Hi,
I've a toshiba notebook with a maestro soundcard (es1968 driver). I've
test kernel version 2.4.10, 2.4.10-ac7 with the same problem. When a
play a sound with mpg123 (and aplay), just at end of the song, i've a
kernel panic. Like this
Unable to handle kernel paging request at virtual address fffffffc
printing eip:
c4ad4210
*pde = 00001063
*pte = 00000000
Oops: 0000
CPU: 0
EIP: 0010:[<c4ad4210>] Not tainted
EFLAGS: 00010213
eax: ffffffc0 ebx: 00000000 ecx: c2b054dc edx: 00002000
esi: ffffffc0 edi: c03a8018 ebp: c1125f40 esp: c1125ed0
ds: 0018 es: 0018 ss: 0018
Process kapm-idled (pid: 3, stackpage=c1125000)
Stack: 00000000 c03a8108 c03a8018 c1125f40 c4ad436e c03a8018 ffffffc0
c27c3420
24000001 0000000b c0107f4f 0000000b c03a8018 c1125f40 00000160
c027ca60
0000000b c1125f38 c01080ae 0000000b c1125f40 c3fcfe00 00000000
c1125fcc
Call Trace: [<c4ad436e>] [<c0107f4f>] [<c01080ae>] [<c010f0c1>]
[<c010f188>]
[<c010f9fb>] [<c011037f>] [<c010568f>] [<c0105698>]
Code: 8b 7e 3c 85 ff 74 79 83 3e 00 74 74 66 0f b6 46 04 9c 5b fa
<0>Kernel panic: Aiee, killing interrupt handler!
In interrupt handler - not syncing
Output from ksymoops
>>EIP; c4ad4210 <[snd-card-es1968]snd_es1968_update_pcm+8/90> <=====
Trace; c4ad436e <[snd-card-es1968]snd_es1968_interrupt+d6/e4>
Trace; c0107f4e <handle_IRQ_event+2e/58>
Trace; c01080ae <do_IRQ+6e/b0>
Trace; c010f0c0 <apm_bios_call_simple+64/70>
Trace; c010f188 <apm_do_idle+14/30>
Trace; c010f9fa <apm_mainloop+96/100>
Trace; c011037e <apm+2be/2e0>
Trace; c010568e <kernel_thread+1e/38>
Trace; c0105698 <kernel_thread+28/38>
Code; c4ad4210 <[snd-card-es1968]snd_es1968_update_pcm+8/90>
00000000 <_EIP>:
Code; c4ad4210 <[snd-card-es1968]snd_es1968_update_pcm+8/90> <=====
0: 8b 7e 3c mov 0x3c(%esi),%edi <=====
Code; c4ad4212 <[snd-card-es1968]snd_es1968_update_pcm+a/90>
3: 85 ff test %edi,%edi
Code; c4ad4214 <[snd-card-es1968]snd_es1968_update_pcm+c/90>
5: 74 79 je 80 <_EIP+0x80> c4ad4290
<[snd-card-es1968]snd_es1968_update_pcm+88/90>
Code; c4ad4216 <[snd-card-es1968]snd_es1968_update_pcm+e/90>
7: 83 3e 00 cmpl $0x0,(%esi)
Code; c4ad421a <[snd-card-es1968]snd_es1968_update_pcm+12/90>
a: 74 74 je 80 <_EIP+0x80> c4ad4290
<[snd-card-es1968]snd_es1968_update_pcm+88/90>
Code; c4ad421c <[snd-card-es1968]snd_es1968_update_pcm+14/90>
c: 66 0f b6 46 04 movzbw 0x4(%esi),%ax
Code; c4ad4220 <[snd-card-es1968]snd_es1968_update_pcm+18/90>
11: 9c pushf
Code; c4ad4222 <[snd-card-es1968]snd_es1968_update_pcm+1a/90>
12: 5b pop %ebx
Code; c4ad4222 <[snd-card-es1968]snd_es1968_update_pcm+1a/90>
13: fa cli
<0>Kernel panic: Aiee, killing interrupt handler!
The C code is: snd_pcm_substream_t *subs = es->substream;
After some tracing into the code with printk i see that:
ALSA card-es1968.c:1841: setting clock to 48000
ALSA card-es1968.c:1957: snd_es1968_interrupt(before snd_es1968_update_pcm)
ALSA card-es1968.c:1906: snd_es1968_update_pcm(begining)
ALSA card-es1968.c:1917: snd_es1968_update_pcm(before snd_pcm_period_elapsed)
ALSA card-es1968.c:1336: snd_es1968_pcm_trigger(before list_del)
ALSA card-es1968.c:1919: snd_es1968_update_pcm(after snd_pcm_period_elapsed)
ALSA card-es1968.c:1917: snd_es1968_update_pcm(before snd_pcm_period_elapsed)
ALSA card-es1968.c:1919: snd_es1968_update_pcm(after snd_pcm_period_elapsed)
ALSA card-es1968.c:1917: snd_es1968_update_pcm(before snd_pcm_period_elapsed)
ALSA card-es1968.c:1919: snd_es1968_update_pcm(after snd_pcm_period_elapsed)
ALSA card-es1968.c:1959: snd_es1968_interrupt(after snd_es1968_update_pcm)
ALSA card-es1968.c:1957: snd_es1968_interrupt(before snd_es1968_update_pcm)
So i think that snd_pcm_period_elapsed() can do a trigger action and
free the list of soundstream channels. I don't understand what this
function do (trigger). This function call and free an element in the
list of the soundstream channel. So when go to the next element into the
list, we have a bad pointer. I don't know how to correct this error. In
alsa0.5x or OSS driver we don't use list but a table.
I've made a quick and dirty hack, because i don't know where i can place
some lock to protect this.
--- card-es1968.c.orig Sun Oct 7 23:56:26 2001
+++ card-es1968.c Sun Oct 7 23:53:46 2001
@@ -1335,6 +1335,7 @@
snd_es1968_pcm_stop(chip, es);
spin_lock_irqsave(&chip->substream_lock, flags);
list_del(&es->list);
+ es->list.next=NULL;
spin_unlock_irqrestore(&chip->substream_lock, flags);
snd_es1968_bob_dec(chip);
}
@@ -1949,8 +1950,12 @@
struct list_head *p;
spin_lock(&chip->substream_lock);
list_for_each(p, &chip->substream_list) {
- esschan_t *es = list_entry(p, esschan_t, list);
- snd_es1968_update_pcm(chip, es);
+ if (p == NULL) {
+ break;
+ } else {
+ esschan_t *es = list_entry(p, esschan_t, list);
+ snd_es1968_update_pcm(chip, es);
+ }
}
spin_unlock(&chip->substream_lock);
}
I don't why i need to set the next pointer to NULL, because when i test the
variable p with the adress of &chip->substream_list this doesn't work.
Luc
--
,--------------------------------------------------------------------------.
> Saillard Luc | Free Software Engineer <
> [EMAIL PROTECTED] | Alc�ve, liberating software <
> (www.alcove.com) | http://www.alcove-labs.org/ <
`--------------------------------------------------------------------------'
_______________________________________________
Alsa-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/alsa-devel
