Bug 209207 - snd-hda-intel reconfig via udev rule triggers general protection fault
Summary: snd-hda-intel reconfig via udev rule triggers general protection fault
Status: NEW
Alias: None
Product: Drivers
Classification: Unclassified
Component: Sound(ALSA) (show other bugs)
Hardware: Intel Linux
: P1 normal
Assignee: Jaroslav Kysela
URL:
Keywords:
: 208747 (view as bug list)
Depends on:
Blocks:
 
Reported: 2020-09-08 19:02 UTC by Gavin S. Yancey
Modified: 2020-12-09 13:58 UTC (History)
3 users (show)

See Also:
Kernel Version: 5.8.7-arch1-1
Subsystem:
Regression: No
Bisected commit-id:


Attachments
Full journalctl log from startup to shutdown (248.49 KB, text/plain)
2020-09-08 19:02 UTC, Gavin S. Yancey
Details
Udev rule that causes the failure (183 bytes, text/plain)
2020-09-08 19:03 UTC, Gavin S. Yancey
Details
Output of alsa-info.sh (61.41 KB, text/plain)
2020-09-08 19:05 UTC, Gavin S. Yancey
Details
Fix patch #1 (1.52 KB, patch)
2020-12-09 13:58 UTC, Takashi Iwai
Details | Diff
Fix patch #2 (1.95 KB, patch)
2020-12-09 13:58 UTC, Takashi Iwai
Details | Diff

Description Gavin S. Yancey 2020-09-08 19:02:58 UTC
Created attachment 292429 [details]
Full journalctl log from startup to shutdown

Reconfiguring my sound card to add the hint `jack_detect=false` via a udev rule causes a general protection fault in the kernel. This doesn't happen if I remove the udev rule.

The rule in question:

ACTION=="add", SUBSYSTEM=="sound", ATTRS{chip_name}=="ALCS1200A", ATTR{hints}="jack_detect=false"
ACTION=="add", SUBSYSTEM=="sound", ATTRS{chip_name}=="ALCS1200A", ATTR{reconfig}="1"

The crash:

Sep 08 04:16:03 microlith kernel: hdaudio hdaudioC1D0: Unable to bind the codec
Sep 08 04:16:03 microlith kernel: general protection fault, probably for non-canonical address 0xdead000000000100: 0000 [#1] PREEMPT SMP NOPTI
Sep 08 04:16:03 microlith kernel: CPU: 5 PID: 520 Comm: systemd-udevd Not tainted 5.8.7-arch1-1 #1
Sep 08 04:16:03 microlith kernel: Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./X570 Pro4, BIOS P2.30 01/13/2020
Sep 08 04:16:03 microlith kernel: RIP: 0010:device_del+0x1bc/0x3f0
Sep 08 04:16:03 microlith kernel: Code: ff 48 89 ef e8 55 ce 00 00 48 c7 c7 60 31 ee a3 e8 c9 b6 34 00 48 8b 95 c0 00 00 00 48 8b 85 c8 00 00 00 48 c7 c7 60 31 ee a3 <48> 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 48 89 85 c0 00
Sep 08 04:16:03 microlith kernel: RSP: 0018:ffffa4ab80b8fdf0 EFLAGS: 00010246
Sep 08 04:16:03 microlith kernel: RAX: dead000000000122 RBX: ffff9f416eee08a0 RCX: 0000000000000000
Sep 08 04:16:03 microlith kernel: RDX: dead000000000100 RSI: 0000000000000001 RDI: ffffffffa3ee3160
Sep 08 04:16:03 microlith kernel: RBP: ffff9f416eee0800 R08: 0000000000000001 R09: 0000000000000001
Sep 08 04:16:03 microlith kernel: R10: ffff9f4171334900 R11: ffff9f416fa92400 R12: ffff9f41cbf230b0
Sep 08 04:16:03 microlith kernel: R13: ffff9f416eee0880 R14: ffffa4ab80b8ff10 R15: ffff9f4174a0a0e0
Sep 08 04:16:03 microlith kernel: FS:  00007ff96573e440(0000) GS:ffff9f41ceb40000(0000) knlGS:0000000000000000
Sep 08 04:16:03 microlith kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Sep 08 04:16:03 microlith kernel: CR2: 000055f4bc55b070 CR3: 0000000409ee8000 CR4: 0000000000340ee0
Sep 08 04:16:03 microlith kernel: Call Trace:
Sep 08 04:16:03 microlith kernel:  snd_hdac_device_unregister+0x39/0x50 [snd_hda_core]
Sep 08 04:16:03 microlith kernel:  snd_hda_codec_configure.cold+0x17/0x21 [snd_hda_codec]
Sep 08 04:16:03 microlith kernel:  reconfig_store+0x4e/0x90 [snd_hda_codec]
Sep 08 04:16:03 microlith kernel:  kernfs_fop_write+0xce/0x1b0
Sep 08 04:16:03 microlith kernel:  vfs_write+0xc7/0x1f0
Sep 08 04:16:03 microlith kernel:  ksys_write+0x67/0xe0
Sep 08 04:16:03 microlith kernel:  do_syscall_64+0x44/0x70
Sep 08 04:16:03 microlith kernel:  entry_SYSCALL_64_after_hwframe+0x44/0xa9
Sep 08 04:16:03 microlith kernel: RIP: 0033:0x7ff9664dff67
Sep 08 04:16:03 microlith kernel: Code: 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24
Sep 08 04:16:03 microlith kernel: RSP: 002b:00007ffef6a2c078 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
Sep 08 04:16:03 microlith kernel: RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007ff9664dff67
Sep 08 04:16:03 microlith kernel: RDX: 0000000000000001 RSI: 00007ffef6a2c680 RDI: 0000000000000006
Sep 08 04:16:03 microlith kernel: RBP: 00007ffef6a2c680 R08: 0000000000000000 R09: 0000000000000000
Sep 08 04:16:03 microlith kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
Sep 08 04:16:03 microlith kernel: R13: 000055f4bc50fd90 R14: 0000000000000001 R15: 00007ff9665b2720
Sep 08 04:16:03 microlith kernel: Modules linked in: amd64_edac_mod(-) iwlmvm gpu_sched nls_iso8859_1 snd_hda_codec_realtek mac80211 nls_cp437 snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi snd_usb_audio libarc4 vfat ttm fat snd_hda_intel snd_intel_dspcfg uvcvideo edac_mce_amd snd_usbmidi_lib videobuf2_vmalloc snd_hda_codec videobuf2_memops snd_rawmidi videobuf2_v4l2 iwlwifi kvm_amd snd_hda_core videobuf2_common drm_kms_helper snd_seq_device snd_hwdep kvm videodev sp5100_tco cec btusb snd_pcm btrtl irqbypass bridge btbcm rapl rc_core btintel snd_timer syscopyarea stp sysfillrect llc pcspkr wmi_bmof k10temp i2c_piix4 mc snd sysimgblt input_leds mousedev joydev cfg80211 bluetooth fb_sys_fops soundcore igb ecdh_generic ecc i2c_algo_bit crc16 apple_mfi_fastcharge dca rfkill pinctrl_amd evdev mac_hid acpi_cpufreq crypto_user drm agpgart ip_tables x_tables btrfs blake2b_generic libcrc32c crc32c_generic xor raid6_pq dm_crypt cbc encrypted_keys trusted tpm hid_generic usbhid hid crct10dif_pclmul crc32_pclmul
Sep 08 04:16:03 microlith kernel:  crc32c_intel ghash_clmulni_intel aesni_intel dm_mod crypto_simd cryptd glue_helper ccp rng_core xhci_pci xhci_pci_renesas xhci_hcd wmi
Sep 08 04:16:03 microlith kernel: ---[ end trace fd53f5f6d60f7b4d ]---
Sep 08 04:16:03 microlith kernel: RIP: 0010:device_del+0x1bc/0x3f0
Sep 08 04:16:03 microlith kernel: Code: ff 48 89 ef e8 55 ce 00 00 48 c7 c7 60 31 ee a3 e8 c9 b6 34 00 48 8b 95 c0 00 00 00 48 8b 85 c8 00 00 00 48 c7 c7 60 31 ee a3 <48> 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 48 89 85 c0 00
Sep 08 04:16:03 microlith kernel: RSP: 0018:ffffa4ab80b8fdf0 EFLAGS: 00010246
Sep 08 04:16:03 microlith kernel: RAX: dead000000000122 RBX: ffff9f416eee08a0 RCX: 0000000000000000
Sep 08 04:16:03 microlith kernel: RDX: dead000000000100 RSI: 0000000000000001 RDI: ffffffffa3ee3160
Sep 08 04:16:03 microlith kernel: RBP: ffff9f416eee0800 R08: 0000000000000001 R09: 0000000000000001
Sep 08 04:16:03 microlith kernel: R10: ffff9f4171334900 R11: ffff9f416fa92400 R12: ffff9f41cbf230b0
Sep 08 04:16:03 microlith kernel: R13: ffff9f416eee0880 R14: ffffa4ab80b8ff10 R15: ffff9f4174a0a0e0
Sep 08 04:16:03 microlith kernel: FS:  00007ff96573e440(0000) GS:ffff9f41ceb40000(0000) knlGS:0000000000000000
Sep 08 04:16:03 microlith kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Sep 08 04:16:03 microlith kernel: CR2: 000055f4bc55b070 CR3: 0000000409ee8000 CR4: 0000000000340ee0
Sep 08 04:16:03 microlith systemd-udevd[503]: Worker [520] terminated by signal 11 (SEGV)
Sep 08 04:16:03 microlith systemd-udevd[503]: hwC1D0: Worker [520] failed

