Bug 175239

Summary: Kernel BUG at include/linux/gfp.h:80
Product: [Fedora] Fedora Reporter: Orion Poplawski <orion>
Component: kernelAssignee: Dave Jones <davej>
Status: CLOSED NOTABUG QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: pfrields, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-12-08 04:15:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Orion Poplawski 2005-12-07 22:55:03 UTC
Description of problem:

The BUG_ON appears to be in the Fedora kernel, so I'm reporting here.  I think
this is a kernel issue, not ndiswrapper, but here goes:

Kernel BUG at include/linux/gfp.h:80
invalid operand: 0000 [1] SMP
last sysfs file: /devices/pci0000:00/0000:00:00.0/class
CPU 0
Modules linked in: ndiswrapper(U) hsfengine(U) hsfosspec(U) hsfsoar(U) nfs lockd
nfs_acl radeon drm lp parport_pc ppdev parport autofs4 i2c_dev i2c_core rfcomm
l2cap bluetooth sunrpc nls_utf8 ntfs(U) dm_mirror dm_mod video button battery ac
ipv6 ohci1394 ieee1394 8139cp 8139too mii snd_atiixp snd_ac97_codec snd_ac97_bus
snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss
snd_mixer_oss snd_pcm ohci_hcd ehci_hcd snd_timer snd soundcore shpchp
snd_page_alloc ext3 jbd
Pid: 5484, comm: loadndisdriver Tainted: P      2.6.14-1.1740_FC5 #1
RIP: 0010:[<ffffffff80124c28>] <ffffffff80124c28>{dma_alloc_pages+79}
RSP: 0018:ffff81006cc11780  EFLAGS: 00010202
RAX: 0000000000000005 RBX: 00000000000004d5 RCX: ffff81000000ea00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff810037db96a8
RBP: 0000000000001000 R08: 00000000000004d5 R09: 0000000000000008
R10: 000000000000000d R11: ffffffff886e34c5 R12: 0000000000000001
R13: 0000000000000001 R14: ffff81006cc11908 R15: 00000000ffffffff
FS:  00002aaaaaac83e0(0000) GS:ffffffff805fd000(0000) knlGS:00000000f7f106b0
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000003be3893c30 CR3: 000000006c479000 CR4: 00000000000006e0
Process loadndisdriver (pid: 5484, threadinfo ffff81006cc10000, task
ffff8100782e4840)
Stack: 0000000000000163 ffffffff80125024 ffff81006cc117e8 0000000000001000
       ffff810037db96a8 0000000000000001 0000000000001000 0000000000000001
       ffff81006cc11900 ffff81006cc11908
Call Trace:<ffffffff80125024>{dma_alloc_coherent+131}
<ffffffff886e3503>{:ndiswrapper:NdisMAllocateSharedMemory+62}
       <ffffffff886e45a2>{:ndiswrapper:NdisMAllocateMapRegisters+77}
       <ffffffff801716ba>{dbg_redzone1+28} <ffffffff80171e9c>{check_poison_obj+39}
       <ffffffff886e84aa>{:ndiswrapper:allocate_object+34}
       <ffffffff886e8400>{:ndiswrapper:InterlockedCompareExchange+159}
       <ffffffff80171601>{page_cache_readahead+325}
<ffffffff886e84aa>{:ndiswrapper:allocate_object+34}
       <ffffffff801721ae>{cache_alloc_debugcheck_after+271}
       <ffffffff886f48c9>{:ndiswrapper:lin_to_win6+30}
<ffffffff886e95a9>{:ndiswrapper:wrap_create_thread+293}
       <ffffffff886ef31f>{:ndiswrapper:miniport_init+225}
<ffffffff886eda53>{:ndiswrapper:pdoDispatchPnp+1264}
       <ffffffff886f11b1>{:ndiswrapper:NdisDispatchPnp+199}
       <ffffffff8014df83>{call_usermodehelper_keys+277}
<ffffffff8014de17>{__call_usermodehelper+0}
       <ffffffff80171e9c>{check_poison_obj+39}
<ffffffff886e84aa>{:ndiswrapper:allocate_object+34}
       <ffffffff801718a0>{poison_obj+49}
<ffffffff886e84aa>{:ndiswrapper:allocate_object+34}
       <ffffffff80171e9c>{check_poison_obj+39}
<ffffffff886e84aa>{:ndiswrapper:allocate_object+34}
       <ffffffff801718a0>{poison_obj+49}
<ffffffff886e84aa>{:ndiswrapper:allocate_object+34}
       <ffffffff801716ba>{dbg_redzone1+28}
<ffffffff886e84aa>{:ndiswrapper:allocate_object+34}
       <ffffffff80171e9c>{check_poison_obj+39}
<ffffffff886eb51b>{:ndiswrapper:IoAllocateIrp+42}
       <ffffffff801718a0>{poison_obj+49}
<ffffffff886eb51b>{:ndiswrapper:IoAllocateIrp+42}
       <ffffffff801716ba>{dbg_redzone1+28}
<ffffffff886eb51b>{:ndiswrapper:IoAllocateIrp+42}
       <ffffffff801721ae>{cache_alloc_debugcheck_after+271}
       <ffffffff886eafe8>{:ndiswrapper:IoInitializeIrp+33}
       <ffffffff886ed302>{:ndiswrapper:pnp_start_device+159}
       <ffffffff886ed4e6>{:ndiswrapper:wrap_pnp_start_device+416}
       <ffffffff80219b74>{kobject_get+18} <ffffffff80228956>{pci_device_probe+305}
       <ffffffff8028fbcd>{driver_probe_device+63}
<ffffffff8028fce9>{__driver_attach+76}
       <ffffffff8028fc9d>{__driver_attach+0} <ffffffff8028f147>{bus_for_each_dev+70}
       <ffffffff8028f5b4>{bus_add_driver+112}
<ffffffff8022857e>{__pci_register_driver+184}
       <ffffffff886e04e9>{:ndiswrapper:register_devices+1045}
       <ffffffff886e0e88>{:ndiswrapper:wrapper_ioctl+94}
<ffffffff801f189a>{inode_has_perm+86}
       <ffffffff80173baa>{cache_free_debugcheck+701}
<ffffffff801718a0>{poison_obj+49}
       <ffffffff801718a0>{poison_obj+49} <ffffffff801a2a1e>{do_ioctl+94}
       <ffffffff801a2cc2>{vfs_ioctl+649} <ffffffff801a2d36>{sys_ioctl+91}
       <ffffffff8010fc5c>{tracesys+209}

