* 2.6.17-rc1: Oops in sound applications
@ 2006-04-03 21:01 Ken Moffat
2006-04-04 13:38 ` Slab corruptions & " Jan Niehusmann
0 siblings, 1 reply; 17+ messages in thread
From: Ken Moffat @ 2006-04-03 21:01 UTC (permalink / raw)
To: linux-kernel; +Cc: alsa-devel
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: TEXT/PLAIN; charset=X-UNKNOWN, Size: 22262 bytes --]
1. One line summary:
On x86, sound applications oops when I refresh the browser.
2. Full description:
I'm seeing oopses from the sound applications (audacious, also a
realplayer binary) when I open firefox or refresh a tab. At first,
I didn't realise it was the browser, so I spent some time just
playing sound without problems. Then I happened to refresh the
current tab in firefox and it happened again. After rebooting, it
is trivially easy to cause by starting to play a sound file and then
opening firefox or refreshing an open tab.
Remaining data follows, config is attached.
Ken
3. Keywords: alsa snd_via82xxx
4. Kernel Version: 2.6.17-rc1
5. Most recent version without the bug: 2.6.16.1
6. Oops message:
This is the latest, I rebooted after each previous oops.
Apr 3 21:14:26 ac30 kernel: BUG: unable to handle kernel NULL pointer dereference at virtual address 00000098
Apr 3 21:14:26 ac30 kernel: printing eip:
Apr 3 21:14:26 ac30 kernel: c02c627c
Apr 3 21:14:26 ac30 kernel: *pde = 00000000
Apr 3 21:14:26 ac30 kernel: Oops: 0000 [#1]
Apr 3 21:14:26 ac30 kernel: Modules linked in: via_velocity crc_ccitt
Apr 3 21:14:26 ac30 kernel: CPU: 0
Apr 3 21:14:26 ac30 kernel: EIP: 0060:[<c02c627c>] Not tainted VLI
Apr 3 21:14:26 ac30 kernel: EFLAGS: 00010046 (2.6.17-rc1 #1)
Apr 3 21:14:26 ac30 kernel: EIP is at snd_pcm_oss_poll+0x4e/0x192
Apr 3 21:14:26 ac30 kernel: eax: f4ef1201 ebx: c1a92480 ecx: 000000a4 edx: c02c6200
Apr 3 21:14:26 ac30 kernel: esi: 00000000 edi: 00000000 ebp: 00000000 esp: f4e54b5c
Apr 3 21:14:26 ac30 kernel: ds: 007b es: 007b ss: 0068
Apr 3 21:14:26 ac30 kernel: Process audacious (pid: 3105, threadinfo=f4e54000 task=f4e9a030)
Apr 3 21:14:26 ac30 kernel: Stack: <0>f4ef12c0 00000000 ffff537e 00000000 00200200 00000000 f351e240 00000009
Apr 3 21:14:26 ac30 kernel: 00000200 c0150883 f351e240 00000000 ffccddec 00000000 f4e54e58 f4e54e5c
Apr 3 21:14:26 ac30 kernel: f4e54e60 f4e54e50 f4e54e54 f4e54e58 00000000 00000200 00000000 00000200
Apr 3 21:14:26 ac30 kernel: Call Trace:
Apr 3 21:14:26 ac30 kernel: <c0150883> do_select+0x268/0x41e <c0150564> __pollwait+0x0/0xb7
Apr 3 21:14:26 ac30 kernel: <c01109a4> default_wake_function+0x0/0x15 <c010426e> do_IRQ+0x48/0x50
Apr 3 21:14:26 ac30 kernel: <c0102b82> common_interrupt+0x1a/0x20 <c010a7e1> delay_pmtmr+0xd/0x15
Apr 3 21:14:26 ac30 kernel: <c02d7d5f> snd_via82xx_codec_read+0xe1/0xf2 <c010426e> do_IRQ+0x48/0x50
Apr 3 21:14:26 ac30 kernel: <c0102b82> common_interrupt+0x1a/0x20 <c02d7d88> snd_via82xx_codec_ready+0x18/0x53
Apr 3 21:14:26 ac30 kernel: <c02bdbb6> snd_pcm_update_hw_ptr+0x14d/0x15b <c02ba828> snd_pcm_common_ioctl1+0x7d8/0xc9d
Apr 3 21:14:26 ac30 kernel: <c033c54c> __mutex_unlock_slowpath+0x10d/0x134 <c02bacb7> snd_pcm_common_ioctl1+0xc67/0xc9d
Apr 3 21:14:26 ac30 kernel: <c0150c1c> core_sys_select+0x1e3/0x2ac <c010426e> do_IRQ+0x48/0x50
Apr 3 21:14:26 ac30 kernel: <c01d8503> copy_from_user+0x3c/0x6e <c02bc069> snd_pcm_lib_write_transfer+0x5b/0x70
Apr 3 21:14:26 ac30 kernel: <c02be241> snd_pcm_lib_write1+0x284/0x37d <c02bb38f> snd_pcm_playback_ioctl1+0x33f/0x355
Apr 3 21:14:26 ac30 kernel: <c01d8721> copy_to_user+0x3c/0x57 <c02c71eb> snd_pcm_oss_ioctl+0x8dc/0x995
Apr 3 21:14:26 ac30 kernel: <c0150fd6> sys_select+0x9a/0x164 <c01500b9> sys_ioctl+0x2b/0x46
Apr 3 21:14:26 ac30 kernel: <c010294f> sysenter_past_esp+0x54/0x75
Apr 3 21:14:26 ac30 kernel: Code: db 0f 84 9e 00 00 00 8b 7b 5c 85 ed 0f 95 c2 89 f9 81 c1 a4 00 00 00 0f 95 c0 84 d0 74 0c 55 51 ff 74 24 30 ff 55 00 83 c4 0c fa <8b> 97 98 00 00 00 8b 02 83 f8 05 74 5a 8b 02 83 f8 03 75 5d 8b
7. How to trigger: play sound, then open or refresh firefox.
8. Environment:
ken@ac30 ~ $cat ver_linux
If some fields are empty or look unusual you may have an old version.
Compare to the current minimal requirements in Documentation/Changes.
Linux ac30 2.6.17-rc1 #1 Mon Apr 3 17:58:39 BST 2006 i686 athlon-4 i386 GNU/Linux
Gnu C 4.0.3
Gnu make 3.80
binutils 2.16.1
util-linux 2.12r
mount 2.12r
module-init-tools 3.2.2
e2fsprogs 1.38
reiserfsprogs line
reiser4progs line
Linux C Library 2.3.6
Dynamic linker (ldd) 2.3.6
Linux C++ Library 6.0.7
Procps 3.2.6
Kbd 1.12
Sh-utils 5.94
udev 088
Modules Loaded via_velocity crc_ccitt
ken@ac30 ~ $cat /proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 15
model : 39
model name : AMD Athlon(tm) 64 Processor 4000+
stepping : 1
cpu MHz : 2451.950
cache size : 1024 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt lm 3dnowext 3dnow up pni lahf_lm ts fid vid ttp tm stc
bogomips : 4909.80
ken@ac30 ~ $cat /proc/modules
via_velocity 25632 - - Live 0xf98e7000
crc_ccitt 1592 - - Live 0xf8874000
ken@ac30 ~ $cat /proc/ioports
0000-001f : dma1
0020-0021 : pic1
0040-0043 : timer0
0050-0053 : timer1
0060-006f : keyboard
0070-0077 : rtc
0080-008f : dma page reg
00a0-00a1 : pic2
00c0-00df : dma2
00f0-00ff : fpu
0170-0177 : ide1
0376-0376 : ide1
03c0-03df : vga+
03f8-03ff : serial
4000-407f : motherboard
4000-4003 : PM1a_EVT_BLK
4004-4005 : PM1a_CNT_BLK
4008-400b : PM_TMR
4020-4023 : GPE0_BLK
5000-500f : motherboard
a000-afff : PCI Bus #01
a000-a0ff : 0000:01:00.0
b000-b07f : 0000:00:07.0
b400-b4ff : 0000:00:0e.0
b400-b4ff : via-velocity
b800-b807 : 0000:00:0f.0
b800-b807 : sata_via
bc00-bc03 : 0000:00:0f.0
bc00-bc03 : sata_via
c000-c007 : 0000:00:0f.0
c000-c007 : sata_via
c400-c403 : 0000:00:0f.0
c400-c403 : sata_via
c800-c80f : 0000:00:0f.0
c800-c80f : sata_via
cc00-ccff : 0000:00:0f.0
cc00-ccff : sata_via
d000-d00f : 0000:00:0f.1
d000-d007 : ide0
d008-d00f : ide1
d400-d41f : 0000:00:10.0
d400-d41f : uhci_hcd
d800-d81f : 0000:00:10.1
d800-d81f : uhci_hcd
dc00-dc1f : 0000:00:10.2
dc00-dc1f : uhci_hcd
e000-e01f : 0000:00:10.3
e000-e01f : uhci_hcd
e400-e4ff : 0000:00:11.5
e400-e4ff : VIA8237
ken@ac30 ~ $cat /proc/iomem
00000000-0009efff : System RAM
0009f000-0009ffff : reserved
000a0000-000bffff : Video RAM area
000c0000-000cbfff : Video ROM
000f0000-000fffff : System ROM
00100000-3ffeffff : System RAM
00100000-0033db90 : Kernel code
0033db91-0041229f : Kernel data
3fff0000-3fff2fff : ACPI Non-volatile Storage
3fff3000-3fffffff : ACPI Tables
50000000-5001ffff : 0000:00:0e.0
e8000000-efffffff : 0000:00:00.0
e8000000-efffffff : aperture
f0000000-f7ffffff : PCI Bus #01
f0000000-f7ffffff : 0000:01:00.0
f0000000-f7ffffff : radeonfb framebuffer
f8000000-f80fffff : PCI Bus #01
f8000000-f801ffff : 0000:01:00.0
f8020000-f802ffff : 0000:01:00.0
f8020000-f802ffff : radeonfb mmio
f8120000-f81200ff : 0000:00:0e.0
f8120000-f81200ff : via-velocity
f8121000-f81217ff : 0000:00:07.0
f8121000-f81217ff : ohci1394
f8122000-f81220ff : 0000:00:10.4
f8122000-f81220ff : ehci_hcd
fec00000-fec00fff : reserved
fee00000-fee00fff : reserved
ffff0000-ffffffff : reserved
ken@ac30 ~ $cat /proc/scsi/scsi
Attached devices:
Host: scsi0 Channel: 00 Id: 00 Lun: 00
Vendor: ATA Model: WDC WD740GD-00FL Rev: 33.0
Type: Direct-Access ANSI SCSI revision: 05
output from lspci:
00:00.0 Host bridge: VIA Technologies, Inc. K8T800Pro Host Bridge
Subsystem: ABIT Computer Corp. Unknown device 1415
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap+ 66MHz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort+ >SERR- <PERR+
Latency: 8
Region 0: Memory at e8000000 (32-bit, prefetchable) [size=128M]
Capabilities: [80] AGP version 3.0
Status: RQ=32 Iso- ArqSz=0 Cal=0 SBA+ ITACoh- GART64- HTrans- 64bit- FW+ AGP3- Rate=x1,x2,x4
Command: RQ=1 ArqSz=0 Cal=0 SBA+ AGP+ GART64- 64bit- FW- Rate=x1
Capabilities: [50] Power Management version 2
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [60] HyperTransport: Slave or Primary Interface
!!! Possibly incomplete decoding
Command: BaseUnitID=0 UnitCnt=3 MastHost- DefDir-
Link Control 0: CFlE- CST- CFE- <LkFail- Init+ EOC- TXO- <CRCErr=0
Link Config 0: MLWI=16bit MLWO=16bit LWI=16bit LWO=16bit
Link Control 1: CFlE- CST- CFE- <LkFail+ Init- EOC+ TXO+ <CRCErr=0
Link Config 1: MLWI=8bit MLWO=8bit LWI=8bit LWO=8bit
Revision ID: 1.02
Capabilities: [58] HyperTransport: Interrupt Discovery and Configuration
00:00.1 Host bridge: VIA Technologies, Inc. K8T800Pro Host Bridge
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 0
