Bug 154672 - Kernel Oopses Since Upgrade to 2.6.11-1.14_FC3
Summary: Kernel Oopses Since Upgrade to 2.6.11-1.14_FC3
Keywords:
Status: CLOSED DUPLICATE of bug 155472
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 3
Hardware: x86_64
OS: Linux
medium
high
Target Milestone: ---
Assignee: Dave Jones
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-04-13 13:52 UTC by Thornton Prime
Modified: 2015-01-04 22:18 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-05-26 23:56:49 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Thornton Prime 2005-04-13 13:52:01 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Firefox/1.0.2 Fedora/1.0.2-1.3.1

Description of problem:
Kernel oopses. Seems to happen during heavy IO, but still not sure. It is happening with rather great frequency (about 3/hour)

Version-Release number of selected component (if applicable):
kernel-smp-2.6.11-1.14_FC3

How reproducible:
Sometimes

Steps to Reproduce:
Not sure how to reproduce.  

Actual Results:  invalid operand: 0000 [2] SMP
CPU 0
Modules linked in: nls_utf8 loop nfs nfsd exportfs lockd md5 ipv6 lp parport audPid: 6360, comm: bash Tainted: P      2.6.11-1.14_FC3smp
RIP: 0010:[<ffffffff80347ea0>] <ffffffff80347ea0>{_spin_lock+32}
RSP: 0018:ffff8100bb5bfe98  EFLAGS: 00010096
RAX: 0000000000000016 RBX: ffff8100bb620834 RCX: ffffffff80417f08
RDX: ffffffff80417f08 RSI: 0000000000000086 RDI: ffffffff80417f00
RBP: ffff810111ed6000 R08: ffff810037c404c0 R09: 000000000000000f
R10: 0000000000000000 R11: ffffffff80211910 R12: ffff8100ad3b6550
R13: ffff8100ad3b6568 R14: ffff8100c522e618 R15: 0000000000000286
FS:  00002aaaaaadf3e0(0000) GS:ffffffff804e8980(0000) knlGS:0000000055587de0
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 000000312f32d710 CR3: 000000017ac6e000 CR4: 00000000000006e0
Process bash (pid: 6360, threadinfo ffff8100bb5be000, task ffff8100bc6da7d0)
Stack: ffff8101202734c0 ffffffff80283dd4 ffff8100bc9834e8 ffff8100daeecac0
       0000000000000000 ffff8100bc6da7d0 0000000000000000 0000000000000000
       0000000000000000 ffffffff8027bd3d
Call Trace:<ffffffff80283dd4>{cfq_exit_io_context+164} <ffffffff8027bd3d>{exit_
       <ffffffff8013acc5>{do_exit+117} <ffffffff80201451>{__up_write+49}
       <ffffffff8013b8ff>{do_group_exit+239} <ffffffff8010e51a>{system_call+126


Code: 0f 0b 77 83 36 80 ff ff ff ff 79 00 f0 fe 0b 0f 88 b2 04 00
RIP <ffffffff80347ea0>{_spin_lock+32} RSP <ffff8100bb5bfe98>

Fedora Core release 3 (Heidelberg)
Kernel 2.6.11-1.14_FC3smp on an x86_64

prajna.anatman.org login: eip: ffffffff80283d9e
----------- [cut here ] --------- [please bite here ] ---------
Kernel BUG at spinlock:121
invalid operand: 0000 [3] SMP
CPU 1
Modules linked in: nls_utf8 loop nfs nfsd exportfs lockd md5 ipv6 lp parport audPid: 189, comm: pdflush Tainted: P      2.6.11-1.14_FC3smp
RIP: 0010:[<ffffffff80347ea0>] <ffffffff80347ea0>{_spin_lock+32}
RSP: 0000:ffff8100bfc01e88  EFLAGS: 00010092
RAX: 0000000000000016 RBX: ffff8100bb620834 RCX: ffffffff80417f08
RDX: ffffffff80417f08 RSI: 0000000000000086 RDI: ffffffff80417f00
RBP: ffff810111ed6000 R08: ffff810037c404c0 R09: 000000000000000f
R10: 0000000000000000 R11: ffffffff80211910 R12: ffff8100daeea730
R13: ffff8100daeea748 R14: ffff8100daeebec8 R15: 0000000000000286
FS:  00002aaaaaadf3a0(0000) GS:ffffffff804e8a00(0000) knlGS:0000000055587de0
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 000000312f166670 CR3: 000000011d9a4000 CR4: 00000000000006e0
Process pdflush (pid: 189, threadinfo ffff8100bfc00000, task ffff8100dae177d0)
Stack: ffff8100ad3b6be0 ffffffff80283d9e 0000000000000403 ffff8100daeec7c0
       ffff810003a51d70 ffff8100dae177d0 0000000000000000 ffff810003a51dd8
       ffffffff8014e8c0 ffffffff8027bd3d
Call Trace:<ffffffff80283d9e>{cfq_exit_io_context+110} <ffffffff8014e8c0>{keven
       <ffffffff8027bd3d>{exit_io_context+93} <ffffffff8013acc5>{do_exit+117}
       <ffffffff80163ea0>{pdflush+0} <ffffffff8014e8c0>{keventd_create_kthread+
       <ffffffff8010f1ff>{child_rip+16} <ffffffff8014e8c0>{keventd_create_kthre
       <ffffffff8014e7a0>{kthread+0} <ffffffff8010f1ef>{child_rip+0}


Code: 0f 0b 77 83 36 80 ff ff ff ff 79 00 f0 fe 0b 0f 88 b2 04 00


Expected Results:  No oops

Additional info:
Comment 1 Thornton Prime 2005-04-13 13:58:54 UTC 
The above traces were tainted with vmware ... but I did get a couple oopses
before loading vmware (but also before I attached my serial console).

I am trying to reproduce without vmware and trying to narrow down the cause.
Leaving NEEDINFO until then.
Comment 2 Dave Jones 2005-04-13 18:55:07 UTC 
reopen if reproducable without tainting.
Comment 3 David Mansfield 2005-05-25 13:49:16 UTC 
Please re-open!

I'm not the original poster.

I got this on a non-tainted FC3 kernel after plugging in an iPod.  My system is
a Dell dimension, FC3 completely updated. Intel(R) Pentium(R) 4 CPU 3.00GHz. 
1gb ram. 2.6.11-1.14_FC3smp kernel

eip: c024c5be
------------[ cut here ]------------
kernel BUG at include/asm/spinlock.h:136!
invalid operand: 0000 [#1]
SMP
Modules linked in: vfat fat nls_utf8 hfsplus usb_storage parport_pc lp parport
autofs4 nfs lockd sunrpc video button battery ac uhci_hcd ehci_hcd hw_random
i2c_i801 i2c_core snd_intel8x0 snd_ac97_codec snd_pcm_oss snd_mixer_oss snd_pcm
snd_timer snd soundcore snd_page_alloc e100 mii floppy ext3 jbd dm_mod ata_piix
libata sd_mod scsi_mod
CPU:    0
EIP:    0060:[<c0300e44>]    Not tainted VLI
EFLAGS: 00010096   (2.6.11-1.14_FC3smp)
EIP is at _spin_lock+0x36/0x40
eax: 0000000e   ebx: e803b81c   ecx: c035878c   edx: 00000000
esi: f67ba66c   edi: c1b9ad98   ebp: c1b9ada4   esp: f6745f54
ds: 007b   es: 007b   ss: 0068
Process hald (pid: 4135, threadinfo=f6745000 task=f63ff020)
Stack: c0317f5f c024c5be c1b9a390 c024c5be 00000286 f63d0c94 c1b98ee8 f63ff020
       f6745000 00000000 c02454d7 f6745000 c0123e4f f5a4e380 c015c943 ffffffff
       080de080 0804c873 00000000 eab6f480 f6745000 00000000 c0123ec8 00000000
Call Trace:
 [<c024c5be>] cfq_exit_io_context+0x54/0xb3
 [<c024c5be>] cfq_exit_io_context+0x54/0xb3
 [<c02454d7>] exit_io_context+0x45/0x52
 [<c0123e4f>] do_exit+0x314/0x338
 [<c015c943>] vfs_read+0xc0/0x108
 [<c0123ec8>] do_group_exit+0x29/0x90
 [<c0103f0f>] syscall_call+0x7/0xb
Code: ad de 75 13 f0 fe 0b 79 09 f3 90 80 3b 00 7e f9 eb f2 83 c4 08 5b c3 8b 44
24 0c c7 04 24 5f 7f 31 c0 89 44 24 04 e8 5e 0a e2 ff <0f> 0b 88 00 14 77 31 c0
eb cf 81 78 04 ed 1e af de 75 0f f0 81
Comment 4 Thornton Prime 2005-05-25 14:59:05 UTC 
I wasn't able to reproduce it until David posted, and I realized I was looking
at the wrong thing. It was crashing for me during VMware, but when I was hot
plugging USB devices for VMware to use.

