Re: kern/42113 (null pointer dereference in audio_calcwater if using hdaudio)

The following reply was made to PR kern/42113; it has been noted by GNATS.

From: List Mail User <>
Subject: Re: kern/42113 (null pointer dereference in audio_calcwater if using 
Date: Sat, 26 Sep 2009 16:01:51 -0700 (PDT)

 >Synopsis: null pointer dereference in audio_calcwater if using hdaudio
 >State-Changed-From-To: open->closed
 >State-Changed-When: Sat, 26 Sep 2009 17:11:15 +0000
 >duplicate of kern/42050
        This analysis appears to be incorrect.
        Are you sure?  In the case I provided audio_init is never reached;
 There is a panic (not an error message) before that point.
        In 42050, there's an error message from audio_init - I my case, the
 playback buffer is null, but the device DOES do playback - Different bug, at
 least I believe so.
 BTW.  I _can_ reproduce 42050 on my HP HDX, which has multiple functional
 audio codecs, _including_ an ATI HDMI one (just as mentioned in 42050).
        I would believe that the ultimate fix(es) may be the same, but the
 actual symptoms are not even particularly similar (i.e. panic vs. warning
 message): One is fatal, and the other "only" annoying.
        Finally, do notice that your proposed patch at:
        does NOT prevent this panic (unlike the OPs report about 42050)
 Below is a dmesg, with your "patch" applied, but it STILL panics.
 NOTE: The only visible change is now we're "full duplex, independant"
 before the panic.
        Since the "patch" did "fix" the OP's problem with 42050, then
 there STILL remains at least one allocation bug in hdaudio buffers.  Please
 reopen this (valid, not duplicate) bug.  (BTW. The "patch" does makes my
 HP HDX w/ an HDMP output-only codec function - at least what I've tried.)
        Paul Shupak
 Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
     2006, 2007, 2008, 2009
     The NetBSD Foundation, Inc.  All rights reserved.
 Copyright (c) 1982, 1986, 1989, 1991, 1993
     The Regents of the University of California.  All rights reserved.
 NetBSD 5.99.18 (GENERIC) #2: Sun Sep 20 09:46:18 PDT 2009
 total memory = 2039 MB
 avail memory = 1961 MB
 timecounter: Timecounters tick every 10.000 msec
 timecounter: Timecounter "i8254" frequency 1193182 Hz quality 100
 System manufacturer System Product Name (Rev 1.xx)
 mainbus0 (root)
 pci_addr_fixup: 000:31:1 0x8086 0x27df new address 0x00005800
 pci_addr_fixup: 000:31:1 0x8086 0x27df new address 0x00005808
 pci_addr_fixup: 000:31:1 0x8086 0x27df new address 0x00005810
 pci_addr_fixup: 000:31:1 0x8086 0x27df new address 0x0000580c
 cpu0 at mainbus0 apid 0: Intel 686-class, 1600MHz, id 0x106c2
 cpu1 at mainbus0 apid 2: Intel 686-class, 1600MHz, id 0x106c2
 cpu2 at mainbus0 apid 1: Intel 686-class, 1600MHz, id 0x106c2
 cpu3 at mainbus0 apid 3: Intel 686-class, 1600MHz, id 0x106c2
 ioapic0 at mainbus0 apid 4: pa 0xfec00000, version 20, 24 pins
 acpi0 at mainbus0: Intel ACPICA 20090730
 acpi0: X/RSDT: OemId <A_M_I_,OEMXSDT ,07000906>, AslId <MSFT,00000097>
 acpi0: SCI interrupting at int 9
 acpi0: fixed-feature power button present
 timecounter: Timecounter "ACPI-Fast" frequency 3579545 Hz quality 1000