00:00.2 Host bridge: VIA Technologies, Inc. K8T800Pro Host Bridge
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 0
00:00.3 Host bridge: VIA Technologies, Inc. K8T800Pro Host Bridge
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 0
00:00.4 Host bridge: VIA Technologies, Inc. K8T800Pro Host Bridge
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 0
00:00.7 Host bridge: VIA Technologies, Inc. K8T800Pro Host Bridge
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 0
00:01.0 PCI bridge: VIA Technologies, Inc. VT8237 PCI bridge [K8T800/K8T890 South] (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66MHz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 0
Bus: primary=00, secondary=01, subordinate=01, sec-latency=0
I/O behind bridge: 0000a000-0000afff
Memory behind bridge: f8000000-f80fffff
Prefetchable memory behind bridge: f0000000-f7ffffff
Secondary status: 66MHz+ FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA+ VGA+ MAbort- >Reset- FastB2B-
Capabilities: [80] Power Management version 2
Flags: PMEClk- DSI- D1+ D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:07.0 FireWire (IEEE 1394): VIA Technologies, Inc. IEEE 1394 Host Controller (rev 46) (prog-if 10 [OHCI])
Subsystem: ABIT Computer Corp. Unknown device 1415
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 32 (8000ns max)
Interrupt: pin A routed to IRQ 10
Region 0: Memory at f8121000 (32-bit, non-prefetchable) [size=2K]
Region 1: I/O ports at b000 [size=128]
Capabilities: [50] Power Management version 2
Flags: PMEClk- DSI- D1- D2+ AuxCurrent=0mA PME(D0-,D1-,D2+,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:0e.0 Ethernet controller: VIA Technologies, Inc. VT6120/VT6121/VT6122 Gigabit Ethernet Adapter (rev 11)
Subsystem: ABIT Computer Corp. Unknown device 1415
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap+ 66MHz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 32 (750ns min, 2000ns max)
Interrupt: pin A routed to IRQ 10
Region 0: I/O ports at b400 [size=256]
Region 1: Memory at f8120000 (32-bit, non-prefetchable) [size=256]
[virtual] Expansion ROM at 50000000 [disabled] [size=128K]
Capabilities: [50] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA PME(D0+,D1+,D2+,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:0f.0 RAID bus controller: VIA Technologies, Inc. VIA VT6420 SATA RAID Controller (rev 80)
Subsystem: ABIT Computer Corp. Unknown device 1415
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 32
Interrupt: pin B routed to IRQ 11
Region 0: I/O ports at b800 [size=8]
Region 1: I/O ports at bc00 [size=4]
Region 2: I/O ports at c000 [size=8]
Region 3: I/O ports at c400 [size=4]
Region 4: I/O ports at c800 [size=16]
Region 5: I/O ports at cc00 [size=256]
Capabilities: [c0] Power Management version 2
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:0f.1 IDE interface: VIA Technologies, Inc. VT82C586A/B/VT82C686/A/B/VT823x/A/C PIPC Bus Master IDE (rev 06) (prog-if 8a [Master SecP PriP])
Subsystem: ABIT Computer Corp. Unknown device 1415
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 32
Interrupt: pin A routed to IRQ 11
Region 4: I/O ports at d000 [size=16]
Capabilities: [c0] Power Management version 2
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:10.0 USB Controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev 81) (prog-if 00 [UHCI])
Subsystem: ABIT Computer Corp. Unknown device 1415
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 32
Interrupt: pin A routed to IRQ 11
Region 4: I/O ports at d400 [size=32]
Capabilities: [80] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=375mA PME(D0+,D1+,D2+,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:10.1 USB Controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev 81) (prog-if 00 [UHCI])
Subsystem: ABIT Computer Corp. Unknown device 1415
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 32
Interrupt: pin A routed to IRQ 11
Region 4: I/O ports at d800 [size=32]
Capabilities: [80] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=375mA PME(D0+,D1+,D2+,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:10.2 USB Controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev 81) (prog-if 00 [UHCI])
Subsystem: ABIT Computer Corp. Unknown device 1415
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 32
Interrupt: pin B routed to IRQ 11
Region 4: I/O ports at dc00 [size=32]
Capabilities: [80] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=375mA PME(D0+,D1+,D2+,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:10.3 USB Controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev 81) (prog-if 00 [UHCI])
Subsystem: ABIT Computer Corp. Unknown device 1415
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 32
Interrupt: pin B routed to IRQ 11
Region 4: I/O ports at e000 [size=32]
Capabilities: [80] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=375mA PME(D0+,D1+,D2+,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:10.4 USB Controller: VIA Technologies, Inc. USB 2.0 (rev 86) (prog-if 20 [EHCI])
Subsystem: ABIT Computer Corp. Unknown device 1415
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 32, Cache Line Size 10
Interrupt: pin C routed to IRQ 11
Region 0: Memory at f8122000 (32-bit, non-prefetchable) [size=256]
Capabilities: [80] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=375mA PME(D0+,D1+,D2+,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:11.0 ISA bridge: VIA Technologies, Inc. VT8237 ISA bridge [KT600/K8T800/K8T890 South]
Subsystem: ABIT Computer Corp. Unknown device 1415
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping+ SERR- FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 0
Capabilities: [c0] Power Management version 2
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:11.5 Multimedia audio controller: VIA Technologies, Inc. VT8233/A/8235/8237 AC97 Audio Controller (rev 60)
Subsystem: ABIT Computer Corp. Unknown device 1415
Control: I/O+ Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Interrupt: pin C routed to IRQ 11
Region 0: I/O ports at e400 [size=256]
Capabilities: [c0] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:18.0 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] HyperTransport Technology Configuration
Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Capabilities: [80] HyperTransport: Host or Secondary Interface
!!! Possibly incomplete decoding
Command: WarmRst+ DblEnd-
Link Control: CFlE- CST- CFE- <LkFail- Init+ EOC- TXO- <CRCErr=0
Link Config: MLWI=16bit MLWO=16bit LWI=16bit LWO=16bit
Revision ID: 1.02
00:18.1 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Address Map
Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR-
00:18.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Controller
Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR-
00:18.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscellaneous Control
Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR-
01:00.0 VGA compatible controller: ATI Technologies Inc Radeon RV200 QW [Radeon 7500] (prog-if 00 [VGA])
Subsystem: Hightech Information System Ltd. Unknown device 0207
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping+ SERR- FastB2B-
Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 32 (2000ns min)
Interrupt: pin A routed to IRQ 11
Region 0: Memory at f0000000 (32-bit, prefetchable) [size=128M]
Region 1: I/O ports at a000 [size=256]
Region 2: Memory at f8020000 (32-bit, non-prefetchable) [size=64K]
[virtual] Expansion ROM at f8000000 [disabled] [size=128K]
Capabilities: [58] AGP version 2.0
Status: RQ=48 Iso- ArqSz=0 Cal=0 SBA+ ITACoh- GART64- HTrans- 64bit- FW- AGP3- Rate=x1,x2,x4
Command: RQ=32 ArqSz=0 Cal=0 SBA+ AGP+ GART64- 64bit- FW- Rate=x1
Capabilities: [50] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
--
das eine Mal als Tragödie, das andere Mal als Farce
[-- Attachment #2: Type: APPLICATION/octet-stream, Size: 7708 bytes --]
^ permalink raw reply [flat|nested] 17+ messages in thread
* Slab corruptions & Re: 2.6.17-rc1: Oops in sound applications
2006-04-03 21:01 2.6.17-rc1: Oops in sound applications Ken Moffat
@ 2006-04-04 13:38 ` Jan Niehusmann
2006-04-04 15:56 ` [Alsa-devel] " Takashi Iwai
0 siblings, 1 reply; 17+ messages in thread
From: Jan Niehusmann @ 2006-04-04 13:38 UTC (permalink / raw)
To: Ken Moffat; +Cc: linux-kernel, alsa-devel
On Mon, Apr 03, 2006 at 10:01:08PM +0100, Ken Moffat wrote:
> 1. One line summary:
>
> On x86, sound applications oops when I refresh the browser.
