System panic during PCI hotplug device being hot-removed.

Solution Verified - Updated -

Issue

  • Accessing to /proc/bus/pci/XX/YY file causes the following kernel Oops, after the corresponding PCI device has been hot-removed. And this problem happens on RHEL6.0 beta2 Intel64 also.

        BUG: unable to handle kernel NULL pointer dereference at 00000000000000e0
        IP: [<ffffffff81266d51>] pci_user_read_config_dword+0x71/0xb0
        PGD 2735df067 PUD 272d61067 PMD 0
        Oops: 0000 [#1] SMP
        last sysfs file: /sys/devices/system/cpu/cpu23/cache/index2/shared_cpu_map
        CPU 13
        Pid: 10111, comm: cat Not tainted 2.6.32-30.el6.x86_64 #1 PRIMEQUEST 1800E
    
      RIP: 0010:[<ffffffff81266d51>]  [<ffffffff81266d51>] pci_user_read_config_dword+0x71/0xb0
        RSP: 0018:ffff88027539bde8  EFLAGS: 00010046
        RAX: 0000000000003bcf RBX: ffff88027539be64 RCX: 0000000000000004
        RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff81ba4240
        RBP: ffff88027539be18 R08: ffff88027539bdf4 R09: 0000000000000000
        R10: 0000000000008fff R11: 0000000000000246 R12: 0000000000000000
        R13: ffff8802765f9000 R14: ffff8802765f9000 R15: 0000000001cbf000
        FS:  00007f8fbd962700(0000) GS:ffff88002f6e0000(0000) knlGS:0000000000000000
        CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
        CR2: 00000000000000e0 CR3: 00000002743cc000 CR4: 00000000000026e0
        DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
        DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
        Process cat (pid: 10111, threadinfo ffff88027539a000, task ffff880271e980c0)
        Stack:
         ffff88027539bf48 ffffffff765f9000 ffff88027539be08 0000000001cbf000
         <0> 0000000000000000 ffff88027539bf48 ffff88027539be98 ffffffff81272766
         <0> 0000000000000000 ffffea0000000040 ffff880200000000 0000000000000040
        Call Trace:
         [<ffffffff81272766>] proc_bus_pci_read+0x126/0x250
         [<ffffffff811c7426>] proc_reg_read+0x76/0xb0
         [<ffffffff81168705>] vfs_read+0xb5/0x1a0
         [<ffffffff810d2882>] ? audit_syscall_entry+0x252/0x280
         [<ffffffff81168841>] sys_read+0x51/0x90
         [<ffffffff81013172>] system_call_fastpath+0x16/0x1b
    
      Code: 81 c7 45 dc ff ff ff ff e8 6d f7 26 00 41 f6 85 a8 06 00 00 20 75 45 4d 8b
            4d 10 44 89 e2 41 8b 75 38 4c 8d 45 dc b9 04 00 00 00 <49> 8b 81 e0 00 00 00 4c 
            89 cf ff 10 89 c2 66 ff 05 da d4 93 00
        RIP  [<ffffffff81266d51>] pci_user_read_config_dword+0x71/0xb0
         RSP <ffff88027539bde8>
        CR2: 00000000000000e0
        ---[ end trace 79d8aacf684ad711 ]---
        Kernel panic - not syncing: Fatal exception
        Pid: 10111, comm: cat Tainted: G      D    2.6.32-30.el6.x86_64 #1
        Call Trace:
         [<ffffffff814d3671>] panic+0x78/0x137
         [<ffffffff814d771c>] oops_end+0xdc/0xf0
         [<ffffffff8104544b>] no_context+0xfb/0x260
         [<ffffffff810456d5>] __bad_area_nosemaphore+0x125/0x1e0
         [<ffffffff810457fe>] bad_area+0x4e/0x60
         [<ffffffff814d92e0>] do_page_fault+0x390/0x3a0
         [<ffffffff814d6a75>] page_fault+0x25/0x30
         [<ffffffff81266d51>] ? pci_user_read_config_dword+0x71/0xb0
         [<ffffffff81266d33>] ? pci_user_read_config_dword+0x53/0xb0
         [<ffffffff81272766>] proc_bus_pci_read+0x126/0x250
         [<ffffffff811c7426>] proc_reg_read+0x76/0xb0
         [<ffffffff81168705>] vfs_read+0xb5/0x1a0
         [<ffffffff810d2882>] ? audit_syscall_entry+0x252/0x280
         [<ffffffff81168841>] sys_read+0x51/0x90
         [<ffffffff81013172>] system_call_fastpath+0x16/0x1b
    
  • Step to Reproduce:

      $ cd /sys/bus/pci/slots/x/ (slot number: x)
      $ PROC_BUS_PCI_FILE=/proc/bus/pci/`awk -F: '{print $2"/"$3}' < address`.0
      $ sleep 10000 < $PROC_BUS_PCI_FILE &
      $ su (switch to root user)
      # echo 0 > power
      # exit
      $ while true; do cat $PROC_BUS_PCI_FILE > /dev/null; done
    

Environment

  • Red Hat Enterprise Linux 6.0 Beta 1 / 2

  • Architecture: x86/x86_64

  • Kernel Version: 2.6.32-30.el6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content