Code: 0f 0b 68 73 bc 38 80 c2 50 00 48 63 d0 48 89 d0 48 c1 e0 0b
RIP <ffffffff80124c28>{dma_alloc_pages+79} RSP <ffff81006cc11780>
 <3>ndiswrapper (wrapper_init:176): loadndiswrapper failed (11); check system
log for messages from 'loadndisdriver'
Unable to handle kernel NULL pointer dereference at 0000000000000004 RIP:
<ffffffff8021fb66>{_raw_spin_lock+4}
PGD 7346d067 PUD 722df067 PMD 0
Oops: 0000 [2] SMP
last sysfs file: /devices/pci0000:00/0000:00:00.0/class
CPU 0
Modules linked in: ndiswrapper(U) hsfengine(U) hsfosspec(U) hsfsoar(U) nfs lockd
nfs_acl radeon drm lp parport_pc ppdev parport autofs4 i2c_dev i2c_core rfcomm
l2cap bluetooth sunrpc nls_utf8 ntfs(U) dm_mirror dm_mod video button battery ac
ipv6 ohci1394 ieee1394 8139cp 8139too mii snd_atiixp snd_ac97_codec snd_ac97_bus
snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss
snd_mixer_oss snd_pcm ohci_hcd ehci_hcd snd_timer snd soundcore shpchp
snd_page_alloc ext3 jbd
Pid: 5476, comm: modprobe Tainted: P      2.6.14-1.1740_FC5 #1
RIP: 0010:[<ffffffff8021fb66>] <ffffffff8021fb66>{_raw_spin_lock+4}
RSP: 0018:ffff81006a96fe58  EFLAGS: 00010292
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff81007e2fd330
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffffff8871b4f0 R08: 0000000000000000 R09: ffff81007d32bc78
R10: 0000000000000000 R11: ffffffff8029027b R12: 0000000000000000
R13: 00002aaaaaac9010 R14: ffffffff804698e0 R15: 00000000005178e8
FS:  00002aaaaaac83f0(0000) GS:ffffffff805fd000(0000) knlGS:00000000f7f106b0
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000004 CR3: 000000006b119000 CR4: 00000000000006e0
Process modprobe (pid: 5476, threadinfo ffff81006a96e000, task ffff81007db3e0c0)
Stack: ffffffff8871b5b8 ffffffff80368143 ffffffff8021a0af ffffffff8871b4f0
       ffffffff8047de60 ffffffff8028f701 ffffffff8871b4f0 000000000005d060
       ffffffff88713080 ffffffff8028ffc5
Call Trace:<ffffffff80368143>{klist_remove+21} <ffffffff8021a0af>{kobject_release+0}
       <ffffffff8028f701>{bus_remove_driver+114}
<ffffffff8028ffc5>{driver_unregister+9}
       <ffffffff802285b9>{pci_unregister_driver+16}
<ffffffff886e07cb>{:ndiswrapper:loader_exit+139}
       <ffffffff886f1b16>{:ndiswrapper:module_cleanup+6}
<ffffffff880c719a>{:ndiswrapper:wrapper_init+410}
       <ffffffff80165659>{stop_machine_run+58}
<ffffffff8015a5f5>{sys_init_module+282}
       <ffffffff8010fc5c>{tracesys+209}

Code: 81 7f 04 ad 4e ad de 74 0c 48 c7 c6 1c e2 39 80 e8 58 fc ff
RIP <ffffffff8021fb66>{_raw_spin_lock+4} RSP <ffff81006a96fe58>
CR2: 0000000000000004



Version-Release number of selected component (if applicable):
2.6.14-1.1740_FC5

How reproducible:
every time I load ndiswrapper


Additional info:
The ndiswrapper call to dma_alloc_coherent is:

driver/ndis.c:

STDCALL void WRAP_EXPORT(NdisMAllocateSharedMemory)
        (struct ndis_miniport_block *nmb, ULONG size,
         BOOLEAN cached, void **virt, NDIS_PHY_ADDRESS *phys)
{
        dma_addr_t p;
        void *v;
        struct wrap_device *wd = nmb->wnd->wd;

        TRACEENTER3("map count: %d, size: %u, cached: %d",
                    nmb->wnd->map_count, size, cached);

//      if (wnd->map_dma_addr == NULL)
//              ERROR("%s: DMA map address is not set!\n", __FUNCTION__);
        /* FIXME: do USB drivers call this? */
        v = PCI_DMA_ALLOC_COHERENT(wd->pci.pdev, size, &p);

-->

#define PCI_DMA_ALLOC_COHERENT(pci_dev,size,dma_handle) \
        dma_alloc_coherent(&pci_dev->dev,size,dma_handle, \
                           GFP_KERNEL | __GFP_REPEAT | GFP_DMA)

Comment 1 Dave Jones 2005-12-08 04:15:45 UTC
looks like an ndiswrapper bug judging from the calltrace.