435513 – kernel BUG, invalid opcode: 0000, X server crashes

Bug 435513 - kernel BUG, invalid opcode: 0000, X server crashes

Summary: kernel BUG, invalid opcode: 0000, X server crashes

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Dave Airlie
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-02-29 20:35 UTC by Tom London
Modified:	2008-03-03 20:34 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-03-03 20:34:22 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
/var/log/messages with debug=1 for drm module (140.47 KB, text/plain) 2008-03-03 14:45 UTC, Tom London	no flags	Details
View All

Description Tom London 2008-02-29 20:35:08 UTC

Description of problem:
I seem to get this repeatedly with kernel-2.6.25-0.78.rc3.git1.fc9.i686
attempting to gdm login.

X server 'crashes' and gdm greeter returns.

Works fine with latest Rawhide running kernel-2.6.25-0.73.rc3.git1.fc9.i686

Feb 29 12:20:15 localhost kernel: ------------[ cut here ]------------
Feb 29 12:20:15 localhost kernel: kernel BUG at mm/memory.c:2203!
Feb 29 12:20:15 localhost kernel: invalid opcode: 0000 [#1] SMP 
Feb 29 12:20:15 localhost kernel: Modules linked in: i915 drm ipt_MASQUERADE
iptable_nat nf_nat bridge coretemp nf_conntrack_ipv4 ipt_REJECT iptable_filter
ip_tables nf_conntrack_netbios_ns nf_conntrack_ipv6 xt_state nf_conntrack
xt_tcpudp ip6t_ipv6header ip6t_REJECT ip6table_filter ip6_tables x_tables ipv6
cpufreq_ondemand acpi_cpufreq fuse loop dm_multipath kvm_intel kvm snd_usb_audio
snd_usb_lib snd_rawmidi snd_hda_intel snd_seq_dummy firewire_ohci firewire_core
snd_seq_oss snd_seq_midi_event arc4 snd_seq snd_seq_device snd_pcm_oss
snd_mixer_oss sr_mod snd_pcm ecb thinkpad_acpi cdrom snd_timer crypto_blkcipher
nsc_ircc crc_itu_t irda iwl3945 hwmon battery crc_ccitt ac sdhci snd_page_alloc
usblp iTCO_wdt mac80211 mmc_core ata_piix parport_pc parport ata_generic
snd_hwdep iTCO_vendor_support i2c_i801 button cfg80211 snd e1000e pata_acpi
i2c_core soundcore sg dm_snapshot dm_zero dm_mirror dm_mod ahci libata sd_mod
scsi_mod ext3 jbd mbcache uhci_hcd ohci_hcd ehci_hcd [last unloaded: scsi_wait_scan]
Feb 29 12:20:15 localhost kernel: 
Feb 29 12:20:15 localhost kernel: Pid: 2788, comm: X Not tainted
(2.6.25-0.78.rc3.git1.fc9 #1)
Feb 29 12:20:15 localhost kernel: EIP: 0060:[<c0472e98>] EFLAGS: 00213202 CPU: 1
Feb 29 12:20:15 localhost kernel: EIP is at __do_fault+0x39/0x3ed
Feb 29 12:20:15 localhost kernel: EAX: ead23d80 EBX: 00102a3c ECX: a1467000 EDX:
a1467000
Feb 29 12:20:15 localhost kernel: ESI: 00000000 EDI: 00000001 EBP: f354bdb4 ESP:
f354bd5c
Feb 29 12:20:15 localhost kernel:  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Feb 29 12:20:15 localhost kernel: Process X (pid: 2788, ti=f354b000
task=f4bf4000 task.ti=f354b000)
