NetBSD 6.0 BETA kernel crash on amd64 (triggered by hdaudioctl)

To: netbsd-users%netbsd.org@localhost
Subject: NetBSD 6.0 BETA kernel crash on amd64 (triggered by hdaudioctl)
From: Peter Bex <Peter.Bex%xs4all.nl@localhost>
Date: Sun, 11 Mar 2012 15:28:01 +0100

Hi all,

Yesterday I built a GENERIC amd64 kernel from the netbsd-6 branch.
So far it runs perfectly, except for one glitch.  When I run hdaudioctl
to set a new config, I get a kernel crash, even if that config is the
same as is already active.  This is on a MacBook(4,1) from 2008.
The following commands reliably reproduce the crash:

$ hdaudioctl get 0x00 0x01 > foo
$ hdaudioctl set 0x00 0x01 foo

Unfortunately, there are two problems that prevent me from investigating
this deeper: the kernel crashdump that savecore puts on my disk can't
be opened with gdb (it says "invalid address" when I run
"target kvm netbsd.0.core") and my keyboard is unresponsive
under ddb.

With some help I did manage to get some information from the crash by
setting ddb.commandonenter=bt and manually transcribing the screen
while it was writing the kernel dump.  Here it is:

hdafg0: powering up widgets
panic: kernel diagnostic assertion "off = trunc_page(off)" failed: file 
"/usr/src/sys/uvm/uvm_page.c", line 1207
fatal breakpoint trap in supervisor mode
trap type 1 code 0 rip ffffffff802590f5 cs 8 rflags 246 cr2 7f7ff7813000 cpl 0 
rsp fffffe8009798450
Stopped in pid 23283.1 (hdaudioctl) at netbsd:breakpoint+0x05: leave
breakpoint() at netbsd:breakpoint+0x5
vpanic() at netbsd:vpanic+0x1f2
kern_assert() at netbsd:kern_assert+0x48
uvm_pagealloc_strat() at netbsd:uvm_pagealloc_strat+0x4f1
uvm_km_kmem_alloc() at netbsd:uvm_km_kmem_alloc+0x9f
kmem_intr_alloc() at netbsd:kmem_intr_alloc+0x5b
kmem_intr_zalloc() at netbsd:kmem_intr_zalloc+0xf
hdafg_parse() at netbsd:hdafg_parse+0x19
hdafg_attach() at netbsd:hdafg_attach+0x29d
config_attach() at netbsd:config_attach+0x29d
config_attach_loc() at netbsd:config_attach_loc+0x182
hdaudio_attach_fg() at netbsd:hdaudio_attach_fg+0xc5
hdaudioctl() at netbsd:hdaudioctl+0x5aa
cdev_ioctl() at netbsd:cdev_ioctl+0x77
VOP_IOCTL() at netbsd:VOP_IOCTL+0x3b
vn_ioctl() at netbsd:vn_ioctl+0x7b
sys_ioctl() at netbsd:sys_ioctl+0x13c
syscall() at netbsd:syscall+0x4c

Hopefully someone can help me figure out what's going wrong (or reproduce
it to see that it's not just me).  So far I've figured that the offending
line of code is src/sys/dev/pci/hdaudio/hdafg.c,1.14:1371
sc->sc_nwidgets is 37 at that point, which is the same number it has
during bootup.  The allocation call itself looks fine, so either
something else is messing things up beforehand or there's a bug in the
code between kmem_zalloc and uvm_pagealloc_strat (if that's the case
this would be pretty serious).

Cheers,
Peter
-- 
http://sjamaan.ath.cx
--
"The process of preparing programs for a digital computer
 is especially attractive, not only because it can be economically
 and scientifically rewarding, but also because it can be an aesthetic
 experience much like composing poetry or music."
                                                        -- Donald Knuth

Follow-Ups:
- Re: NetBSD 6.0 BETA kernel crash on amd64 (triggered by hdaudioctl)
  - From: Manuel Bouyer

Prev by Date: Re: 10 GbE network drivers
Next by Date: Unreproducible crash - NetBSD 6.0_BETA
Previous by Thread: 10 GbE network drivers
Next by Thread: Re: NetBSD 6.0 BETA kernel crash on amd64 (triggered by hdaudioctl)
Indexes:

Home | Main Index | Thread Index | Old Index