I also see Oopses which seem to be sound related, although I did
not notice a correllation with the browser. The oopses below are from
2.6.17-rc1 with additional ipw2200 patches (first one), and from a clean
2.6.17 (second one). The -dirty suffix in the version numbers comes from
compiling with make-kpkg, not from actual changes to the source.
Please also note the slab corruptions mentioned below.
Apr 3 18:14:04 knautsch kernel: [17179569.184000] Linux version 2.6.17-rc1-g336da66c-dirty (root@knautsch) (gcc version 4.0.3 (Debian 4.0.3-1)) #2 Mon Apr 3 09:52:19 CEST 2006
[^^ here the clock was wrong, this should be 16:00 - this has been
corrected before the following lines were printed]
[...]
Apr 3 16:49:55 knautsch kernel: [17181753.596000] BUG: unable to handle kernel NULL pointer dereference at virtual address 0000005c
Apr 3 16:49:55 knautsch kernel: [17181753.596000] printing eip:
Apr 3 16:49:55 knautsch kernel: [17181753.596000] e05275fd
Apr 3 16:49:55 knautsch kernel: [17181753.596000] *pde = 00000000
Apr 3 16:49:55 knautsch kernel: [17181753.596000] Oops: 0000 [#1]
Apr 3 16:49:55 knautsch kernel: [17181753.596000] Modules linked in: tun lp i915 drm ipv6 rfcomm l2cap bluetooth thermal processor fan button battery asus_acpi ac usb_storage usbmouse sbp2 usbkbd autofs4 af_packet nls_iso8859_1 nls_cp437 8250_pci 8250 serial_core cm4000_cs usbhid eth1394 pcmcia joydev nsc_ircc pcspkr irda snd_intel8x0m snd_pcm_oss snd_mixer_oss snd_intel8x0 snd_ac97_codec snd_ac97_bus ipw2200 evdev crc_ccitt ohci1394 ieee1394 parport_pc parport 8139too mii rtc yenta_socket rsrc_nonstatic pcmcia_core ieee80211 ieee80211_crypt snd_pcm snd_timer firmware_class snd ehci_hcd soundcore snd_page_alloc uhci_hcd usbcore intel_agp agpgart
Apr 3 16:49:55 knautsch kernel: [17181753.596000] CPU: 0
Apr 3 16:49:55 knautsch kernel: [17181753.596000] EIP: 0060:[pg0+537753085/1069212672] Not tainted VLI
Apr 3 16:49:55 knautsch kernel: [17181753.596000] EFLAGS: 00010246 (2.6.17-rc1-g336da66c-dirty #2)
Apr 3 16:49:55 knautsch kernel: [17181753.596000] EIP is at snd_pcm_oss_get_formats+0x1d/0xe0 [snd_pcm_oss]
Apr 3 16:49:55 knautsch kernel: [17181753.596000] eax: 00000000 ebx: d89b28fc ecx: 8004500b edx: 00000000
Apr 3 16:49:55 knautsch kernel: [17181753.596000] esi: 8004500b edi: cab671f4 ebp: ca31e000 esp: ca31eee8
Apr 3 16:49:55 knautsch kernel: [17181753.596000] ds: 007b es: 007b ss: 0068
Apr 3 16:49:55 knautsch kernel: [17181753.596000] Process soffice.bin (pid: 22759, threadinfo=ca31e000 task=c7081550)
Apr 3 16:49:55 knautsch kernel: [17181753.596000] Stack: <0>ca31ef2c c0161cb0 c0158025 d89b2940 de4fda4c c1460f28 deea13c4 00000001
Apr 3 16:49:55 knautsch kernel: [17181753.596000] 00000000 ca31ef2c 00000000 d89b28fc 8004500b cab671f4 e052822d 6b000000
Apr 3 16:49:55 knautsch kernel: [17181753.596000] ca31ef2c ded02000 fffffffe c1456bc0 ded02000 c0153f75 00000101 00000001
Apr 3 16:49:55 knautsch kernel: [17181753.596000] Call Trace:
Apr 3 16:49:55 knautsch kernel: [17181753.596000] <c0161cb0> chrdev_open+0x0/0x170 <c0158025> __dentry_open+0xe5/0x220
Apr 3 16:49:55 knautsch kernel: [17181753.596000] <e052822d> snd_pcm_oss_ioctl+0x50d/0xb00 [snd_pcm_oss] <c0153f75> cache_free_debugcheck+0x195/0x2b0
Apr 3 16:49:55 knautsch kernel: [17181753.596000] <c016b23a> do_ioctl+0x2a/0x80 <c016b2e2> vfs_ioctl+0x52/0x2b0
Apr 3 16:49:55 knautsch kernel: [17181753.596000] <c0158364> do_sys_open+0xd4/0x100 <c016b585> sys_ioctl+0x45/0x70
Apr 3 16:49:55 knautsch kernel: [17181753.596000] <c0102e97> syscall_call+0x7/0xb
Apr 3 16:49:55 knautsch kernel: [17181753.596000] Code: 00 00 00 76 c6 5b b8 ea ff ff ff 5e c3 90 57 56 53 83 ec 2c 8d 54 24 28 e8 d1 fe ff ff 85 c0 89 c2 0f 88 b4 00 00 00 8b 54 24 28 <8b> 42 5c 8b 80 a0 00 00 00 85 c0 75 18 0f b6 82 98 00 00 00 ba
Apr 4 11:39:18 knautsch kernel: [17179569.184000] Linux version 2.6.17-rc1-dirty (root@knautsch) (gcc version 4.0.3 (Debian 4.0.3-1)) #1 Mon Apr 3 17:15:08 CEST 2006
[...]
Apr 4 15:05:29 knautsch kernel: [17199176.204000] BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
Apr 4 15:05:29 knautsch kernel: [17199176.204000] printing eip:
Apr 4 15:05:29 knautsch kernel: [17199176.204000] e04d0d65
Apr 4 15:05:29 knautsch kernel: [17199176.204000] *pde = 00000000
Apr 4 15:05:29 knautsch kernel: [17199176.204000] Oops: 0000 [#1]
Apr 4 15:05:29 knautsch kernel: [17199176.204000] Modules linked in: tun lp i915 drm ipv6 rfcomm l2cap bluetooth usbhid thermal processor fan button battery asus_acpi ac usb_storage usbmouse sbp2 usbkbd autofs4 af_packet nls_iso8859_1 nls_cp437 eth1394 cm4000_cs pcmcia 8250_pci 8250 serial_core ohci1394 parport_pc parport ipw2200 8139too mii snd_intel8x0m snd_pcm_oss ieee1394 ieee80211 ieee80211_crypt snd_intel8x0 snd_ac97_codec snd_ac97_bus firmware_class nsc_ircc snd_mixer_oss irda yenta_socket rsrc_nonstatic pcmcia_core joydev evdev pcspkr snd_pcm snd_timer crc_ccitt rtc snd ehci_hcd soundcore snd_page_alloc uhci_hcd usbcore intel_agp agpgart
Apr 4 15:05:29 knautsch kernel: [17199176.204000] CPU: 0
Apr 4 15:05:29 knautsch kernel: [17199176.204000] EIP: 0060:[pg0+537398629/1069212672] Not tainted VLI
Apr 4 15:05:29 knautsch kernel: [17199176.204000] EFLAGS: 00210246 (2.6.17-rc1-dirty #1)
Apr 4 15:05:29 knautsch kernel: [17199176.204000] EIP is at snd_pcm_oss_ioctl+0x45/0xb00 [snd_pcm_oss]
Apr 4 15:05:29 knautsch kernel: [17199176.204000] eax: 00000000 ebx: cf5db74c ecx: 805c4d65 edx: 00000002
Apr 4 15:05:29 knautsch kernel: [17199176.204000] esi: 805c4d65 edi: df08aa60 ebp: da0c1000 esp: da0c1f24
Apr 4 15:05:29 knautsch kernel: [17199176.204000] ds: 007b es: 007b ss: 0068
Apr 4 15:05:29 knautsch kernel: [17199176.204000] Process twinkle (pid: 11906, threadinfo=da0c1000 task=c6300a70)
Apr 4 15:05:29 knautsch kernel: [17199176.204000] Stack: <0>6b9e4288 da0c1f2c de822000 fffffffe c1456bc0 de822000 c0153f75 00000101
Apr 4 15:05:29 knautsch kernel: [17199176.204000] 00000001 cf5db74c 805c4d65 00000010 da0c1000 c016b23a cf5db74c 805c4d65
Apr 4 15:05:29 knautsch kernel: [17199176.204000] bf9e422c 00200286 cf5db74c fffffff7 c016b2e2 00000010 c0158364 c1456bc0
Apr 4 15:05:29 knautsch kernel: [17199176.204000] Call Trace:
Apr 4 15:05:29 knautsch kernel: [17199176.204000] <c0153f75> cache_free_debugcheck+0x195/0x2b0 <c016b23a> do_ioctl+0x2a/0x80
Apr 4 15:05:29 knautsch kernel: [17199176.204000] <c016b2e2> vfs_ioctl+0x52/0x2b0 <c0158364> do_sys_open+0xd4/0x100
Apr 4 15:05:29 knautsch kernel: [17199176.204000] <c016b585> sys_ioctl+0x45/0x70 <c0102e97> syscall_call+0x7/0xb
Apr 4 15:05:29 knautsch kernel: [17199176.204000] Code: 4d 04 80 89 6c 24 30 8b 7a 74 74 4b 81 f9 f9 4d 04 80 74 65 0f b6 c5 83 f8 4d 75 7f 31 d2 8b 04 97 85 c0 75 06 42 83 fa 02 75 f3 <8b> 00 8b 7c 24 40 8b 00 89 7c 24 08 89 4c 24 04 89 04 24 e8 63
With 2.6.17-rc1 with ipw2200 patches (rtap0 interface, antenna selection,
both available from ipw2200.sourceforge.net) I also got the following
slab corruption, both during a shutdown. This has not yet happened with
clean 2.6.17-rc1:
Apr 3 15:32:07 knautsch kernel: [17189908.444000] Slab corruption: start=df6008f8, len=2048
Apr 3 15:32:07 knautsch kernel: [17189908.448000] Redzone: 0x5a2cf071/0x5a2cf071.
