Bug 44833

Summary: kernel oops if using trident sound card
Product: [Retired] Red Hat Raw Hide Reporter: santini
Component: kernelAssignee: Dave Jones <davej>
Status: CLOSED WONTFIX QA Contact: Brock Organ <borgan>
Severity: high Docs Contact:
Priority: medium    
Version: 1.0CC: mulix, pfrields
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-10-30 03:33:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description santini 2001-06-18 07:12:51 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.5-0.2.9 i686; en-US; rv:0.9)
Gecko/20010507

Description of problem:
If you play something with the sound card (say an .mp3), the kernel oops.

How reproducible:
Always

Steps to Reproduce:
1. Install the new rawhide kernel (kernel-2.4.5-0.2.9.i686) on a freshly
installed RH 7.1 with all the updates.

2. Play something, let's say 

mpg123 asong.mp3

	

Actual Results:  Nothing is played, mpg123 exits coredumpung, or saying
"broken pipe",
and this appears in dmesg

 <1>Unable to handle kernel NULL pointer dereference at virtual address
00000000
 printing eip:
c0115b6a
*pde = 00000000
Oops: 0002
CPU:    0
EIP:    0010:[<c0115b6a>]
EFLAGS: 00010086
eax: c703f318   ebx: 00000000   ecx: c1ccbf34   edx: c1ccbf2c
esi: 00000282   edi: 00000000   ebp: c703f290   esp: c1ccbf20
ds: 0018   es: 0018   ss: 0018
Process esd (pid: 1743, stackpage=c1ccb000)
Stack: c703f30c c1cca000 c0105c0b 00000001 c1cca000 c703f318 00000000 c6aa93e0 
       ffffffea c0105d70 c703f30c c703f280 c6aa9400 c8092ead 00000000 c1ccbf4c 
       c703f280 00000000 00000000 c6aa93e0 ffffffea 00000000 00001000 c0133d26 
Call Trace: [<c0105c0b>] [<c0105d70>] [<c8092ead>] [<c0133d26>] [<c0106f8f>] 

Code: 89 0b 56 9d 5b 5e c3 eb 0d 90 90 90 90 90 90 90 90 90 90 90 
 


Expected Results:  Just hear something...

Additional info:

This is the output of some useful (I hope) cmd:

lspci:

00:00.0 Host bridge: Acer Laboratories Inc. [ALi] M1621 (rev 01)
00:01.0 PCI bridge: Acer Laboratories Inc. [ALi] M5247 (rev 01)
00:06.0 Multimedia audio controller: Acer Laboratories Inc. [ALi]: Unknown
device 5451 (rev 01)
00:07.0 ISA bridge: Acer Laboratories Inc. [ALi] M1533 PCI to ISA Bridge
[Aladdin IV]
00:0a.0 CardBus bridge: Texas Instruments PCI1410 PC card Cardbus
Controller (rev 01)
00:0b.0 FireWire (IEEE 1394): Texas Instruments: Unknown device 8021 (rev 02)
00:10.0 IDE interface: Acer Laboratories Inc. [ALi] M5229 IDE (rev c3)
00:11.0 Bridge: Acer Laboratories Inc. [ALi] M7101 PMU
00:13.0 CardBus bridge: O2 Micro, Inc. OZ6933 Cardbus Controller (rev 02)
00:13.1 CardBus bridge: O2 Micro, Inc. OZ6933 Cardbus Controller (rev 02)
00:14.0 USB Controller: Acer Laboratories Inc. [ALi] M5237 USB (rev 03)
01:00.0 VGA compatible controller: Trident Microsystems: Unknown device
8620 (rev 5d)

uname  -a:

Linux localhost.localdomain 2.4.5-0.2.9 #1 Wed May 30 06:50:52 EDT 2001
i686 unknown

The hardware is an Acer TravelMAte 352TEV.

This is the output of ksymoops:

ksymoops 2.4.0 on i686 2.4.5-0.2.9.  Options used
     -V (default)
     -k /proc/ksyms (default)
     -l /proc/modules (default)
     -o /lib/modules/2.4.5-0.2.9/ (default)
     -m /boot/System.map-2.4.5-0.2.9 (default)

Warning: You did not tell me where to find symbol information.  I will
assume that the log matches the kernel and modules that are running
right now and I'll use the default options above for symbol resolution.
If the current kernel and/or modules do not match the log, you can get
more accurate output by telling me the kernel version and where to find
map, modules, ksyms etc.  ksymoops -h explains the options.

Warning (compare_maps): mismatch on symbol partition_name  , ksyms_base
says c01b1770, System.map says c0153800.  Ignoring ksyms_base entry
Warning (compare_maps): mismatch on symbol usb_devfs_handle  , usbcore says
c802df80, /lib/modules/2.4.5-0.2.9/kernel/drivers/usb/usbcore.o says
c802daa0.  Ignoring /lib/modules/2.4.5-0.2.9/kernel/drivers/usb/usbcore.o entry
 <1>Unable to handle kernel NULL pointer dereference at virtual address
00000000
c0115b6a
*pde = 00000000
Oops: 0002
CPU:    0
EIP:    0010:[<c0115b6a>]
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010086
eax: c703f318   ebx: 00000000   ecx: c1ccbf34   edx: c1ccbf2c
esi: 00000282   edi: 00000000   ebp: c703f290   esp: c1ccbf20
ds: 0018   es: 0018   ss: 0018
Process esd (pid: 1743, stackpage=c1ccb000)
Stack: c703f30c c1cca000 c0105c0b 00000001 c1cca000 c703f318 00000000 c6aa93e0 
       ffffffea c0105d70 c703f30c c703f280 c6aa9400 c8092ead 00000000 c1ccbf4c 
       c703f280 00000000 00000000 c6aa93e0 ffffffea 00000000 00001000 c0133d26 
Call Trace: [<c0105c0b>] [<c0105d70>] [<c8092ead>] [<c0133d26>] [<c0106f8f>] 
Code: 89 0b 56 9d 5b 5e c3 eb 0d 90 90 90 90 90 90 90 90 90 90 90 

>>EIP; c0115b6a <add_wait_queue_exclusive+1a/30>   <=====
Trace; c0105c0b <__down+3b/a0>
Trace; c0105d70 <__down_failed+8/c>
Trace; c8092ead <[trident].text.end+2e/181>
Trace; c0133d26 <sys_write+96/d0>
Trace; c0106f8f <system_call+37/3c>
Code;  c0115b6a <add_wait_queue_exclusive+1a/30>
00000000 <_EIP>:
Code;  c0115b6a <add_wait_queue_exclusive+1a/30>   <=====
   0:   89 0b                     mov    %ecx,(%ebx)   <=====
Code;  c0115b6c <add_wait_queue_exclusive+1c/30>
   2:   56                        push   %esi
Code;  c0115b6d <add_wait_queue_exclusive+1d/30>
   3:   9d                        popf   
Code;  c0115b6e <add_wait_queue_exclusive+1e/30>
   4:   5b                        pop    %ebx
Code;  c0115b6f <add_wait_queue_exclusive+1f/30>
   5:   5e                        pop    %esi
Code;  c0115b70 <add_wait_queue_exclusive+20/30>
   6:   c3                        ret    
Code;  c0115b71 <add_wait_queue_exclusive+21/30>
   7:   eb 0d                     jmp    16 <_EIP+0x16> c0115b80
<remove_wait_queue+0/20>
Code;  c0115b73 <add_wait_queue_exclusive+23/30>
   9:   90                        nop    
Code;  c0115b74 <add_wait_queue_exclusive+24/30>
   a:   90                        nop    
Code;  c0115b75 <add_wait_queue_exclusive+25/30>
   b:   90      
Code;  c0115b76 <add_wait_queue_exclusive+26/30>
   c:   90                        nop    
Code;  c0115b77 <add_wait_queue_exclusive+27/30>
   d:   90                        nop    
Code;  c0115b78 <add_wait_queue_exclusive+28/30>
   e:   90                        nop    
Code;  c0115b79 <add_wait_queue_exclusive+29/30>
   f:   90                        nop    
Code;  c0115b7a <add_wait_queue_exclusive+2a/30>
  10:   90                        nop    
Code;  c0115b7b <add_wait_queue_exclusive+2b/30>
  11:   90                        nop    
Code;  c0115b7c <add_wait_queue_exclusive+2c/30>
  12:   90                        nop    
Code;  c0115b7d <add_wait_queue_exclusive+2d/30>
  13:   90                        nop    


3 warnings issued.  Results may not be reliable.
                  nop
Comment 1 Arjan van de Ven 2001-06-18 08:04:57 UTC 
Investigating (although I suspect this is fixed in more recent kernels,
will try to get one into rawhide)
Comment 2 Muli Ben-Yehuda 2004-01-18 12:40:49 UTC 
I haven't this one yet... could you please try with trident.c from a
recent 2.4 or 2.6 kernel?