Bug 208003

Summary: agpgart oops after X shutdown
Product: [Fedora] Fedora Reporter: Jeremy Katz <katzj>
Component: kernelAssignee: Xen Maintainance List <xen-maint>
Status: CLOSED DUPLICATE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: ajax, grgustaf, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-09-25 20:16:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jeremy Katz 2006-09-25 19:35:07 UTC 
Unable to handle kernel paging request at ffff88000121a8a8 RIP: 
 [<ffffffff80250c4d>] __change_page_attr+0xa1e/0xa8e
PGD 1018067 PUD 1019067 PMD 1023067 PTE 74993065
Oops: 0003 [1] SMP 
last sysfs file: /class/drm/card0/dev
CPU 0 
Modules linked in: i915 drm nfs lockd fscache nfs_acl bridge netloop netbk blkbk
autofs4 hidp rfcomm l2cap bluetooth sunrpc ip_conntrack_netbios_ns ipt_REJECT
iptable_filter ip_tables xt_state ip_conntrack nfnetlink xt_tcpudp
ip6table_filter ip6_tables x_tables ipv6 cpufreq_ondemand dm_multipath video sbs
i2c_ec button battery asus_acpi ac parport_pc lp parport snd_hda_intel
snd_hda_codec snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq
snd_seq_device intel_rng snd_pcm_oss sr_mod cdrom pcspkr serio_raw snd_mixer_oss
sg ohci1394 i2c_i801 i2c_core snd_pcm ieee1394 shpchp snd_timer snd soundcore
snd_page_alloc serial_core e1000 dm_snapshot dm_zero dm_mirror dm_mod ata_piix
libata sd_mod scsi_mod ext3 jbd ehci_hcd ohci_hcd uhci_hcd
Pid: 3531, comm: X Not tainted 2.6.18-1.2693.fc6xen #1
RIP: e030:[<ffffffff80250c4d>]  [<ffffffff80250c4d>] __change_page_attr+0xa1e/0xa8e
RSP: e02b:ffff880066dffdc8  EFLAGS: 00010282
RAX: 8000000062a000e3 RBX: ffff880001330ff8 RCX: 0000000000000023
RDX: ffff88000121a8a8 RSI: 0000000000001330 RDI: 0000000000000067
RBP: ffff880062bff000 R08: ffff880001412280 R09: 0000000000000000
R10: 8000000000000063 R11: 80000000000000e3 R12: 0000000062bff000
R13: 00000000000008a8 R14: 0000000000000008 R15: ffffffff80201880
FS:  00002aaaaaacaa80(0000) GS:ffffffff8059d000(0000) knlGS:0000000000000000
CS:  e033 DS: 0000 ES: 0000
Process X (pid: 3531, threadinfo ffff880066dfe000, task ffff880003505080)
Stack:  ffff8800661e8170  ffff880062bff000  ffffffff804c4770  ffffffff80262239 
 ffffffff804c4770  ffffffff80261cd5  0000000000000000  ffff880062bff000 
 0000000000062bff  0000000062bff000 
Call Trace:
 [<ffffffff80262239>] _spin_unlock_irq+0x9/0x10
 [<ffffffff80261cd5>] __down_write_nested+0x34/0x96
 [<ffffffff8027a42a>] change_page_attr_addr+0x7b/0x12c
 [<ffffffff803878aa>] agp_generic_destroy_page+0x4e/0x7a
 [<ffffffff8038778a>] agp_free_memory+0x65/0x90
 [<ffffffff803869a1>] agp_release+0x9f/0x18a
 [<ffffffff8021296e>] __fput+0xbf/0x1aa
 [<ffffffff80223f43>] filp_close+0x5c/0x64
 [<ffffffff8021d8c9>] sys_close+0x8f/0xaa
 [<ffffffff8025d9da>] system_call+0x86/0x8b
 [<ffffffff8025d954>] system_call+0x0/0x8b


Code: 48 89 02 31 c0 eb 5a 48 89 da 48 b8 ff ff ff 7f ff ff ff ff 
RIP  [<ffffffff80250c4d>] __change_page_attr+0xa1e/0xa8e
 RSP <ffff880066dffdc8>
CR2: ffff88000121a8a8
 <3>BUG: sleeping function called from invalid context at kernel/rwsem.c:20
in_atomic():0, irqs_disabled():1

Call Trace:
 [<ffffffff8029b612>] down_read+0x15/0x23
 [<ffffffff80293bbc>] blocking_notifier_call_chain+0x13/0x36
 [<ffffffff802152e0>] do_exit+0x1f/0x8a3
 [<ffffffff80264def>] do_page_fault+0x1130/0x11dc
 [<ffffffff80393bf4>] notify_remote_via_irq+0x2c/0x68
 [<ffffffff8025e0fb>] error_exit+0x0/0x6e
 [<ffffffff8020e17a>] current_fs_time+0x3b/0x40
 [<ffffffff80201880>] init_level4_pgt+0x880/0x1000
 [<ffffffff8025e0fb>] error_exit+0x0/0x6e
 [<ffffffff80201880>] init_level4_pgt+0x880/0x1000
 [<ffffffff80250c4d>] __change_page_attr+0xa1e/0xa8e
 [<ffffffff802622d3>] _spin_lock_irqsave+0x1a/0x23
 [<ffffffff80262239>] _spin_unlock_irq+0x9/0x10
 [<ffffffff80261cd5>] __down_write_nested+0x34/0x96
 [<ffffffff8027a42a>] change_page_attr_addr+0x7b/0x12c
 [<ffffffff803878aa>] agp_generic_destroy_page+0x4e/0x7a
 [<ffffffff8038778a>] agp_free_memory+0x65/0x90
 [<ffffffff803869a1>] agp_release+0x9f/0x18a
 [<ffffffff8021296e>] __fput+0xbf/0x1aa
 [<ffffffff80223f43>] filp_close+0x5c/0x64
 [<ffffffff8021d8c9>] sys_close+0x8f/0xaa
 [<ffffffff8025d9da>] system_call+0x86/0x8b
 [<ffffffff8025d954>] system_call+0x0/0x8b
Comment 2 Jeremy Katz 2006-09-25 19:47:59 UTC 
Only happens with the Xen kernel
Comment 3 Stephen Tweedie 2006-09-25 20:16:18 UTC 

*** This bug has been marked as a duplicate of 207432 ***