Apr 3 15:32:07 knautsch kernel: [17189908.448000] Last user: [release_mem+314/512](release_mem+0x13a/0x200)
Apr 3 15:32:07 knautsch kernel: [17189908.452000] 0a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b ff ff ff ff
Apr 3 15:32:07 knautsch kernel: [17189908.456000] 0b0: 00 00 00 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
Apr 3 15:32:07 knautsch kernel: [17189908.456000] Prev obj: start=df6000ec, len=2048
Apr 3 15:32:07 knautsch kernel: [17189908.460000] Redzone: 0x170fc2a5/0x170fc2a5.
Apr 3 15:32:07 knautsch kernel: [17189908.460000] Last user: [input_allocate_device+26/112](input_allocate_device+0x1a/0x70)
Apr 3 15:32:07 knautsch kernel: [17189908.464000] 000: ec 88 52 c1 8c 89 52 c1 cc 89 52 c1 00 00 00 00
Apr 3 15:32:07 knautsch kernel: [17189908.468000] 010: 11 00 02 00 07 00 00 00 0b 00 00 00 00 00 00 00
Apr 3 15:32:07 knautsch kernel: [17189908.468000] Next obj: start=df601104, len=2048
Apr 3 15:32:07 knautsch kernel: [17189908.472000] Redzone: 0x170fc2a5/0x170fc2a5.
Apr 3 15:32:07 knautsch kernel: [17189908.476000] Last user: [journal_init_inode+135/368](journal_init_inode+0x87/0x170)
Apr 3 15:32:07 knautsch kernel: [17189908.476000] 000: 4c cd a9 c4 40 ca a9 c4 d8 c8 a9 c4 08 c6 a9 c4
Apr 3 15:32:07 knautsch kernel: [17189908.480000] 010: f0 ce a9 c4 20 cc a9 c4 b4 2e a0 de 7c 2a a0 de
Very similar, with 2.6.16.1 + some ipw patches (unfortunately, here I'm
not completely sure about the applied patches; ipw2200 firmare error
messages may not be related to the corruption):
Mar 29 18:28:45 knautsch kernel: [17185449.008000] ipw2200: Firmware error detected. Restarting.
Mar 29 18:28:46 knautsch kernel: [17185449.008000] ipw2200: Sysfs 'error' log captured.
Mar 29 18:32:47 knautsch kernel: [17185690.876000] ipw2200: Firmware error detected. Restarting.
Mar 29 18:32:47 knautsch kernel: [17185690.876000] ipw2200: Sysfs 'error' log already exists.
Mar 29 18:33:08 knautsch kernel: [17185711.468000] tap0: no IPv6 routers present
Mar 29 18:36:44 knautsch kernel: [17185927.988000] Slab corruption: start=cbb4c1ac, len=2048
Mar 29 18:36:44 knautsch kernel: [17185927.988000] Redzone: 0x5a2cf071/0x5a2cf071.
Mar 29 18:36:44 knautsch kernel: [17185927.988000] Last user: [release_mem+134/512](release_mem+0x86/0x200)
Mar 29 18:36:44 knautsch kernel: [17185927.988000] 0a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b ff ff ff ff
Mar 29 18:36:44 knautsch kernel: [17185927.988000] 0b0: 00 00 00 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
Mar 29 18:36:44 knautsch kernel: [17185927.988000] Next obj: start=cbb4c9b8, len=2048
Mar 29 18:36:44 knautsch kernel: [17185927.988000] Redzone: 0x170fc2a5/0x170fc2a5.
Mar 29 18:36:44 knautsch kernel: [17185927.988000] Last user: [vfs_write+181/400](vfs_write+0xb5/0x190)
Mar 29 18:36:44 knautsch kernel: [17185927.988000] 000: 65 78 69 74 0d 0a 6a 61 6e 40 61 70 70 3a 7e 24
Mar 29 18:36:44 knautsch kernel: [17185927.988000] 010: 20 6d 61 6e 64 20 6e 6f 74 20 66 6f 75 6e 64 0d
Mar 29 18:45:06 knautsch kernel: [17186429.588000] ipw2200: Firmware error detected. Restarting.
Mar 29 18:45:06 knautsch kernel: [17186429.588000] ipw2200: Sysfs 'error' log already exists.
These slab corruptions, btw., look very similar to the one reported in:
Date: Tue, 7 Mar 2006 18:59:40 -0500
From: Dave Jones <davej@redhat.com>
To: Linux Kernel <linux-kernel@vger.kernel.org>
Subject: yet more slab corruption.
Message-ID: <20060307235940.GA16843@redhat.com>
About my hardware:
0000:00:00.0 Host bridge: Intel Corporation 82852/82855 GM/GME/PM/GMV Processor to I/O Controller (rev 02)
0000:00:00.1 System peripheral: Intel Corporation 82852/82855 GM/GME/PM/GMV Processor to I/O Controller (rev 02)
0000:00:00.3 System peripheral: Intel Corporation 82852/82855 GM/GME/PM/GMV Processor to I/O Controller (rev 02)
0000:00:02.0 VGA compatible controller: Intel Corporation 82852/855GM Integrated Graphics Device (rev 02)
0000:00:02.1 Display controller: Intel Corporation 82852/855GM Integrated Graphics Device (rev 02)
0000:00:1d.0 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #1 (rev 03)
0000:00:1d.1 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #2 (rev 03)
0000:00:1d.2 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #3 (rev 03)
0000:00:1d.7 USB Controller: Intel Corporation 82801DB/DBM (ICH4/ICH4-M) USB2 EHCI Controller (rev 03)
0000:00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev 83)
0000:00:1f.0 ISA bridge: Intel Corporation 82801DBM (ICH4-M) LPC Interface Bridge (rev 03)
0000:00:1f.1 IDE interface: Intel Corporation 82801DBM (ICH4-M) IDE Controller (rev 03)
0000:00:1f.3 SMBus: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) SMBus Controller (rev 03)
0000:00:1f.5 Multimedia audio controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) AC'97 Audio Controller (rev 03)
0000:00:1f.6 Modem: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) AC'97 Modem Controller (rev 03)
0000:01:03.0 CardBus bridge: Ricoh Co Ltd RL5c476 II (rev a9)
0000:01:03.1 CardBus bridge: Ricoh Co Ltd RL5c476 II (rev a9)
0000:01:03.2 FireWire (IEEE 1394): Ricoh Co Ltd R5C552 IEEE 1394 Controller (rev 01)
0000:01:04.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
0000:01:05.0 Network controller: Intel Corporation PRO/Wireless 2200BG (rev 05)
Jan
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Alsa-devel] Slab corruptions & Re: 2.6.17-rc1: Oops in sound applications
2006-04-04 13:38 ` Slab corruptions & " Jan Niehusmann
@ 2006-04-04 15:56 ` Takashi Iwai
2006-04-04 17:23 ` Jan Niehusmann
` (2 more replies)
0 siblings, 3 replies; 17+ messages in thread
From: Takashi Iwai @ 2006-04-04 15:56 UTC (permalink / raw)
To: Jan Niehusmann; +Cc: Ken Moffat, linux-kernel, alsa-devel
At Tue, 4 Apr 2006 15:38:14 +0200,
Jan Niehusmann wrote:
>
> On Mon, Apr 03, 2006 at 10:01:08PM +0100, Ken Moffat wrote:
> > 1. One line summary:
> >
> > On x86, sound applications oops when I refresh the browser.
>
> I also see Oopses which seem to be sound related, although I did
> not notice a correllation with the browser. The oopses below are from
> 2.6.17-rc1 with additional ipw2200 patches (first one), and from a clean
> 2.6.17 (second one). The -dirty suffix in the version numbers comes from
> compiling with make-kpkg, not from actual changes to the source.
Could you try the patch below by OGAWA Hirofumi
<hirofumi@mail.parknet.co.jp>?
