Bug 357681 - PROBLEM: Kernel oops during interrupt context memory allocation
PROBLEM: Kernel oops during interrupt context memory allocation
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
6
i686 Linux
low Severity high
: ---
: ---
Assigned To: Kernel Maintainer List
Fedora Extras Quality Assurance
bzcl34nup
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-30 03:59 EDT by Thomas Kordelle
Modified: 2008-05-06 15:47 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-06 15:47:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Linux Kernel 8928 None None None Never

  None (edit)
Description Thomas Kordelle 2007-10-30 03:59:45 EDT
The BUG occours, while calling vmalloc_to_page, on kernel
2.6.22.9-61.fc6 (Fedora Core 6). The BUG won't exists on kernel
2.6.18-1.2798.fc6 (older Fedora Core 6).

For more informations and how to reproduce take a look at bugzilla.kernel.org
under Bug ID 8928.


kernel BUG at arch/i386/mm/highmem.c:38!
invalid opcode: 0000 [#1]
SMP 
last sysfs file: /devices/pci0000:00/0000:00:03.0/0000:02:01.0/irq
Modules linked in: vfat fat lirc_serial(F)(U) lirc_dev(F)(U) ipv6 nfs lockd
nfs_acl sunrpc dm_mirror dm_mod video sbs buttond
CPU:    1
EIP:    0060:[<c041f971>]    Tainted: PF      VLI
EFLAGS: 00010206   (2.6.22.9-61.fc6 #1)
EIP is at kmap_atomic_prot+0x31/0x80
eax: 000000a8   ebx: c16dd120   ecx: c0004e44   edx: 0000000f
esi: 0000002a   edi: 00000163   ebp: f0371f00   esp: c07cef54
ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0068
Process irqbalance (pid: 2289, ti=c07ce000 task=c1944600 task.ti=f6e6f000)
Stack: 00000aa8 00000000 f6f78001 c0466ece f8eaa3c8 000000bc f8946f51 00000050 
       f8947a71 f8eaa3c8 f8947c09 f6d50002 f6ee8c00 00000015 f8947d94 00000000 
       00000001 ffffc041 c07cefb4 f6ee8c00 00000000 00000000 f89480f9 ffff0001 
Call Trace:
 [<c0466ece>] vmalloc_to_page+0x36/0x5c
 [<f8946f51>] vmap_to_dma_addr+0x8/0x1e [linuxdvb]
 [<f8947a71>] __end_IWrDebiComPara+0x7/0x42 [linuxdvb]
 [<f8947c09>] Rps1Paket.seiteOk+0x5/0x9 [linuxdvb]
 [<f8947d94>] StartTransAktion.tLoop+0xd/0x2b [linuxdvb]
 [<f89480f9>] DebiIntFkt.p1Ist0+0x7/0x8 [linuxdvb]
 [<f89443f7>] dvb_irq+0xc1/0x167 [linuxdvb]
 [<c0455842>] handle_IRQ_event+0x1a/0x3f
 [<c0456a5f>] handle_fasteoi_irq+0x72/0xa6
 [<c04569ed>] handle_fasteoi_irq+0x0/0xa6
 [<c04071f7>] do_IRQ+0xac/0xd1
 [<c040592b>] common_interrupt+0x23/0x28
 [<c0467af2>] unmap_vmas+0x4d7/0x4ff
 [<c046a6bf>] unmap_region+0x8f/0xf8
 [<c046b0ac>] do_munmap+0x15a/0x1ac
 [<c046b12e>] sys_munmap+0x30/0x3e
 [<c0404f8e>] syscall_call+0x7/0xb
 =======================
Code: c3 89 e0 25 00 f0 ff ff ff 40 14 64 a1 08 30 7a c0 6b c0 1b 8b 0d b0 c2
7f c0 8d 34 10 8d 04 b5 00 00 00 00 29 c1 83 3 
EIP: [<c041f971>] kmap_atomic_prot+0x31/0x80 SS:ESP 0068:c07cef54
Kernel panic - not syncing: Fatal exception in interrupt
Comment 1 Chuck Ebbert 2007-10-30 11:32:37 EDT
What is the linuxdvb module?
Comment 2 Thomas Kordelle 2007-11-01 04:30:45 EDT
It's a module written by me. It run's stable for the last six year's. Since the
latest kernel upgrade i got this BUG. This error is hard to reproduce, but it
seems to trigger when a highmem address (allocated in userspace) is passed to
vmalloc_to_page.
Comment 3 Chuck Ebbert 2007-11-01 12:39:00 EDT
The problem is almost certainly in the driver's vmap_to_dma_addr() function. If
you can reporduce without the driver loaded, reopen the bug...
Comment 4 Thomas Kordelle 2007-11-01 14:11:45 EDT
Hi wise guy, maybe you are touched by god, but if you can read and learn then
take some time and read the function vmalloc_to_page. And if this won't help
then take a look here http://bugzilla.kernel.org/show_bug.cgi?id=8928.
If you after that always think the macro BUG_ON() is a joke in highmem.c line
38, then you should change your job.

