Bug 188404

Summary:	[PATCH] oops in snd_pcm_oss_write
Product:	[Fedora] Fedora	Reporter:	Dan Williams <dcbw>
Component:	kernel	Assignee:	Dave Jones <davej>
Status:	CLOSED RAWHIDE	QA Contact:	Brian Brock <bbrock>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	rawhide	CC:	pfrields, wtogami
Target Milestone:	---
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2006-06-23 04:05:58 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Dan Williams 2006-04-09 06:09:26 UTC

See kernel.org bug #6329:

http://bugzilla.kernel.org/show_bug.cgi?id=6329

perhaps we could carry the patch until it goes upstream?  ALSA/OSS guys don't
seem to upstream stuff that often.  Oopses look like this, and cause running OSS
apps to either crash or hang:

application epiphany uses obsolete OSS audio interface
application rhythmbox uses obsolete OSS audio interface
application epiphany uses obsolete OSS audio interface
BUG: unable to handle kernel NULL pointer dereference at virtual address 00000230
 printing eip:
e0912ea9
*pde = 195fe067
Oops: 0000 [#1]
last sysfs file: /devices/system/cpu/cpu0/cpufreq/scaling_setspeed
Modules linked in: tun michael_mic arc4 ieee80211_crypt_tkip autofs4 i2c_dev
i2c_core hidp l2cap bluetooth sunrpc video button battery ac radeon drm ipv6 lp
parport_pc parport uhci_hcd joydev floppy snd_intel8x0 snd_ac97_codec
snd_ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device
snd_pcm_oss ipw2100 snd_mixer_oss snd_pcm ieee80211 3c59x ieee80211_crypt
snd_timer mii snd soundcore snd_page_alloc dm_snapshot dm_zero dm_mirror dm_mod
ext3 jbd
CPU:    0
EIP:    0060:[<e0912ea9>]    Not tainted VLI
EFLAGS: 00210282   (2.6.16-1.2122_FC6 #1)
EIP is at snd_pcm_oss_make_ready+0xb/0x3f [snd_pcm_oss]
eax: df685098   ebx: df685098   ecx: 00000050   edx: 80045017
esi: 00000000   edi: bfb8883c   ebp: 0000001e   esp: def29f2c
ds: 007b   es: 007b   ss: 0068
Process rhythmbox (pid: 2467, threadinfo=def29000 task=d7dcd030)
Stack: <0>bfb8883c df685098 e09142f5 c25f492c da5e9ba4 00000001 da5e9ba4 d7dcd030
       c043ae5b 00000002 da5e9ba4 00000002 da5e9ba4 d47bc530 e09139c6 bfb8883c
       0000001e c0468f4d 138a49f0 d47bc530 bfb8883c c0469180 def29fbc c0405942
Call Trace:
 <e09142f5> snd_pcm_oss_ioctl+0x92f/0x9be [snd_pcm_oss]   <c043ae5b>
audit_syscall_exit+0xec/0x373
 <e09139c6> snd_pcm_oss_ioctl+0x0/0x9be [snd_pcm_oss]   <c0468f4d>
do_ioctl+0x19/0x4d
 <c0469180> vfs_ioctl+0x1ff/0x216   <c0405942> do_syscall_trace+0x132/0x177
 <c04691e3> sys_ioctl+0x4c/0x65   <c0402c6f> syscall_call+0x7/0xb
Code: eb 19 b8 ea ff ff ff eb 12 b8 fb ff ff ff eb 0b 83 ca 01 89 57 14 e9 7b ff
ff ff 5b 5e 5f 5d c3 56 85 c0 53 89 c3 74 30 8b 70 5c <f6> 86 30 02 00 00 01 74
0b e8 ce f3 ff ff 85 c0 89 c2 78 1b f6
 <1>BUG: unable to handle kernel NULL pointer dereference at virtual address
000000a0
 printing eip:
e091363f
*pde = 195fe067
Oops: 0000 [#2]
last sysfs file: /devices/system/cpu/cpu0/cpufreq/scaling_setspeed
Modules linked in: tun michael_mic arc4 ieee80211_crypt_tkip autofs4 i2c_dev
i2c_core hidp l2cap bluetooth sunrpc video button battery ac radeon drm ipv6 lp
parport_pc parport uhci_hcd joydev floppy snd_intel8x0 snd_ac97_codec
snd_ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device
snd_pcm_oss ipw2100 snd_mixer_oss snd_pcm ieee80211 3c59x ieee80211_crypt
snd_timer mii snd soundcore snd_page_alloc dm_snapshot dm_zero dm_mirror dm_mod
ext3 jbd
CPU:    0
EIP:    0060:[<e091363f>]    Not tainted VLI
EFLAGS: 00210282   (2.6.16-1.2122_FC6 #1)
EIP is at snd_pcm_oss_write+0x22/0x1bc [snd_pcm_oss]
eax: ded81f5c   ebx: 00000000   ecx: 000003f0   edx: 0a0d5810
esi: e091361d   edi: 0a0d5810   ebp: df685098   esp: def15f64
ds: 007b   es: 007b   ss: 0068
Process rhythmbox (pid: 3015, threadinfo=def15000 task=c2f72ab0)
Stack: <0>00000004 000003f0 0a0d5810 4438a33b d47bc530 e091361d 0a0d5810 000003f0
       c0459a33 def15fa4 d47bc530 fffffff7 000003f0 def15000 c0459f67 def15fa4
       00000000 00000000 00000001 0000001e 0a0d5810 c0402c6f 0000001e 0a0d5810
Call Trace:
 <e091361d> snd_pcm_oss_write+0x0/0x1bc [snd_pcm_oss]   <c0459a33>
vfs_write+0xa8/0x150
 <c0459f67> sys_write+0x41/0x67   <c0402c6f> syscall_call+0x7/0xb
Code: ff 83 c4 0c 5b 5e 5f 5d c3 55 57 56 53 83 ec 10 89 54 24 08 89 4c 24 04 8b
80 80 00 00 00 8b 28 85 ed 0f 84 8e 01 00 00 8b 5d 5c <8b> 83 a0 00 00 00 85 c0
0f 85 7d 01 00 00 89 e8 e8 4a f8 ff ff

Comment 1 Dave Jones 2006-06-23 04:05:58 UTC

seems to be upstream in current kernels.