 ACPI-Fast 24-bit timer
 attimer0 at acpi0 (TMR, PNP0100): io 0x40-0x43 irq 0
 pcppi0 at acpi0 (SPKR, PNP0800): io 0x61
 midi0 at pcppi0: PC speaker
 sysbeep0 at pcppi0
 aiboost0 at acpi0 (ASOC, ATK0110-16843024)
 aiboost0: ASUS AI Boost Hardware monitor
 hpet0 at acpi0 (HPET, PNP0103): mem 0xfed00000-0xfed003ff
 timecounter: Timecounter "hpet0" frequency 14318179 Hz quality 2000
 com0 at acpi0 (UAR1, PNP0501-1): io 0x3f8-0x3ff irq 4
 com0: ns16550a, working fifo
 lpt1 at acpi0 (LPTE, PNP0401): io 0x378-0x37f,0x778-0x77f irq 7 drq 3
 FWH (INT0800) [Intel FWH Random Number Generator] at acpi0 not configured
 acpibut0 at acpi0 (PWRB, PNP0C0C-170): ACPI Power Button
 attimer0: attached to pcppi0
 pci0 at mainbus0 bus 0: configuration mode 1
 pci0: i/o space, memory space enabled, rd/line, rd/mult, wr/inv ok
 pchb0 at pci0 dev 0 function 0: Intel 82945G/P Memory Controller Hub (rev. 
 agp0 at pchb0: detected 7932k stolen memory
 agp0: aperture at 0xd0000000, size 0x10000000
 vga0 at pci0 dev 2 function 0: Intel 82945G/P Integrated Graphics Device (rev. 
 wsdisplay0 at vga0 kbdmux 1: console (80x25, vt100 emulation)
 wsmux1: connecting to wsdisplay0
 i915drm0 at vga0: Intel i945G
 i915drm0: AGP at 0xd0000000 256MB
 i915drm0: Initialized i915 1.6.0 20080730
 hdaudio0 at pci0 dev 27 function 0: HD Audio Controller
 hdaudio0: interrupting at ioapic0 pin 19
 hdaudio0: High Definition Audio version 1.0
 hdaudio0: OSS 4 ISS 4 BSS 0 SDO 0 64-bit
 hdaudio0: using 1024 byte CORB (cap 4)
 hdaudio0: using 2048 byte RIRB (cap 4)
 hdaudio0: Codec00: 1106:4397 HDA 1.0 rev 0 stepping 0
 hdafg0 at hdaudio0 vendor 0x1106 product 0x4397 nid 0x01 (firmware 
 hdafg0: parsing widgets
 hdafg0: afg start 10 end 28 nwidgets 24
 hdafg0: powering up widgets
 hdafg0: afg widgets 0xffff80004856c008-0xffff80004856da48
 hdafg0: parsing controls
 hdafg0: disabling non-audio devices
 hdafg0: disabling useless devices
 hdafg0: parsing associations
 hdafg0:   count present associations
 hdafg0:   maxassocs 2
 hdafg0:   allocating memory
 hdafg0:   scan associations, skipping as=0
 hdafg0:   all done
 hdafg0: building tree
 hdafg0: disabling unassociated pins
 hdafg0: disabling unselected pins
 hdafg0: disabling useless devices
 hdafg0: disabling cross-associated pins
 hdafg0: disabling useless devices
 hdafg0: assigning mixer names to sound sources
 hdafg0: assigning mixers to device tree
 hdafg0: preparing pin controls
 hdafg0: commiting settings
 hdafg0: setup jack sensing
 hdafg0: building mixer controls
 hdafg0: DAC0:10, Analog Speaker: Jack (Green, 1C)
 hdafg0: DAC0:10, Analog HP Out: Jack (Green, 1D)
 hdafg0: ADC1:13, Analog Mic In: Jack (Pink, 1A)
 hdafg0: ADC1:13, Analog CD: Fixed Function (Unknown, 1F)
 hdafg0: ADC1:13, Analog Mic In: Jack (Pink, 1E)
 hdafg0: ADC1:13, Analog Line In: Jack (Blue, 1B)
 hdafg0: configuring encodings
 hdafg0: 2ch/2ch 48000Hz
 hdafg0: reserving streams
 hdafg0: connecting streams
 hdafg0: attaching audio device
 audio0 at hdafg0: full duplex, independent
 uvm_fault(0xffffffff80b57760, 0x0, 1) -> e
 fatal page fault in supervisor mode
 trap type 6 code 0 rip ffffffff80185449 cs 8 rflags 10287 cr2  10 cpl 8 rsp 