I can consistently oops *without* VMware by doing the following, and I think
this is related to all the above reports.

1. Hot plug a USB device.
2. Mount the USB device.
3. Unmount the USB device.
4. killall -KILL hald

Here is a console session:

usb 1-4: new high speed USB device using ehci_hcd and add3scsi7 : SCSI emulation
for USB Mass Storage devices
usb-storage: device found at 3
usb-storage: waiting for device to settle before scanning
Vendor: USB 2.0   Model: Storage Device    Rev: 0100
  Type:   Direct-Access                      ANSI SCSI revision: 00
SCSI device sde: 240121728 512-byte hdwr sectors (122942 MB)
sde: assuming drive cache: write through
SCSI device sde: 240121728 512-byte hdwr sectors (122942 MB)
sde: assuming drive cache: write through
 sde: sde1
Attached scsi disk sde at scsi7, channel 0, id 0, lun 0
usb-storage: device scan complete

[root@prajna ~]#

usb 1-4: USB disconnect, address 3

[root@prajna ~]# killall -KILL hald
eip: ffffffff80283d9e
----------- [cut here ] --------- [please bite here ] ---------
Kernel BUG at spinlock:121
invalid operand: 0000 [2] SMP
CPU 1
Modules linked in: usb_storage nfs nfsd exportfs lockd parport_pc lp parport
audPid: 6783, comm: hald Not tainted 2.6.11-1.14_FC3smp
RIP: 0010:[<ffffffff80347ea0>] <ffffffff80347ea0>{_spin_lock+32}
RSP: 0018:ffff8100acc6fd18  EFLAGS: 00010092
RAX: 0000000000000016 RBX: ffff81016ac8e834 RCX: ffffffff80417f08
RDX: ffffffff80417f08 RSI: 0000000000000082 RDI: ffffffff80417f00
RBP: ffff8100aaa95d48 R08: ffff8100bf6d2040 R09: 000000000000000f
R10: 0000000000000000 R11: ffffffff8011caf0 R12: ffff8100beaf2310
R13: ffff8100beaf2328 R14: ffff8100daeffe18 R15: 0000000000000282
FS:  00002aaaaaae1d60(0000) GS:ffffffff804e8a00(0000) knlGS:0000000055587de0
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00002aaaaaaac000 CR3: 00000000ace89000 CR4: 00000000000006e0
Process hald (pid: 6783, threadinfo ffff8100acc6e000, task ffff8101778387d0)
Stack: ffff8100beaf2640 ffffffff80283d9e ffffffff80490bc0 ffff8100bd4794f0
       0000000000000009 ffff8101778387d0 0000000000000009 0000000000000000
       ffff8100acc6fef8 ffffffff8027bd3d
Call Trace:<ffffffff80283d9e>{cfq_exit_io_context+110} <ffffffff8027bd3d>{exit_
       <ffffffff8013acc5>{do_exit+117} <ffffffff801436d5>{__dequeue_signal+485}
       <ffffffff8013b8ff>{do_group_exit+239} <ffffffff801457da>{get_signal_to_d
       <ffffffff8010d963>{do_signal+163} <ffffffff80141b65>{del_timer+117}
       <ffffffff801953f3>{poll_freewait+67} <ffffffff80196176>{sys_poll+806}
       <ffffffff8010e5a3>{sysret_signal+28} <ffffffff8010e88f>{ptregscall_commo


Code: 0f 0b 77 83 36 80 ff ff ff ff 79 00 f0 fe 0b 0f 88 b2 04 00
RIP <ffffffff80347ea0>{_spin_lock+32} RSP <ffff8100acc6fd18>
Comment 5 David Mansfield 2005-05-25 16:06:32 UTC 
yes, this sounds right.  i was restarting hald as well when the oops occurred
Comment 6 Sitsofe Wheeler 2005-05-26 07:34:08 UTC 
Comment #4
If the problems occur after plugging and unplugging a hotplug device it sounds a
heck of a lot like bug #155472 (which has been fixed in 2.6.11-1.27_FC30.
Comment 7 David Mansfield 2005-05-26 15:58:42 UTC 
i can confirm the problem is fixed for me with 2.6.11-1.27_FC3
Comment 8 Dave Jones 2005-05-26 23:56:49 UTC 

*** This bug has been marked as a duplicate of 155472 ***
Note You need to log in before you can comment on or make changes to this bug.