Takashi
===
sound/core/oss/pcm_oss.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff -puN sound/core/oss/pcm_oss.c~pcm_oss-fixes sound/core/oss/pcm_oss.c
--- linux-2.6/sound/core/oss/pcm_oss.c~pcm_oss-fixes 2006-04-04 19:53:41.000000000 +0900
+++ linux-2.6-hirofumi/sound/core/oss/pcm_oss.c 2006-04-04 19:54:18.000000000 +0900
@@ -1760,7 +1760,7 @@ static int snd_pcm_oss_open_file(struct
snd_pcm_oss_init_substream(substream, &setup[idx], minor);
}
- if (! pcm_oss_file->streams[0] && pcm_oss_file->streams[1]) {
+ if (!pcm_oss_file->streams[0] && !pcm_oss_file->streams[1]) {
snd_pcm_oss_release_file(pcm_oss_file);
return -EINVAL;
}
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Alsa-devel] Slab corruptions & Re: 2.6.17-rc1: Oops in sound applications
2006-04-04 15:56 ` [Alsa-devel] " Takashi Iwai
@ 2006-04-04 17:23 ` Jan Niehusmann
2006-04-04 17:32 ` Ken Moffat
2006-04-04 19:06 ` Jan Niehusmann
2 siblings, 0 replies; 17+ messages in thread
From: Jan Niehusmann @ 2006-04-04 17:23 UTC (permalink / raw)
To: Takashi Iwai; +Cc: linux-kernel
On Tue, Apr 04, 2006 at 05:56:36PM +0200, Takashi Iwai wrote:
> At Tue, 4 Apr 2006 15:38:14 +0200,
> Jan Niehusmann wrote:
> >
> > On Mon, Apr 03, 2006 at 10:01:08PM +0100, Ken Moffat wrote:
> > > 1. One line summary:
> > >
> > > On x86, sound applications oops when I refresh the browser.
> >
> > I also see Oopses which seem to be sound related, although I did
> > not notice a correllation with the browser. The oopses below are from
> > 2.6.17-rc1 with additional ipw2200 patches (first one), and from a clean
> > 2.6.17 (second one). The -dirty suffix in the version numbers comes from
> > compiling with make-kpkg, not from actual changes to the source.
>
> Could you try the patch below by OGAWA Hirofumi
> <hirofumi@mail.parknet.co.jp>?
That could be it - I remember having problems to access /dev/dsp prior
to the oops, and (without having read the code) it looks like the patch
is related to some error condition on open(). I'll try the patch.
Jan
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Alsa-devel] Slab corruptions & Re: 2.6.17-rc1: Oops in sound applications
2006-04-04 15:56 ` [Alsa-devel] " Takashi Iwai
2006-04-04 17:23 ` Jan Niehusmann
@ 2006-04-04 17:32 ` Ken Moffat
2006-04-04 19:06 ` Jan Niehusmann
2 siblings, 0 replies; 17+ messages in thread
From: Ken Moffat @ 2006-04-04 17:32 UTC (permalink / raw)
To: Takashi Iwai; +Cc: Jan Niehusmann, Ken Moffat, linux-kernel, alsa-devel
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: TEXT/PLAIN; charset=X-UNKNOWN, Size: 561 bytes --]
On Tue, 4 Apr 2006, Takashi Iwai wrote:
>
> Could you try the patch below by OGAWA Hirofumi
> <hirofumi@mail.parknet.co.jp>?
I'm not sure if this is helping or not - a few hours ago, I took a
couple of new things out of my .config (vga scrollback, new rtc) and the
oops only happened when I opened a second tab in firefox (that is, start
the sound app, then start firefox, then open another tab). With this
patch, it oopsed when I opened a _third_ tab.
I guess something else is involved.
Ken
--
das eine Mal als Tragödie, das andere Mal als Farce
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Alsa-devel] Slab corruptions & Re: 2.6.17-rc1: Oops in sound applications
2006-04-04 15:56 ` [Alsa-devel] " Takashi Iwai
2006-04-04 17:23 ` Jan Niehusmann
2006-04-04 17:32 ` Ken Moffat
@ 2006-04-04 19:06 ` Jan Niehusmann
2006-04-04 19:12 ` Takashi Iwai
2 siblings, 1 reply; 17+ messages in thread
From: Jan Niehusmann @ 2006-04-04 19:06 UTC (permalink / raw)
To: Takashi Iwai; +Cc: Ken Moffat, linux-kernel, alsa-devel
On Tue, Apr 04, 2006 at 05:56:36PM +0200, Takashi Iwai wrote:
> Could you try the patch below by OGAWA Hirofumi
> <hirofumi@mail.parknet.co.jp>?
Sorry, no success with that patch applied:
Apr 4 20:18:00 knautsch kernel: [17179569.184000] Linux version 2.6.17-rc1-g231a1569-dirty (root@knautsch) (gcc version 4.0.3 (Debian 4.0.3-1)) #1 Tue Apr 4 19:37:29 CEST 2006
(This is 2.6.17-rc1 with the patch you sent applied)
Apr 4 20:25:51 knautsch kernel: [17180076.984000] BUG: unable to handle kernel paging request at virtual address 6b6b6b6b
Apr 4 20:25:51 knautsch kernel: [17180076.984000] printing eip:
Apr 4 20:25:51 knautsch kernel: [17180076.984000] e04a2eb6
Apr 4 20:25:51 knautsch kernel: [17180076.984000] *pde = 00000000
Apr 4 20:25:51 knautsch kernel: [17180076.984000] Oops: 0000 [#1]
Apr 4 20:25:51 knautsch kernel: [17180076.984000] Modules linked in: tun ipv6 lp i915 drm rfcomm l2cap bluetooth thermal processor fan button battery asus_acpi ac usb_storage usbmouse sbp2 usbkbd autofs4 af_packet nls_iso8859_1 nls_cp437 usbhid cm4000_cs 8250_pci 8250 serial_core eth1394 pcmcia snd_intel8x0 snd_pcm_oss snd_mixer_oss snd_intel8x0m snd_ac97_codec snd_ac97_bus ipw2200 ieee80211 ieee80211_crypt 8139too mii nsc_ircc irda snd_pcm snd_timer ohci1394 ieee1394 evdev joydev crc_ccitt parport_pc parport pcspkr firmware_class yenta_socket rsrc_nonstatic pcmcia_core rtc snd soundcore snd_page_alloc ehci_hcd uhci_hcd usbcore intel_agp agpgart
Apr 4 20:25:51 knautsch kernel: [17180076.984000] CPU: 0
Apr 4 20:25:51 knautsch kernel: [17180076.984000] EIP: 0060:[pg0+537210550/1069212672] Not tainted VLI
Apr 4 20:25:51 knautsch kernel: [17180076.984000] EFLAGS: 00210002 (2.6.17-rc1-g231a1569-dirty #1)
Apr 4 20:25:51 knautsch kernel: [17180076.984000] EIP is at snd_pcm_lib_write1+0x196/0x4a0 [snd_pcm]
Apr 4 20:25:51 knautsch kernel: [17180076.984000] eax: 000009c4 ebx: cc785a84 ecx: de505e54 edx: 6b6b6b6b
Apr 4 20:25:51 knautsch kernel: [17180076.984000] esi: 0000062c edi: 00000000 ebp: dede51a4 esp: de505e78
Apr 4 20:25:51 knautsch kernel: [17180076.984000] ds: 007b es: 007b ss: 0068
Apr 4 20:25:51 knautsch kernel: [17180076.984000] Process twinkle (pid: 4936, threadinfo=de505000 task=cae0f550)
Apr 4 20:25:51 knautsch kernel: [17180076.984000] Stack: <0>dede51a4 000015cd e07a5000 00000b42 0000003c 00000001 cc785b28 c84ef000
Apr 4 20:25:51 knautsch kernel: [17180076.984000] e07a5000 00000b7e 00000b7e 00000000 00000000 0001c639 00000000 cae0f550
Apr 4 20:25:51 knautsch kernel: [17180076.984000] c0114d60 cc785b28 cc785b28 c0000000 de505000 dede51a4 cc785a84 e0547727
Apr 4 20:25:51 knautsch kernel: [17180076.984000] Call Trace:
Apr 4 20:25:51 knautsch kernel: [17180076.984000] <c0114d60> default_wake_function+0x0/0x20 <e0547727> snd_pcm_oss_write3+0x67/0xe0 [snd_pcm_oss]
Apr 4 20:25:51 knautsch kernel: [17180076.984000] <e04a0250> snd_pcm_lib_write_transfer+0x0/0xc0 [snd_pcm] <e054949f> snd_pcm_plug_write_transfer+0x8f/0xe0 [snd_pcm_oss]
Apr 4 20:25:51 knautsch kernel: [17180076.984000] <e054781a> snd_pcm_oss_write2+0x7a/0x110 [snd_pcm_oss] <e054892e> snd_pcm_oss_write+0x10e/0x1f0 [snd_pcm_oss]
Apr 4 20:25:51 knautsch kernel: [17180076.984000] <c0158f85> vfs_write+0xb5/0x190 <c0159a1b> sys_write+0x4b/0x80
Apr 4 20:25:51 knautsch kernel: [17180076.984000] <c0102e97> syscall_call+0x7/0xb
Apr 4 20:25:51 knautsch kernel: [17180076.984000] Code: b8 c4 09 00 00 e8 db fb e5 df fa 85 c0 0f 85 05 02 00 00 8b 93 98 00 00 00 8b 02 83 f8 02 74 0b 8b 02 83 f8 06 0f 85 da 02 00 00 <8b> 02 83 f8 05 0f 8f ed 01 00 00 83 f8 04 0f 8d 1e 02 00 00 48
This oops is different from the others in that it contains the 6b6b6b6b
magic from slab poisoning. But, again, this is clearly sound related:
EIP points to snd_pcm_lib_write, and the trigger procedure was the
following:
1) Use twinke to make a VoIP-Call. Sound was a little bit choppy, so
there is already something wrong here. No oops or other error message
yet, though.
2) From a second xterm, call "yes >/dev/dsp"
This lead to a beeping sound (as expected), so opening the device and
sending sound was successful - and to the oops quoted above.
Jan
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Alsa-devel] Slab corruptions & Re: 2.6.17-rc1: Oops in sound applications
2006-04-04 19:06 ` Jan Niehusmann
@ 2006-04-04 19:12 ` Takashi Iwai
2006-04-04 20:00 ` Ken Moffat
2006-04-04 23:19 ` Jan Niehusmann
0 siblings, 2 replies; 17+ messages in thread
From: Takashi Iwai @ 2006-04-04 19:12 UTC (permalink / raw)
To: Jan Niehusmann; +Cc: Ken Moffat, linux-kernel, alsa-devel
At Tue, 4 Apr 2006 21:06:31 +0200,
Jan Niehusmann wrote:
>
> On Tue, Apr 04, 2006 at 05:56:36PM +0200, Takashi Iwai wrote:
> > Could you try the patch below by OGAWA Hirofumi
> > <hirofumi@mail.parknet.co.jp>?
>
> Sorry, no success with that patch applied:
>
> Apr 4 20:18:00 knautsch kernel: [17179569.184000] Linux version 2.6.17-rc1-g231a1569-dirty (root@knautsch) (gcc version 4.0.3 (Debian 4.0.3-1)) #1 Tue Apr 4 19:37:29 CEST 2006
>
> (This is 2.6.17-rc1 with the patch you sent applied)
>
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] BUG: unable to handle kernel paging request at virtual address 6b6b6b6b
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] printing eip:
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] e04a2eb6
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] *pde = 00000000
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] Oops: 0000 [#1]
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] Modules linked in: tun ipv6 lp i915 drm rfcomm l2cap bluetooth thermal processor fan button battery asus_acpi ac usb_storage usbmouse sbp2 usbkbd autofs4 af_packet nls_iso8859_1 nls_cp437 usbhid cm4000_cs 8250_pci 8250 serial_core eth1394 pcmcia snd_intel8x0 snd_pcm_oss snd_mixer_oss snd_intel8x0m snd_ac97_codec snd_ac97_bus ipw2200 ieee80211 ieee80211_crypt 8139too mii nsc_ircc irda snd_pcm snd_timer ohci1394 ieee1394 evdev joydev crc_ccitt parport_pc parport pcspkr firmware_class yenta_socket rsrc_nonstatic pcmcia_core rtc snd soundcore snd_page_alloc ehci_hcd uhci_hcd usbcore intel_agp agpgart
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] CPU: 0
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] EIP: 0060:[pg0+537210550/1069212672] Not tainted VLI
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] EFLAGS: 00210002 (2.6.17-rc1-g231a1569-dirty #1)
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] EIP is at snd_pcm_lib_write1+0x196/0x4a0 [snd_pcm]
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] eax: 000009c4 ebx: cc785a84 ecx: de505e54 edx: 6b6b6b6b
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] esi: 0000062c edi: 00000000 ebp: dede51a4 esp: de505e78
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] ds: 007b es: 007b ss: 0068
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] Process twinkle (pid: 4936, threadinfo=de505000 task=cae0f550)
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] Stack: <0>dede51a4 000015cd e07a5000 00000b42 0000003c 00000001 cc785b28 c84ef000
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] e07a5000 00000b7e 00000b7e 00000000 00000000 0001c639 00000000 cae0f550
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] c0114d60 cc785b28 cc785b28 c0000000 de505000 dede51a4 cc785a84 e0547727
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] Call Trace:
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] <c0114d60> default_wake_function+0x0/0x20 <e0547727> snd_pcm_oss_write3+0x67/0xe0 [snd_pcm_oss]
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] <e04a0250> snd_pcm_lib_write_transfer+0x0/0xc0 [snd_pcm] <e054949f> snd_pcm_plug_write_transfer+0x8f/0xe0 [snd_pcm_oss]
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] <e054781a> snd_pcm_oss_write2+0x7a/0x110 [snd_pcm_oss] <e054892e> snd_pcm_oss_write+0x10e/0x1f0 [snd_pcm_oss]
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] <c0158f85> vfs_write+0xb5/0x190 <c0159a1b> sys_write+0x4b/0x80
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] <c0102e97> syscall_call+0x7/0xb
> Apr 4 20:25:51 knautsch kernel: [17180076.984000] Code: b8 c4 09 00 00 e8 db fb e5 df fa 85 c0 0f 85 05 02 00 00 8b 93 98 00 00 00 8b 02 83 f8 02 74 0b 8b 02 83 f8 06 0f 85 da 02 00 00 <8b> 02 83 f8 05 0f 8f ed 01 00 00 83 f8 04 0f 8d 1e 02 00 00 48
>
> This oops is different from the others in that it contains the 6b6b6b6b
> magic from slab poisoning. But, again, this is clearly sound related:
> EIP points to snd_pcm_lib_write, and the trigger procedure was the
> following:
>
> 1) Use twinke to make a VoIP-Call. Sound was a little bit choppy, so
> there is already something wrong here. No oops or other error message
> yet, though.
>
> 2) From a second xterm, call "yes >/dev/dsp"
>
> This lead to a beeping sound (as expected), so opening the device and
> sending sound was successful - and to the oops quoted above.
What happens if you copy the whole subtree linux/sound and
linux/include/sound from 2.6.16?
I don't figure out yet what could break except for that typo.
Takashi
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Alsa-devel] Slab corruptions & Re: 2.6.17-rc1: Oops in sound applications
2006-04-04 19:12 ` Takashi Iwai
@ 2006-04-04 20:00 ` Ken Moffat
2006-04-04 20:31 ` Ken Moffat
2006-04-04 23:19 ` Jan Niehusmann
1 sibling, 1 reply; 17+ messages in thread
From: Ken Moffat @ 2006-04-04 20:00 UTC (permalink / raw)
To: Takashi Iwai; +Cc: Jan Niehusmann, Ken Moffat, linux-kernel, alsa-devel
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: TEXT/PLAIN; charset=X-UNKNOWN, Size: 258 bytes --]
On Tue, 4 Apr 2006, Takashi Iwai wrote:
> What happens if you copy the whole subtree linux/sound and
> linux/include/sound from 2.6.16?
also needs include/linux/sound.h (building at the moment)
Ken
--
das eine Mal als Tragödie, das andere Mal als Farce
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Alsa-devel] Slab corruptions & Re: 2.6.17-rc1: Oops in sound applications
2006-04-04 20:00 ` Ken Moffat
@ 2006-04-04 20:31 ` Ken Moffat
0 siblings, 0 replies; 17+ messages in thread
From: Ken Moffat @ 2006-04-04 20:31 UTC (permalink / raw)
To: Ken Moffat; +Cc: Takashi Iwai, Jan Niehusmann, linux-kernel, alsa-devel
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: TEXT/PLAIN; charset=X-UNKNOWN, Size: 455 bytes --]
On Tue, 4 Apr 2006, Ken Moffat wrote:
> On Tue, 4 Apr 2006, Takashi Iwai wrote:
>
> > What happens if you copy the whole subtree linux/sound and
> > linux/include/sound from 2.6.16?
>
> also needs include/linux/sound.h (building at the moment)
>
I've been using it now to play sound for 15 or 20 minutes while
browsing heavily - looks as if the problem is in the sound subtree.
Sorry.
Ken
--
das eine Mal als Tragödie, das andere Mal als Farce
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Alsa-devel] Slab corruptions & Re: 2.6.17-rc1: Oops in sound applications
2006-04-04 19:12 ` Takashi Iwai
2006-04-04 20:00 ` Ken Moffat
@ 2006-04-04 23:19 ` Jan Niehusmann
2006-04-05 0:28 ` Jan Niehusmann
1 sibling, 1 reply; 17+ messages in thread
From: Jan Niehusmann @ 2006-04-04 23:19 UTC (permalink / raw)
To: Takashi Iwai; +Cc: Ken Moffat, linux-kernel, alsa-devel
On Tue, Apr 04, 2006 at 09:12:18PM +0200, Takashi Iwai wrote:
> At Tue, 4 Apr 2006 21:06:31 +0200,
> Jan Niehusmann wrote:
> >
> > On Tue, Apr 04, 2006 at 05:56:36PM +0200, Takashi Iwai wrote:
> > > Could you try the patch below by OGAWA Hirofumi
> > > <hirofumi@mail.parknet.co.jp>?
