kern/54427: panic in audio_close

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/54427: panic in audio_close
From: coypu%sdf.org@localhost
Date: Thu, 1 Aug 2019 16:45:00 +0000 (UTC)

>Number:         54427
>Category:       kern
>Synopsis:       panic in audio_close
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Aug 01 16:45:00 +0000 2019
>Originator:     coypu
>Release:        NetBSD 8.99.47
>Organization:
>Environment:
NetBSD planets 8.99.47 NetBSD 8.99.47 (GENERIC) #2: Tue Jun 25 05:55:09 UTC 2019  fly@ns3105053:/home/fly/obj/sys/arch/amd64/compile/GENERIC amd64

>Description:
What I was doing: using bluetooth for an audio headset.

bta2dpd -a headset /dev/pad
audioplay -d /dev/sound2 sample.wav

close the connection on the headphone side.

[ 32606.423289] pad0: outputs: 44100Hz, 16-bit, stereo
[ 32606.423289] audio2 at pad0: playback
[ 32606.423289] audio2: slinear_le:16 -> slinear_le:16 2ch 44100Hz, blk 40ms for playback
[ 32606.423289] spkr3 at audio2: PC Speaker (synthesized)
[ 32606.423289] wsbell at spkr3 not configured
[ 32640.199598] spkr3: detached
[ 32640.199598] audio2: detached
[ 32640.199598] pad0: detached
[ 32640.199598] uvm_fault(0xffffffff8171e120, 0xffff888008e89000, 1) -> e
[ 32640.199598] fatal page fault in supervisor mode
[ 32640.199598] trap type 6 code 0 rip 0xffffffff809c4208 cs 0x8 rflags 0x10282 cr2 0xffff888008e89038 ilevel 0 rsp 0xffff888069373d80
[ 32640.199598] curlwp 0xffff80af3f1ef6c0 pid 7625.1 lowest kstack 0xffff8880693702c0
[ 32640.199598] panic: trap
[ 32640.199598] cpu0: Begin traceback...
[ 32640.199598] vpanic() at netbsd:vpanic+0x160
[ 32640.199598] snprintf() at netbsd:snprintf
[ 32640.199598] startlwp() at netbsd:startlwp
[ 32640.199598] alltraps() at netbsd:alltraps+0xc3
[ 32640.199598] audio_close() at netbsd:audio_close+0x21
[ 32640.199598] audioclose() at netbsd:audioclose+0x7a
[ 32640.209604] fatal page fault in supervisor mode
[ 32640.209604] trap type 6 code 0x2 rip 0xffffffff809edfc1 cs 0x8 rflags 0x10202 cr2 0xffff888008e89050 ilevel 0x8 rsp 0xffff888064f56030
[ 32640.209604] curlwp 0xffff80afca80d060 pid 0.5 lowest kstack 0xffff888064f522c0
[ 32640.209604] Skipping crash dump on recursive panic
[ 32640.209604] panic: trap
[ 32640.209604] Faulted in mid-traceback; aborting...
[ 32640.209604] rebooting...


I guess pad disappeared before audio_close happened, destroying sc->sc_lock.

(gdb) disas *(audio_close+0x21)
Dump of assembler code for function audio_close:
   0xffffffff807a5588 <+0>:	push   %rbp
   0xffffffff807a5589 <+1>:	mov    %rsp,%rbp
   0xffffffff807a558c <+4>:	push   %r14
   0xffffffff807a558e <+6>:	push   %r13
   0xffffffff807a5590 <+8>:	push   %r12
   0xffffffff807a5592 <+10>:	push   %rbx
   0xffffffff807a5593 <+11>:	sub    $0x10,%rsp
   0xffffffff807a5597 <+15>:	mov    %rdi,%rbx
   0xffffffff807a559a <+18>:	mov    %rsi,%r12
   0xffffffff807a559d <+21>:	mov    0x180(%rdi),%rdi
   0xffffffff807a55a4 <+28>:	callq  0xffffffff809c41ff <mutex_owned>
   0xffffffff807a55a9 <+33>:	test   %eax,%eax
>How-To-Repeat:

>Fix:

Follow-Ups:
- Re: kern/54427: panic in audio_close
  - From: Tetsuya Isaki

Prev by Date: Re: port-amd64/53807: ena(4) on NetBSD/amd64 8.99.28 on Amazon Web Service EC2 c5.large instance causes kernel panic
Next by Date: PR/54423 CVS commit: src/usr.sbin/sysinst
Previous by Thread: misc/54425: spurious "partitions a and b overlap" output in daily security report
Next by Thread: Re: kern/54427: panic in audio_close
Indexes:

Home | Main Index | Thread Index | Old Index