More logs and more info attached
Comment 1 Gavin S. Yancey 2020-09-08 19:03:26 UTC
Created attachment 292431 [details]
Udev rule that causes the failure
Comment 2 Gavin S. Yancey 2020-09-08 19:05:15 UTC
Created attachment 292433 [details]
Output of alsa-info.sh
Comment 3 Gavin S. Yancey 2020-09-08 19:07:47 UTC
Whoops -- this submitted before I finished writing it.

Hardware:

Onboard audio controller of ASRock X570 Pro4.
I believe this is a Realtek ALC1200.
/sys/class/sound/hw*/chip_name reports ALCS1200A
Comment 4 Takashi Iwai 2020-09-09 07:20:00 UTC
Could you give the full dmesg output?

Also it'd be great if you can decode / point out the actually bug RIP (device_del+0x1bc/0x3f0).
Comment 5 Gavin S. Yancey 2020-09-09 07:45:29 UTC
> Could you give the full dmesg output?

I thought that was all included in the journalctl log under "kernel" -- see attachment 292429 [details]. Is there something else I'm missing?

> Also it'd be great if you can decode / point out the actually bug RIP
> (device_del+0x1bc/0x3f0).

I'm not sure how to do that. Are there instructions somewhere you can point me at?
Comment 6 Takashi Iwai 2020-09-09 07:49:59 UTC
Indeed, I overlooked the very first line :)
Comment 7 Takashi Iwai 2020-12-08 14:45:06 UTC
*** Bug 208747 has been marked as a duplicate of this bug. ***
Comment 8 Takashi Iwai 2020-12-09 13:57:40 UTC
Sorry for the late update.  I finally had time to debug this problem.

Below two patches are the fixes.  The first one was submitted, and another one will be submitted soon.  Both should be merged in 5.11 kernel, later backported to stable.
Comment 9 Takashi Iwai 2020-12-09 13:58:03 UTC
Created attachment 294051 [details]
Fix patch #1
Comment 10 Takashi Iwai 2020-12-09 13:58:21 UTC
Created attachment 294053 [details]
Fix patch #2

Note You need to log in before you can comment on or make changes to this bug.