Feb 29 12:20:15 localhost kernel: Stack: c2c6e7c8 0000000f a1467000 ead23d80
f4965b80 00000000 00000000 c2dcb44c 
Feb 29 12:20:15 localhost kernel:        fff8f8ec f4bf46b0 c08d3374 f4bf46b0
c08d3374 f4bf46c0 00000001 00102a3c 
Feb 29 12:20:15 localhost kernel:        a1467000 00000000 f354bdc4 00102a3c
00000000 fff8f19c f354be50 c0474982 
Feb 29 12:20:15 localhost kernel: Call Trace:
Feb 29 12:20:15 localhost kernel:  [<c0474982>] ? handle_mm_fault+0x303/0x7a2
Feb 29 12:20:15 localhost kernel:  [<c040a320>] ? native_sched_clock+0xb5/0xd1
Feb 29 12:20:15 localhost kernel:  [<c063c519>] ? do_page_fault+0x289/0x6bd
Feb 29 12:20:15 localhost kernel:  [<c043cbfe>] ? down_read_trylock+0x37/0x41
Feb 29 12:20:15 localhost kernel:  [<c063c5ec>] ? do_page_fault+0x35c/0x6bd
Feb 29 12:20:15 localhost kernel:  [<c04852dd>] ? __slab_alloc+0x3f3/0x475
Feb 29 12:20:15 localhost kernel:  [<c040a320>] ? native_sched_clock+0xb5/0xd1
Feb 29 12:20:15 localhost kernel:  [<c0483f67>] ? check_object+0x111/0x185
Feb 29 12:20:15 localhost kernel:  [<c0484eb2>] ? __slab_free+0x22e/0x266
Feb 29 12:20:15 localhost kernel:  [<c048555a>] ? kfree+0xd0/0xe5
Feb 29 12:20:15 localhost kernel:  [<c0444bd7>] ? trace_hardirqs_on+0xe9/0x10a
Feb 29 12:20:15 localhost kernel:  [<f911a4a6>] ? drm_ioctl+0x1f2/0x229 [drm]
Feb 29 12:20:15 localhost kernel:  [<f911a4a6>] ? drm_ioctl+0x1f2/0x229 [drm]
Feb 29 12:20:15 localhost kernel:  [<f91242d3>] ? drm_bo_map_ioctl+0x0/0x1b5 [drm]
Feb 29 12:20:15 localhost kernel:  [<c045eeab>] ? audit_syscall_exit+0x2b1/0x2cc
Feb 29 12:20:15 localhost kernel:  [<c063c290>] ? do_page_fault+0x0/0x6bd
Feb 29 12:20:15 localhost kernel:  [<c063add2>] ? error_code+0x72/0x78
Feb 29 12:20:15 localhost kernel:  =======================
Feb 29 12:20:15 localhost kernel: Code: b8 8b 45 0c 89 55 b4 89 ca 81 e2 00 f0
ff ff 89 4d b0 89 45 e4 8b 45 b4 89 55 e8 89 7d e0 c7 45 ec 00 00 00 00 f6 40 15
04 74 04 <0f> 0b eb fe 8b 4d b4 8b 59 40 8b 4b 08 85 c9 74 19 8b 45 b4 8d 
Feb 29 12:20:15 localhost kernel: EIP: [<c0472e98>] __do_fault+0x39/0x3ed SS:ESP
0068:f354bd5c
Feb 29 12:20:15 localhost kernel: ---[ end trace 55cf0fcf30d989e6 ]---
Feb 29 12:20:30 localhost gconfd (tbl-2858): SIGHUP received, reloading all
databases



Version-Release number of selected component (if applicable):
kernel-2.6.25-0.78.rc3.git1.fc9.i686

How reproducible:
Every time

Steps to Reproduce:
1. Boot, try to login
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Tom London 2008-02-29 20:38:30 UTC

I tried reverting to older xorg-x11-drv-i810, but no joy: still crashes.

Tried running in SELinux permissive mode, also no change: still crashes.

Works fine with new i810 driver and SELinux enforcing with .73

Comment 2 Dave Jones 2008-02-29 20:40:27 UTC

This one has "drm update" all over it.  Reassigning to airlied.

