250374 – sdhci module produces kernel oops in exclusive situations

Bug 250374 - sdhci module produces kernel oops in exclusive situations

Summary: sdhci module produces kernel oops in exclusive situations

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	6
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Kernel Maintainer List
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	bzcl34nup
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-08-01 06:46 UTC by Andy Shevchenko
Modified:	2008-05-06 19:43 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-05-06 19:43:33 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Andy Shevchenko 2007-08-01 06:46:02 UTC

Description of problem:
The sdhci module produces kernel oops while user quickly push and pop media 
card during mount/umount process.

Version-Release number of selected component (if applicable):
kernel-2.6.20-1.2962.fc6 and other previous

Additional info:
============== dmesg info ===================:

mmc0: Card removed during transfer!
mmc0: Resetting controller.
mmc0: Got command interrupt even though no command operation was in progress.
mmc0: Please report this to <sdhci-devel.cx>.
sdhci: ============== REGISTER DUMP ==============
sdhci: Sys addr: 0x17ed3000 | Version:  0x00000200
sdhci: Blk size: 0x00007200 | Blk cnt:  0x00000000
sdhci: Argument: 0x00000000 | Trn mode: 0x00000033
sdhci: Present:  0x01f80001 | Host ctl: 0x00000003
sdhci: Power:    0x0000000e | Blk gap:  0x00000000
sdhci: Wake-up:  0x00000000 | Clock:    0x00008007
sdhci: Timeout:  0x00000009 | Int stat: 0x00038000
sdhci: Int enab: 0x00ff00fb | Sig enab: 0x00ff00fb
sdhci: AC12 err: 0x00000000 | Slot int: 0x00000001
sdhci: Caps:     0x018021a1 | Max curr: 0x00000040
sdhci: ===========================================
mmc0: Got command interrupt even though no command operation was in progress.
mmc0: Please report this to <sdhci-devel.cx>.
sdhci: ============== REGISTER DUMP ==============
sdhci: Sys addr: 0x17ed3000 | Version:  0x00000200
sdhci: Blk size: 0x00007200 | Blk cnt:  0x00000000
sdhci: Argument: 0x00000000 | Trn mode: 0x00000033
sdhci: Present:  0x01f80001 | Host ctl: 0x00000003
sdhci: Power:    0x0000000e | Blk gap:  0x00000000
sdhci: Wake-up:  0x00000000 | Clock:    0x00008007
sdhci: Timeout:  0x00000009 | Int stat: 0x00000000
sdhci: Int enab: 0x00ff00fb | Sig enab: 0x00ff00fb
sdhci: AC12 err: 0x00000000 | Slot int: 0x00000000
sdhci: Caps:     0x018021a1 | Max curr: 0x00000040
sdhci: ===========================================
end_request: I/O error, dev mmcblk0, sector 990701
BUG: unable to handle kernel NULL pointer dereference at virtual address 
00000030
 printing eip:
f8bd810e
*pde = 3adce067
Oops: 0000 [#1]
SMP
last sysfs file: /block/mmcblk0/size
Modules linked in: vfat fat mmc_block appletalk ipx p8023 nfs lockd nfs_acl 
ppp_async wlan_wep(U) i915 drm irnet ppp_ge
neric slhc irtty_sir sir_dev ircomm_tty ircomm autofs4 hidp rfcomm l2cap 
bluetooth sunrpc nf_conntrack_netbios_ns ipt_R
EJECT xt_state iptable_filter iptable_nat nf_nat nf_conntrack_ipv4 
nf_conntrack nfnetlink ip_tables ip6t_REJECT xt_tcpu
dp ip6table_filter ip6_tables x_tables ipv6 cpufreq_ondemand fuse dm_mirror 
dm_multipath dm_mod video sbs ibm_acpi i2c_
ec dock button battery asus_acpi backlight ac parport_pc lp parport 
snd_hda_intel snd_hda_codec snd_seq_dummy snd_seq_o
ss snd_seq_midi_event wlan_scan_sta(U) snd_seq ath_rate_sample(U) 
snd_seq_device snd_pcm_oss ath_pci(U) snd_mixer_oss o
hci1394 sg wlan(U) nsc_ircc snd_pcm serio_raw irda snd_timer sdhci ieee1394 
i2c_i801 snd iTCO_wdt pcspkr ata_piix mmc_c
ore crc_ccitt iTCO_vendor_support e1000 ath_hal(P)(U) i2c_core soundcore 
snd_page_alloc ahci libata sd_mod scsi_mod ext
3 jbd ehci_hcd ohci_hcd uhci_hcd
CPU:    1
EIP:    0060:[<f8bd810e>]    Tainted: P      VLI
EFLAGS: 00010097   (2.6.20-1.2962.fc6 #1)
EIP is at mmc_prep_request+0x25/0x4a [mmc_core]
eax: 00000000   ebx: cf73b9c8   ecx: 00000000   edx: cf73b9c8
esi: f7de9414   edi: 00000000   ebp: 00000000   esp: dd871f88
ds: 007b   es: 007b   ss: 0068
Process mmcqd (pid: 29813, ti=dd871000 task=f6c3a1f0 task.ti=dd871000)
Stack: cf73b9c8 c04dd06c f7f61880 3134604c c19fe200 00000001 ffffffff 00000246
       cf73b9c8 c8d19e54 cf73b910 f7de9414 00000000 f8bd81ea c8d19e54 f70dad08
       f8bd8189 c04376a3 ffffffff ffffffff c04375f3 00000000 00000000 c0404b33
Call Trace:
 [<c04dd06c>] elv_next_request+0xfe/0x1ac
 [<f8bd81ea>] mmc_queue_thread+0x61/0xda [mmc_core]
 [<f8bd8189>] mmc_queue_thread+0x0/0xda [mmc_core]
 [<c04376a3>] kthread+0xb0/0xd9
 [<c04375f3>] kthread+0x0/0xd9
 [<c0404b33>] kernel_thread_helper+0x7/0x10
 =======================
Code: 00 00 00 5b 5e c3 53 8b 88 d0 00 00 00 89 d3 8b 42 18 83 f8 08 75 0c 30 
c0 83 7a 70 00 75 28 0f 0b eb fe 48 83 f8
 01 77 0b 89 c8 <ff> 51 30 85 c0 74 15 eb 1a 89 d8 ba 60 88 bd f8 e8 75 62 90 
c7
EIP: [<f8bd810e>] mmc_prep_request+0x25/0x4a [mmc_core] SS:ESP 0068:dd871f88

