The sound driver bug occurs while running 'gmod' to play a MOD file.
1.3.30 works, 1.1.32 doesn't. Other sound operations (mixer, playback
PCM, record PCM) work. /dev/sndstat contains:
Installed drivers:
Type 1: OPL-2/OPL-3 FM
Type 2: SoundBlaster
Type 6: SoundBlaster16
Type 7: SB16 MIDI
Type 4: Gravis Ultrasound
Card config:
SoundBlaster at 0x220 irq 7 drq 1
SoundBlaster16 at 0x220 irq 7 drq 5
(SB16 MIDI at 0x330 irq 7 drq 0)
Gravis Ultrasound at 0x240 irq 11 drq 6
OPL-2/OPL-3 FM at 0x388 irq 0 drq 0
Audio devices:
0: SoundBlaster 16 4.13
1: Gravis UltraSound
Synth devices:
0: Gravis UltraSound 3.4 (1024k)
1: Yamaha OPL-3
Midi devices:
0: Gravis UltraSound Midi
Timers:
0: System Timer
1: OPL-3/GUS Timer
Mixers:
0: SoundBlaster
1: Gravis Ultrasound
Here's the syslog entries:
general protection: 0000
CPU: 0
EIP: 0010:00000003
EFLAGS: 00010086
eax: 00000019 ebx: 00000004 ecx: 00000345 edx: 00000345
esi: 00000005 edi: 00000010 ebp: 000039cc esp: 001d96f0
ds: 0018 es: 0018 fs: 002b gs: 0018 ss: 0018
Process swapper (pid: 0, process nr: 0, stackpage=001d7884)
Stack: 0000007f 00000000 00000068 00205140 00000001 00000003 fffffff3 00001fff
00000000 0000000b 00000000 0000000d 00000640 00000000 00235600 00000046
00000010 00000000 00000010 001b40df 00000000 00000001 00000046 0000007f
Call Trace: 001b40df 001af5d6 001afdd6 001afe80 001b1555 00110eb8 0011665e
0010a4bd 001096b4 0010a539 00109277
Code: 00 6f ef 00 f0 c3 e2 00 f0 6f ef 00 f0 6f ef 00 f0 ff 5e 2c
Aiee, killing interrupt handler
unmap_pte_range: bad pmd (000000e7)
unmap_pte_range: bad pmd (004000e7)
unmap_pte_range: bad pmd (008000e7)
unmap_pte_range: bad pmd (00c000e7)
unmap_pte_range: bad pmd (010000e7)
unmap_pte_range: bad pmd (014000e7)
unmap_pte_range: bad pmd (018000e7)
unmap_pte_range: bad pmd (01c000e7)
kfree of non-kmalloced memory: 001d987c, next= 00000000, order=0
swapper trying to free kernel page-directory: not good
kfree of non-kmalloced memory: 001d9eec, next= 00000000, order=0
kfree of non-kmalloced memory: 001d98c4, next= 00000000, order=0
kfree of non-kmalloced memory: 001d98b4, next= 00000000, order=0
kfree of non-kmalloced memory: 001d9ce8, next= 00000000, order=0
idle task may not sleep
Oct 18 10:45:17 foobar last message repeated 4 times
ksymoops reports:
Using `/tmp/linux-1.3.32-foobar/linux/System.map' to map addresses to symbols.
Trace: 1b40df <guswave_start_note+11f/190>
Trace: 1af5d6 <seq_chn_voice_event+1b6/220>
Trace: 1afdd6 <play_event+2d6/320>
Trace: 1afe80 <seq_startplay+60/f0>
Trace: 1b1555 <sequencer_timer+5/10>
Trace: 110eb8 <timer_bh+88/a0>
Trace: 11665e <do_bottom_half+3e/80>
Trace: 10a4bd <handle_bottom_half+d/20>
Trace: 1096b4 <sys_idle+44/50>
Trace: 10a539 <system_call+59/a0>
Trace: 109277 <start_kernel+1c7/1e0>
Code: addb %ch,0xffffffef(%edi)
Code: addb %dh,%al
Code: ret
Code: loop 00000008 <_EIP+8>
Code: lock outsl %ds:(%esi),(%dx)
Code: outl %eax,(%dx)
Code: addb %dh,%al
Code: outsl %ds:(%esi),(%dx)
Code: outl %eax,(%dx)
Code: addb %dh,%al
Code: lcall *0x2c(%esi)
The other bug occurs when you press SAK on the console. This is broken
in at least 1.3.25-1.3.32. Interestingly enough it _does_ kill the
foreground process on the TTY.
