On 06/23/14 04:46, Alexander Kabaev wrote: > On Mon, 23 Jun 2014 06:04:20 +0400 > Andrey Chernov <ache_at_freebsd.org> wrote: > >> Always happens at shutdown after all buffers are synced, see >> screenshot: http://i.imgur.com/8WXTMPj.png >> >> -- >> http://ache.vniz.net/ > > Hi Andrey, > > there's not to much to go on from the screenshoot alone and one would > expect more details on the crash from people with your experience :) > > Please provide us with the information on the actual audio hardware > you are using, preferably in form of a dmesg output. This revision is > your culpit: > http://svnweb.freebsd.org/changeset/base/267581 and I have strong > suspicion that restoring the NULL check on dmatag in the chunk below > will cure your crash. > Backtrace here: > usbconfig -d 0.4 reset > uaudio0: at uhub1, port 2, addr 4 (disconnected) > > vm_fault(0xc0661400, 0, 1, 0) -> 1 > Fatal kernel mode data abort: 'Translation Fault (P)' > trapframe: 0xd28b8b58 > FSR=00000017, FAR=0000002c, spsr=60000113 > r0 =00000000, r1 =c1b35000, r2 =00000000, r3 =00000000 > r4 =c1a24000, r5 =00000000, r6 =c1b3338c, r7 =c172e150 > r8 =c1b35000, r9 =00000000, r10=c162a400, r11=d28b8bd0 > r12=c1bc9ad4, ssp=d28b8ba8, slr=c1b9855c, pc =c048fa3c > > [ thread pid 14 tid 100037 ] > Stopped at bus_dmamem_free+0x10: ldr r0, [r9, #0x02c] > db> bt > Tracing pid 14 tid 100037 td 0xc1712960 > db_trace_self() at db_trace_self > pc = 0xc0492958 lr = 0xc0130f38 (db_stack_trace+0xf4) > sp = 0xd28b8860 fp = 0xd28b8878 > r10 = 0xc0660180 > db_stack_trace() at db_stack_trace+0xf4 > pc = 0xc0130f38 lr = 0xc01308a8 (db_command+0x270) > sp = 0xd28b8880 fp = 0xd28b8920 > r4 = 0x00000000 r5 = 0x00000000 > r6 = 0x00000000 > db_command() at db_command+0x270 > pc = 0xc01308a8 lr = 0xc013060c (db_command_loop+0x60) > sp = 0xd28b8928 fp = 0xd28b8938 > r4 = 0xc04d2192 r5 = 0xc04ec76c > r6 = 0xc066016c r7 = 0xc058b540 > r8 = 0xc0656294 r9 = 0xc0656290 > r10 = 0x00000001 > db_command_loop() at db_command_loop+0x60 > pc = 0xc013060c lr = 0xc0132fd4 (db_trap+0xd8) > sp = 0xd28b8940 fp = 0xd28b8a60 > r4 = 0x00000000 r5 = 0xc0660178 > r6 = 0xc06562c0 > db_trap() at db_trap+0xd8 > pc = 0xc0132fd4 lr = 0xc028efbc (kdb_trap+0xbc) > sp = 0xd28b8a68 fp = 0xd28b8a88 > r4 = 0x00000000 r5 = 0x00000017 > r6 = 0xc06562c0 r7 = 0xc058b540 > kdb_trap() at kdb_trap+0xbc > pc = 0xc028efbc lr = 0xc04a5194 (dab_fatal+0x174) > sp = 0xd28b8a90 fp = 0xd28b8aa8 > r4 = 0xd28b8b58 r5 = 0x00000017 > r6 = 0x600001d3 r7 = 0x0000002c > r8 = 0xd28b8b58 r9 = 0x00000013 > r10 = 0x00000001 > dab_fatal() at dab_fatal+0x174 > pc = 0xc04a5194 lr = 0xc04a4f4c (data_abort_handler+0x3e8) > sp = 0xd28b8ab0 fp = 0xd28b8b50 > r4 = 0xc16be3cc r5 = 0xc1712960 > r6 = 0xd28b8eb0 r7 = 0x00000000 > data_abort_handler() at data_abort_handler+0x3e8 > pc = 0xc04a4f4c lr = 0xc04944d4 (exception_exit) > sp = 0xd28b8b58 fp = 0xd28b8bd0 > r4 = 0xc1a24000 r5 = 0x00000000 > r6 = 0xc1b3338c r7 = 0xc172e150 > r8 = 0xc1b35000 r9 = 0x00000000 > r10 = 0xc162a400 > exception_exit() at exception_exit > pc = 0xc04944d4 lr = 0xc1b9855c (sndbuf_free+0x80) > sp = 0xd28b8ba8 fp = 0xd28b8bd0 > r0 = 0x00000000 r1 = 0xc1b35000 > r2 = 0x00000000 r3 = 0x00000000 > r4 = 0xc1a24000 r5 = 0x00000000 > r6 = 0xc1b3338c r7 = 0xc172e150 > r8 = 0xc1b35000 r9 = 0x00000000 > r10 = 0xc162a400 r12 = 0xc1bc9ad4 > bus_dmamem_free() at bus_dmamem_free+0x10 > pc = 0xc048fa3c lr = 0xc1b984c4 (sndbuf_destroy+0x14) > sp = 0xd28b8bd8 fp = 0xd28b8be0 > r4 = 0xc162ae00 r5 = 0xc1a24000 > r6 = 0xd28b8bd0 r7 = 0xc1b9855c > r8 = 0x00000000 r9 = 0xc1a24000 > Unknown entry: 0 > sndbuf_destroy() at sndbuf_destroy+0x14 > pc = 0xc1b984c4 lr = 0xc1b984c4 (sndbuf_destroy+0x14) > sp = 0xd28b8bd8 fp = 0xd28b8be0 > Unable to unwind into user mode Please fix ASAP. Should be trivial to reproduce. Possibly a double free. In case of USB audio sndbuf_destroy() should not free any bus dmamem or know about busdma, because all of this is done by the USB stack! --HPSReceived on Mon Jun 23 2014 - 01:16:52 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:50 UTC
