Bug 132463 - NFS client in 1-549 kernel causes kerel OOPs
NFS client in 1-549 kernel causes kerel OOPs
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
rawhide
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Dave Jones
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-09-13 14:07 EDT by H.J. Lu
Modified: 2015-01-04 17:09 EST (History)
3 users (show)

See Also:
Fixed In Version: RHEL4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-10-05 19:33:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description H.J. Lu 2004-09-13 14:07:06 EDT
While using NFS client in 1-549 SMP kernel on a P4 HT machine, I
got

kernel BUG at include/asm/spinlock.h:135!
invalid operand: 0000 [#1]
SMP
Modules linked in: nls_utf8 loop nfs nfsd exportfs lockd md5 ipv6
parport_pc lp parport autofs4 sunrpc e100 mii floppy sg scsi_mod
microcode dm_mod uhci_hcd ehci_hcd ohci_hcd button battery asus_acpi
ac ext3 jbd
CPU:    0
EIP:    0060:[<c02b8d71>]    Not tainted VLI
EFLAGS: 00010002   (2.6.8-1.549.hjl.0.0smp)
EIP is at _spin_lock+0x1f/0x39
eax: c02b8d52   ebx: c1104f58   ecx: c02cc5f5   edx: c02cc5f5
esi: deeaeb80   edi: c125e3a8   ebp: 20001024   esp: db2e2f68
ds: 007b   es: 007b   ss: 0068
Process master (pid: 1827, threadinfo=db2e2000 task=db31af10)
Stack: c125e398 c125e398 c125e398 c013fb15 c125e398 c1104e98 c125e398
deeaeb80
       c125e3a8 00000282 c013ff38 db2e2000 deeaeb80 dfe76280 db2e2000
c012c4fd
       dfe76280 00000000 00000000 c012c5c4 00000001 0000000b c02ba1df
00000001
Call Trace:
 [<c013fb15>] cache_flusharray+0x1a/0x9c
 [<c013ff38>] kfree+0x43/0x51
 [<c012c4fd>] set_current_groups+0x5f/0x65
 [<c012c5c4>] sys_setgroups+0x49/0x64
 [<c02ba1df>] syscall_call+0x7/0xb
Code: f0 81 02 00 00 00 01 30 c9 89 c8 c3 53 89 c3 52 52 81 78 04 ad
4e ad de 74 19 68 52 8d 2b c0 68 f5 c5 2c c0 e8 1f 71 e6 ff 59 58 <0f>
0b 87 00 ae b5 2c c0 f0 fe 0b 79 09 f3 90 80 3b 00 7e f9 eb
 <1>Unable to handle kernel NULL pointer dereference at virtual
address 0000000c printing eip:
c013fa5d
*pde = 1c2e5001
Oops: 0000 [#2]
SMP
Modules linked in: nls_utf8 loop nfs nfsd exportfs lockd md5 ipv6
parport_pc lp parport autofs4 sunrpc e100 mii floppy sg scsi_mod
microcode dm_mod uhci_hcd ehci_hcd ohci_hcd button battery asus_acpi
ac ext3 jbd
CPU:    1
EIP:    0060:[<c013fa5d>]    Not tainted VLI
EFLAGS: 00010006   (2.6.8-1.549.hjl.0.0smp)
EIP is at free_block+0x38/0xd6
eax: 00800000   ebx: 00000008   ecx: 00000000   edx: c1000000
esi: dfe96580   edi: 00000004   ebp: 00000000   esp: dfe5cf28
ds: 007b   es: 007b   ss: 0068
Process events/1 (pid: 7, threadinfo=dfe5c000 task=dfe5b6f0)
Stack: dbae8090 dbae8090 00000004 dbae8080 dfe96580 c01401ef c1411920
dfe96580
       dfe96118 dfe96674 c014028d 00000001 dfe06080 c1411920 c1411924
00000283
       dfe06080 c012d687 00000000 c014020b ffffffff ffffffff 00000001
00000000
Call Trace:
 [<c01401ef>] drain_array_locked+0x59/0x75
 [<c014028d>] cache_reap+0x82/0x1a1
 [<c012d687>] worker_thread+0x168/0x1d5
 [<c014020b>] cache_reap+0x0/0x1a1
 [<c011c669>] default_wake_function+0x0/0xc
 [<c011c669>] default_wake_function+0x0/0xc
 [<c012d51f>] worker_thread+0x0/0x1d5
 [<c0130b55>] kthread+0x73/0x9b
 [<c0130ae2>] kthread+0x0/0x9b
 [<c01041f1>] kernel_thread_helper+0x5/0xb
Code: 24 01 88 a0 00 00 00 39 fd 0f 8d b4 00 00 00 8b 04 24 8b 15 10
b8 41 c0 8b 0c a8 8d 81 00 00 00 40 c1 e8 0c c1 e0 05 8b 5c 10 1c <8b>
53 04 8b 03 89 50 04 89 02 31 d2 2b 4b 0c c7 03 00 01 10 00
 ------------[ cut here ]------------
kernel BUG at mm/rmap.c:473!
invalid operand: 0000 [#3]
SMP
Modules linked in: nls_utf8 loop nfs nfsd exportfs lockd md5 ipv6
parport_pc lp parport autofs4 sunrpc e100 mii floppy sg scsi_mod
microcode dm_mod uhci_hcd ehci_hcd ohci_hcd button battery asus_acpi
ac ext3 jbd
CPU:    1
EIP:    0060:[<c014a3e0>]    Not tainted VLI
EFLAGS: 00010286   (2.6.8-1.549.hjl.0.0smp)
EIP is at page_remove_rmap+0x23/0x4a
eax: ffffffff   ebx: 00002ed0   ecx: c140f100   edx: c105da00
esi: c105da00   edi: df74e030   ebp: 00000000   esp: db6bbebc
ds: 007b   es: 007b   ss: 0068
Process queryrpm (pid: 14285, threadinfo=db6bb000 task=dfe5b6f0)
Stack: c01443e5 02ed0067 00000000 00006000 b7a00000 c140f100 c030c080
00000002
       b7a00000 b7a71000 dab93df0 c140f100 c01444e1 00071000 00000000
b79f1000
       dfe247d8 b7a71000 c140f100 c0144540 00080000 00000000 db6bbf74
b79f1000
Call Trace:
 [<c01443e5>] zap_pte_range+0x206/0x2a9
 [<c01444e1>] zap_pmd_range+0x59/0x7c
 [<c0144540>] unmap_page_range+0x3c/0x5f
 [<c0144654>] unmap_vmas+0xf1/0x205
 [<c01481e2>] unmap_region+0x7e/0xef
 [<c0148485>] do_munmap+0x119/0x137
 [<c01484f5>] sys_munmap+0x52/0x6a
 [<c02ba1df>] syscall_call+0x7/0xb
 [<c02b007b>] xfrm_alloc_spi+0x118/0x15d
Code: 3a c0 ff 42 10 51 9d c3 89 c2 8b 00 f6 c4 08 74 08 0f 0b d6 01
1f dd 2c c0 f0 83 42 08 ff 0f 98 c0 84 c0 74 2c 8b 42 08 40 79 08 <0f>
0b d9 01 1f dd 2c c0 9c 59 fa b8 00 f0 ff ff 21 e0 8b 40 10
 <3>Debug: sleeping function called from invalid context at
include/linux/rwsem.h:43
in_atomic():1[expected: 0], irqs_disabled():0
 [<c011d9b2>] __might_sleep+0x7d/0x87
 [<c01204ae>] profile_task_exit+0x1a/0x4a
 [<c0121ab8>] do_exit+0x18/0x3bd
 [<c0106073>] do_divide_error+0x0/0xe6
 [<c0106345>] do_invalid_op+0x0/0xd5
 [<c0106345>] do_invalid_op+0x0/0xd5
 [<c0106411>] do_invalid_op+0xcc/0xd5
 [<c014a3e0>] page_remove_rmap+0x23/0x4a
 [<c013bf67>] free_hot_cold_page+0xbc/0xee
 [<c011c652>] scheduler_tick+0x3ce/0x3e5
 [<c02bacbb>] error_code+0x2f/0x38
 [<c014a3e0>] page_remove_rmap+0x23/0x4a
 [<c01443e5>] zap_pte_range+0x206/0x2a9
 [<c01444e1>] zap_pmd_range+0x59/0x7c
 [<c0144540>] unmap_page_range+0x3c/0x5f
 [<c0144654>] unmap_vmas+0xf1/0x205
 [<c01481e2>] unmap_region+0x7e/0xef
 [<c0148485>] do_munmap+0x119/0x137
 [<c01484f5>] sys_munmap+0x52/0x6a
 [<c02ba1df>] syscall_call+0x7/0xb
 [<c02b007b>] xfrm_alloc_spi+0x118/0x15d
note: queryrpm[14285] exited with preempt_count 1
bad: scheduling while atomic!
 [<c02b7cad>] schedule+0x2d/0x86b
 [<c01efdec>] poke_blanked_console+0x8f/0x9a
 [<c01ef1b2>] vt_console_print+0x294/0x2a5
 [<c01eef1e>] vt_console_print+0x0/0x2a5
 [<c011fc7f>] __call_console_drivers+0x36/0x40
 [<c02b8ba6>] rwsem_down_read_failed+0x143/0x162
 [<c01230d4>] .text.lock.exit+0x6b/0xcb
 [<c0106073>] do_divide_error+0x0/0xe6
 [<c0106345>] do_invalid_op+0x0/0xd5
 [<c0106345>] do_invalid_op+0x0/0xd5
 [<c0106411>] do_invalid_op+0xcc/0xd5
 [<c014a3e0>] page_remove_rmap+0x23/0x4a
 [<c013bf67>] free_hot_cold_page+0xbc/0xee
 [<c011c652>] scheduler_tick+0x3ce/0x3e5
 [<c02bacbb>] error_code+0x2f/0x38
 [<c014a3e0>] page_remove_rmap+0x23/0x4a
 [<c01443e5>] zap_pte_range+0x206/0x2a9
 [<c01444e1>] zap_pmd_range+0x59/0x7c
 [<c0144540>] unmap_page_range+0x3c/0x5f
 [<c0144654>] unmap_vmas+0xf1/0x205
 [<c01481e2>] unmap_region+0x7e/0xef
 [<c0148485>] do_munmap+0x119/0x137
 [<c01484f5>] sys_munmap+0x52/0x6a
 [<c02ba1df>] syscall_call+0x7/0xb
 [<c02b007b>] xfrm_alloc_spi+0x118/0x15d
Comment 1 Dave Jones 2004-11-27 16:49:20 EST
is this repeatable in the *unmodified* 2.6.9 based update ?
Comment 2 H.J. Lu 2004-11-28 17:18:49 EST
It didn't happen with current 2.6.9 based kernel.

Note You need to log in before you can comment on or make changes to this bug.