From owner-freebsd-bugs@FreeBSD.ORG Thu Jan 19 09:10:05 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B6C316A41F for ; Thu, 19 Jan 2006 09:10:05 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7221843D45 for ; Thu, 19 Jan 2006 09:10:04 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k0J9A4OS075135 for ; Thu, 19 Jan 2006 09:10:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k0J9A4v5075134; Thu, 19 Jan 2006 09:10:04 GMT (envelope-from gnats) Resent-Date: Thu, 19 Jan 2006 09:10:04 GMT Resent-Message-Id: <200601190910.k0J9A4v5075134@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, HASHI Hiroaki Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D8FEC16A41F for ; Thu, 19 Jan 2006 09:00:51 +0000 (GMT) (envelope-from hashiz@tomba.cskk-sv.co.jp) Received: from tomba.cskk-sv.co.jp (221x245x15x82.ap221.ftth.ucom.ne.jp [221.245.15.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5444643D45 for ; Thu, 19 Jan 2006 09:00:50 +0000 (GMT) (envelope-from hashiz@tomba.cskk-sv.co.jp) Received: from tomba.cskk-sv.co.jp (localhost.cskk-sv.co.jp [127.0.0.1]) by tomba.cskk-sv.co.jp (8.13.4/8.13.4) with ESMTP id k0J90nuD010023 for ; Thu, 19 Jan 2006 18:00:49 +0900 (JST) (envelope-from hashiz@tomba.cskk-sv.co.jp) Received: (from hashiz@localhost) by tomba.cskk-sv.co.jp (8.13.4/8.13.4/Submit) id k0J90ngs010022; Thu, 19 Jan 2006 18:00:49 +0900 (JST) (envelope-from hashiz) Message-Id: <200601190900.k0J90ngs010022@tomba.cskk-sv.co.jp> Date: Thu, 19 Jan 2006 18:00:49 +0900 (JST) From: HASHI Hiroaki To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: kern/91992: [sound] kernel panic at playing sound while recording. X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: HASHI Hiroaki List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jan 2006 09:10:05 -0000 >Number: 91992 >Category: kern >Synopsis: [sound] kernel panic at playing sound while recording. >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jan 19 09:10:03 GMT 2006 >Closed-Date: >Last-Modified: >Originator: HASHI Hiroaki >Release: FreeBSD 6.0-STABLE i386 >Organization: >Environment: System: FreeBSD tomba.cskk-sv.co.jp 6.0-STABLE FreeBSD 6.0-STABLE #8: Wed Jan 18 22:42:14 JST 2006 hashiz@tomba.cskk-sv.co.jp:/usr/obj/home/sources/current/src/sys/TOMBA i386 tomba% cat /dev/sndstat FreeBSD Audio Driver (newpcm) Installed devices: pcm0: at io 0xa800,0xa400,0xa000 irq 5 kld snd_solo (1p/1r/0v channels default) >Description: kernel panic at palaying sound while recoding a sound. Fatal trap 12: page fault while in kernel mode fault virtual address = 0x24 fault code = supervisor read, page not present instruction pointer = 0x20:0xc0814247 stack pointer = 0x28:0xdb00dbcc frame pointer = 0x28:0xdb00dbe4 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 966 (esd) trap number = 12 panic: page fault (kgdb) bt #0 doadump () at pcpu.h:165 #1 0xc050e4c0 in boot (howto=260) at /home/sources/current/src/sys/kern/kern_shutdown.c:399 #2 0xc050e809 in panic (fmt=0xc06f48fc "%s") at /home/sources/current/src/sys/kern/kern_shutdown.c:555 #3 0xc06d03cc in trap_fatal (frame=0xdb00db8c, eva=0) at /home/sources/current/src/sys/i386/i386/trap.c:836 #4 0xc06d00a2 in trap_pfault (frame=0xdb00db8c, usermode=0, eva=36) at /home/sources/current/src/sys/i386/i386/trap.c:744 #5 0xc06cfc5f in trap (frame= {tf_fs = -1065287672, tf_es = 40, tf_ds = 268435496, tf_edi = -620700496, tf_esi = -1019254016, tf_ebp = -620700700, tf_isp = -620700744, tf_ebx = -1019254016, tf_edx = -1013862400, tf_ecx = 0, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1065270713, tf_cs = 32, tf_eflags = 66118, tf_esp = -620700712, tf_ss = 536870912}) at /home/sources/current/src/sys/i386/i386/trap.c:434 #6 0xc06bcd8a in calltrap () at /home/sources/current/src/sys/i386/i386/exception.s:139 #7 0xc0814247 in ?? () #8 0x00000000 in ?? () #9 0xc33f6b00 in ?? () #10 0x00001000 in ?? () #11 0xdb00dc04 in ?? () #12 0xc04da65a in giant_write (dev=0xc33f6b00, uio=0x0, ioflag=0) at /home/sources/current/src/sys/kern/kern_conf.c:312 