Comment 3 Chuck Ebbert 2008-02-29 21:36:31 UTC

       BUG_ON(vma->vm_flags & VM_PFNMAP);

Comment 4 Tom London 2008-03-01 01:30:11 UTC

Same problem with kernel-2.6.25-0.80.rc3.git2.fc9.i686

Comment 5 Tom London 2008-03-01 01:31:37 UTC

Here is the report from .80

Feb 29 17:20:56 localhost kernel: ------------[ cut here ]------------
Feb 29 17:20:56 localhost kernel: kernel BUG at mm/memory.c:2203!
Feb 29 17:20:56 localhost kernel: invalid opcode: 0000 [#1] SMP 
Feb 29 17:20:56 localhost kernel: Modules linked in: i915 drm coretemp
nf_conntrack_ipv4 ipt_REJECT iptable_filter ip_tables nf_conntrack_netbios_ns
nf_conntrack_ipv6 xt_state nf_conntrack xt_tcpudp ip6t_ipv6header ip6t_REJECT
ip6table_filter ip6_tables x_tables ipv6 cpufreq_ondemand acpi_cpufreq fuse loop
dm_multipath kvm_intel kvm snd_usb_audio snd_usb_lib snd_rawmidi sr_mod
snd_hda_intel cdrom snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq
snd_seq_device snd_pcm_oss ata_piix snd_mixer_oss parport_pc arc4 firewire_ohci
snd_pcm thinkpad_acpi sdhci parport ecb nsc_ircc firewire_core mmc_core
snd_timer hwmon iTCO_wdt ata_generic battery irda crypto_blkcipher
snd_page_alloc crc_itu_t crc_ccitt ac iwl3945 iTCO_vendor_support snd_hwdep
pata_acpi button snd e1000e mac80211 soundcore usblp sg i2c_i801 i2c_core
cfg80211 dm_snapshot dm_zero dm_mirror dm_mod ahci libata sd_mod scsi_mod ext3
jbd mbcache uhci_hcd ohci_hcd ehci_hcd [last unloaded: scsi_wait_scan]
Feb 29 17:20:56 localhost kernel: 
Feb 29 17:20:56 localhost kernel: Pid: 3012, comm: Xorg Not tainted
(2.6.25-0.80.rc3.git2.fc9 #1)
Feb 29 17:20:56 localhost kernel: EIP: 0060:[<c0472ea0>] EFLAGS: 00213202 CPU: 1
Feb 29 17:20:56 localhost kernel: EIP is at __do_fault+0x39/0x3ed
Feb 29 17:20:56 localhost kernel: EAX: e9de4a80 EBX: 00102a3c ECX: a1372000 EDX:
a1372000
Feb 29 17:20:56 localhost kernel: ESI: 00000000 EDI: 00000001 EBP: ec182db4 ESP:
ec182d5c
Feb 29 17:20:56 localhost kernel:  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Feb 29 17:20:56 localhost kernel: Process Xorg (pid: 3012, ti=ec182000
task=f3eb4000 task.ti=ec182000)
Feb 29 17:20:56 localhost kernel: Stack: c2bbcdc0 0000000f a1372000 e9de4a80
f53b6dc0 00000000 00000000 c2db2384 
Feb 29 17:20:56 localhost kernel:        fff8f8ec f3eb46b0 c08d2374 f3eb46b0
c08d2374 f3eb46c0 00000001 00102a3c 
Feb 29 17:20:56 localhost kernel:        a1372000 00000000 ec182dc4 00102a3c
00000000 fff8fdc8 ec182e50 c047498a 
Feb 29 17:20:56 localhost kernel: Call Trace:
Feb 29 17:20:56 localhost kernel:  [<c047498a>] ? handle_mm_fault+0x303/0x7a2
Feb 29 17:20:56 localhost kernel:  [<c040a2f8>] ? native_sched_clock+0xb5/0xd1
Feb 29 17:20:56 localhost kernel:  [<c063c519>] ? do_page_fault+0x289/0x6bd
Feb 29 17:20:56 localhost kernel:  [<c043cbfa>] ? down_read_trylock+0x37/0x41
Feb 29 17:20:56 localhost kernel:  [<c063c5ec>] ? do_page_fault+0x35c/0x6bd
Feb 29 17:20:56 localhost kernel:  [<c04852e5>] ? __slab_alloc+0x3f3/0x475
Feb 29 17:20:56 localhost kernel:  [<c040a2f8>] ? native_sched_clock+0xb5/0xd1
Feb 29 17:20:56 localhost kernel:  [<c0483f6f>] ? check_object+0x111/0x185
Feb 29 17:20:56 localhost kernel:  [<c0484eba>] ? __slab_free+0x22e/0x266
Feb 29 17:20:56 localhost kernel:  [<c0485562>] ? kfree+0xd0/0xe5
Feb 29 17:20:56 localhost kernel:  [<c0444bd3>] ? trace_hardirqs_on+0xe9/0x10a
Feb 29 17:20:56 localhost kernel:  [<f910b4a6>] ? drm_ioctl+0x1f2/0x229 [drm]
Feb 29 17:20:56 localhost kernel:  [<f910b4a6>] ? drm_ioctl+0x1f2/0x229 [drm]
Feb 29 17:20:56 localhost kernel:  [<f91152d3>] ? drm_bo_map_ioctl+0x0/0x1b5 [drm]
Feb 29 17:20:56 localhost kernel:  [<c045eea7>] ? audit_syscall_exit+0x2b1/0x2cc
Feb 29 17:20:56 localhost kernel:  [<c063c290>] ? do_page_fault+0x0/0x6bd
Feb 29 17:20:56 localhost kernel:  [<c063add2>] ? error_code+0x72/0x78
Feb 29 17:20:56 localhost kernel:  =======================
Feb 29 17:20:56 localhost kernel: Code: b8 8b 45 0c 89 55 b4 89 ca 81 e2 00 f0
ff ff 89 4d b0 89 45 e4 8b 45 b4 89 55 e8 89 7d e0 c7 45 ec 00 00 00 00 f6 40 15
04 74 04 <0f> 0b eb fe 8b 4d b4 8b 59 40 8b 4b 08 85 c9 74 19 8b 45 b4 8d 
Feb 29 17:20:56 localhost kernel: EIP: [<c0472ea0>] __do_fault+0x39/0x3ed SS:ESP
0068:ec182d5c
Feb 29 17:20:56 localhost kernel: ---[ end trace d9fc72b456ba3faa ]---

