netbsd-bugs: kern/17071: System lockup closing audio device

Subject: kern/17071: System lockup closing audio device
To: None <gnats-bugs@gnats.netbsd.org>
From: None <gson@netbsd.org>
List: netbsd-bugs
Date: 05/27/2002 11:26:11
>Number:         17071
>Category:       kern
>Synopsis:       System lockup closing audio device
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon May 27 11:27:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Andreas Gustafsson
>Release:        NetBSD-current as of May 26, 2002
>Organization:
Speaking on my own behalf
>Environment:
System: NetBSD guava.araneus.fi 1.5ZC NetBSD 1.5ZC (GUAVA) #0: Tue May 7 19:36:41 PDT 2002 gson@guava.araneus.fi:/usr/src/sys/arch/i386/compile/GUAVA i386
Architecture: i386
Machine: i386
>Description:

I have a program that that opens /dev/sound0, simultaneously records
and plays about one second of 16-bit mono audio at a sample rate of 48
kHz (in full duplex), and then exits, relying on the /dev/audio file
descriptor to be implicitly closed on exit.  When I run this program
repeatedly (using a shell script containing an infinite loop), the
system will lock up after some random amount of time, typically 5-60
minutes.

The sound card is an Ensoniq AudioPCI (ES1370), which uses the eap
driver.  I have reproduced the bug on two different systems, a
266 MHz AMD K6 and a 700 MHz AMD Athlon.

Here is a kernel stack trace from a system in the locked-up state.
The stack trace displayed by ddb and a remote kgdb is different in
that ddb shows a large number of --- interrupt -- and Xdoreti() frames
but kgdb does not.  Since I'm not sure of the significance of this,
I'm including both stack traces just to be sure.

ddb:

db> t
cpu_Debugger(c089ece0,c0101fe8,c7436c9c,c7520964,c089ec20) at cpu_Debugger+0x4
comintr(c08a4600) at comintr+0xf4
Xintr4() at Xintr4+0x7e
--- interrupt ---
Xdoreti() at Xdoreti
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xdoreti() at Xdoreti+0x1b
--- interrupt ---
Xspllower(c7436c9c,bb8,c0289fd8,c7436c9c) at Xspllower+0xe
bpendtsleep(c08a1458,120,c04d7e65,bb8,0) at bpendtsleep
audio_drain(c08a1400,0,c7521cb0,c02b6047) at audio_drain+0x145
audio_close(c08a1400,3,2000,c7436c9c,3) at audio_close+0x8e
audioclose(2a00,3,2000,c7436c9c,c747f7a0) at audioclose+0x5d
spec_close(c7521dec,c7521d5c,c094ac80,c7436c9c,c747de0c) at spec_close+0x16a
nfsspec_close(c7521dec,c091a000,c091a050,c04e3260,3) at nfsspec_close+0x9d
VOP_CLOSE(c747de0c,3,c094ac80,c7436c9c,c747de0c) at VOP_CLOSE+0x3b
vn_close(c747de0c,3,c094ac80,c7436c9c,0) at vn_close+0x31
vn_closefile(c7406548,c7436c9c,0,0,c73df578) at vn_closefile+0x1a
closef(c7406548,c7436c9c,c7521ef0,c027cb0e) at closef+0x1a0
fdfree(c7436c9c,c019f005,c7521f20,c027fff2,c7436d3c,2,c089ee40,c08cf000) at fdfr
ee+0x5d
exit1(c7436c9c,0,c7521f70,c73e2814,0) at exit1+0xfb
sys_exit(c7436c9c,c7521f80,c7521f78,c034e9d8) at sys_exit+0x1a
syscall_plain(1f,1f,1f,1f,0) at syscall_plain+0xa7

kgdb:

