Bug 357681 - PROBLEM: Kernel oops during interrupt context memory allocation
Summary: PROBLEM: Kernel oops during interrupt context memory allocation
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel   
(Show other bugs)
Version: 6
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
Whiteboard: bzcl34nup
Keywords: Reopened
Depends On:
TreeView+ depends on / blocked
Reported: 2007-10-30 07:59 UTC by Thomas Kordelle
Modified: 2008-05-06 19:47 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-05-06 19:47:48 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Linux Kernel 8928 None None None Never

Description Thomas Kordelle 2007-10-30 07:59:45 UTC
The BUG occours, while calling vmalloc_to_page, on kernel (Fedora Core 6). The BUG won't exists on kernel
2.6.18-1.2798.fc6 (older Fedora Core 6).

For more informations and how to reproduce take a look at bugzilla.kernel.org
under Bug ID 8928.

kernel BUG at arch/i386/mm/highmem.c:38!
invalid opcode: 0000 [#1]
last sysfs file: /devices/pci0000:00/0000:00:03.0/0000:02:01.0/irq
Modules linked in: vfat fat lirc_serial(F)(U) lirc_dev(F)(U) ipv6 nfs lockd
nfs_acl sunrpc dm_mirror dm_mod video sbs buttond
CPU:    1
EIP:    0060:[<c041f971>]    Tainted: PF      VLI
EFLAGS: 00010206   ( #1)
EIP is at kmap_atomic_prot+0x31/0x80
eax: 000000a8   ebx: c16dd120   ecx: c0004e44   edx: 0000000f
esi: 0000002a   edi: 00000163   ebp: f0371f00   esp: c07cef54
ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0068
Process irqbalance (pid: 2289, ti=c07ce000 task=c1944600 task.ti=f6e6f000)
Stack: 00000aa8 00000000 f6f78001 c0466ece f8eaa3c8 000000bc f8946f51 00000050 
       f8947a71 f8eaa3c8 f8947c09 f6d50002 f6ee8c00 00000015 f8947d94 00000000 
       00000001 ffffc041 c07cefb4 f6ee8c00 00000000 00000000 f89480f9 ffff0001 
Call Trace:
 [<c0466ece>] vmalloc_to_page+0x36/0x5c
 [<f8946f51>] vmap_to_dma_addr+0x8/0x1e [linuxdvb]
 [<f8947a71>] __end_IWrDebiComPara+0x7/0x42 [linuxdvb]
 [<f8947c09>] Rps1Paket.seiteOk+0x5/0x9 [linuxdvb]
 [<f8947d94>] StartTransAktion.tLoop+0xd/0x2b [linuxdvb]
 [<f89480f9>] DebiIntFkt.p1Ist0+0x7/0x8 [linuxdvb]
 [<f89443f7>] dvb_irq+0xc1/0x167 [linuxdvb]
 [<c0455842>] handle_IRQ_event+0x1a/0x3f
 [<c0456a5f>] handle_fasteoi_irq+0x72/0xa6
 [<c04569ed>] handle_fasteoi_irq+0x0/0xa6
 [<c04071f7>] do_IRQ+0xac/0xd1
 [<c040592b>] common_interrupt+0x23/0x28
 [<c0467af2>] unmap_vmas+0x4d7/0x4ff
 [<c046a6bf>] unmap_region+0x8f/0xf8
 [<c046b0ac>] do_munmap+0x15a/0x1ac
 [<c046b12e>] sys_munmap+0x30/0x3e
 [<c0404f8e>] syscall_call+0x7/0xb
Code: c3 89 e0 25 00 f0 ff ff ff 40 14 64 a1 08 30 7a c0 6b c0 1b 8b 0d b0 c2
7f c0 8d 34 10 8d 04 b5 00 00 00 00 29 c1 83 3 
EIP: [<c041f971>] kmap_atomic_prot+0x31/0x80 SS:ESP 0068:c07cef54
Kernel panic - not syncing: Fatal exception in interrupt

Comment 1 Chuck Ebbert 2007-10-30 15:32:37 UTC
What is the linuxdvb module?

Comment 2 Thomas Kordelle 2007-11-01 08:30:45 UTC
It's a module written by me. It run's stable for the last six year's. Since the
latest kernel upgrade i got this BUG. This error is hard to reproduce, but it
seems to trigger when a highmem address (allocated in userspace) is passed to

Comment 3 Chuck Ebbert 2007-11-01 16:39:00 UTC
The problem is almost certainly in the driver's vmap_to_dma_addr() function. If
you can reporduce without the driver loaded, reopen the bug...

Comment 4 Thomas Kordelle 2007-11-01 18:11:45 UTC
Hi wise guy, maybe you are touched by god, but if you can read and learn then
take some time and read the function vmalloc_to_page. And if this won't help
then take a look here http://bugzilla.kernel.org/show_bug.cgi?id=8928.
If you after that always think the macro BUG_ON() is a joke in highmem.c line
38, then you should change your job.

Good luck ....

Comment 5 Thomas Kordelle 2007-11-03 20:03:00 UTC
To workaround the BUG inside the 'kmap_atomic_prot' function is to write your
own version of 'vmalloc_to_page'. The big point is to avoid the use of
'kmap_atomic_prot'. We don't need to reinvent the wheel. There is already a
similar function called 'lookup_address' in 'arch/i386/mm/pageattr.c'.
Unfortunately this function is not exported as SYMBOL. So we copy the code and
add two lines (see dvb_vmalloc_to_page) to have a working 'vmalloc_to_page'.

static pte_t *dvb_lookup_address(unsigned long address)
  pgd_t *pgd = pgd_offset_k(address);
  pud_t *pud;
  pmd_t *pmd;
  if (pgd_none(*pgd))
    return NULL;

  pud = pud_offset(pgd, address);
  if (pud_none(*pud))
    return NULL;

  pmd = pmd_offset(pud, address);
  if (pmd_none(*pmd))
    return NULL;
  if (pmd_large(*pmd))
    return (pte_t *)pmd;

  return pte_offset_kernel(pmd, address);

struct page* dvb_vmalloc_to_page(void * vmalloc_addr)
  struct page  *page = NULL;
  pte_t        *ppte, pte;

  ppte = dvb_lookup_address((unsigned long)vmalloc_addr);
  if (ppte != NULL)
    pte = *ppte;
    if (pte_present(pte))
      page = pte_page(pte);
  return page;

Comment 6 Bug Zapper 2008-04-04 07:39:31 UTC
Fedora apologizes that these issues have not been resolved yet. We're
sorry it's taken so long for your bug to be properly triaged and acted
on. We appreciate the time you took to report this issue and want to
make sure no important bugs slip through the cracks.

If you're currently running a version of Fedora Core between 1 and 6,
please note that Fedora no longer maintains these releases. We strongly
encourage you to upgrade to a current Fedora release. In order to
refocus our efforts as a project we are flagging all of the open bugs
for releases which are no longer maintained and closing them.

If this bug is still open against Fedora Core 1 through 6, thirty days
from now, it will be closed 'WONTFIX'. If you can reporduce this bug in
the latest Fedora version, please change to the respective version. If
you are unable to do this, please add a comment to this bug requesting
the change.

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we are following is outlined here:

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.

And if you'd like to join the bug triage team to help make things
better, check out http://fedoraproject.org/wiki/BugZappers

Comment 7 Bug Zapper 2008-05-06 19:47:46 UTC
This bug is open for a Fedora version that is no longer maintained and
will not be fixed by Fedora. Therefore we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen thus bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.