Red Hat Bugzilla – Bug 311991
ioatdma on dell 2900 causes NULL dereference
Last modified: 2008-06-16 22:31:42 EDT
kernel version: 126.96.36.199-85.fc7debug
modprobe ioatdma during bootup sez:
[ 142.497353] Module ioatdma cannot be unloaded due to unsafe usage in
[ 142.497906] ACPI: PCI Interrupt 0000:00:08.0[A] -> GSI 16 (level, low) -> IRQ 16
[ 142.497945] Unable to handle kernel NULL pointer dereference at
[ 142.498002] [<ffffffff8835adc0>] :ioatdma:ioat_do_interrupt+0xd/0x50
[ 142.498770] PGD 10fc46067 PUD 114a56067 PMD 0
[ 142.499156] Oops: 0000  SMP
[ 142.499498] last sysfs file: /block/sr0/removable
[ 142.499753] CPU 3
[ 142.500049] Modules linked in: ioatdma dell_rbu nfsd exportfs lockd nfs_acl
ipmi_devintf ipmi_si ipmi_msghandler hidp l2cap bluetooth sunr
pc xt_length ipt_TOS xt_state xt_tcpudp ipt_REJECT ipt_LOG xt_limit
iptable_mangle iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nfnetlin
k iptable_filter ip_tables x_tables ppp_deflate zlib_deflate ppp_synctty
ppp_async crc_ccitt ppp_generic slhc bridge dm_mirror dm_multipath d
m_mod video sbs button dock battery ac tcp_westwood kvm_intel kvm sr_mod cdrom
ata_generic ata_piix serio_raw libata bnx2 rtc_cmos sg joydev
usb_storage shpchp megaraid_sas sd_mod scsi_mod ext3 jbd mbcache ehci_hcd
[ 142.505129] Pid: 5239, comm: modprobe Not tainted 188.8.131.52-85.fc7debug #1
[ 142.505386] RIP: 0010:[<ffffffff8835adc0>] [<ffffffff8835adc0>]
[ 142.505892] RSP: 0018:ffff81010ff83c48 EFLAGS: 00010096
[ 142.506146] RAX: 0000000000001214 RBX: 0000000000000202 RCX: ffffffff8835b0f5
[ 142.506405] RDX: 0000000000000000 RSI: ffff81012cc11700 RDI: 00000000000008f4
[ 142.506663] RBP: ffff81012cc11700 R08: ffff81012cc11700 R09: ffff81012cc11700
[ 142.506919] R10: 000000000000005a R11: ffffffff811f2016 R12: 0000000000000020
[ 142.507176] R13: ffff81012cc11700 R14: ffffffff8835adb3 R15: 00000000000008f4
[ 142.507434] FS: 00002aaaaaae0250(0000) GS:ffff810105855900(0000)
[ 142.507892] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 142.508147] CR2: 0000000000000003 CR3: 0000000110281000 CR4: 00000000000026e0
[ 142.508406] Process modprobe (pid: 5239, threadinfo ffff81010ff82000, task
[ 142.508866] Stack: ffff81012cc11700 0000000000000202 ffff81012447ab40
[ 142.509544] ffff81012447ac80 ffffffff8835b0f5 01ff81012f971070 ffff81012f971070
[ 142.510176] ffff81012cc11700 ffff81012f971000 00000000fffffff4 0000000000000000
[ 142.510566] Call Trace:
[ 142.511063] [<ffffffff81069bd8>] request_irq+0xcc/0x120
[ 142.511321] [<ffffffff8835aab7>] :ioatdma:ioat_probe+0x15b/0x457
[ 142.511581] [<ffffffff8126a916>] _spin_unlock+0x17/0x20
[ 142.511839] [<ffffffff8112c1be>] pci_device_probe+0xcd/0x134
[ 142.512097] [<ffffffff811a54a3>] driver_probe_device+0xff/0x17c
[ 142.512354] [<ffffffff811a5668>] __driver_attach+0x90/0xcc
[ 142.512609] [<ffffffff811a55d8>] __driver_attach+0x0/0xcc
[ 142.512865] [<ffffffff811a55d8>] __driver_attach+0x0/0xcc
[ 142.513120] [<ffffffff811a4824>] bus_for_each_dev+0x43/0x6e
[ 142.513378] [<ffffffff811a4b9c>] bus_add_driver+0x7b/0x19d
[ 142.513634] [<ffffffff8112c3a0>] __pci_register_driver+0x68/0x9a
[ 142.513892] [<ffffffff81055f70>] sys_init_module+0x163f/0x17a1
[ 142.514153] [<ffffffff81067540>] audit_syscall_entry+0x141/0x174
[ 142.514414] [<ffffffff81009d2e>] tracesys+0xd5/0xda
[ 142.514920] Code: 8a 42 03 0f b6 d8 31 c0 f6 c3 01 74 31 f6 c3 02 75 0a 0f b6
[ 142.516541] RIP [<ffffffff8835adc0>] :ioatdma:ioat_do_interrupt+0xd/0x50
[ 142.516841] RSP <ffff81010ff83c48>
[ 142.517091] CR2: 0000000000000003
CPU0 CPU1 CPU2 CPU3
0: 4495005 4488078 4345639 4392238 IO-APIC-edge timer
1: 0 0 2 0 IO-APIC-edge i8042
8: 0 0 0 0 IO-APIC-edge rtc0
9: 0 0 0 0 IO-APIC-fasteoi acpi
12: 3 0 0 1 IO-APIC-edge i8042
14: 5954 3079 5943 3071 IO-APIC-edge libata
15: 0 0 0 0 IO-APIC-edge libata
20: 1 0 2 1 IO-APIC-fasteoi
21: 2602 16310 2520 16416 IO-APIC-fasteoi
uhci_hcd:usb1, uhci_hcd:usb3, ehci_hcd:usb5
23: 0 0 0 0 IO-APIC-fasteoi libata
142: 34649 41577 29926 41231 IO-APIC-fasteoi megasas
2293: 42 39 52 293549 PCI-MSI-edge eth1
2294: 6 6 592254 8 PCI-MSI-edge eth0
NMI: 0 0 0 0
LOC: 17606513 17604825 17606384 17604607
Hah, another driver that isn't really ready for interrupts when it calls
I'm reviewing this bug as part of the kernel bug triage project, an attempt to
isolate current bugs in the Fedora kernel.
I am CC'ing myself to this bug and will try and assist you in resolving it if I can.
There hasn't been much activity on this bug for a while. Could you tell me if
you are still having problems with the latest kernel?
If the problem no longer exists then please close this bug or I'll do so in a
few days if there is no additional information lodged.
Sorry dude, the problem is still there in 184.108.40.206-34.fc7debug #1 SMP Thu Nov 22
20:31:16 EST 2007 x86_64
The call trace is essentially identical, and the Oops results instantly upon
We did some significant rework on the ioatdma driver last summer. Unfortunately
it didn't make it into 2.6.23, but it is available in 2.6.24 as well as
out-of-core on our SourceForge site. Please try the newer code - I believe it
will fix your problem.
Alternatively, you can try moving the request_irq() code down a few lines to
before the ioat_self_test().
This message is a reminder that Fedora 7 is nearing the end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 7. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '7'.
Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 7's end of life.
Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 7 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug. If you are unable to change the version, please add a comment here and someone will do it for you.
Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. If possible, it is recommended that you try the newest available Fedora distribution to see if your bug still exists.
Please read the Release Notes for the newest Fedora distribution to make sure it will meet your needs:
The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Fedora 7 changed to end-of-life (EOL) status on June 13, 2008.
Fedora 7 is no longer maintained, which means that it will not
receive any further security or bug fix updates. As a result we
are closing this bug.
If you can reproduce this bug against a currently maintained version
of Fedora please feel free to reopen this bug against that version.
Thank you for reporting this bug and we are sorry it could not be fixed.