Program received signal SIGTRAP, Trace/breakpoint trap.
breakpoint () at machine/cpufunc.h:211
211     }
(gdb) where
#0  breakpoint () at machine/cpufunc.h:211
#1  0xc046039f in kgdb_connect (verbose=1)
    at /usr/src/sys/arch/i386/compile/GUITAR_KGDB_NOOPT/../../../../arch/i386/i386/kgdb_machdep.c:256
#2  0xc020b33f in comintr (arg=0xc09f5e00)
    at /usr/src/sys/arch/i386/compile/GUITAR_KGDB_NOOPT/../../../../dev/ic/com.c:2061
#3  0xc01012aa in Xintr4 ()
#4  0xc0351bcb in ltsleep (ident=0xc09b7858, priority=288, 
    wmesg=0xc0694025 "aud_dr", timo=3000, interlock=0x0)
    at /usr/src/sys/arch/i386/compile/GUITAR_KGDB_NOOPT/../../../../kern/kern_synch.c:467
#5  0xc0329553 in audio_sleep_timo (chan=0xc09b7858, 
    label=0xc0694025 "aud_dr", timo=3000)
    at /usr/src/sys/arch/i386/compile/GUITAR_KGDB_NOOPT/../../../../dev/audio.c:853
#6  0xc03255fe in audio_drain (sc=0xc09b7800)
    at /usr/src/sys/arch/i386/compile/GUITAR_KGDB_NOOPT/../../../../dev/audio.c:1063
#7  0xc03256fe in audio_close (sc=0xc09b7800, flags=3, ifmt=8192, p=0xc751fad0)
    at /usr/src/sys/arch/i386/compile/GUITAR_KGDB_NOOPT/../../../../dev/audio.c:1105
#8  0xc032481d in audioclose (dev=10752, flags=3, ifmt=8192, p=0xc751fad0)
    at /usr/src/sys/arch/i386/compile/GUITAR_KGDB_NOOPT/../../../../dev/audio.c:575
#9  0xc0396e2c in spec_close (v=0xc760fddc)
    at /usr/src/sys/arch/i386/compile/GUITAR_KGDB_NOOPT/../../../../miscfs/specfs/spec_vnops.c:660
#10 0xc02d4556 in nfsspec_close (v=0xc760fddc)
    at /usr/src/sys/arch/i386/compile/GUITAR_KGDB_NOOPT/../../../../nfs/nfs_vnops.c:3217
#11 0xc038f571 in VOP_CLOSE (vp=0xc758ef3c, fflag=3, cred=0xc0a4db00, 
    p=0xc751fad0)
    at /usr/src/sys/arch/i386/compile/GUITAR_KGDB_NOOPT/../../../../kern/vnode_if.c:293
#12 0xc038e7c3 in vn_close (vp=0xc758ef3c, flags=3, cred=0xc0a4db00, 
    p=0xc751fad0)
    at /usr/src/sys/arch/i386/compile/GUITAR_KGDB_NOOPT/../../../../kern/vfs_vnops.c:229
#13 0xc038f2c0 in vn_closefile (fp=0xc7517680, p=0xc751fad0)
    at /usr/src/sys/arch/i386/compile/GUITAR_KGDB_NOOPT/../../../../kern/vfs_vnops.c:640
#14 0xc034087c in closef (fp=0xc7517680, p=0xc751fad0)
    at /usr/src/sys/arch/i386/compile/GUITAR_KGDB_NOOPT/../../../../kern/kern_descrip.c:1112
#15 0xc0340694 in fdfree (p=0xc751fad0)
    at /usr/src/sys/arch/i386/compile/GUITAR_KGDB_NOOPT/../../../../kern/kern_descrip.c:989
#16 0xc03434c2 in exit1 (p=0xc751fad0, rv=0)
    at /usr/src/sys/arch/i386/compile/GUITAR_KGDB_NOOPT/../../../../kern/kern_exit.c:172
#17 0xc0343369 in sys_exit (p=0xc751fad0, v=0xc760ff74, retval=0xc760ff6c)
    at /usr/src/sys/arch/i386/compile/GUITAR_KGDB_NOOPT/../../../../kern/kern_exit.c:128
#18 0xc0470c61 in syscall_plain (frame={tf_gs = 31, tf_fs = 31, tf_es = 31, 
      tf_ds = 31, tf_edi = 0, tf_esi = -1, tf_ebp = -1077946012, 
      tf_ebx = 1209451124, tf_edx = 1209447392, tf_ecx = 242, tf_eax = 1, 
      tf_trapno = 3, tf_err = 2, tf_eip = 1209399435, tf_cs = 23, 
      tf_eflags = 659, tf_esp = -1077946056, tf_ss = 31, tf_vm86_es = 0, 
      tf_vm86_ds = 0, tf_vm86_fs = 0, tf_vm86_gs = 0})
    at /usr/src/sys/arch/i386/compile/GUITAR_KGDB_NOOPT/../../../../arch/i386/i386/syscall.c:140
#19 0xc0100e74 in syscall1 ()
#20 0x8048c56 in ?? ()
(gdb) 

>How-To-Repeat:

See above.  The program triggering the bug will be made available
on request.

>Fix:

Unknown.  I'm trying to debug this, but I am kind of stumped.
Any clues as to what the nested Xdoreti() frames mean would
be appreciated.
>Release-Note:
>Audit-Trail:
>Unformatted: