Bug 115173 - sstfb oopses kernel on load
Summary: sstfb oopses kernel on load
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 1
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Arjan van de Ven
QA Contact: Brian Brock
Depends On:
TreeView+ depends on / blocked
Reported: 2004-02-07 21:05 UTC by Alan Cox
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2004-09-29 20:04:18 UTC

Attachments (Terms of Use)
Fix (386 bytes, patch)
2004-02-07 23:48 UTC, Alan Cox
no flags Details | Diff

Description Alan Cox 2004-02-07 21:05:55 UTC
Description of problem:

sstfb driver crashes

How reproducible:

Steps to Reproduce:
1. modprobe sstfb
Actual results:sstfb: Voodoo Graphics with ICS ICS5342 dac
sstfb: framebuffer at 0xd1400000, mapped to 0xccd0b000, size 2Mb
Unable to handle kernel NULL pointer dereference at virtual address
 printing eip:
*pde = 00000000
Oops: 0000
sstfb lp parport autofs natsemi ipt_REJECT iptable_filter ip_tables
floppy sg sr_mod cdrom scsi_mod microcode keybdev mousedev hid input
usb-uhci usbcore ext3
CPU:    0
EIP:    0060:[<c013a106>]    Not tainted
EFLAGS: 00010002
EIP is at kfree [kernel] 0x46 (2.4.22-1.2149.nptl)
eax: 6787690b   ebx: c92c72b4   ecx: 00000000   edx: c1000020
esi: 00000000   edi: 00000202   ebp: c579de24   esp: c579dd5c
ds: 0068   es: 0068   ss: 0068
Process modprobe (pid: 3125, stackpage=c579d000)
Stack: 00000040 00000002 01f69620 000a7876 c92c72b4 00000000 00000000
       c01f16f8 6787690b 00000000 c92c7214 c92c7214 00000014 c92c72b4
       c92c72b4 00000000 00000000 16ddc909 00000010 00000280 0000003f
Call Trace:   [<c01f16f8>] fb_alloc_cmap [kernel] 0x188 (0xc579dd7c)
[<cc905aa0>] sstfb_set_var [sstfb] 0x180 (0xc579dd98)
[<cc905f33>] sst_get_memsize [sstfb] 0x23 (0xc579ddf4)
[<cc908e60>] dacs [sstfb] 0x0 (0xc579de00)
[<cc907898>] sstfb_probe [sstfb] 0x348 (0xc579de0c)
[<cc908d20>] sstfb_id_tbl [sstfb] 0x0 (0xc579dec4)
[<cc908d80>] sstfb_driver [sstfb] 0x0 (0xc579dec8)
[<c01e7125>] pci_announce_device [kernel] 0x35 (0xc579ded4)
[<cc908d20>] sstfb_id_tbl [sstfb] 0x0 (0xc579dedc)
[<cc908d80>] sstfb_driver [sstfb] 0x0 (0xc579dee4)
[<c01e71cc>] pci_register_driver [kernel] 0x5c (0xc579def0)
[<cc908d80>] sstfb_driver [sstfb] 0x0 (0xc579def4)
[<cc907503>] sstfb_init [sstfb] 0x13 (0xc579df08)
[<cc908d80>] sstfb_driver [sstfb] 0x0 (0xc579df0c)
[<c011dfa4>] sys_init_module [kernel] 0x584 (0xc579df14)
[<cc905060>] __sst_dac_read [sstfb] 0x0 (0xc579df2c)
[<cc905060>] __sst_dac_read [sstfb] 0x0 (0xc579df58)
[<c0109747>] system_call [kernel] 0x33 (0xc579dfc0)
Code: 8b 51 0c 8b 59 14 29 d0 31 d2 f7 76 18 89 5c 81 18 8b 51 10
Expected results:

Working sst frame buffer console

Comment 1 Alan Cox 2004-02-07 23:48:20 UTC
Created attachment 97527 [details]

Uncleared memory makes the cmap layer free junk

Comment 2 Alan Cox 2004-03-11 23:22:41 UTC
Bug not in 2.6 btw

Comment 3 Leonard den Ottolander 2004-06-18 22:23:57 UTC
* Tue Feb 17 2004 Dave Jones <davej@redhat.com>
- Fix leak in SSTFB driver.

I assume this is fixed? By the way, would this issue be relevant to
Legacy RHL 9?

Comment 4 Alan Cox 2004-06-18 23:09:42 UTC
Unrelated bug. Both are probably in legacy RH9. The fix for the oops
on load is valid for RH9 too I would suspect

Comment 5 David Lawrence 2004-09-29 20:04:18 UTC
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem

The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, 
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/

Note You need to log in before you can comment on or make changes to this bug.