Ubuntu
linux package

BUG: unable to handle kernel paging request at 746f6fa4; EIP is at omnibook_init+0x30/0x194 [omnibook]

Bug #624787 reported by future30
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

can't load omnibook-kernel-module

ProblemType: KernelOops
DistroRelease: Ubuntu 10.10
Package: linux-image-2.6.35-19-generic 2.6.35-19.25
Regression: Yes
Reproducible: No
ProcVersionSignature: Ubuntu 2.6.35-19.25-generic 2.6.35.3
Uname: Linux 2.6.35-19-generic i686
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.23.
Annotation: Your system might become unstable now and might need to be restarted.
AplayDevices:
 **** List of PLAYBACK Hardware Devices ****
 card 0: Intel [HDA Intel], device 0: ALC861-VD Analog [ALC861-VD Analog]
   Subdevices: 1/1
   Subdevice #0: subdevice #0
Architecture: i386
ArecordDevices:
 **** List of CAPTURE Hardware Devices ****
 card 0: Intel [HDA Intel], device 0: ALC861-VD Analog [ALC861-VD Analog]
   Subdevices: 1/1
   Subdevice #0: subdevice #0
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: kamil 1651 F.... pulseaudio
CRDA: Error: [Errno 2] No such file or directory
Card0.Amixer.info:
 Card hw:0 'Intel'/'HDA Intel at 0xdc440000 irq 45'
   Mixer name : 'Realtek ALC861-VD'
   Components : 'HDA:10ec0862,1179010c,00100001 HDA:11c11040,11790001,00100200'
   Controls : 12
   Simple ctrls : 9
Date: Thu Aug 26 18:59:00 2010
Failure: oops
Frequency: Once a day.
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release Candidate i386 (20091020.3)
MachineType: TOSHIBA Satellite A200
PccardctlIdent:
 Socket 0:
   no product info available
PccardctlStatus:
 Socket 0:
   no card
ProcCmdLine: BOOT_IMAGE=(hd0,2)/boot2/vmlinuz-2.6.35-19-generic root=/dev/sda2 loop=/hostname/disks/root.disk splash
RelatedPackageVersions: linux-firmware 1.38
SourcePackage: linux
Title: BUG: unable to handle kernel paging request at 746f6fa4
dmi.bios.date: 08/21/2007
dmi.bios.vendor: TOSHIBA
dmi.bios.version: V1.80
dmi.board.name: ISKAE
dmi.board.vendor: TOSHIBA
dmi.board.version: 1.00
dmi.chassis.asset.tag: *
dmi.chassis.type: 10
dmi.chassis.vendor: TOSHIBA
dmi.chassis.version: N/A
dmi.modalias: dmi:bvnTOSHIBA:bvrV1.80:bd08/21/2007:svnTOSHIBA:pnSatelliteA200:pvrPSAE0E-00Y018PL:rvnTOSHIBA:rnISKAE:rvr1.00:cvnTOSHIBA:ct10:cvrN/A:
dmi.product.name: Satellite A200
dmi.product.version: PSAE0E-00Y018PL
dmi.sys.vendor: TOSHIBA

Revision history for this message
future30 (future30) wrote :
Brad Figg (brad-figg)
tags: added: acpi-apic
Revision history for this message
In , Ryan (ryan-redhat-bugs) wrote :

Created attachment 473162
Patch that fixes this module on x86_64 by padding struct omnibook_feature to 128 bytes. Also includes some cleanup of declarations and extra dprintks for debugging above issue

Description of problem:
Package: kernel
Latest Crash: Mon 10 Jan 2011 11:14:04 AM
Command: not_applicable
Reason: BUG: unable to handle kernel paging request at 000000000000b800
Comment: This has apparently been an issue with the omnibook module since kernel 2.6.33. Without this module, I'm unable to use laptop-specific keys and functions, or to get suspend/hibernate to work. What's worse is that without this module the fan speed control is broken, and so my laptop can easily overheat and shut down under high CPU loads.
Bug Reports: Kernel oops report was uploaded

Version-Release number of selected component (if applicable):
kmod-omnibook-2.6.35.10-74.fc14.x86_64.x86_64 and akmod-omnibook

How reproducible:
# modprobe omnibook

Steps to Reproduce:
1. Install akmod- or kmod-omnibook
2. Attempt to load it via modprobe
3. Module crashes during init, generates kernel oops

Actual results:
Crashed module, cannot be removed via modprobe -r

Expected results:
Omnibook laptop functionality enabled

Additional info:
 I've tracked this to an alignment issue in the initialization code. This
 module uses a section(.features) directive to register all of its features
 into a portion of the .data section, and then defines a start and end
 pointer via sections.lds which it pulls back into init.c. It then iterates
 over &_start_features_driver[i] to test all of the defined features, one at
 a time.

 The failed paging request appears to be happening because of unexpected
 linker behavior, possibly only on x86_64, and possibly due to a change in
 GNU ld or gcc since 2007. I used objdump -t on omnibook.ko, and found that
 while the sizeof(omnibook_feature) was 104, the alignment was sometimes 104
 and sometimes 108. This caused the array math in the feature loop to
 misaddress the struct omnibook_feature found in the .feature section,
 eventually leading to invalid calls and the above crash.

 Now, I'm not a kernel hacker, and I haven't done any C programming since
 college. I fixed this on my Toshiba Satellite L355D-S7901 running kernel
 2.6.35 on arch x86_64 by padding struct omnibook_feature to 128 bytes, via
 a char pad[24] at the end of the struct. Perhaps someone who is a more
 skilled C programmer or kernel hacker can think of a better way to make
 this work, and to guarantee that it works on both 32 and 64 bit
 architectures.

Revision history for this message
In , Ryan (ryan-redhat-bugs) wrote :

Created attachment 473163
Improved warnings cleanup patch for akmod-omnibook

Some extra warnings cleanup to get a warning-free build process.

Revision history for this message
In , Ryan (ryan-redhat-bugs) wrote :
Download full text (5.6 KiB)

Crash trace before my patch:

Jan 10 11:12:48 sigma359 kernel: [ 203.054867] omnibook: Driver version 2.20090707-trunk.
Jan 10 11:12:48 sigma359 kernel: [ 203.054894] omnibook: Unknown model.
Jan 10 11:12:48 sigma359 kernel: [ 203.054983] omnibook: Begin table match of (null) feature.
Jan 10 11:12:48 sigma359 kernel: [ 203.054997] BUG: unable to handle kernel paging request at 000000000000b800
Jan 10 11:12:48 sigma359 kernel: [ 203.055002] IP: [<ffffffffa05e61fe>] omnibook_probe+0x1b4/0x3fd [omnibook]
Jan 10 11:12:48 sigma359 kernel: [ 203.055011] PGD 8f12f067 PUD 7b0b5067 PMD 0
Jan 10 11:12:48 sigma359 kernel: [ 203.055011] Oops: 0000 [#1] SMP
Jan 10 11:12:48 sigma359 kernel: [ 203.055011] last sysfs file: /sys/devices/pci0000:00/0000:00:18.3/temp1_input
Jan 10 11:12:48 sigma359 kernel: [ 203.055011] CPU 0
Jan 10 11:12:48 sigma359 kernel: [ 203.055011] Modules linked in: omnibook(+) nls_utf8 fuse rfcomm sco bnep l2cap sunrpc cpufreq_ondemand powernow_k8 freq_table mperf ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 uinput snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep arc4 snd_seq snd_seq_device ecb snd_pcm microcode ath5k mac80211 uvcvideo ath snd_timer videodev cfg80211 btusb snd bluetooth v4l1_compat r8169 edac_core k10temp v4l2_compat_ioctl32 soundcore rfkill shpchp i2c_piix4 joydev snd_page_alloc edac_mce_amd mii ata_generic pata_acpi video output pata_atiixp radeon ttm drm_kms_helper usb_storage drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan]
Jan 10 11:12:48 sigma359 kernel: [ 203.055011]
Jan 10 11:12:48 sigma359 kernel: [ 203.055011] Pid: 2643, comm: modprobe Not tainted 2.6.35.10-74.fc14.x86_64 #1 Portable PC/Satellite L355D
Jan 10 11:12:48 sigma359 kernel: [ 203.055011] RIP: 0010:[<ffffffffa05e61fe>] [<ffffffffa05e61fe>] omnibook_probe+0x1b4/0x3fd [omnibook]
Jan 10 11:12:48 sigma359 kernel: [ 203.055011] RSP: 0018:ffff88007b1afd18 EFLAGS: 00010246
Jan 10 11:12:48 sigma359 kernel: [ 203.055011] RAX: 0000000000000044 RBX: 0000000000000003 RCX: 00000000000012a8
Jan 10 11:12:48 sigma359 kernel: [ 203.055011] RDX: 000000000000b800 RSI: 0000000000000096 RDI: 0000000000000246
Jan 10 11:12:48 sigma359 kernel: [ 203.055011] RBP: ffff88007b1afd58 R08: 0000000000000002 R09: 00000000fffffffe
Jan 10 11:12:48 sigma359 kernel: [ 203.055011] R10: ffff8800fb1afc37 R11: 0000000000000000 R12: 3b13b13b13b13b28
Jan 10 11:12:48 sigma359 kernel: [ 203.055011] R13: 0000000000000003 R14: 0000000000000000 R15: 000000000000b800
Jan 10 11:12:48 sigma359 kernel: [ 203.055011] FS: 00007fa5bdb3f720(0000) GS:ffff880002000000(0000) knlGS:0000000000000000
Jan 10 11:12:48 sigma359 kernel: [ 203.055011] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Jan 10 11:12:48 sigma359 kernel: [ 203.055011] CR2: 000000000000b800 CR3: 000000007b046000 CR4: 00000000000006f0
Jan 10 11:12:48 sigma359 kernel: [ 203.055011] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jan 10 11:12:48 sigma359 kernel: [ 203.055011] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Jan 10 11:12:48 sigma359 kernel: [ 203.055011] Process modprobe (pid: 2643, threadinfo ffff88007b1ae000, task ffff8...

