snd_hda: fix "duplicated free" on module unloading
This is trivial fix of hdacc_detach to avoid duplicated free on snd_hda
unloading.
The first try of detaching (kldunload) may results into "device busy" error,
but codec->fgs is freed by detach. Second try attempts to free codec->fgs again
and system panicks.
Here is example:
pcm0: unregister: channel pcm0:virtual:dsp0.vp0 busy (pid 3428)
pulseaudio[3428] [oss] module-oss.c: DSP shutdown.
pcm0: detached
hdaa0: detached
panic: Duplicate free of 0xfffff80412ee7d20 from zone 0xfffffe006bc0ba00
(malloc-32) slab 0xfffff80412ee7fc8(105)
cpuid = 6
time =
1712999565
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0202f859e0
vpanic() at vpanic+0x135/frame 0xfffffe0202f85b10
panic() at panic+0x43/frame 0xfffffe0202f85b70
uma_dbg_free() at uma_dbg_free+0x105/frame 0xfffffe0202f85b90
uma_zfree_arg() at uma_zfree_arg+0x95/frame 0xfffffe0202f85be0
free() at free+0xa1/frame 0xfffffe0202f85c20
hdacc_detach() at hdacc_detach+0x2f/frame 0xfffffe0202f85c40
device_detach() at device_detach+0x197/frame 0xfffffe0202f85c80
devclass_driver_deleted() at devclass_driver_deleted+0x66/frame 0xfffffe0202f85c
devclass_delete_driver() at devclass_delete_driver+0x81/frame 0xfffffe0202f85d00
driver_module_handler() at driver_module_handler+0xff/frame 0xfffffe0202f85d50
module_unload() at module_unload+0x32/frame 0xfffffe0202f85d70
linker_file_unload() at linker_file_unload+0x1eb/frame 0xfffffe0202f85db0
kern_kldunload() at kern_kldunload+0x18e/frame 0xfffffe0202f85e00
amd64_syscall() at amd64_syscall+0x153/frame 0xfffffe0202f85f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0202f85f30
MFC after: 3 days
Reviewed by: markj, christos
Differential Revision: https://reviews.freebsd.org/D44778
Sponsored by: Postgres Professional
projects / FreeBSD / FreeBSD.git / commit