Bug 8312
Summary: | fault in vt_ioctl | ||
---|---|---|---|
Product: | IO/Storage | Reporter: | Martin Jürgens (martin) |
Component: | Other | Assignee: | Olaf Kirch (okir) |
Status: | CLOSED CODE_FIX | ||
Severity: | normal | CC: | bunk, cw, okir |
Priority: | P2 | ||
Hardware: | i386 | ||
OS: | Linux | ||
Kernel Version: | 2.6.20 | Subsystem: | |
Regression: | --- | Bisected commit-id: | |
Attachments: |
dmesg
lspci -vv lspci -vvn Potential fix for this problem |
Description
Martin Jürgens
2007-04-08 06:02:51 UTC
Created attachment 11105 [details]
dmesg
Created attachment 11106 [details]
lspci -vv
Created attachment 11107 [details]
lspci -vvn
This is the bad thing: [ 81.196522] BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 81.196534] printing eip: [ 81.196537] c023f621 [ 81.196539] *pde = 00000000 [ 81.196544] Oops: 0000 [#1] [ 81.196546] SMP [ 81.196551] Modules linked in: ppdev cpufreq_userspace cpufreq_stats cpufreq_powersave cpufreq_ondemand freq_table cpufreq_conservative tc1100_wmi pcc_acpi dev_acpi sony_acpi video sbs i2c_ec dock button battery container ac asus_acpi backlight ieee80211 ieee80211_crypt af_packet nls_iso8859_1 nls_cp437 vfat fat nls_utf8 ntfs lp snd_intel8x0 snd_ac97_codec nvidia(P) ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss usbhid dvb_usb_dtt200u dvb_usb dvb_core dvb_pll snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device hid analog gameport parport_pc parport pcspkr snd soundcore snd_page_alloc sis_agp shpchp pci_hotplug agpgart i2c_sis96x i2c_core tsdev evdev ext3 jbd mbcache ide_cd cdrom ide_disk pata_sis ata_generic libata scsi_mod floppy ehci_hcd sis900 mii ohci_hcd usbcore sis5513 generic thermal processor fan fbcon tileblit font bitblit softcursor vesafb capability commoncap [ 81.196646] CPU: 0 [ 81.196647] EIP: 0060:[<c023f621>] Tainted: P VLI [ 81.196649] EFLAGS: 00010246 (2.6.20-12-generic #2) [ 81.196667] EIP is at getkeycode+0x61/0x80 [ 81.196671] eax: 00000000 ebx: 00000000 ecx: f7d22000 edx: f7eba97c [ 81.196677] esi: f46ac400 edi: df87a000 ebp: 00004b4c esp: f43bbe28 [ 81.196680] ds: 007b es: 007b ss: 0068 [ 81.196685] Process dumpkeycodes (pid: 4972, ti=f43ba000 task=df9d3560 task.ti=f43ba000) [ 81.196689] Stack: 00000006 c023c479 dfd155b8 c20daea0 fffb4c44 00000000 c0478b5e 00000001 [ 81.196698] 00000001 00000000 00000001 00000002 77804067 00000003 0000001d 00000003 [ 81.196706] dfae9220 f644e4e0 f7d52000 00000003 00000000 00000000 00000000 c023b180 [ 81.196714] Call Trace: [ 81.196720] [<c023c479>] vt_ioctl+0x12f9/0x1840 [ 81.196746] [<c023b180>] vt_ioctl+0x0/0x1840 [ 81.196754] [<c0236775>] tty_ioctl+0x105/0xda0 [ 81.196769] [<c0156f80>] find_get_page+0x20/0x60 [ 81.196784] [<c0159ac1>] filemap_nopage+0x2f1/0x3a0 [ 81.196800] [<c011dd16>] kmap_atomic+0x86/0xa0 [ 81.196812] [<c011db5b>] kunmap_atomic+0x6b/0x70 [ 81.196820] [<c0164499>] __handle_mm_fault+0x279/0xa40 [ 81.196835] [<c0174ce5>] nameidata_to_filp+0x35/0x40 [ 81.196864] [<c0182568>] do_ioctl+0x78/0x90 [ 81.196874] [<c01825dc>] vfs_ioctl+0x5c/0x2a0 [ 81.196885] [<c0182892>] sys_ioctl+0x72/0x90 [ 81.196894] [<c01031f0>] sysenter_past_esp+0x69/0xa9 [ 81.196917] ======================= [ 81.196919] Code: ff 76 19 8b 81 8c 00 00 00 83 f8 01 74 17 83 f8 02 74 1e 8b 81 90 00 00 00 8b 04 98 5b c3 5b b8 ed ff ff ff c3 8b 81 90 00 00 00 <0f> b6 04 18 5b c3 8b 81 90 00 00 00 0f b7 04 58 5b c3 8d b6 00 [ 81.196955] EIP: [<c023f621>] getkeycode+0x61/0x80 SS:ESP 0068:f43bbe28 (see dmesg) Does it work without the nvidia binary-only driver? No, it does not work either. I had the same issue when installing openSuSE 10.2, which ships without binary drivers. It dies here: int getkeycode(unsigned int scancode) { struct list_head *node; struct input_dev *dev = NULL; [...] if (scancode >= dev->keycodemax) return -EINVAL; return INPUT_KEYCODE(dev, scancode); ^^^^^^^^^^^ here } because dev->keycode is NULL. So something registers an input device that claims to be a keyboard, has keycodemax and keycodesize set, but no keycode table. The input devices registered prior to the oops are these: [ 25.839856] input: Macintosh mouse button emulation as /class/input/input0 [ 45.650469] input: PC Speaker as /class/input/input1 [ 46.288050] input: IR-receiver inside an USB DVB receiver as /class/input/input2 [ 49.717736] input: Logitech USB-PS/2 Optical Mouse as /class/input/input3 [ 49.718303] input: USB HID v1.10 Mouse [Logitech USB-PS/2 Optical Mouse] on usb-0000:00:03.1-2 [ 49.718337] drivers/usb/input/hid-core.c: v2.6:USB HID core driver [ 67.216907] input: Power Button (FF) as /class/input/input4 [ 67.224966] input: Power Button (CM) as /class/input/input5 There's also an AT keyboard, but it's registered later: [ 85.303668] input: AT Translated Set 2 keyboard as /class/input/input6 It looks to me as if the DVB IR-receiver is the culprit. From drivers//media/dvb/dvb-usb/dvb-usb-remote.c: input_dev->evbit[0] = BIT(EV_KEY); input_dev->keycodesize = sizeof(unsigned char); input_dev->keycodemax = KEY_MAX; input_dev->name = "IR-receiver inside an USB DVB receiver"; So, for starters disconnect your DVB receiver and see if the problem goes away. If it does, talk to the DVB developers how to fix this correctly. Created attachment 11134 [details]
Potential fix for this problem
patch was added to -mm tree The fix from this bug is now in Linus' tree (and will therefore be in 2.6.21-rc7). |