Read more...

Revision history for this message
In , Ryan (ryan-redhat-bugs) wrote :

Objdump -t showing the inconsistent alignment produced when unpatched using
gcc version 4.5.1 20100924 (Red Hat 4.5.1-4) (GCC)
GNU ld version 2.20.51.0.7-6.fc14 20100318

$ objdump -t omnibook.ko | fgrep driver
00000000000009e8 l O .data 0000000000000068 battery_driver
0000000000000a50 l O .data 0000000000000068 blank_driver
0000000000000ac0 l O .data 0000000000000068 bt_driver
0000000000000b90 l O .data 0000000000000068 display_driver
0000000000000c00 l O .data 0000000000000068 dock_driver
0000000000000c68 l O .data 0000000000000068 dump_driver
0000000000000cd0 l O .data 0000000000000068 fan_driver
0000000000000d38 l O .data 0000000000000068 fan_policy_driver
0000000000000da0 l O .data 0000000000000068 hotkeys_driver
0000000000000e08 l O .data 0000000000000068 dmi_driver
0000000000000e70 l O .data 0000000000000068 version_driver
0000000000000ed8 l O .data 0000000000000068 lcd_driver
0000000000000f40 l O .data 0000000000000068 muteled_driver
0000000000000fb0 l O .data 0000000000000068 key_polling_driver
0000000000001018 l O .data 0000000000000068 temperature_driver
0000000000001080 l O .data 0000000000000068 touchpad_driver
00000000000010f0 l O .data 0000000000000068 wifi_driver

00000000000011c0 g .data 0000000000000000 _end_features_driver
0000000000000980 g .data 0000000000000000 _start_features_driver

Revision history for this message
In , Ryan (ryan-redhat-bugs) wrote :

Objdump -t showing consistent alignment after patch padding struct omnibook_feature to 128 bytes, same compiler/linker version and arch (x86_64) as above

$ objdump -t omnibook.ko | fgrep driver
0000000000000980 l O .data 0000000000000080 ac_driver
0000000000000a00 l O .data 0000000000000080 battery_driver
0000000000000a80 l O .data 0000000000000080 blank_driver
0000000000000b00 l O .data 0000000000000080 bt_driver
0000000000000b80 l O .data 0000000000000080 cooling_driver
0000000000000c00 l O .data 0000000000000080 display_driver
0000000000000c80 l O .data 0000000000000080 dock_driver
0000000000000d00 l O .data 0000000000000080 dump_driver
0000000000000d80 l O .data 0000000000000080 fan_driver
0000000000000e00 l O .data 0000000000000080 fan_policy_driver
0000000000000e80 l O .data 0000000000000080 hotkeys_driver
0000000000000f00 l O .data 0000000000000080 dmi_driver
0000000000000f80 l O .data 0000000000000080 version_driver
0000000000001000 l O .data 0000000000000080 lcd_driver
0000000000001080 l O .data 0000000000000080 muteled_driver
0000000000001100 l O .data 0000000000000080 key_polling_driver
0000000000001180 l O .data 0000000000000080 temperature_driver
0000000000001200 l O .data 0000000000000080 touchpad_driver
0000000000001280 l O .data 0000000000000080 wifi_driver
0000000000001300 l O .data 0000000000000080 throttle_driver