Comment 1 Chuck Ebbert 2007-08-31 18:23:06 UTC

Does this still happen with the new 2.6.22.x kernels?

Comment 2 Andy Shevchenko 2007-08-31 18:55:56 UTC

No. In the 2.6.22.x the dbus and hal isn't sensivity to cardreader at all.
I can only mount my SD cards by manual act.
Now I'm using 2.6.22.2-42 kernel.

[andy@localhost minihallib]$ dmesg | tail
ACPI: Lid Switch [LID]
input: Sleep Button (CM) as /class/input/input11
ACPI: Sleep Button (CM) [SLPB]
ohci1394: fw-host0: OHCI-1394 1.0 (PCI): IRQ=[21]  MMIO=[e4301000-e43017ff]  
Max Packet=[2048]  IR/IT contexts=[4/4]
Bluetooth: RFCOMM socket layer initialized
Bluetooth: RFCOMM TTY layer initialized
Bluetooth: RFCOMM ver 1.8
ieee1394: Host added: ID:BUS[0-00:1023]  GUID[000ae4060015200a]
mmcblk0: mmc0:c54d SD016 14400KiB
 mmcblk0: p1

But:
lshal -t
...
  pci_8086_2448
    pci_1180_476
    pci_1180_552
    pci_1180_822
      pci_1180_822_mmc_host
>>> No other devices here!
  pci_8086_27b9
...


P.S. I'm using the x60s thinkpad laptop with internal cardreader. External 
cardreared still works fine.

Comment 3 Bug Zapper 2008-04-04 07:29:35 UTC

Fedora apologizes that these issues have not been resolved yet. We're
sorry it's taken so long for your bug to be properly triaged and acted
on. We appreciate the time you took to report this issue and want to
make sure no important bugs slip through the cracks.

If you're currently running a version of Fedora Core between 1 and 6,
please note that Fedora no longer maintains these releases. We strongly
encourage you to upgrade to a current Fedora release. In order to
refocus our efforts as a project we are flagging all of the open bugs
for releases which are no longer maintained and closing them.
http://fedoraproject.org/wiki/LifeCycle/EOL

If this bug is still open against Fedora Core 1 through 6, thirty days
from now, it will be closed 'WONTFIX'. If you can reporduce this bug in
the latest Fedora version, please change to the respective version. If
you are unable to do this, please add a comment to this bug requesting
the change.

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we are following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.

And if you'd like to join the bug triage team to help make things
better, check out http://fedoraproject.org/wiki/BugZappers

Comment 4 Bug Zapper 2008-05-06 19:43:31 UTC

This bug is open for a Fedora version that is no longer maintained and
will not be fixed by Fedora. Therefore we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen thus bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.