Date: Mon, 18 Sep 2000 12:46:35 -0700 (PDT) From: mtaira@logicaleffect.com To: freebsd-gnats-submit@FreeBSD.org Subject: kern/21363: Panic in pcm/channel.c when running RealPlayer Message-ID: <20000918194635.CA51837B423@hub.freebsd.org>
index | next in thread | raw e-mail
>Number: 21363
>Category: kern
>Synopsis: Panic in pcm/channel.c when running RealPlayer
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Sep 18 12:50:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Masanori Taira
>Release: FreeBSD 4.1-STABLE i386
>Organization:
>Environment:
FreeBSD Babylon.Babylonia 4.1-STABLE FreeBSD 4.1-STABLE #13: Sun Sep 17 13:20:42 JST 2000
taira@Babylon.Babylonia:/mntfree/usr/REL3-src/sys/compile/Babylon i386
part of dmesg:
sbc0: <Creative ViBRA16X> at port 0x220-0x22f,0x330-0x331,0x388-0x38b irq 5 drq
1,3 on isa0
sbc0: setting card to irq 5, drq 1, 3
pcm0: <SB DSP 4.16 (ViBRA16X)> on sbc0
unknown0: <Game> at port 0x201 on isa0
>Description:
Kernel panics at times when looking at movie with RealPlayer.
RealPlayer's preference "Disable 16-bit sound(use 8-bit only)" is checked.
(I don't know whether this has anything to do with the panic.)
Panic occurs at /sys/dev/sound/pcm/channel.c:buf_clear().
I think that it is a cause to do word write for byte buffer.
> p = (u_int16_t *)(b->buf + b->fp);
> while (length > 1) {
> *p++ = data;
> length -= 2;
> i += 2;
> if (i >= b->bufsize) {
> p = (u_int16_t *)b->buf;
> i = 0;
> }
> }
'b->buf' is pointer to byte buffer.
Here is the panic messages and crash dump trace:
-----
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0xc0870000
fault code = supervisor write, page not present
instruction pointer = 0x8:0xc02318cc
stack pointer = 0x10:0xc3044d2c
frame pointer = 0x10:0xc3044d34
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 639 (rvplayer)
interrupt mask = tty
trap number = 12
panic: page fault
-----
#0 boot (howto=256) at ../../kern/kern_shutdown.c:302
302 dumppcb.pcb_cr3 = rcr3();
(kgdb) where
#0 boot (howto=256) at ../../kern/kern_shutdown.c:302
#1 0xc0147fb0 in poweroff_wait (junk=0xc029e02f, howto=-1024762976)
at ../../kern/kern_shutdown.c:552
#2 0xc02645f9 in trap_fatal (frame=0xc3044cec, eva=3230072832)
at ../../i386/i386/trap.c:951
#3 0xc02642d1 in trap_pfault (frame=0xc3044cec, usermode=0, eva=3230072832)
at ../../i386/i386/trap.c:844
#4 0xc0263e8b in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16,
tf_edi = -1065829568, tf_esi = -1065829476, tf_ebp = -1023128268,
tf_isp = -1023128296, tf_ebx = 43, tf_edx = 131071, tf_ecx = 32896,
tf_eax = -1064894465, tf_trapno = 12, tf_err = 2, tf_eip = -1071441716,
tf_cs = 8, tf_eflags = 66050, tf_esp = -1065829476, tf_ss = 533})
at ../../i386/i386/trap.c:443
#5 0xc02318cc in buf_clear (b=0xc078bb9c, fmt=8, length=533)
at ../../dev/sound/pcm/channel.c:884
#6 0xc0230ef3 in chn_wrfeed (c=0xc078bb00)
at ../../dev/sound/pcm/channel.c:285
#7 0xc0230ffe in chn_wrfeed2nd (c=0xc078bb00, buf=0xc3044edc)
at ../../dev/sound/pcm/channel.c:336
#8 0xc02311b2 in chn_write (c=0xc078bb00, buf=0xc3044edc)
at ../../dev/sound/pcm/channel.c:476
#9 0xc0232544 in dsp_write (d=0xc0792400, chan=0, buf=0xc3044edc,
flag=8323089) at ../../dev/sound/pcm/dsp.c:197
#10 0xc02344d9 in sndwrite (i_dev=0xc0794a00, buf=0xc3044edc, flag=8323089)
at ../../dev/sound/pcm/sound.c:359
#11 0xc017d0cd in spec_write (ap=0xc3044e6c)
at ../../miscfs/specfs/spec_vnops.c:281
#12 0xc020f950 in ufsspec_write (ap=0xc3044e6c)
at ../../ufs/ufs/ufs_vnops.c:1855
#13 0xc020fe05 in ufs_vnoperatespec (ap=0xc3044e6c)
at ../../ufs/ufs/ufs_vnops.c:2303
#14 0xc01795d8 in vn_write (fp=0xc083ab00, uio=0xc3044edc, cred=0xc084db00,
flags=0, p=0xc2eb5ba0) at vnode_if.h:363
#15 0xc01553e5 in dofilewrite (p=0xc2eb5ba0, fp=0xc083ab00, fd=5,
buf=0x81a13ac, nbyte=533, offset=-1, flags=0) at ../../sys/file.h:159
#16 0xc01552cb in write (p=0xc2eb5ba0, uap=0xc3044f80)
at ../../kern/sys_generic.c:310
#17 0xc02648a5 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47,
tf_edi = 135926584, tf_esi = 533, tf_ebp = -1077939908,
tf_isp = -1023127596, tf_ebx = 5, tf_edx = 533, tf_ecx = 135926700,
tf_eax = 4, tf_trapno = 0, tf_err = 2, tf_eip = 674101540, tf_cs = 31,
tf_eflags = 518, tf_esp = -1077939912, tf_ss = 47})
at ../../i386/i386/trap.c:1150
#18 0xc02591b5 in Xint0x80_syscall ()
>How-To-Repeat:
Run RealPlayer.
(However, a panic does not always occur.)
RealPlayer's preference "Disable 16-bit sound(use 8-bit only)" is checked.
(I don't know whether this has anything to do with the panic.)
>Fix:
I did patch as follows temporarily.
*** /sys/dev/sound/pcm/channel.c Sun Aug 27 00:23:43 2000
--- channel.c Tue Sep 19 04:31:09 2000
***************
*** 882,890 ****
i = b->fp;
p = (u_int16_t *)(b->buf + b->fp);
while (length > 1) {
! *p++ = data;
! length -= 2;
! i += 2;
if (i >= b->bufsize) {
p = (u_int16_t *)b->buf;
i = 0;
--- 882,898 ----
i = b->fp;
p = (u_int16_t *)(b->buf + b->fp);
while (length > 1) {
! if (i+2 > b->bufsize) {
! *(u_int8_t *)p = (u_int8_t)data;
! p = (u_int16_t *)b->buf;
! *((u_int8_t *)p)++ = (u_int8_t)(data>>8);
! length -= 2;
! i = 1;
! } else {
! *p++ = data;
! length -= 2;
! i += 2;
! }
if (i >= b->bufsize) {
p = (u_int16_t *)b->buf;
i = 0;
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000918194635.CA51837B423>