0000000000001380 g .data 0000000000000000 _end_features_driver
0000000000000980 g .data 0000000000000000 _start_features_driver

Revision history for this message
In , Ryan (ryan-redhat-bugs) wrote :
Download full text (3.8 KiB)

dmesg output after patch, showing successful probe/load of features with extra address math debugging statements active

[ 279.001943] omnibook: Driver version 2.20110111-trunk.
[ 279.001948] omnibook: Forced load with EC type 15.
[ 279.005908] omnibook: Feature range ffffffffa0580b80 - ffffffffa0581580
[ 279.005913] omnibook: Testing feature ac at address ffffffffa0580b80
[ 279.005916] omnibook: Begin table match of ac feature.
[ 279.005918] omnibook: Attempting backend ec init.
[ 279.005920] omnibook: Returning table entry nr 0.
[ 279.005923] omnibook: Match succeeded: continuing with ac.
[ 279.005930] omnibook: Testing feature battery at address ffffffffa0580c00
[ 279.005933] omnibook: Begin table match of battery feature.
[ 279.005935] omnibook: Attempting backend ec init.
[ 279.005937] omnibook: Returning table entry nr 0.
[ 279.005939] omnibook: Match succeeded: continuing with battery.
[ 279.005944] omnibook: Testing feature blank at address ffffffffa0580c80
[ 279.005946] omnibook: Begin table match of blank feature.
[ 279.005948] omnibook: Attempting backend i8042 init.
[ 279.005950] omnibook: Returning table entry nr 1.
[ 279.005952] omnibook: Match succeeded: continuing with blank.
[ 279.005956] omnibook: LCD backlight turn off at console blanking is enabled.
[ 279.005960] omnibook: Testing feature bluetooth at address ffffffffa0580d00
[ 279.005962] omnibook: Testing feature cooling at address ffffffffa0580d80
[ 279.005965] omnibook: Testing feature display at address ffffffffa0580e00
[ 279.005968] omnibook: Begin table match of display feature.
[ 279.005970] omnibook: Attempting backend ec init.
[ 279.005972] omnibook: Returning table entry nr 2.
[ 279.005974] omnibook: Match succeeded: continuing with display.
[ 279.009377] omnibook: Testing feature dock at address ffffffffa0580e80
[ 279.009380] omnibook: Testing feature dump at address ffffffffa0580f00
[ 279.009383] omnibook: Testing feature fan at address ffffffffa0580f80
[ 279.009386] omnibook: Testing feature fan_policy at address ffffffffa0581000
[ 279.009388] omnibook: Testing feature hotkeys at address ffffffffa0581080
[ 279.009391] omnibook: Begin table match of hotkeys feature.
[ 279.009393] omnibook: Attempting backend i8042 init.
[ 279.009395] omnibook: Returning table entry nr 0.
[ 279.009397] omnibook: Match succeeded: continuing with hotkeys.
[ 279.009400] omnibook: Enabling all hotkeys.
[ 279.013587] omnibook: Testing feature dmi at address ffffffffa0581100
[ 279.013590] omnibook: dmi feature has no backend table, io_op not initialized.
[ 279.013595] omnibook: Testing feature version at address ffffffffa0581180
[ 279.013597] omnibook: version feature has no backend table, io_op not initialized.
[ 279.013601] omnibook: Testing feature lcd at address ffffffffa0581200
[ 279.013604] omnibook: Begin table match of lcd feature.
[ 279.013606] omnibook: Attempting backend ec init.
[ 279.013608] omnibook: Returning table entry nr 2.
[ 279.013610] omnibook: Match succeeded: continuing with lcd.
[ 279.021836] omnibook: Testing feature muteled at address ffffffffa0581280
[ 279.021839] omnibook: Testing feature key_polling at addres...

Read more...

Revision history for this message
In , Ryan (ryan-redhat-bugs) wrote :

Created attachment 473438
Improved fix that pads to 64 bytes on 32-bit arch and 128 bytes on 64-bit arch.

Per Rolf Eike Beer's suggestion, I replaced char pad[24] with long pad[3].
 This provides 12 bytes of padding in i686 and 24 bytes in x86_64, which
 should be optimal for both arches.

Revision history for this message
In , Chuck (chuck-redhat-bugs) wrote :

We don't provide the omnibook driver; it's not even in the kernel source tree.