Previous frame identical to this frame (corrupt stack?) (kgdb) up #1 0xc050e4c0 in boot (howto=260) at /home/sources/current/src/sys/kern/kern_shutdown.c:399 399 doadump(); (kgdb) up #2 0xc050e809 in panic (fmt=0xc06f48fc "%s") at /home/sources/current/src/sys/kern/kern_shutdown.c:555 555 boot(bootopt); (kgdb) up #3 0xc06d03cc in trap_fatal (frame=0xdb00db8c, eva=0) at /home/sources/current/src/sys/i386/i386/trap.c:836 836 panic("%s", trap_msg[type]); (kgdb) up #4 0xc06d00a2 in trap_pfault (frame=0xdb00db8c, usermode=0, eva=36) at /home/sources/current/src/sys/i386/i386/trap.c:744 744 trap_fatal(frame, eva); (kgdb) up #5 0xc06cfc5f in trap (frame= {tf_fs = -1065287672, tf_es = 40, tf_ds = 268435496, tf_edi = -620700496, tf_esi = -1019254016, tf_ebp = -620700700, tf_isp = -620700744, tf_ebx = -1019254016, tf_edx = -1013862400, tf_ecx = 0, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1065270713, tf_cs = 32, tf_eflags = 66118, tf_esp = -620700712, tf_ss = 536870912}) at /home/sources/current/src/sys/i386/i386/trap.c:434 434 (void) trap_pfault(&frame, FALSE, eva); (kgdb) up #6 0xc06bcd8a in calltrap () at /home/sources/current/src/sys/i386/i386/exception.s:139 139 call trap Current language: auto; currently asm (kgdb) up #7 0xc0814247 in ?? () (kgdb) up #8 0x00000000 in ?? () (kgdb) up #9 0xc33f6b00 in ?? () (kgdb) up #10 0x00001000 in ?? () (kgdb) up #11 0xdb00dc04 in ?? () (kgdb) up #12 0xc04da65a in giant_write (dev=0xc33f6b00, uio=0x0, ioflag=0) at /home/sources/current/src/sys/kern/kern_conf.c:312 312 retval = dev->si_devsw->d_gianttrick-> Current language: auto; currently c (kgdb) l 307 giant_write(struct cdev *dev, struct uio *uio, int ioflag) 308 { 309 int retval; 310 311 mtx_lock(&Giant); 312 retval = dev->si_devsw->d_gianttrick-> 313 d_write(dev, uio, ioflag); 314 mtx_unlock(&Giant); 315 return (retval); 316 } (kgdb) p dev $1 = (struct cdev *) 0xc33f6b00 (kgdb) p *dev $2 = {si_priv = 0xc33f6b00, si_flags = 4, si_atime = {tv_sec = 1137608748, tv_nsec = 821400000}, si_ctime = {tv_sec = 1137608748, tv_nsec = 821400000}, si_mtime = {tv_sec = 1137608748, tv_nsec = 821400000}, si_uid = 0, si_gid = 0, si_mode = 438, si_cred = 0x0, si_drv0 = 3, si_refcount = 2, si_list = {le_next = 0x0, le_prev = 0xc33f6a38}, si_clone = {le_next = 0x0, le_prev = 0x0}, si_children = {lh_first = 0x0}, si_siblings = {le_next = 0x0, le_prev = 0x0}, si_parent = 0x0, si_name = 0xc33f6b78 "dsp0.0", si_drv1 = 0x0, si_drv2 = 0x0, si_devsw = 0xc081fce0, si_iosize_max = 65536, si_usecount = 1, si_threadcount = 1, __si_u = {__sit_tty = 0x0, __sid_snapdata = 0x0}, __si_namebuf = "dsp0.0", '\0' } (kgdb) p *dev->si_devsw $3 = {d_version = 386080773, d_flags = 2151677952, d_name = 0xc081e308 "dsp", d_open = 0xc04da130 , d_fdopen = 0, d_close = 0xc04da2d0 , d_read = 0xc04da530 , d_write = 0xc04da5f0 , d_ioctl = 0xc04da460 , d_poll = 0xc04da6b0 , d_mmap = 0xc04da830 , d_strategy = 0xc04da0e0 , d_dump = 0xc04da0a0 , d_kqfilter = 0xc04da0a0 , d_purge = 0, d_spare2 = 0, d_uid = 0, d_gid = 0, d_mode = 0, d_kind = 0x0, d_list = {le_next = 0x0, le_prev = 0x0}, d_devs = {lh_first = 0xc33f6300}, d_spare3 = 0, d_gianttrick = 0xc3388b80} (kgdb) p *dev->si_devsw->d_gianttrick $4 = {d_version = 386080773, d_flags = 4194304, d_name = 0xc081e308 "dsp", d_open = 0xc0813a00, d_fdopen = 0, d_close = 0xc0813f00, d_read = 0xc0814190, d_write = 0xc0814220, d_ioctl = 0xc08142b0, d_poll = 0xc0815de0, d_mmap = 0xc0815ea0, d_strategy = 0, d_dump = 0, d_kqfilter = 0, d_purge = 0, d_spare2 = 0, d_uid = 0, d_gid = 0, d_mode = 0, d_kind = 0x0, d_list = {le_next = 0x0, le_prev = 0x0}, d_devs = {lh_first = 0x0}, d_spare3 = 0, d_gianttrick = 0x0} (kgdb) p *dev->si_devsw->d_gianttrick->d_write $5 = {int (struct cdev *, struct uio *, int)} 0xc0814220 (kgdb) p uio $6 = (struct uio *) 0x0 (kgdb) p ioflag $7 = 0 >How-To-Repeat: sound recoding start by ffmpeg (ports/ffmpeg) ffmpeg tv.avi play sound while recoding esdplay /usr/X11R6/share/gnome/sounds/phone.wav >Fix: >Release-Note: >Audit-Trail: >Unformatted: