2009-10-10 13:03:05

by Luca Tettamanti

[permalink] [raw]
Subject: [BUG] GPF in snd_hda_intel

Hello,
with current git kernel (bd381934) I see a GPF when the snd_hda_intel driver is
loaded; the regression is recent, 0eca52a works fine.
The machine is an ASUS laptop (F3Sa), this is the sound card:

00:1b.0 Audio device: Intel Corporation 82801H (ICH8 Family) HD Audio Controller (rev 03)

The codec is ALC660-VD (snd_hda_codec_realtek). The is the GFP message:

general protection fault: 0000 [#1] PREEMPT SMP
last sysfs file: /sys/devices/pci0000:00/0000:00:1c.1/0000:03:00.0/net/wlan0/
CPU 0
Modules linked in: arc4 snd_hda_codec_realtek ecb iwlagn snd_hda_intel(+) usbhid hid btusb snd_hda_codec iwlcore snd_hwdep bluetooth snd_pcm rtc_cmos rtc_core asus_laptop snd_seq snd_timer snd_seq_device snd psmouse mac80211 rtc_lib video soundcore cfg80211 evdev output snd_page_alloc rfkill battery button pcspkr ac processor ext4 mbcache jbd2 crc16 dm_mod sg sr_mod cdrom sd_mod ahci uhci_hcd ata_piix ohci1394 sdhci_pci sdhci mmc_core led_class ieee1394 libata ehci_hcd scsi_mod usbcore intel_agp thermal fan unix [last unloaded: scsi_wait_scan]
Pid: 1027, comm: modprobe Not tainted 2.6.32-rc3-00337-gbd38193 #160 F3Sa
RIP: 0010:[<ffffffffa033aebd>] [<ffffffffa033aebd>] snd_hda_sequence_write+0x27/0x34 [snd_hda_codec]
RSP: 0018:ffff88013e0afbe8 EFLAGS: 00010207
RAX: 0000000000000000 RBX: 36434c4100000006 RCX: 000000000000009a
RDX: ffff88013e0afb28 RSI: 36434c4100000006 RDI: ffff88013e259000
RBP: ffff88013e0afbf8 R08: 000000000000005e R09: ffff88013e0af9d8
R10: 0000000000000000 R11: 000000000000d2d0 R12: ffff88013e259000
R13: ffff88013e259000 R14: ffff88013d12c800 R15: ffff88013e0afd08
FS: 00007f423f9086f0(0000) GS:ffff880028200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 000000000061d468 CR3: 000000013e568000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process modprobe (pid: 1027, threadinfo ffff88013e0ae000, task ffff88013ddbc290)
Stack:
0000000000000006 ffff88013d12c830 ffff88013e0afc28 ffffffffa03bc117
<0> ffff88013e259000 0000000000000002 ffff88013dd68258 ffff88013de4f600
<0> ffff88013e0afc48 ffffffffa033aef5 ffff88013dd68258 ffff88013e259000
Call Trace:
[<ffffffffa03bc117>] alc_init+0x2f8/0x31e [snd_hda_codec_realtek]
[<ffffffffa033aef5>] snd_hda_codec_build_controls+0x2b/0x4c [snd_hda_codec]
[<ffffffffa033c8ca>] snd_hda_build_controls+0x23/0x7f [snd_hda_codec]
[<ffffffffa03899a0>] azx_probe+0x9d9/0xa97 [snd_hda_intel]
[<ffffffffa0388e10>] ? azx_send_cmd+0x0/0x174 [snd_hda_intel]
[<ffffffffa0388c19>] ? azx_get_response+0x0/0x1f7 [snd_hda_intel]
[<ffffffffa0388276>] ? azx_attach_pcm_stream+0x0/0x209 [snd_hda_intel]
[<ffffffffa0387ec4>] ? azx_bus_reset+0x0/0x79 [snd_hda_intel]
[<ffffffffa0387d28>] ? azx_power_notify+0x0/0x5d [snd_hda_intel]
[<ffffffff811829f3>] local_pci_probe+0x12/0x16
[<ffffffff811836b9>] pci_device_probe+0x5f/0x89
[<ffffffff81207f68>] ? driver_sysfs_add+0x4c/0x72
[<ffffffff812080b4>] driver_probe_device+0xad/0x15f
[<ffffffff812081be>] __driver_attach+0x58/0x7b
[<ffffffff81208166>] ? __driver_attach+0x0/0x7b
[<ffffffff81207893>] bus_for_each_dev+0x4e/0x84
[<ffffffff81207f1a>] driver_attach+0x1c/0x1e
[<ffffffff81207205>] bus_add_driver+0x126/0x26f
[<ffffffff812084b2>] driver_register+0xb3/0x121
[<ffffffffa038f000>] ? alsa_card_azx_init+0x0/0x20 [snd_hda_intel]
[<ffffffff811838fe>] __pci_register_driver+0x51/0xbc
[<ffffffffa038f000>] ? alsa_card_azx_init+0x0/0x20 [snd_hda_intel]
[<ffffffffa038f01e>] alsa_card_azx_init+0x1e/0x20 [snd_hda_intel]
[<ffffffff81009060>] do_one_initcall+0x5a/0x14a
[<ffffffff8107270a>] sys_init_module+0xd0/0x229
[<ffffffff8100baeb>] system_call_fastpath+0x16/0x1b
Code: 31 c0 c9 c3 55 48 89 e5 41 54 49 89 fc 53 48 89 f3 eb 18 8b 4b 04 44 8b 43 08 0f b7 f0 31 d2 4c 89 e7 48 83 c3 0c e8 ce f4 ff ff <66> 8b 03 66 85 c0 75 e0 5b 41 5c c9 c3 55 48 89 e5 53 48 89 fb
RIP [<ffffffffa033aebd>] snd_hda_sequence_write+0x27/0x34 [snd_hda_codec]
RSP <ffff88013e0afbe8>
---[ end trace 91ec1e9b500145fa ]---

The disassembly:
1e96: 55 push %rbp
1e97: 48 89 e5 mov %rsp,%rbp
1e9a: 41 54 push %r12
1e9c: 49 89 fc mov %rdi,%r12
1e9f: 53 push %rbx
1ea0: 48 89 f3 mov %rsi,%rbx
1ea3: eb 18 jmp 1ebd <snd_hda_sequence_write+0x27>
1ea5: 8b 4b 04 mov 0x4(%rbx),%ecx
1ea8: 44 8b 43 08 mov 0x8(%rbx),%r8d
1eac: 0f b7 f0 movzwl %ax,%esi
1eaf: 31 d2 xor %edx,%edx
1eb1: 4c 89 e7 mov %r12,%rdi
1eb4: 48 83 c3 0c add $0xc,%rbx
1eb8: e8 00 00 00 00 callq 1ebd <snd_hda_sequence_write+0x27>
1ebd: 66 8b 03 mov (%rbx),%ax <-- fault here
1ec0: 66 85 c0 test %ax,%ax
1ec3: 75 e0 jne 1ea5 <snd_hda_sequence_write+0xf>
1ec5: 5b pop %rbx
1ec6: 41 5c pop %r12
1ec8: c9 leaveq
1ec9: c3 retq


Luca


2009-10-12 05:59:24

by Takashi Iwai

[permalink] [raw]
Subject: Re: [BUG] GPF in snd_hda_intel

At Sat, 10 Oct 2009 15:01:10 +0200,
Luca Tettamanti wrote:
>
> Hello,
> with current git kernel (bd381934) I see a GPF when the snd_hda_intel driver is
> loaded; the regression is recent, 0eca52a works fine.
> The machine is an ASUS laptop (F3Sa), this is the sound card:

Could you load the snd-hda-intel module with probe_only=1 option,
and give the output of "alsa-info.sh --no-upload" ?

If 0eca52a worked, there are only a few changes regarding hda-intel.

defb5ab2e0ff08ff9a942e2bb7e14c21a55ec26b
ALSA: hda - Fix yet another auto-mic bug in ALC268
01d4825df62d1d405035b90294bf38616d3f380b
ALSA: hda - Don't pick up invalid HP pins in alc_subsystem_id()
f8f25ba3563dab14b1c3ea4d829642b8a61ca5d7
ALSA: hda - Add a workaround for ASUS A7K
15870f05e90a365f8022da416e713be0c5024e2f
ALSA: hda - Fix invalid initializations for ALC861 auto mode

The possible culprit is the third one, f8f25ba3563dab1.
Could you try to revert this commit?


thanks,

Takashi

2009-10-12 19:40:03

by Luca Tettamanti

[permalink] [raw]
Subject: Re: [BUG] GPF in snd_hda_intel

On Mon, Oct 12, 2009 at 7:58 AM, Takashi Iwai <[email protected]> wrote:
> At Sat, 10 Oct 2009 15:01:10 +0200,
> Luca Tettamanti wrote:
>>
>> Hello,
>> with current git kernel (bd381934) I see a GPF when the snd_hda_intel driver is
>> loaded; the regression is recent, 0eca52a works fine.
>> The machine is an ASUS laptop (F3Sa), this is the sound card:
>
> Could you load the snd-hda-intel module with probe_only=1 option,
> and give the output of "alsa-info.sh --no-upload" ?
>
> If 0eca52a worked, there are only a few changes regarding hda-intel.
>
> f8f25ba3563dab14b1c3ea4d829642b8a61ca5d7
>    ALSA: hda - Add a workaround for ASUS A7K

This is probably related; I haven't actually tested yet, but I have
one more information: I had "model=lenovo" in modprobe configuration.
This was necessary because otherwise the driver applied the quirk for
Asus G1, resulting in no sound (see bug
https://bugtrack.alsa-project.org/alsa-bug/view.php?id=3513).
The driver works fine without "model" parameter (possibly due to the
removal of the quirk entry for the the G1); I get a warning about a
timeout when MSI is not enabled though:

HDA Intel 0000:00:1b.0: PCI INT A disabled
HDA Intel 0000:00:1b.0: PCI INT A -> GSI 22 (level, low) -> IRQ 22
HDA Intel 0000:00:1b.0: setting latency timer to 64
hda_codec: ALC660-VD: BIOS auto-probing.
input: HDA Digital PCBeep as /devices/pci0000:00/0000:00:1b.0/input/input9
hda-intel: azx_get_response timeout, switching to polling mode: last
cmd=0x018f0900

Will do a compile test ASAP.

Luca


Attachments:
alsa-info.txt (12.89 kB)

2009-10-13 06:13:29

by Takashi Iwai

[permalink] [raw]
Subject: Re: [BUG] GPF in snd_hda_intel

At Mon, 12 Oct 2009 21:39:21 +0200,
Luca Tettamanti wrote:
>
> On Mon, Oct 12, 2009 at 7:58 AM, Takashi Iwai <[email protected]> wrote:
> > At Sat, 10 Oct 2009 15:01:10 +0200,
> > Luca Tettamanti wrote:
> >>
> >> Hello,
> >> with current git kernel (bd381934) I see a GPF when the snd_hda_intel driver is
> >> loaded; the regression is recent, 0eca52a works fine.
> >> The machine is an ASUS laptop (F3Sa), this is the sound card:
> >
> > Could you load the snd-hda-intel module with probe_only=1 option,
> > and give the output of "alsa-info.sh --no-upload" ?
> >
> > If 0eca52a worked, there are only a few changes regarding hda-intel.
> >
> > f8f25ba3563dab14b1c3ea4d829642b8a61ca5d7
> >    ALSA: hda - Add a workaround for ASUS A7K
>
> This is probably related; I haven't actually tested yet, but I have
> one more information: I had "model=lenovo" in modprobe configuration.

Ah, this is it. I can reproduce the problem with my emulator now.
The patch below fixes the issue.

> This was necessary because otherwise the driver applied the quirk for
> Asus G1, resulting in no sound (see bug
> https://bugtrack.alsa-project.org/alsa-bug/view.php?id=3513).
> The driver works fine without "model" parameter (possibly due to the
> removal of the quirk entry for the the G1); I get a warning about a
> timeout when MSI is not enabled though:
>
> HDA Intel 0000:00:1b.0: PCI INT A disabled
> HDA Intel 0000:00:1b.0: PCI INT A -> GSI 22 (level, low) -> IRQ 22
> HDA Intel 0000:00:1b.0: setting latency timer to 64
> hda_codec: ALC660-VD: BIOS auto-probing.
> input: HDA Digital PCBeep as /devices/pci0000:00/0000:00:1b.0/input/input9
> hda-intel: azx_get_response timeout, switching to polling mode: last
> cmd=0x018f0900

It's no critical error, but if enable_msi=1 helps, just keep the option.
In 2.6.33, MSI will be enabled as default.


thanks,

Takashi

---
>From 2d9c648295d7bc376305337d29f540a5e411f632 Mon Sep 17 00:00:00 2001
From: Takashi Iwai <[email protected]>
Date: Tue, 13 Oct 2009 08:06:55 +0200
Subject: [PATCH] ALSA: hda - Fix overflow of spec->init_verbs in patch_realtek.c

ALC861-VD lenovo model causes overflow of spec->init_verbs entries due to
the recent changes. Simply increase the array size to avoid the overflow.

Reported-by: Luca Tettamanti <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
---
sound/pci/hda/patch_realtek.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 470fd74..c08ca66 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -275,7 +275,7 @@ struct alc_spec {
struct snd_kcontrol_new *cap_mixer; /* capture mixer */
unsigned int beep_amp; /* beep amp value, set via set_beep_amp() */

- const struct hda_verb *init_verbs[5]; /* initialization verbs
+ const struct hda_verb *init_verbs[10]; /* initialization verbs
* don't forget NULL
* termination!
*/
--
1.6.4.2

2009-10-13 12:55:25

by Luca Tettamanti

[permalink] [raw]
Subject: Re: [BUG] GPF in snd_hda_intel

On Tue, Oct 13, 2009 at 8:12 AM, Takashi Iwai <[email protected]> wrote:
> At Mon, 12 Oct 2009 21:39:21 +0200,
> Luca Tettamanti wrote:
>>
>> On Mon, Oct 12, 2009 at 7:58 AM, Takashi Iwai <[email protected]> wrote:
>> > At Sat, 10 Oct 2009 15:01:10 +0200,
>> > Luca Tettamanti wrote:
>> >>
>> >> Hello,
>> >> with current git kernel (bd381934) I see a GPF when the snd_hda_intel driver is
>> >> loaded; the regression is recent, 0eca52a works fine.
>> >> The machine is an ASUS laptop (F3Sa), this is the sound card:
>> >
>> > Could you load the snd-hda-intel module with probe_only=1 option,
>> > and give the output of "alsa-info.sh --no-upload" ?
>> >
>> > If 0eca52a worked, there are only a few changes regarding hda-intel.
>> >
>> > f8f25ba3563dab14b1c3ea4d829642b8a61ca5d7
>> >    ALSA: hda - Add a workaround for ASUS A7K
>>
>> This is probably related; I haven't actually tested yet, but I have
>> one more information: I had "model=lenovo" in modprobe configuration.
>
> Ah, this is it.  I can reproduce the problem with my emulator now.
> The patch below fixes the issue.

Yup, no more GPF.

> From 2d9c648295d7bc376305337d29f540a5e411f632 Mon Sep 17 00:00:00 2001
> From: Takashi Iwai <[email protected]>
> Date: Tue, 13 Oct 2009 08:06:55 +0200
> Subject: [PATCH] ALSA: hda - Fix overflow of spec->init_verbs in patch_realtek.c
>
> ALC861-VD lenovo model causes overflow of spec->init_verbs entries due to
> the recent changes.  Simply increase the array size to avoid the overflow.
>
> Reported-by: Luca Tettamanti <[email protected]>
> Signed-off-by: Takashi Iwai <[email protected]>

Tested-by: Luca Tettamanti <[email protected]>

> ---
>  sound/pci/hda/patch_realtek.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
> index 470fd74..c08ca66 100644
> --- a/sound/pci/hda/patch_realtek.c
> +++ b/sound/pci/hda/patch_realtek.c
> @@ -275,7 +275,7 @@ struct alc_spec {
>        struct snd_kcontrol_new *cap_mixer;     /* capture mixer */
>        unsigned int beep_amp;  /* beep amp value, set via set_beep_amp() */
>
> -       const struct hda_verb *init_verbs[5];   /* initialization verbs
> +       const struct hda_verb *init_verbs[10];  /* initialization verbs
>                                                 * don't forget NULL
>                                                 * termination!
>                                                 */
> --
> 1.6.4.2
>
>