> >
> > Sorry, no success with that patch applied:
> >
> > Apr 4 20:18:00 knautsch kernel: [17179569.184000] Linux version 2.6.17-rc1-g231a1569-dirty (root@knautsch) (gcc version 4.0.3 (Debian 4.0.3-1)) #1 Tue Apr 4 19:37:29 CEST 2006
> >
> > (This is 2.6.17-rc1 with the patch you sent applied)
> >
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] BUG: unable to handle kernel paging request at virtual address 6b6b6b6b
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] printing eip:
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] e04a2eb6
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] *pde = 00000000
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] Oops: 0000 [#1]
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] Modules linked in: tun ipv6 lp i915 drm rfcomm l2cap bluetooth thermal processor fan button battery asus_acpi ac usb_storage usbmouse sbp2 usbkbd autofs4 af_packet nls_iso8859_1 nls_cp437 usbhid cm4000_cs 8250_pci 8250 serial_core eth1394 pcmcia snd_intel8x0 snd_pcm_oss snd_mixer_oss snd_intel8x0m snd_ac97_codec snd_ac97_bus ipw2200 ieee80211 ieee80211_crypt 8139too mii nsc_ircc irda snd_pcm snd_timer ohci1394 ieee1394 evdev joydev crc_ccitt parport_pc parport pcspkr firmware_class yenta_socket rsrc_nonstatic pcmcia_core rtc snd soundcore snd_page_alloc ehci_hcd uhci_hcd usbcore intel_agp agpgart
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] CPU: 0
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] EIP: 0060:[pg0+537210550/1069212672] Not tainted VLI
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] EFLAGS: 00210002 (2.6.17-rc1-g231a1569-dirty #1)
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] EIP is at snd_pcm_lib_write1+0x196/0x4a0 [snd_pcm]
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] eax: 000009c4 ebx: cc785a84 ecx: de505e54 edx: 6b6b6b6b
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] esi: 0000062c edi: 00000000 ebp: dede51a4 esp: de505e78
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] ds: 007b es: 007b ss: 0068
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] Process twinkle (pid: 4936, threadinfo=de505000 task=cae0f550)
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] Stack: <0>dede51a4 000015cd e07a5000 00000b42 0000003c 00000001 cc785b28 c84ef000
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] e07a5000 00000b7e 00000b7e 00000000 00000000 0001c639 00000000 cae0f550
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] c0114d60 cc785b28 cc785b28 c0000000 de505000 dede51a4 cc785a84 e0547727
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] Call Trace:
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] <c0114d60> default_wake_function+0x0/0x20 <e0547727> snd_pcm_oss_write3+0x67/0xe0 [snd_pcm_oss]
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] <e04a0250> snd_pcm_lib_write_transfer+0x0/0xc0 [snd_pcm] <e054949f> snd_pcm_plug_write_transfer+0x8f/0xe0 [snd_pcm_oss]
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] <e054781a> snd_pcm_oss_write2+0x7a/0x110 [snd_pcm_oss] <e054892e> snd_pcm_oss_write+0x10e/0x1f0 [snd_pcm_oss]
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] <c0158f85> vfs_write+0xb5/0x190 <c0159a1b> sys_write+0x4b/0x80
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] <c0102e97> syscall_call+0x7/0xb
> > Apr 4 20:25:51 knautsch kernel: [17180076.984000] Code: b8 c4 09 00 00 e8 db fb e5 df fa 85 c0 0f 85 05 02 00 00 8b 93 98 00 00 00 8b 02 83 f8 02 74 0b 8b 02 83 f8 06 0f 85 da 02 00 00 <8b> 02 83 f8 05 0f 8f ed 01 00 00 83 f8 04 0f 8d 1e 02 00 00 48
> >
> > This oops is different from the others in that it contains the 6b6b6b6b
> > magic from slab poisoning. But, again, this is clearly sound related:
> > EIP points to snd_pcm_lib_write, and the trigger procedure was the
> > following:
> >
> > 1) Use twinke to make a VoIP-Call. Sound was a little bit choppy, so
> > there is already something wrong here. No oops or other error message
> > yet, though.
> >
> > 2) From a second xterm, call "yes >/dev/dsp"
> >
> > This lead to a beeping sound (as expected), so opening the device and
> > sending sound was successful - and to the oops quoted above.
>
> What happens if you copy the whole subtree linux/sound and
> linux/include/sound from 2.6.16?
>
> I don't figure out yet what could break except for that typo.
After the sound tree from 2.6.16 did work fine, I used git-bisect to
find the offending commit:
$git-bisect good
3bf75f9b90c981f18f27a0d35a44f488ab68c8ea is first bad commit
diff-tree 3bf75f9b90c981f18f27a0d35a44f488ab68c8ea (from bf1bbb5a49eec51c30d341606885507b501b37e8)
Author: Takashi Iwai <tiwai@suse.de>
Date: Mon Mar 27 16:40:49 2006 +0200
[ALSA] Clean up PCM codes (take 2)
- Clean up initialization and destruction of substream instance
Now snd_pcm_open_substream() alone does most initialization jobs.
Add pcm_release callback for cleaning up at snd_pcm_release_substream()
- Tidy up PCM oss code
Signed-off-by: Takashi Iwai <tiwai@suse.de>
:040000 040000 df14b16c98da02d8aea1e5ee18baae5caae6245b a6779060f9e41f5033376735f9b290ba5db98b6e M include
:040000 040000 7578b410668bcbfc2ed1f3f31011270e6e44f716 c70f96dd906c74d559385ef08ac6e518132936d1 M sound
...which happens to be the commit which contains the bug you already
mentioned. I wonder if there is a second one hidden somewhere in that
commit, or if git-bisect led me to that bug while the second one is
hidden in a different commit...
Jan
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Alsa-devel] Slab corruptions & Re: 2.6.17-rc1: Oops in sound applications
2006-04-04 23:19 ` Jan Niehusmann
@ 2006-04-05 0:28 ` Jan Niehusmann
2006-04-05 9:01 ` Jan Niehusmann
0 siblings, 1 reply; 17+ messages in thread
From: Jan Niehusmann @ 2006-04-05 0:28 UTC (permalink / raw)
To: Takashi Iwai; +Cc: Ken Moffat, linux-kernel, alsa-devel
On Wed, Apr 05, 2006 at 01:19:11AM +0200, Jan Niehusmann wrote:
> ...which happens to be the commit which contains the bug you already
> mentioned. I wonder if there is a second one hidden somewhere in that
> commit, or if git-bisect led me to that bug while the second one is
> hidden in a different commit...
Well, I did some additional debugging on that, working on git version
3bf75f9b90c981f18f27a0d35a44f488ab68c8ea:
In snd_pcm_oss_release() I added
snd_assert(substream != NULL, return -ENXIO);
in front of the first access to substream->pcm, which leads to
Apr 5 02:13:13 knautsch kernel: [17180638.784000] BUG? (substream != ((void *)0))
when opening /dev/dsp for write.
If I now add the patch you suggested, correcting the check in
snd_pcm_oss_open_file(), accessing /dev/dsp instead leads to EINVAL.
So I guess git bisect really lead me to this already known bug.
Jan
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Alsa-devel] Slab corruptions & Re: 2.6.17-rc1: Oops in sound applications
2006-04-05 0:28 ` Jan Niehusmann
@ 2006-04-05 9:01 ` Jan Niehusmann
2006-04-05 11:14 ` Takashi Iwai
0 siblings, 1 reply; 17+ messages in thread
From: Jan Niehusmann @ 2006-04-05 9:01 UTC (permalink / raw)
To: Takashi Iwai; +Cc: Ken Moffat, linux-kernel, alsa-devel
On Wed, Apr 05, 2006 at 02:28:47AM +0200, Jan Niehusmann wrote:
> If I now add the patch you suggested, correcting the check in
> snd_pcm_oss_open_file(), accessing /dev/dsp instead leads to EINVAL.
>
> So I guess git bisect really lead me to this already known bug.
And another update. Sorry for sending so many small mails, but I want to
keep you informed to avoid unnecessary duplication of work.
To make sure I didn't do something stupid like confusing kernel
versions, I retried with 2.6.17-rc1 and the mentioned patch. It oopses
again, but the behaviour is different:
Versions 2.6.16 to commit bf1bbb5a49eec51c30d341606885507b501b37e8 only
allow a single open of /dev/dsp, and do not oops.
Commit 3bf75f9b90c981f18f27a0d35a44f488ab68c8ea and later do oops with
commands as simple as 'yes >/dev/dsp'.
Commit 3bf75f9b90c981f18f27a0d35a44f488ab68c8ea with the patch to
snd_pcm_oss_open_file() applied do not oops, but block every access to
/dev/dsp with EINVAL.
2.6.17-rc1 with the patch to snd_pcm_oss_open_file(), again, allows
opening of /dev/dsp, 'yes >/dev/dsp' does work as expected, but for
example twinkle (a VoIP application) gives garbled sound. Additionally,
I am now able to open /dev/dsp a second time (eg. 'yes >/dev/dsp' while
twinkle uses the sound device), immediately leading to an oops.
My guess is that this bug is just not triggered in commit
3bf75f9b90c981f18f27a0d35a44f488ab68c8ea because, for some other reason,
/dev/dsp is completely unusable.
Jan
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Alsa-devel] Slab corruptions & Re: 2.6.17-rc1: Oops in sound applications
2006-04-05 9:01 ` Jan Niehusmann
@ 2006-04-05 11:14 ` Takashi Iwai
2006-04-05 12:15 ` Jan Niehusmann
0 siblings, 1 reply; 17+ messages in thread
From: Takashi Iwai @ 2006-04-05 11:14 UTC (permalink / raw)
To: Jan Niehusmann; +Cc: Ken Moffat, linux-kernel, alsa-devel
At Wed, 5 Apr 2006 11:01:17 +0200,
Jan Niehusmann wrote:
>
> On Wed, Apr 05, 2006 at 02:28:47AM +0200, Jan Niehusmann wrote:
> > If I now add the patch you suggested, correcting the check in
> > snd_pcm_oss_open_file(), accessing /dev/dsp instead leads to EINVAL.
> >
> > So I guess git bisect really lead me to this already known bug.
>
> And another update. Sorry for sending so many small mails, but I want to
> keep you informed to avoid unnecessary duplication of work.
>
> To make sure I didn't do something stupid like confusing kernel
> versions, I retried with 2.6.17-rc1 and the mentioned patch. It oopses
> again, but the behaviour is different:
>
> Versions 2.6.16 to commit bf1bbb5a49eec51c30d341606885507b501b37e8 only
> allow a single open of /dev/dsp, and do not oops.
>
> Commit 3bf75f9b90c981f18f27a0d35a44f488ab68c8ea and later do oops with
> commands as simple as 'yes >/dev/dsp'.
>
> Commit 3bf75f9b90c981f18f27a0d35a44f488ab68c8ea with the patch to
> snd_pcm_oss_open_file() applied do not oops, but block every access to
> /dev/dsp with EINVAL.
>
> 2.6.17-rc1 with the patch to snd_pcm_oss_open_file(), again, allows
> opening of /dev/dsp, 'yes >/dev/dsp' does work as expected, but for
> example twinkle (a VoIP application) gives garbled sound. Additionally,
> I am now able to open /dev/dsp a second time (eg. 'yes >/dev/dsp' while
> twinkle uses the sound device), immediately leading to an oops.
