Re: devfs kernel panic

From: Maxime Henrion <mux_at_freebsd.org>
Date: Sun, 25 Jan 2004 22:47:02 +0100
Richard Cox wrote:
> I was trying to get xine going on 5.2 Current and ran into a kernel panic.  
> After a bit of investigating, I discovered I could reproduce the panic 
> consistently just by trying to stat /dev/dsp1 (i.e., just an 'ls /dev/dsp1' 
> will cause the kernel to panic).  Here are the particulars, please let me 
> know if there is any more information you would need to track this down:
> 
> rocket:/usr/src/sys/fs/devfs]# kldstat
> Id Refs Address    Size     Name
>  1   11 0xc0400000 3a3d08   kernel
>  2    1 0xc07a4000 1ceac    linux.ko
>  3    1 0xc07c1000 8744     snd_emu10k1.ko
>  4    2 0xc07ca000 1d5d8    snd_pcm.ko
>  5    1 0xc07e8000 1af00    radeon.ko
>  6    1 0xc0803000 4da2c    acpi.ko
> 
> gdb traceback:
> 
> (kgdb) where
> #0  doadump () at /usr/src/sys/kern/kern_shutdown.c:240
> #1  0xc04ff58c in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:372
> #2  0xc04ff8ff in poweroff_wait (junk=0xc06b5e99, howto=821)
>     at /usr/src/sys/kern/kern_shutdown.c:550
> #3  0xc0668d4d in trap_fatal (frame=0xc06ae406, eva=0)
>     at /usr/src/sys/i386/i386/trap.c:821
> #4  0xc0668a5c in trap_pfault (frame=0xe54769d8, usermode=0, eva=0)
>     at /usr/src/sys/i386/i386/trap.c:735
> #5  0xc066863c in trap (frame=
>       {tf_fs = -448331752, tf_es = -1067253744, tf_ds = 16, tf_edi = 3, tf_esi 
> = -448304353, tf_ebp = -448304552, tf_isp = -448304636, tf_ebx = 1, tf_edx = 
> 0, tf_ecx = 1, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -969554095, 
> tf_cs = 8, tf_eflags = 66118, tf_esp = -971754816, tf_ss = 1}) 
> at /usr/src/sys/i386/i386/trap.c:420
> #6  0xc065b408 in calltrap () at {standard input}:94
> #7  0xc04b2f94 in devfs_lookupx (ap=0x0) 
> at /usr/src/sys/fs/devfs/devfs_vnops.c:386
> #8  0xc04b32f3 in devfs_lookup (ap=0xe5476b88) 
> at /usr/src/sys/fs/devfs/devfs_vnops.c:455
> #9  0xc0551dac in lookup (ndp=0xe5476c28) at vnode_if.h:52
> #10 0xc05517d4 in namei (ndp=0xe5476c28) at /usr/src/sys/kern/vfs_lookup.c:183
> #11 0xc055f9a7 in lstat (td=0xc60febd0, uap=0xe5476d14)
>     at /usr/src/sys/kern/vfs_syscalls.c:2036
> #12 0xc06690c2 in syscall (frame=
>       {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 134542080, tf_esi = 
> 134542152, tf_ebp = -1077942680, tf_isp = -448303756, tf_ebx = 672751904, 
> tf_edx = 134557824, tf_ecx = 0, tf_eax = 190, tf_trapno = 12, tf_err = 2, 
> tf_eip = 672244687, tf_cs = 31, tf_eflags = 582, tf_esp = -1077942836, tf_ss 
> = 47}) at /usr/src/sys/i386/i386/trap.c:1010
> #13 0xc065b45d in Xint0x80_syscall () at {standard input}:136

It's a fatal trap happening in dsp_clone() due to devclass_get_softc()
returning NULL because the /dev/dsp1 device doesn't exist.  The
following patch fixes the problem for me.  I'm Cc'ing Matthew Kanner
since this problem apparently sneaked in his commit to dsp.c revision
1.69.

%%
Index: dsp.c
===================================================================
RCS file: /space2/ncvs/src/sys/dev/sound/pcm/dsp.c,v
retrieving revision 1.70
diff -u -p -r1.70 dsp.c
--- dsp.c	20 Jan 2004 05:30:09 -0000	1.70
+++ dsp.c	25 Jan 2004 21:37:36 -0000
_at__at_ -1092,6 +1092,8 _at__at_ dsp_clone(void *arg, char *name, int nam
 		return;
 
 	pcm_dev = devclass_get_softc(pcm_devclass, unit);
+	if (pcm_dev == NULL)
+		return;
 
 	SLIST_FOREACH(pcm_chan, &pcm_dev->channels, link) {
 
%%

Cheers,
Maxime
Received on Sun Jan 25 2004 - 12:47:03 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:39 UTC