2.6.25-mm1: kmmcd NULL pointer dereference at klist_del+0xe/0x30 - Kernel

This is a discussion on 2.6.25-mm1: kmmcd NULL pointer dereference at klist_del+0xe/0x30 - Kernel ; Got this twice with 2.6.25-mm1 on my Thinkpad X40, AData 16GB SDHC card in mmc0 but no filesystem mounted. I think the oops happened at suspend/resume time. Previous kernel was 2.6.25-rc5-mm1 which didn't exhibit this problem across multiple suspend-resume cycles. ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: 2.6.25-mm1: kmmcd NULL pointer dereference at klist_del+0xe/0x30

  1. 2.6.25-mm1: kmmcd NULL pointer dereference at klist_del+0xe/0x30

    Got this twice with 2.6.25-mm1 on my Thinkpad X40, AData 16GB SDHC card
    in mmc0 but no filesystem mounted. I think the oops happened at
    suspend/resume time. Previous kernel was 2.6.25-rc5-mm1 which didn't
    exhibit this problem across multiple suspend-resume cycles.

    Complete logs and pretty much everything else you could want at
    http://web.hexapodia.org/~adi/bobble...0080509100634/

    [104375.816331] BUG: unable to handle kernel NULL pointer dereference at 0000000c
    [104375.816338] IP: [] klist_del+0xe/0x30
    [104375.816350] *pde = 00000000
    [104375.816356] Oops: 0000 [#1]
    [104375.816361] last sysfs file: /sys/devices/pci0000:00/0000:00:1e.0/0000:02:02.0/rf_kill
    [104375.816367] Modules linked in: ipw2200 michael_mic arc4 ecb crypto_blkcipher ieee80211_crypt_tkip crc32 i915 drm rfcomm l2cap bluetooth ipv6 acpi_cpufreq cpufreq_powersave cpufreq_userspace cpufreq_conservative cpufreq_stats af_packet dm_snapshot dm_mirror dm_log dm_mod loop mmc_block battery ac video output sdhci ieee80211 ieee80211_crypt yenta_socket rsrc_nonstatic pcmcia_core mmc_core firmware_class dock button psmouse snd_intel8x0m snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore snd_page_alloc thinkpad_acpi pcspkr intel_agp agpgart rtc hwmon backlight evdev nvram e1000 ehci_hcd uhci_hcd usbcore thermal processor fan unix [last unloaded: ipw2200]
    [104375.816442]
    [104375.816448] Pid: 3130, comm: kmmcd Tainted: G W (2.6.25-mm1-dirty #1)
    [104375.816455] EIP: 0060:[] EFLAGS: 00010292 CPU: 0
    [104375.816464] EIP is at klist_del+0xe/0x30
    [104375.816469] EAX: 00000000 EBX: f7b0a04c ECX: f7804f40 EDX: f896f474
    [104375.816476] ESI: f7b0a004 EDI: f7b0a090 EBP: f896f680 ESP: f2923ebc
    [104375.816482] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
    [104375.816490] Process kmmcd (pid: 3130, ti=f2922000 task=f291d9b0 task.ti=f2922000)
    [104375.816495] Stack: f7b0a06c f7b0a004 c024b048 fffffff0 f7b0a004 c0249cd0 f7b0a06c f28cf86c
    [104375.816507] c032e90c f7b0a090 f7b0a06c f28cf804 f28cf890 00000000 f896f680 f7b0a000
    [104375.816518] f28cf800 00000000 f896a83f f7b0a000 f28cf800 00000000 f896a83f f8965c62
    [104375.816529] Call Trace:
    [104375.816535] [] bus_remove_device+0x58/0x80
    [104375.816546] [] device_add+0x4f0/0x5a0
    [104375.816574] [] mmc_add_card+0xb2/0x160 [mmc_core]
    [104375.816608] [] mmc_attach_sd+0x21e/0x8d0 [mmc_core]
    [104375.816644] [] mmc_rescan+0x0/0x150 [mmc_core]
    [104375.816668] [] mmc_rescan+0x12e/0x150 [mmc_core]
    [104375.816693] [] run_workqueue+0x8b/0x110
    [104375.816704] [] set_next_entity+0x1c/0x50
    [104375.816716] [] worker_thread+0x0/0xd0
    [104375.816726] [] worker_thread+0x7a/0xd0
    [104375.816737] [] autoremove_wake_function+0x0/0x40
    [104375.816750] [] worker_thread+0x0/0xd0
    [104375.816758] [] kthread+0x42/0x70
    [104375.816766] [] kthread+0x0/0x70
    [104375.816775] [] kernel_thread_helper+0x7/0x1c
    [104375.816790] =======================
    [104375.816793] Code: 04 8b 14 24 8b 30 85 d2 0f 95 44 24 07 eb 9e 8d b4 26 00 00 00 00 8d bc 27 00 00 00 00 83 ec 08 89 1c 24 89 c3 89 74 24 04 8b 00 <8b> 70 0c 89 d8 e8 28 ff ff ff 85 c0 74 08 85 f6 74 04 89 d8 ff
    [104375.816839] EIP: [] klist_del+0xe/0x30 SS:ESP 0068:f2923ebc
    [104375.816851] ---[ end trace 29b5951e01a37ec3 ]---

    -andy
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  2. Re: 2.6.25-mm1: kmmcd NULL pointer dereference at klist_del+0xe/0x30

    On Fri, 9 May 2008 10:19:56 -0700
    Andy Isaacson wrote:

    > Got this twice with 2.6.25-mm1 on my Thinkpad X40, AData 16GB SDHC card
    > in mmc0 but no filesystem mounted. I think the oops happened at
    > suspend/resume time. Previous kernel was 2.6.25-rc5-mm1 which didn't
    > exhibit this problem across multiple suspend-resume cycles.
    >
    > Complete logs and pretty much everything else you could want at
    > http://web.hexapodia.org/~adi/bobble...0080509100634/
    >
    > [104375.816331] BUG: unable to handle kernel NULL pointer dereference at 0000000c
    > [104375.816338] IP: [] klist_del+0xe/0x30


    This could be one of those nasty situations where one driver leaves a mess
    behind it and then another driver later comes along and trips over that
    mess.

    > [104375.816350] *pde = 00000000
    > [104375.816356] Oops: 0000 [#1]
    > [104375.816361] last sysfs file: /sys/devices/pci0000:00/0000:00:1e.0/0000:02:02.0/rf_kill
    > [104375.816367] Modules linked in: ipw2200 michael_mic arc4 ecb crypto_blkcipher ieee80211_crypt_tkip crc32 i915 drm rfcomm l2cap bluetooth ipv6 acpi_cpufreq cpufreq_powersave cpufreq_userspace cpufreq_conservative cpufreq_stats af_packet dm_snapshot dm_mirror dm_log dm_mod loop mmc_block battery ac video output sdhci ieee80211 ieee80211_crypt yenta_socket rsrc_nonstatic pcmcia_core mmc_core firmware_class dock button psmouse snd_intel8x0m snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore snd_page_alloc thinkpad_acpi pcspkr intel_agp agpgart rtc hwmon backlight evdev nvram e1000 ehci_hcd uhci_hcd usbcore thermal processor fan unix [last unloaded: ipw2200]


    I wonder if the `rmmod ipw2200' was involved.

    > [104375.816442]
    > [104375.816448] Pid: 3130, comm: kmmcd Tainted: G W (2.6.25-mm1-dirty #1)
    > [104375.816455] EIP: 0060:[] EFLAGS: 00010292 CPU: 0
    > [104375.816464] EIP is at klist_del+0xe/0x30
    > [104375.816469] EAX: 00000000 EBX: f7b0a04c ECX: f7804f40 EDX: f896f474
    > [104375.816476] ESI: f7b0a004 EDI: f7b0a090 EBP: f896f680 ESP: f2923ebc
    > [104375.816482] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
    > [104375.816490] Process kmmcd (pid: 3130, ti=f2922000 task=f291d9b0 task.ti=f2922000)
    > [104375.816495] Stack: f7b0a06c f7b0a004 c024b048 fffffff0 f7b0a004 c0249cd0 f7b0a06c f28cf86c
    > [104375.816507] c032e90c f7b0a090 f7b0a06c f28cf804 f28cf890 00000000 f896f680 f7b0a000
    > [104375.816518] f28cf800 00000000 f896a83f f7b0a000 f28cf800 00000000 f896a83f f8965c62
    > [104375.816529] Call Trace:
    > [104375.816535] [] bus_remove_device+0x58/0x80
    > [104375.816546] [] device_add+0x4f0/0x5a0
    > [104375.816574] [] mmc_add_card+0xb2/0x160 [mmc_core]
    > [104375.816608] [] mmc_attach_sd+0x21e/0x8d0 [mmc_core]
    > [104375.816644] [] mmc_rescan+0x0/0x150 [mmc_core]
    > [104375.816668] [] mmc_rescan+0x12e/0x150 [mmc_core]
    > [104375.816693] [] run_workqueue+0x8b/0x110
    > [104375.816704] [] set_next_entity+0x1c/0x50
    > [104375.816716] [] worker_thread+0x0/0xd0
    > [104375.816726] [] worker_thread+0x7a/0xd0
    > [104375.816737] [] autoremove_wake_function+0x0/0x40
    > [104375.816750] [] worker_thread+0x0/0xd0
    > [104375.816758] [] kthread+0x42/0x70
    > [104375.816766] [] kthread+0x0/0x70
    > [104375.816775] [] kernel_thread_helper+0x7/0x1c
    > [104375.816790] =======================
    > [104375.816793] Code: 04 8b 14 24 8b 30 85 d2 0f 95 44 24 07 eb 9e 8d b4 26 00 00 00 00 8d bc 27 00 00 00 00 83 ec 08 89 1c 24 89 c3 89 74 24 04 8b 00 <8b> 70 0c 89 d8 e8 28 ff ff ff 85 c0 74 08 85 f6 74 04 89 d8 ff
    > [104375.816839] EIP: [] klist_del+0xe/0x30 SS:ESP 0068:f2923ebc
    > [104375.816851] ---[ end trace 29b5951e01a37ec3 ]---


    otoh it could always be an mmc bug, too.

    If you're able, could you try eliminating things? Try removing the mmc
    driver from /lib/modules or something like that: try to work out at least
    which subsystem is causing it.

    Thanks.
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  3. Re: 2.6.25-mm1: kmmcd NULL pointer dereference at klist_del+0xe/0x30

    On Fri, 9 May 2008 16:47:38 -0700
    Andrew Morton wrote:

    > On Fri, 9 May 2008 10:19:56 -0700
    > Andy Isaacson wrote:
    >
    > > Got this twice with 2.6.25-mm1 on my Thinkpad X40, AData 16GB SDHC card
    > > in mmc0 but no filesystem mounted. I think the oops happened at
    > > suspend/resume time. Previous kernel was 2.6.25-rc5-mm1 which didn't
    > > exhibit this problem across multiple suspend-resume cycles.
    > >
    > > Complete logs and pretty much everything else you could want at
    > > http://web.hexapodia.org/~adi/bobble...0080509100634/
    > >
    > > [104375.816331] BUG: unable to handle kernel NULL pointer dereference at 0000000c
    > > [104375.816338] IP: [] klist_del+0xe/0x30

    >
    > This could be one of those nasty situations where one driver leaves a mess
    > behind it and then another driver later comes along and trips over that
    > mess.
    >


    There were some problems with removing devices during suspend (which
    the MMC layer does), but AFAIK those patches were backed out and were
    only supposed to come back in a form that allowed such usage. Rafael
    should have the most correct information on that subject.

    Rgds
    --
    -- Pierre Ossman

    Linux kernel, MMC maintainer http://www.kernel.org
    rdesktop, core developer http://www.rdesktop.org
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  4. Re: 2.6.25-mm1: kmmcd NULL pointer dereference at klist_del+0xe/0x30

    On Monday, 12 of May 2008, Pierre Ossman wrote:
    > On Fri, 9 May 2008 16:47:38 -0700
    > Andrew Morton wrote:
    >
    > > On Fri, 9 May 2008 10:19:56 -0700
    > > Andy Isaacson wrote:
    > >
    > > > Got this twice with 2.6.25-mm1 on my Thinkpad X40, AData 16GB SDHC card
    > > > in mmc0 but no filesystem mounted. I think the oops happened at
    > > > suspend/resume time. Previous kernel was 2.6.25-rc5-mm1 which didn't
    > > > exhibit this problem across multiple suspend-resume cycles.
    > > >
    > > > Complete logs and pretty much everything else you could want at
    > > > http://web.hexapodia.org/~adi/bobble...0080509100634/
    > > >
    > > > [104375.816331] BUG: unable to handle kernel NULL pointer dereference at 0000000c
    > > > [104375.816338] IP: [] klist_del+0xe/0x30

    > >
    > > This could be one of those nasty situations where one driver leaves a mess
    > > behind it and then another driver later comes along and trips over that
    > > mess.
    > >

    >
    > There were some problems with removing devices during suspend (which
    > the MMC layer does), but AFAIK those patches were backed out and were
    > only supposed to come back in a form that allowed such usage. Rafael
    > should have the most correct information on that subject.


    Those changes went away for good. At the moment, we only print a warning
    if there's a suspend ordering violation.

    The problem described here looks like the one fixed by commits
    29591b92e19f409d5ad4c099c2b7b5ea56f50dfa and
    08119e8966e993993d0ba92b2fba38c582c8f787,
    so Andy, please try the current linux-next or even -rc2.

    Thanks,
    Rafael
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

+ Reply to Thread