Bug 251445 - Plug in/out microphone will make system crash
Summary: Plug in/out microphone will make system crash
Status: CLOSED DUPLICATE of bug 251854
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.1
Hardware: x86_64
OS: Linux
Target Milestone: ---
: ---
Assignee: Brian Maly
QA Contact: Martin Jenner
Depends On:
TreeView+ depends on / blocked
Reported: 2007-08-09 05:04 UTC by Jane Lv
Modified: 2007-11-30 22:07 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-08-13 17:35:44 UTC

Attachments (Terms of Use)
The patch for bug fix (861 bytes, patch)
2007-08-14 01:29 UTC, Jane Lv
no flags Details | Diff

Description Jane Lv 2007-08-09 05:04:16 UTC
Description of problem:
I tested Intel ICH9 audio driver on Intel Weybridge SDV platform w/ RHEL5.1 beta
x86_64 version. 
System always got crash in the interrupt handler when plugging in or plugging
out mic from the front jack.

The codec is SigmaTel STAC9274D.

Version-Release number of selected component (if applicable):

How reproducible:
Boot up the kernel, try to plug in or plug out mic from the from jack.

Steps to Reproduce:
Actual results:
System crashed in interrupt handler.

Here is the log,

Call Trace:
 [<ffffffff8004b22c>] run_workqueue+0x94/0xe5
 [<ffffffff80047b8b>] worker_thread+0x0/0x122
 [<ffffffff80047c7b>] worker_thread+0xf0/0x122
 [<ffffffff800884c6>] default_wake_function+0x0/0xe
 [<ffffffff80032161>] kthread+0xfe/0x132
 [<ffffffff8005bfb1>] child_rip+0xa/0x11
 [<ffffffff80032063>] kthread+0x0/0x132
 [<ffffffff8005bfa7>] child_rip+0x0/0x11

Code: 48 8b 7c c5 48 48 85 ff 74 0b 48 8b 47 58 48 85 c0 74 02 ff
RIP  [<ffffffff8829e034>] :snd_hda_codec:process_unsol_events+0x34/0x5b
 RSP <ffff8107d5ebe20>
 <0>Kernel panic - not syncing: Fatal exception

Expected results:
System is alive and running well.

Additional info:

RHEL5.1-Beta merged the latest ALSA driver into old 2.6.18 kernel.
Sound driver use the work queue to process the jack-sensing interrupt.
However, the work queue interface changes.

In latest kernel, the run_workqueue() looks like:
	struct work_struct *work = ***;
	work_func_t f = work->func;

In 2.6.18 kernel, the run_workqueue() looks like:
	struct work_struct *work = ***;
	work_func_t f = work->func;

We can see that the argument for the callback function f is different.
The latest ALSA driver uses the latest kernel's work queue interface.
When Redhat merged them to linux2.6.18, they ignored the difference and
the callback function got wrong argument.

Here is patch for bug fix,

--- sound/pci/hda/hda_codec.c.orig      2007-08-08 13:35:35.000000000 +0800
+++ sound/pci/hda/hda_codec.c   2007-08-09 08:50:16.000000000 +0800
@@ -274,10 +274,9 @@
  * process queueud unsolicited events
-static void process_unsol_events(struct work_struct *work)
+static void process_unsol_events(void *data)
-       struct hda_bus_unsolicited *unsol =
-               container_of(work, struct hda_bus_unsolicited, work);
+       struct hda_bus_unsolicited *unsol = (struct hda_bus_unsolicited *)data;
        struct hda_bus *bus = unsol->bus;
        struct hda_codec *codec;
        unsigned int rp, caddr, res;
@@ -311,7 +310,7 @@
                snd_printk(KERN_ERR "hda_codec: can't allocate unsolicited
                return -ENOMEM;
-       INIT_WORK(&unsol->work, process_unsol_events, &unsol);
+       INIT_WORK(&unsol->work, process_unsol_events, unsol);
        unsol->bus = bus;
        bus->unsol = unsol;
        return 0;

Comment 1 Geoff Gustafson 2007-08-13 16:27:01 UTC
Jane, please include the patch as an attachment... BZ screws up the tabs/spaces
in the patch when you post inline.

Comment 5 Jane Lv 2007-08-14 01:29:54 UTC
Created attachment 161238 [details]
The patch for bug fix

Here is the patch for bug fix.	Posted here as attachement.

Note You need to log in before you can comment on or make changes to this bug.