The ksymoops output has the sound driver oops mixed in with it--I didn't
bother rebooting between generating the two oopses. The SAK bug is
independent of the sound driver bug, though...it it's bitten me just
about every time I try to log on when I forget that it's buggy :-(.
syslog output:
general protection: 0000
CPU: 0
EIP: 0010:0017f4e4
EFLAGS: 00010286
eax: f000e987 ebx: 001da3b0 ecx: 00000000 edx: 00000000
esi: 00cce018 edi: 00f1a000 ebp: 00001b67 esp: 001d95a4
ds: 0018 es: 0018 fs: 002b gs: 0000 ss: 0018
Process swapper (pid: 0, process nr: 0, stackpage=001d7884)
Stack: 0000000e 00204d0b 0000000c 001e36d0 00187c0b 00f1a000 00187c4d 00187788
0000000f 00000000 00000001 00000010 001d9608 001d96b4 00000000 00000000
0010c903 00000001 001d9608 001d9608 00000014 001da000 0010b756 00000001
Call Trace: 00187c0b 00187c4d 00187788 0010c903 0010b756 0012fe11 001152d6
0010ab12 03000000 02800000 0010af6c 0010af40 0010a6fb 001b40df 001af5d6
001afdd6 001afe80 001b1555 00110eb8 0011665e 0010a4bd 001096b4 0010a539
00109277
Code: 81 78 24 84 01 1e 00 75 05 39 78 2c 74 ce 42 81 fa ff 00 00
Aiee, killing interrupt handler
ksymoops reports:
Using `/tmp/linux-1.3.32-foobar/linux/System.map' to map addresses to symbols.
>>EIP: 17f4e4 <do_SAK+84/b0>
Trace: 187c0b <SAK+b/10>
Trace: 187c4d <do_spec+1d/20>
Trace: 187788 <keyboard_interrupt+3e8/450>
Trace: 10c903 <do_IRQ+33/40>
Trace: 10b756 <IRQ1_interrupt+56/80>
Trace: 12fe11 <sem_exit+61/190>
Trace: 1152d6 <do_exit+46/c0>
Trace: 10ab12 <die_if_kernel+2c2/2e0>
Trace: 3000000
Trace: 2800000
Trace: 10af6c <do_general_protection+2c/60>
Trace: 10af6c <do_general_protection+2c/60>
Trace: 10a6fb <error_code+4b/60>
Trace: 1b40df <guswave_start_note+11f/190>
Trace: 1af5d6 <seq_chn_voice_event+1b6/220>
Trace: 1afdd6 <play_event+2d6/320>
Trace: 1afe80 <seq_startplay+60/f0>
Trace: 1b1555 <sequencer_timer+5/10>
Trace: 110eb8 <timer_bh+88/a0>
Trace: 11665e <do_bottom_half+3e/80>
Trace: 10a4bd <handle_bottom_half+d/20>
Trace: 1096b4 <sys_idle+44/50>
Trace: 10a539 <system_call+59/a0>
Trace: 109277 <start_kernel+1c7/1e0>
Code: 17f4e4 <do_SAK+84/b0> cmpl $0x1e0184,0x24(%eax)
Code: 17f4eb <do_SAK+8b/b0> jne 17f4f2 <do_SAK+92/b0>
Code: 17f4ed <do_SAK+8d/b0> cmpl %edi,0x2c(%eax)
Code: 17f4f0 <do_SAK+90/b0> je ffffffdc <gcc2_compiled.+ffffffdc>
Code: 17f4f2 <do_SAK+92/b0> incl %edx
Code: 17f4f3 <do_SAK+93/b0> cmpl $0xff,%edx
Code: 17f4f9 <do_SAK+99/b0> nop
Code: 17f4fa <do_SAK+9a/b0> nop