Bug 7107

Summary: Kernel Oops on drm modules unload
Product: Drivers Reporter: Carlo Castelli (castcarlitos)
Component: Video(DRI - non Intel)Assignee: drivers_video-dri
Status: REJECTED INSUFFICIENT_DATA    
Severity: normal CC: airlied, akpm, bunk
Priority: P2    
Hardware: i386   
OS: Linux   
Kernel Version: 2.6.17.11 Subsystem:
Regression: --- Bisected commit-id:

Description Carlo Castelli 2006-09-03 15:43:05 UTC
Most recent kernel where this bug did not occur:
I have the most recent stable kernel

Distribution:
Gentoo

Hardware Environment:
Laptop with P4 "prescott" 3200MHz, 1024MB of RAM, matherboard Sis 648FX, Ati
mobility radeon 9700 with 128MB

Software Environment:
Kernel 2.6.17.11 #1 SMP PREEMPT Fri Aug 25 00:18:56 CEST 2006 i686 Intel(R)
Pentium(R) 4 CPU 3.20GHz GenuineIntel GNU/Linux
gcc version 4.1.1 (Gentoo 4.1.1) and Thread model: posix

Problem Description:
I have unloaded radeon module and then drm with the command modprobe -r radeon
drm. This is what I found later on screen: (this was happened 2 times)

First:
 BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
  printing eip:
 f989bfda
 *pde = 00000000
 Oops: 0000 [#1]
 PREEMPT SMP 
 Modules linked in: radeon drm usbhid
 CPU:    0
 EIP:    0060:[pg0+960786394/1069192192]    Not tainted VLI
 EIP:    0060:[<f989bfda>]    Not tainted VLI
 EFLAGS: 00010293   (2.6.17.11 #1) 
 EIP is at drm_lastclose+0xb3/0x36b [drm]
 eax: 00000000   ebx: f721a400   ecx: 00000000   edx: 00000000
 esi: f721a400   edi: fffffff4   ebp: 00000000   esp: e8127f08
 ds: 007b   es: 007b   ss: 0068
 Process modprobe (pid: 19630, threadinfo=e8126000 task=c1a33540)
 Stack: 00000000 e8126000 00000202 f721a41c f721a400 00000000 f9a1c7a0 00000000 
        f98a21b3 00100100 00200200 f6c96030 f721a400 00000000 f98a2369 c012c917 
        00000001 00000080 f9a1d900 e8126000 c0133979 65646172 00006e6f f72abc7c 
 Call Trace:
  <f98a21b3> drm_cleanup+0x24/0x16f [drm]  <f98a2369> drm_exit+0x6b/0xb9 [drm]
  <c012c917> kthread_stop_sem+0xa1/0xb3  <c0133979> sys_delete_module+0x13d/0x19a
  <c0145513> remove_vma+0x31/0x36  <c0145ebf> do_munmap+0x16e/0x1c3
  <c0102b63> sysenter_past_esp+0x54/0x75 
 Code: 74 20 31 c0 b9 ff ff ff ff f2 ae f7 d1 49 8b 06 e8 be 37 8b c6 c7 06 00
00 00 00 c7 46 04 00 00 00 00 8b be dc 00 00 00 83 ef 0c <8b> 47 0c 8d 4f 0c 8d
96 dc 00 00 00 89 54 24 08 39 ca 74 45 8d 
 EIP: [pg0+960786394/1069192192] drm_lastclose+0xb3/0x36b [drm] SS:ESP 0068:e8127f08
 EIP: [<f989bfda>] drm_lastclose+0xb3/0x36b [drm] SS:ESP 0068:e8127f08

Second:
BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
 printing eip:
f9884fda
*pde = 00000000
Oops: 0000 [#1]
PREEMPT SMP 
Modules linked in: radeon drm usbhid
CPU:    0
EIP:    0060:[pg0+960692186/1069192192]    Not tainted VLI
EIP:    0060:[<f9884fda>]    Not tainted VLI
EFLAGS: 00010293   (2.6.17.11 #1) 
EIP is at drm_lastclose+0xb3/0x36b [drm]
eax: 00000000   ebx: f797c800   ecx: 00000000   edx: 00000000
esi: f797c800   edi: fffffff4   ebp: 00000000   esp: f7091f08
ds: 007b   es: 007b   ss: 0068
Process modprobe (pid: 5742, threadinfo=f7090000 task=c1a61030)
Stack: 00000000 f7090000 00000202 f797c81c f797c800 00000000 f98a97a0 00000000 
       f988b1b3 00100100 00200200 c19c9070 f797c800 00000000 f988b369 c012c917 
       00000001 00000080 f98aa900 f7090000 c0133979 65646172 00006e6f f798fbcc 
Call Trace:
 <f988b1b3> drm_cleanup+0x24/0x16f [drm]  <f988b369> drm_exit+0x6b/0xb9 [drm]
 <c012c917> kthread_stop_sem+0xa1/0xb3  <c0133979> sys_delete_module+0x13d/0x19a
 <c0145513> remove_vma+0x31/0x36  <c0145ebf> do_munmap+0x16e/0x1c3
 <c0102b63> sysenter_past_esp+0x54/0x75 
Code: 74 20 31 c0 b9 ff ff ff ff f2 ae f7 d1 49 8b 06 e8 be a7 8c c6 c7 06 00 00
00 00 c7 46 04 00 00 00 00 8b be dc 00 00 00 83 ef 0c <8b> 47 0c 8d 4f 0c 8d 96
dc 00 00 00 89 54 24 08 39 ca 74 45 8d 
EIP: [pg0+960692186/1069192192] drm_lastclose+0xb3/0x36b [drm] SS:ESP 0068:f7091f08
EIP: [<f9884fda>] drm_lastclose+0xb3/0x36b [drm] SS:ESP 0068:f7091f08

Steps to reproduce:
On my machine, just unload the drm driver :-)
Comment 1 Andrew Morton 2007-01-30 23:51:39 UTC
Is this bug still present in 2.6.20-rc7?

Thanks.
Comment 2 Adrian Bunk 2007-03-07 15:09:46 UTC
Please reopen this bug if it's still present with kernel 2.6.20.