>
> My guess is that this bug is just not triggered in commit
> 3bf75f9b90c981f18f27a0d35a44f488ab68c8ea because, for some other reason,
> /dev/dsp is completely unusable.
Thanks for debugging.
I think I found the culprit. This bug happens only on a chip with
multiple playback capability, and when you open OSS devices multiple
times.
Try the patch below. The change in pcm_native.c may be unnecessary,
but it's better so.
If it works, I'll submit the patches with a proper log.
thanks,
Takashi
diff --git a/include/sound/pcm.h b/include/sound/pcm.h
index 66b1f08..e9ab455 100644
--- a/include/sound/pcm.h
+++ b/include/sound/pcm.h
@@ -367,7 +367,7 @@ struct snd_pcm_substream {
struct snd_pcm_group self_group; /* fake group for non linked substream (with substream lock inside) */
struct snd_pcm_group *group; /* pointer to current group */
/* -- assigned files -- */
- struct snd_pcm_file *file;
+ void *file;
struct file *ffile;
void (*pcm_release)(struct snd_pcm_substream *);
#if defined(CONFIG_SND_PCM_OSS) || defined(CONFIG_SND_PCM_OSS_MODULE)
diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
index 91114c7..1f8ff7d 100644
--- a/sound/core/oss/pcm_oss.c
+++ b/sound/core/oss/pcm_oss.c
@@ -1757,10 +1757,11 @@ static int snd_pcm_oss_open_file(struct
}
pcm_oss_file->streams[idx] = substream;
+ substream->file = pcm_oss_file;
snd_pcm_oss_init_substream(substream, &setup[idx], minor);
}
- if (! pcm_oss_file->streams[0] && pcm_oss_file->streams[1]) {
+ if (!pcm_oss_file->streams[0] && !pcm_oss_file->streams[1]) {
snd_pcm_oss_release_file(pcm_oss_file);
return -EINVAL;
}
diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
index 964e4c4..0860c5a 100644
--- a/sound/core/pcm_native.c
+++ b/sound/core/pcm_native.c
@@ -2007,14 +2007,16 @@ static void pcm_release_private(struct s
void snd_pcm_release_substream(struct snd_pcm_substream *substream)
{
snd_pcm_drop(substream);
- if (substream->pcm_release)
- substream->pcm_release(substream);
if (substream->hw_opened) {
if (substream->ops->hw_free != NULL)
substream->ops->hw_free(substream);
substream->ops->close(substream);
substream->hw_opened = 0;
}
+ if (substream->pcm_release) {
+ substream->pcm_release(substream);
+ substream->pcm_release = NULL;
+ }
snd_pcm_detach_substream(substream);
}
^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [Alsa-devel] Slab corruptions & Re: 2.6.17-rc1: Oops in sound applications
2006-04-05 11:14 ` Takashi Iwai
@ 2006-04-05 12:15 ` Jan Niehusmann
2006-04-05 12:39 ` Takashi Iwai
2006-04-05 21:19 ` Ken Moffat
0 siblings, 2 replies; 17+ messages in thread
From: Jan Niehusmann @ 2006-04-05 12:15 UTC (permalink / raw)
To: Takashi Iwai; +Cc: Ken Moffat, linux-kernel, alsa-devel
On Wed, Apr 05, 2006 at 01:14:54PM +0200, Takashi Iwai wrote:
> Try the patch below. The change in pcm_native.c may be unnecessary,
> but it's better so.
> If it works, I'll submit the patches with a proper log.
The patch (applied to 2.6.17-rc1) does fix the oops, but sound is still
garbled with twinkle using /dev/dsp.
About this garbled sound: I call an echo service on my asterisk server,
which just echoes back everything I say. Works well using /dev/dsp with
2.6.16, but with 2.6.17-rc1, even with the patch applied, I hear no echo
at all for ~1s. After that, I hear a strongly distorted echo.
If I change the twinkle settings to use the ALSA native devices instead
of /dev/dsp, everything is fine.
Pure playback, eg. with xmms, is fine with 2.6.17-rc1 using /dev/dsp.
Jan
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Alsa-devel] Slab corruptions & Re: 2.6.17-rc1: Oops in sound applications
2006-04-05 12:15 ` Jan Niehusmann
@ 2006-04-05 12:39 ` Takashi Iwai
2006-04-05 12:56 ` Takashi Iwai
2006-04-05 21:19 ` Ken Moffat
1 sibling, 1 reply; 17+ messages in thread
From: Takashi Iwai @ 2006-04-05 12:39 UTC (permalink / raw)
To: Jan Niehusmann; +Cc: Ken Moffat, linux-kernel, alsa-devel
At Wed, 5 Apr 2006 14:15:38 +0200,
Jan Niehusmann wrote:
>
> On Wed, Apr 05, 2006 at 01:14:54PM +0200, Takashi Iwai wrote:
> > Try the patch below. The change in pcm_native.c may be unnecessary,
> > but it's better so.
> > If it works, I'll submit the patches with a proper log.
>
> The patch (applied to 2.6.17-rc1) does fix the oops, but sound is still
> garbled with twinkle using /dev/dsp.
>
> About this garbled sound: I call an echo service on my asterisk server,
> which just echoes back everything I say. Works well using /dev/dsp with
> 2.6.16, but with 2.6.17-rc1, even with the patch applied, I hear no echo
> at all for ~1s. After that, I hear a strongly distorted echo.
Did you have any special setting (e.g. oss proc file)?
Takashi
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Alsa-devel] Slab corruptions & Re: 2.6.17-rc1: Oops in sound applications
2006-04-05 12:39 ` Takashi Iwai
@ 2006-04-05 12:56 ` Takashi Iwai
0 siblings, 0 replies; 17+ messages in thread
From: Takashi Iwai @ 2006-04-05 12:56 UTC (permalink / raw)
To: Jan Niehusmann; +Cc: Ken Moffat, linux-kernel, alsa-devel
At Wed, 05 Apr 2006 14:39:29 +0200,
I wrote:
>
> At Wed, 5 Apr 2006 14:15:38 +0200,
> Jan Niehusmann wrote:
> >
> > On Wed, Apr 05, 2006 at 01:14:54PM +0200, Takashi Iwai wrote:
> > > Try the patch below. The change in pcm_native.c may be unnecessary,
> > > but it's better so.
> > > If it works, I'll submit the patches with a proper log.
> >
> > The patch (applied to 2.6.17-rc1) does fix the oops, but sound is still
> > garbled with twinkle using /dev/dsp.
> >
> > About this garbled sound: I call an echo service on my asterisk server,
> > which just echoes back everything I say. Works well using /dev/dsp with
> > 2.6.16, but with 2.6.17-rc1, even with the patch applied, I hear no echo
> > at all for ~1s. After that, I hear a strongly distorted echo.
>
> Did you have any special setting (e.g. oss proc file)?
How about the patch below?
Takashi
diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
index 91114c7..c951cf8 100644
--- a/sound/core/oss/pcm_oss.c
+++ b/sound/core/oss/pcm_oss.c
@@ -1682,7 +1682,7 @@ static void snd_pcm_oss_init_substream(s
substream->oss.setup = *setup;
if (setup->nonblock)
substream->ffile->f_flags |= O_NONBLOCK;
- else
+ else if (setup->block)
substream->ffile->f_flags &= ~O_NONBLOCK;
runtime = substream->runtime;
runtime->oss.params = 1;
^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [Alsa-devel] Slab corruptions & Re: 2.6.17-rc1: Oops in sound applications
2006-04-05 12:15 ` Jan Niehusmann
2006-04-05 12:39 ` Takashi Iwai
@ 2006-04-05 21:19 ` Ken Moffat
1 sibling, 0 replies; 17+ messages in thread
From: Ken Moffat @ 2006-04-05 21:19 UTC (permalink / raw)
To: Jan Niehusmann; +Cc: Takashi Iwai, Ken Moffat, linux-kernel, alsa-devel
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: TEXT/PLAIN; charset=X-UNKNOWN, Size: 515 bytes --]
On Wed, 5 Apr 2006, Jan Niehusmann wrote:
> On Wed, Apr 05, 2006 at 01:14:54PM +0200, Takashi Iwai wrote:
> > Try the patch below. The change in pcm_native.c may be unnecessary,
> > but it's better so.
> > If it works, I'll submit the patches with a proper log.
>
> The patch (applied to 2.6.17-rc1) does fix the oops, but sound is still
> garbled with twinkle using /dev/dsp.
As a simple user of (only) playback, it fixes it. Thanks to you both.
Ken
--
das eine Mal als Tragödie, das andere Mal als Farce
^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2006-04-05 21:19 UTC | newest]
Thread overview: 17+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-04-03 21:01 2.6.17-rc1: Oops in sound applications Ken Moffat
2006-04-04 13:38 ` Slab corruptions & " Jan Niehusmann
2006-04-04 15:56 ` [Alsa-devel] " Takashi Iwai
2006-04-04 17:23 ` Jan Niehusmann
2006-04-04 17:32 ` Ken Moffat
2006-04-04 19:06 ` Jan Niehusmann
2006-04-04 19:12 ` Takashi Iwai
2006-04-04 20:00 ` Ken Moffat
2006-04-04 20:31 ` Ken Moffat
2006-04-04 23:19 ` Jan Niehusmann
2006-04-05 0:28 ` Jan Niehusmann
2006-04-05 9:01 ` Jan Niehusmann
2006-04-05 11:14 ` Takashi Iwai
2006-04-05 12:15 ` Jan Niehusmann
2006-04-05 12:39 ` Takashi Iwai
2006-04-05 12:56 ` Takashi Iwai
2006-04-05 21:19 ` Ken Moffat
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox