Bug 251445 - Plug in/out microphone will make system crash
Plug in/out microphone will make system crash
Status: CLOSED DUPLICATE of bug 251854
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
x86_64 Linux
low Severity high
: ---
: ---
Assigned To: Brian Maly
Martin Jenner
Depends On:
  Show dependency treegraph
Reported: 2007-08-09 01:04 EDT by Jane Lv
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-08-13 13:35:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
The patch for bug fix (861 bytes, patch)
2007-08-13 21:29 EDT, Jane Lv
no flags Details | Diff

  None (edit)
Description Jane Lv 2007-08-09 01:04:16 EDT
Description of problem:
I tested Intel ICH9 audio driver on Intel Weybridge SDV platform w/ RHEL5.1 beta
x86_64 version. 
System always got crash in the interrupt handler when plugging in or plugging
out mic from the front jack.

The codec is SigmaTel STAC9274D.

Version-Release number of selected component (if applicable):

How reproducible:
Boot up the kernel, try to plug in or plug out mic from the from jack.

Steps to Reproduce:
Actual results:
System crashed in interrupt handler.

Here is the log,

Call Trace:
 [<ffffffff8004b22c>] run_workqueue+0x94/0xe5
 [<ffffffff80047b8b>] worker_thread+0x0/0x122
 [<ffffffff80047c7b>] worker_thread+0xf0/0x122
 [<ffffffff800884c6>] default_wake_function+0x0/0xe
 [<ffffffff80032161>] kthread+0xfe/0x132
 [<ffffffff8005bfb1>] child_rip+0xa/0x11
 [<ffffffff80032063>] kthread+0x0/0x132
 [<ffffffff8005bfa7>] child_rip+0x0/0x11

Code: 48 8b 7c c5 48 48 85 ff 74 0b 48 8b 47 58 48 85 c0 74 02 ff
RIP  [<ffffffff8829e034>] :snd_hda_codec:process_unsol_events+0x34/0x5b
 RSP <ffff8107d5ebe20>
 <0>Kernel panic - not syncing: Fatal exception

Expected results:
System is alive and running well.

Additional info:

RHEL5.1-Beta merged the latest ALSA driver into old 2.6.18 kernel.
Sound driver use the work queue to process the jack-sensing interrupt.
However, the work queue interface changes.

In latest kernel, the run_workqueue() looks like:
	struct work_struct *work = ***;
	work_func_t f = work->func;

In 2.6.18 kernel, the run_workqueue() looks like:
	struct work_struct *work = ***;
	work_func_t f = work->func;

We can see that the argument for the callback function f is different.
The latest ALSA driver uses the latest kernel's work queue interface.
When Redhat merged them to linux2.6.18, they ignored the difference and
the callback function got wrong argument.

Here is patch for bug fix,

--- sound/pci/hda/hda_codec.c.orig      2007-08-08 13:35:35.000000000 +0800
+++ sound/pci/hda/hda_codec.c   2007-08-09 08:50:16.000000000 +0800
@@ -274,10 +274,9 @@
  * process queueud unsolicited events
-static void process_unsol_events(struct work_struct *work)
+static void process_unsol_events(void *data)
-       struct hda_bus_unsolicited *unsol =
-               container_of(work, struct hda_bus_unsolicited, work);
+       struct hda_bus_unsolicited *unsol = (struct hda_bus_unsolicited *)data;
        struct hda_bus *bus = unsol->bus;
        struct hda_codec *codec;
        unsigned int rp, caddr, res;
@@ -311,7 +310,7 @@
                snd_printk(KERN_ERR "hda_codec: can't allocate unsolicited
                return -ENOMEM;
-       INIT_WORK(&unsol->work, process_unsol_events, &unsol);
+       INIT_WORK(&unsol->work, process_unsol_events, unsol);
        unsol->bus = bus;
        bus->unsol = unsol;
        return 0;
Comment 1 Geoff Gustafson 2007-08-13 12:27:01 EDT
Jane, please include the patch as an attachment... BZ screws up the tabs/spaces
in the patch when you post inline.
Comment 5 Jane Lv 2007-08-13 21:29:54 EDT
Created attachment 161238 [details]
The patch for bug fix

Here is the patch for bug fix.	Posted here as attachement.

Note You need to log in before you can comment on or make changes to this bug.