Brad Figg (brad-figg)
Changed in linux (Ubuntu):
status: New → Confirmed
Revision history for this message
Philip Pokorny (ppokorny) wrote :

Having same problem with Natty on Toshiba NB205 Netbook.

Jeremy Foshee (jeremyfoshee)
tags: removed: regression-potential
Brian Murray (brian-murray)
tags: added: omnibook
Brian Murray (brian-murray)
tags: added: kernel-driver-omnibook
Revision history for this message
Philip Pokorny (ppokorny) wrote :

Can we get some attention on this *REGRESSION* which disables hardware for some relatively significant portion of the user base with netbooks and other laptops where important hardware like bluetooth doesn't work without this driver?

There is an excellent analysis and patch from Ryan Martin on bugzilla.redhat.com (https://bugzilla.redhat.com/attachment.cgi?id=473438&action=diff) which points to the problem being a compiler or linker change that breaks some linker magic used by this driver to create an "array" from disjoint structure declarations in multiple source files by using linker segments. I believe similar analysis was done elsewhere but I can't find the references again now. The patch from Ryan is small, clear and extremely low risk and was demonstrated to fix the problem.

In summary, over a year old, small patch available, definitely a REGRESSION, still broken in Natty 11.04 (2.6.48-11-generic i686)

Please pick up the attached patch.

Revision history for this message
Philip Pokorny (ppokorny) wrote :

Patch to clean up compiler warnings as reported by Ryan Martin

Revision history for this message
Philip Pokorny (ppokorny) wrote :

Path to resolve the problem of array of structure alignment issue

Revision history for this message
Philip Pokorny (ppokorny) wrote :

See also bug #761218

penalvch (penalvch)
tags: added: patch
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "Cleanup compiler warnings" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

Revision history for this message
penalvch (penalvch) wrote : Re: BUG: unable to handle kernel paging request at 746f6fa4 killed omnibook-kernel-module

future30, this bug was reported a while ago and there hasn't been any activity in it recently. We were wondering if this is still an issue? If so, could you please test for this with the latest development release of Ubuntu? ISO images are available from http://cdimage.ubuntu.com/daily-live/current/ .

If it remains an issue, could you please run the following command in the development release from a Terminal (Applications->Accessories->Terminal), as it will automatically gather and attach updated debug information to this report:

apport-collect -p linux <replace-with-bug-number>

Also, could you please test the latest upstream kernel available following https://wiki.ubuntu.com/KernelMainlineBuilds ? It will allow additional upstream developers to examine the issue. Please do not test the daily folder, but the one all the way at the bottom. Once you've tested the upstream kernel, please comment on which kernel version specifically you tested. If this bug is fixed in the mainline kernel, please add the following tags:
kernel-fixed-upstream
kernel-fixed-upstream-VERSION-NUMBER

where VERSION-NUMBER is the version number of the kernel you tested. For example:
kernel-fixed-upstream-v3.11-rc5

This can be done by clicking on the yellow circle with a black pencil icon next to the word Tags located at the bottom of the bug description. As well, please remove the tag:
needs-upstream-testing

If the mainline kernel does not fix this bug, please add the following tags:
kernel-bug-exists-upstream
kernel-bug-exists-upstream-VERSION-NUMBER

As well, please remove the tag:
needs-upstream-testing

If you are unable to test the mainline kernel, please comment as to why specifically you were unable to test it and add the following tags:
kernel-unable-to-test-upstream
kernel-unable-to-test-upstream-VERSION-NUMBER

Once testing of the upstream kernel is complete, please mark this bug's Status as Confirmed. Please let us know your results. Thank you for your understanding.

tags: added: needs-full-computer-modl
removed: kernel-driver-omnibook omnibook
tags: added: needs-full-computer-model
removed: needs-full-computer-modl
Changed in linux (Ubuntu):
status: Confirmed → Incomplete
summary: - BUG: unable to handle kernel paging request at 746f6fa4 killed omnibook-
- kernel-module
+ BUG: unable to handle kernel paging request at 746f6fa4; EIP is at
+ omnibook_init+0x30/0x194 [omnibook]
Bug Watch Updater (bug-watch-updater)
Changed in linux (Fedora):
importance: Unknown → Medium
status: Unknown → Invalid
Revision history for this message
penalvch (penalvch) wrote :

OR using EOL release, and no response for years.

no longer affects: linux (Fedora)
Changed in linux (Ubuntu):
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.