Good luck ....
Comment 5 Thomas Kordelle 2007-11-03 16:03:00 EDT
To workaround the BUG inside the 'kmap_atomic_prot' function is to write your
own version of 'vmalloc_to_page'. The big point is to avoid the use of
'kmap_atomic_prot'. We don't need to reinvent the wheel. There is already a
similar function called 'lookup_address' in 'arch/i386/mm/pageattr.c'.
Unfortunately this function is not exported as SYMBOL. So we copy the code and
add two lines (see dvb_vmalloc_to_page) to have a working 'vmalloc_to_page'.


static pte_t *dvb_lookup_address(unsigned long address)
{
  pgd_t *pgd = pgd_offset_k(address);
  pud_t *pud;
  pmd_t *pmd;
  
  if (pgd_none(*pgd))
    return NULL;

  pud = pud_offset(pgd, address);
  if (pud_none(*pud))
    return NULL;

  pmd = pmd_offset(pud, address);
  if (pmd_none(*pmd))
    return NULL;
    
  if (pmd_large(*pmd))
    return (pte_t *)pmd;

  return pte_offset_kernel(pmd, address);
}

struct page* dvb_vmalloc_to_page(void * vmalloc_addr)
{
  struct page  *page = NULL;
  pte_t        *ppte, pte;

  ppte = dvb_lookup_address((unsigned long)vmalloc_addr);
  if (ppte != NULL)
  {
    pte = *ppte;
    if (pte_present(pte))
      page = pte_page(pte);
  }
  return page;
}
Comment 6 Bug Zapper 2008-04-04 03:39:31 EDT
Fedora apologizes that these issues have not been resolved yet. We're
sorry it's taken so long for your bug to be properly triaged and acted
on. We appreciate the time you took to report this issue and want to
make sure no important bugs slip through the cracks.

If you're currently running a version of Fedora Core between 1 and 6,
please note that Fedora no longer maintains these releases. We strongly
encourage you to upgrade to a current Fedora release. In order to
refocus our efforts as a project we are flagging all of the open bugs
for releases which are no longer maintained and closing them.
http://fedoraproject.org/wiki/LifeCycle/EOL

If this bug is still open against Fedora Core 1 through 6, thirty days
from now, it will be closed 'WONTFIX'. If you can reporduce this bug in
the latest Fedora version, please change to the respective version. If
you are unable to do this, please add a comment to this bug requesting
the change.

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we are following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.

And if you'd like to join the bug triage team to help make things
better, check out http://fedoraproject.org/wiki/BugZappers
Comment 7 Bug Zapper 2008-05-06 15:47:46 EDT
This bug is open for a Fedora version that is no longer maintained and
will not be fixed by Fedora. Therefore we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen thus bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.