Bug 311991 - ioatdma on dell 2900 causes NULL dereference
Summary: ioatdma on dell 2900 causes NULL dereference
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 7
Hardware: x86_64
OS: Linux
low
low
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-09-28 23:35 UTC by Frank Ch. Eigler
Modified: 2008-06-17 02:31 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-06-17 02:31:42 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Frank Ch. Eigler 2007-09-28 23:35:42 UTC
kernel version: 2.6.22.7-85.fc7debug
modprobe ioatdma during bootup sez:

[  142.497353] Module ioatdma cannot be unloaded due to unsafe usage in
drivers/dma/ioatdma.c:829
[  142.497906] ACPI: PCI Interrupt 0000:00:08.0[A] -> GSI 16 (level, low) -> IRQ 16
[  142.497945] Unable to handle kernel NULL pointer dereference at
0000000000000003 RIP: 
[  142.498002]  [<ffffffff8835adc0>] :ioatdma:ioat_do_interrupt+0xd/0x50
[  142.498770] PGD 10fc46067 PUD 114a56067 PMD 0 
[  142.499156] Oops: 0000 [1] SMP 
[  142.499498] last sysfs file: /block/sr0/removable
[  142.499753] CPU 3 
[  142.500049] Modules linked in: ioatdma dell_rbu nfsd exportfs lockd nfs_acl
ipmi_devintf ipmi_si ipmi_msghandler hidp l2cap bluetooth sunr
pc xt_length ipt_TOS xt_state xt_tcpudp ipt_REJECT ipt_LOG xt_limit
iptable_mangle iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nfnetlin
k iptable_filter ip_tables x_tables ppp_deflate zlib_deflate ppp_synctty
ppp_async crc_ccitt ppp_generic slhc bridge dm_mirror dm_multipath d
m_mod video sbs button dock battery ac tcp_westwood kvm_intel kvm sr_mod cdrom
ata_generic ata_piix serio_raw libata bnx2 rtc_cmos sg joydev 
usb_storage shpchp megaraid_sas sd_mod scsi_mod ext3 jbd mbcache ehci_hcd
ohci_hcd uhci_hcd
[  142.505129] Pid: 5239, comm: modprobe Not tainted 2.6.22.7-85.fc7debug #1
[  142.505386] RIP: 0010:[<ffffffff8835adc0>]  [<ffffffff8835adc0>]
:ioatdma:ioat_do_interrupt+0xd/0x50
[  142.505892] RSP: 0018:ffff81010ff83c48  EFLAGS: 00010096
[  142.506146] RAX: 0000000000001214 RBX: 0000000000000202 RCX: ffffffff8835b0f5
[  142.506405] RDX: 0000000000000000 RSI: ffff81012cc11700 RDI: 00000000000008f4
[  142.506663] RBP: ffff81012cc11700 R08: ffff81012cc11700 R09: ffff81012cc11700
[  142.506919] R10: 000000000000005a R11: ffffffff811f2016 R12: 0000000000000020
[  142.507176] R13: ffff81012cc11700 R14: ffffffff8835adb3 R15: 00000000000008f4
[  142.507434] FS:  00002aaaaaae0250(0000) GS:ffff810105855900(0000)
knlGS:0000000000000000
[  142.507892] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  142.508147] CR2: 0000000000000003 CR3: 0000000110281000 CR4: 00000000000026e0
[  142.508406] Process modprobe (pid: 5239, threadinfo ffff81010ff82000, task
ffff8101106dcf60)
[  142.508866] Stack:  ffff81012cc11700 0000000000000202 ffff81012447ab40
ffffffff81069bd8
[  142.509544]  ffff81012447ac80 ffffffff8835b0f5 01ff81012f971070 ffff81012f971070
[  142.510176]  ffff81012cc11700 ffff81012f971000 00000000fffffff4 0000000000000000
[  142.510566] Call Trace:
[  142.511063]  [<ffffffff81069bd8>] request_irq+0xcc/0x120
[  142.511321]  [<ffffffff8835aab7>] :ioatdma:ioat_probe+0x15b/0x457
[  142.511581]  [<ffffffff8126a916>] _spin_unlock+0x17/0x20
[  142.511839]  [<ffffffff8112c1be>] pci_device_probe+0xcd/0x134
[  142.512097]  [<ffffffff811a54a3>] driver_probe_device+0xff/0x17c
[  142.512354]  [<ffffffff811a5668>] __driver_attach+0x90/0xcc
[  142.512609]  [<ffffffff811a55d8>] __driver_attach+0x0/0xcc
[  142.512865]  [<ffffffff811a55d8>] __driver_attach+0x0/0xcc
[  142.513120]  [<ffffffff811a4824>] bus_for_each_dev+0x43/0x6e
[  142.513378]  [<ffffffff811a4b9c>] bus_add_driver+0x7b/0x19d
[  142.513634]  [<ffffffff8112c3a0>] __pci_register_driver+0x68/0x9a
[  142.513892]  [<ffffffff81055f70>] sys_init_module+0x163f/0x17a1
[  142.514153]  [<ffffffff81067540>] audit_syscall_entry+0x141/0x174
[  142.514414]  [<ffffffff81009d2e>] tracesys+0xd5/0xda
[  142.514673] 
[  142.514920] 
[  142.514920] Code: 8a 42 03 0f b6 d8 31 c0 f6 c3 01 74 31 f6 c3 02 75 0a 0f b6 
[  142.516541] RIP  [<ffffffff8835adc0>] :ioatdma:ioat_do_interrupt+0xd/0x50
[  142.516841]  RSP <ffff81010ff83c48>
[  142.517091] CR2: 0000000000000003

/proc/interrupts:

           CPU0       CPU1       CPU2       CPU3       
  0:    4495005    4488078    4345639    4392238   IO-APIC-edge      timer
  1:          0          0          2          0   IO-APIC-edge      i8042
  8:          0          0          0          0   IO-APIC-edge      rtc0
  9:          0          0          0          0   IO-APIC-fasteoi   acpi
 12:          3          0          0          1   IO-APIC-edge      i8042
 14:       5954       3079       5943       3071   IO-APIC-edge      libata
 15:          0          0          0          0   IO-APIC-edge      libata
 20:          1          0          2          1   IO-APIC-fasteoi  
uhci_hcd:usb2, uhci_hcd:usb4
 21:       2602      16310       2520      16416   IO-APIC-fasteoi  
uhci_hcd:usb1, uhci_hcd:usb3, ehci_hcd:usb5
 23:          0          0          0          0   IO-APIC-fasteoi   libata
142:      34649      41577      29926      41231   IO-APIC-fasteoi   megasas
2293:         42         39         52     293549   PCI-MSI-edge      eth1
2294:          6          6     592254          8   PCI-MSI-edge      eth0
NMI:          0          0          0          0 
LOC:   17606513   17604825   17606384   17604607 
ERR:          0

Comment 1 Chuck Ebbert 2007-10-04 00:28:09 UTC
Hah, another driver that isn't really ready for interrupts when it calls
request_irq().

Comment 2 Christopher Brown 2008-01-14 18:05:16 UTC
Hello,

I'm reviewing this bug as part of the kernel bug triage project, an attempt to
isolate current bugs in the Fedora kernel.

http://fedoraproject.org/wiki/KernelBugTriage

I am CC'ing myself to this bug and will try and assist you in resolving it if I can.

There hasn't been much activity on this bug for a while. Could you tell me if
you are still having problems with the latest kernel?

If the problem no longer exists then please close this bug or I'll do so in a
few days if there is no additional information lodged.

Comment 3 Frank Ch. Eigler 2008-01-14 18:34:26 UTC
Sorry dude, the problem is still there in 2.6.23.8-34.fc7debug #1 SMP Thu Nov 22
20:31:16 EST 2007 x86_64

The call trace is essentially identical, and the Oops results instantly upon
"modprobe ioatdma".


Comment 4 Shannon Nelson 2008-01-18 00:19:05 UTC
We did some significant rework on the ioatdma driver last summer.  Unfortunately
it didn't make it into 2.6.23, but it is available in 2.6.24 as well as
out-of-core on our SourceForge site.  Please try the newer code - I believe it
will fix your problem.

Alternatively, you can try moving the request_irq() code down a few lines to
before the ioat_self_test().


Comment 5 Bug Zapper 2008-05-14 14:33:28 UTC
This message is a reminder that Fedora 7 is nearing the end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 7. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '7'.

Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 7's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 7 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug. If you are unable to change the version, please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. If possible, it is recommended that you try the newest available Fedora distribution to see if your bug still exists.

Please read the Release Notes for the newest Fedora distribution to make sure it will meet your needs:
http://docs.fedoraproject.org/release-notes/

The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 6 Bug Zapper 2008-06-17 02:31:41 UTC
Fedora 7 changed to end-of-life (EOL) status on June 13, 2008. 
Fedora 7 is no longer maintained, which means that it will not 
receive any further security or bug fix updates. As a result we 
are closing this bug. 

If you can reproduce this bug against a currently maintained version 
of Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.