Red Hat Bugzilla – Bug 357681
PROBLEM: Kernel oops during interrupt context memory allocation
Last modified: 2008-05-06 15:47:48 EDT
The BUG occours, while calling vmalloc_to_page, on kernel
126.96.36.199-61.fc6 (Fedora Core 6). The BUG won't exists on kernel
2.6.18-1.2798.fc6 (older Fedora Core 6).
For more informations and how to reproduce take a look at bugzilla.kernel.org
under Bug ID 8928.
kernel BUG at arch/i386/mm/highmem.c:38!
invalid opcode: 0000 [#1]
last sysfs file: /devices/pci0000:00/0000:00:03.0/0000:02:01.0/irq
Modules linked in: vfat fat lirc_serial(F)(U) lirc_dev(F)(U) ipv6 nfs lockd
nfs_acl sunrpc dm_mirror dm_mod video sbs buttond
EIP: 0060:[<c041f971>] Tainted: PF VLI
EFLAGS: 00010206 (188.8.131.52-61.fc6 #1)
EIP is at kmap_atomic_prot+0x31/0x80
eax: 000000a8 ebx: c16dd120 ecx: c0004e44 edx: 0000000f
esi: 0000002a edi: 00000163 ebp: f0371f00 esp: c07cef54
ds: 007b es: 007b fs: 00d8 gs: 0033 ss: 0068
Process irqbalance (pid: 2289, ti=c07ce000 task=c1944600 task.ti=f6e6f000)
Stack: 00000aa8 00000000 f6f78001 c0466ece f8eaa3c8 000000bc f8946f51 00000050
f8947a71 f8eaa3c8 f8947c09 f6d50002 f6ee8c00 00000015 f8947d94 00000000
00000001 ffffc041 c07cefb4 f6ee8c00 00000000 00000000 f89480f9 ffff0001
[<f8946f51>] vmap_to_dma_addr+0x8/0x1e [linuxdvb]
[<f8947a71>] __end_IWrDebiComPara+0x7/0x42 [linuxdvb]
[<f8947c09>] Rps1Paket.seiteOk+0x5/0x9 [linuxdvb]
[<f8947d94>] StartTransAktion.tLoop+0xd/0x2b [linuxdvb]
[<f89480f9>] DebiIntFkt.p1Ist0+0x7/0x8 [linuxdvb]
[<f89443f7>] dvb_irq+0xc1/0x167 [linuxdvb]
Code: c3 89 e0 25 00 f0 ff ff ff 40 14 64 a1 08 30 7a c0 6b c0 1b 8b 0d b0 c2
7f c0 8d 34 10 8d 04 b5 00 00 00 00 29 c1 83 3
EIP: [<c041f971>] kmap_atomic_prot+0x31/0x80 SS:ESP 0068:c07cef54
Kernel panic - not syncing: Fatal exception in interrupt
What is the linuxdvb module?
It's a module written by me. It run's stable for the last six year's. Since the
latest kernel upgrade i got this BUG. This error is hard to reproduce, but it
seems to trigger when a highmem address (allocated in userspace) is passed to
The problem is almost certainly in the driver's vmap_to_dma_addr() function. If
you can reporduce without the driver loaded, reopen the bug...
Hi wise guy, maybe you are touched by god, but if you can read and learn then
take some time and read the function vmalloc_to_page. And if this won't help
then take a look here http://bugzilla.kernel.org/show_bug.cgi?id=8928.
If you after that always think the macro BUG_ON() is a joke in highmem.c line
38, then you should change your job.
Good luck ....
To workaround the BUG inside the 'kmap_atomic_prot' function is to write your
own version of 'vmalloc_to_page'. The big point is to avoid the use of
'kmap_atomic_prot'. We don't need to reinvent the wheel. There is already a
similar function called 'lookup_address' in 'arch/i386/mm/pageattr.c'.
Unfortunately this function is not exported as SYMBOL. So we copy the code and
add two lines (see dvb_vmalloc_to_page) to have a working 'vmalloc_to_page'.
static pte_t *dvb_lookup_address(unsigned long address)
pgd_t *pgd = pgd_offset_k(address);
pud = pud_offset(pgd, address);
pmd = pmd_offset(pud, address);
return (pte_t *)pmd;
return pte_offset_kernel(pmd, address);
struct page* dvb_vmalloc_to_page(void * vmalloc_addr)
struct page *page = NULL;
pte_t *ppte, pte;
ppte = dvb_lookup_address((unsigned long)vmalloc_addr);
if (ppte != NULL)
pte = *ppte;
page = pte_page(pte);
Fedora apologizes that these issues have not been resolved yet. We're
sorry it's taken so long for your bug to be properly triaged and acted
on. We appreciate the time you took to report this issue and want to
make sure no important bugs slip through the cracks.
If you're currently running a version of Fedora Core between 1 and 6,
please note that Fedora no longer maintains these releases. We strongly
encourage you to upgrade to a current Fedora release. In order to
refocus our efforts as a project we are flagging all of the open bugs
for releases which are no longer maintained and closing them.
If this bug is still open against Fedora Core 1 through 6, thirty days
from now, it will be closed 'WONTFIX'. If you can reporduce this bug in
the latest Fedora version, please change to the respective version. If
you are unable to do this, please add a comment to this bug requesting
Thanks for your help, and we apologize again that we haven't handled
these issues to this point.
The process we are following is outlined here:
We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.
And if you'd like to join the bug triage team to help make things
better, check out http://fedoraproject.org/wiki/BugZappers
This bug is open for a Fedora version that is no longer maintained and
will not be fixed by Fedora. Therefore we are closing this bug.
If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen thus bug against that version.
Thank you for reporting this bug and we are sorry it could not be fixed.