From: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
To: Fengguang Wu <fengguang.wu@intel.com>
Cc: linux-ide@vger.kernel.org, Borislav Petkov <bp@alien8.de>,
"David S. Miller" <davem@davemloft.net>,
Linus Torvalds <torvalds@linux-foundation.org>,
Jens Axboe <axboe@kernel.dk>,
Bart Van Assche <bart.vanassche@sandisk.com>,
linux-kernel@vger.kernel.org
Subject: Re: [cdrom_check_status] BUG: unable to handle kernel NULL pointer dereference at 000001c0
Date: Wed, 08 Nov 2017 17:28:16 +0100 [thread overview]
Message-ID: <7885793.0mqNGdeUvE@amdc3058> (raw)
In-Reply-To: <20171107102538.mzbfdxll3fpf2kqg@wfg-t540p.sh.intel.com>
On Tuesday, November 07, 2017 06:25:38 PM Fengguang Wu wrote:
> Hello,
Hi Fengguang,
> FYI this happens in v4.14-rc8 -- it's not necessarily a new bug.
>
> [ 22.626306] ide-cd: hdc: ATAPI 4X DVD-ROM drive, 512kB Cache
> [ 22.627216] cdrom: Uniform CD-ROM driver Revision: 3.20
> [ 22.638941] ide-cd: hdc: ATAPI 4X DVD-ROM drive, 512kB Cache
> [ 22.665149] rdac: device handler registered
> [ 22.666646] ACPI: Preparing to enter system sleep state S5
> [ 22.666764] BUG: unable to handle kernel NULL pointer dereference at 000001c0
> [ 22.666773] IP: cdrom_check_status+0x2c/0x90
> [ 22.666774] *pde = 00000000
> [ 22.666777] Oops: 0000 [#1] SMP
> [ 22.666782] CPU: 1 PID: 155 Comm: kworker/1:2 Not tainted 4.14.0-rc8 #127
> [ 22.666783] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
> [ 22.666788] Workqueue: events_freezable_power_ disk_events_workfn
> [ 22.666790] task: 4fe90980 task.stack: 507ac000
> [ 22.666792] EIP: cdrom_check_status+0x2c/0x90
> [ 22.666793] EFLAGS: 00210246 CPU: 1
> [ 22.666795] EAX: 00000000 EBX: 4fefec00 ECX: 00000000 EDX: 00000000
> [ 22.666796] ESI: 00000003 EDI: ffffffff EBP: 467a9340 ESP: 507aded0
> [ 22.666797] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
> [ 22.666799] CR0: 80050033 CR2: 000001c0 CR3: 06e0f000 CR4: 00000690
> [ 22.666803] Call Trace:
> [ 22.666807] ? ide_cdrom_check_events_real+0x1d/0x40
> [ 22.666811] ? cdrom_check_events+0xe/0x30
> [ 22.666813] ? disk_check_events+0x3a/0xf0
> [ 22.666817] ? process_one_work+0x16a/0x370
> [ 22.666818] ? process_one_work+0x117/0x370
> [ 22.666820] ? worker_thread+0x31/0x3b0
> [ 22.666822] ? kthread+0xd7/0x110
> [ 22.666824] ? process_one_work+0x370/0x370
> [ 22.666826] ? __kthread_create_on_node+0x160/0x160
> [ 22.666830] ? ret_from_fork+0x19/0x30
> [ 22.666831] Code: 53 83 ec 14 89 c3 89 d1 be 03 00 00 00 65 a1 14 00 00 00 89 44 24 10 31 c0 8b 43 18 c7 44 24 04 00 00 00 00 c7 04 24 00 00 00 00 <8a> 80 c0 01 00 00 c7 44 24 08 00 00 00 00 83 e0 03 c7 44 24 0c
> [ 22.666863] EIP: cdrom_check_status+0x2c/0x90 SS:ESP: 0068:507aded0
> [ 22.666863] CR2: 00000000000001c0
> [ 22.666870] ---[ end trace 2410e586dd8f88b2 ]---
> [ 22.666872] Kernel panic - not syncing: Fatal exception
>
> Attached the full dmesg and kconfig.
>From the dmesg:
[ 18.372398] Uniform Multi-Platform E-IDE driver
[ 18.373507] piix 0000:00:01.1: IDE controller (0x8086:0x7010 rev 0x00)
[ 18.374773] piix 0000:00:01.1: not 100% native mode: will probe irqs later
[ 18.376676] ide0: BM-DMA at 0xc080-0xc087
[ 18.377411] ide1: BM-DMA at 0xc088-0xc08f
[ 18.378121] Probing IDE interface ide0...
[... (rcu stuff done in parallel)]
[ 18.984203] Probing IDE interface ide1...
[ 19.772269] hdc: QEMU DVD-ROM, ATAPI CD/DVD-ROM drive
[ 20.492253] hdc: host max PIO4 wanted PIO255(auto-tune) selected PIO0
[ 20.493396] hdc: MWDMA2 mode selected
[ 20.494219] ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
[ 20.495001] ide1 at 0x170-0x177,0x376 on irq 15
[ 20.497649] piix 0000:00:01.1: IDE controller (0x8086:0x7010 rev 0x00)
[ 20.498835] piix 0000:00:01.1: not 100% native mode: will probe irqs later
[ 20.500931] ide0: BM-DMA at 0xc080-0xc087
[ 20.501669] ide1: BM-DMA at 0xc088-0xc08f
[ 20.502354] Probing IDE interface ide0...
[ 21.112206] Probing IDE interface ide1...
[ 21.900269] hdc: QEMU DVD-ROM, ATAPI CD/DVD-ROM drive
[ 22.620257] hdc: host max PIO4 wanted PIO255(auto-tune) selected PIO0
[ 22.621356] hdc: MWDMA2 mode selected
[ 22.622168] ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
[ 22.622947] ide1 at 0x170-0x177,0x376 on irq 15
[ 22.624740] ide-gd driver 1.18
[ 22.625274] ide-cd driver 5.00
[ 22.626306] ide-cd: hdc: ATAPI 4X DVD-ROM drive, 512kB Cache
[ 22.627216] cdrom: Uniform CD-ROM driver Revision: 3.20
[ 22.638941] ide-cd: hdc: ATAPI 4X DVD-ROM drive, 512kB Cache
[ 22.665149] rdac: device handler registered
[ 22.666646] ACPI: Preparing to enter system sleep state S5
[ 22.666764] BUG: unable to handle kernel NULL pointer dereference at 000001c0
we can see that for some reason PIIX PCI IDE controller is probed
twice and later when we attach ide-cd driver to both instances of hdc
(in parallel) it ends up badly..
Something is very wrong here as pci_request_selected_regions() in
drivers/ide/setup-pci.c:ide_pci_enable() should allocate PCI resources
so the second probe attempt should not happen. Also interface/device
names reuse should be prevented by ide_find_port_slot()..
Does the dmesg for the good boot also contain double probe?
If not, can you add some debug to pci_request_selected_regions()?
[ I've seen Linus' opinion but it doesn't seem that IDE is a root
cause of the problem that we are seeing here.. ]
Best regards,
--
Bartlomiej Zolnierkiewicz
Samsung R&D Institute Poland
Samsung Electronics
next prev parent reply other threads:[~2017-11-08 16:28 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20171108162818epcas2p25c73e1093a9d8f20d9efb2f3cd469b45@epcas2p2.samsung.com>
2017-11-07 10:25 ` [cdrom_check_status] BUG: unable to handle kernel NULL pointer dereference at 000001c0 Fengguang Wu
2017-11-07 10:43 ` Borislav Petkov
2017-11-07 13:06 ` Fengguang Wu
2017-11-07 14:01 ` Borislav Petkov
2017-11-07 16:01 ` Linus Torvalds
2017-11-07 16:37 ` [PATCH] drivers/ide-cd: Handle missing driver data during status check gracefully Borislav Petkov
2017-11-07 17:13 ` Linus Torvalds
2017-11-08 0:08 ` David Miller
2017-11-07 16:34 ` [cdrom_check_status] BUG: unable to handle kernel NULL pointer dereference at 000001c0 Fengguang Wu
2017-11-07 16:29 ` Bart Van Assche
2017-11-08 16:28 ` Bartlomiej Zolnierkiewicz [this message]
2017-11-08 16:50 ` Bartlomiej Zolnierkiewicz
2017-11-08 18:09 ` Bartlomiej Zolnierkiewicz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7885793.0mqNGdeUvE@amdc3058 \
--to=b.zolnierkie@samsung.com \
--cc=axboe@kernel.dk \
--cc=bart.vanassche@sandisk.com \
--cc=bp@alien8.de \
--cc=davem@davemloft.net \
--cc=fengguang.wu@intel.com \
--cc=linux-ide@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox