
:cheers
: simon

It looks right to me, but I am no expert on the devclass stuff.
Go ahead and commit it.

-Matt

#8 Updated by corecode over 6 years ago

Thanks, committed!

Also available in: Atom PDF