Comment 6 Tom London 2008-03-03 01:38:42 UTC

No change with 0.81:

Mar  2 17:12:31 localhost kernel: ------------[ cut here ]------------
Mar  2 17:12:31 localhost kernel: kernel BUG at mm/memory.c:2203!
Mar  2 17:12:31 localhost kernel: invalid opcode: 0000 [#1] SMP 
Mar  2 17:12:31 localhost kernel: Modules linked in: i915 drm coretemp
nf_conntrack_ipv4 ipt_REJECT iptable_filter ip_tables nf_conntrack_netbios_ns
nf_conntrack_ipv6 xt_state nf_conntrack xt_tcpudp ip6t_ipv6header ip6t_REJECT
ip6table_filter ip6_tables x_tables ipv6 cpufreq_ondemand acpi_cpufreq fuse loop
dm_multipath kvm_intel kvm snd_usb_audio snd_usb_lib snd_rawmidi snd_hda_intel
snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss
sr_mod snd_mixer_oss cdrom snd_pcm arc4 ecb sdhci mmc_core crypto_blkcipher
battery snd_timer thinkpad_acpi iTCO_wdt iTCO_vendor_support firewire_ohci
firewire_core iwl3945 i2c_i801 snd_page_alloc ac nsc_ircc mac80211 button
snd_hwdep irda parport_pc i2c_core hwmon cfg80211 parport crc_itu_t crc_ccitt
snd soundcore e1000e ata_piix ata_generic pata_acpi sg dm_snapshot dm_zero
dm_mirror dm_mod ahci libata sd_mod scsi_mod ext3 jbd mbcache uhci_hcd ohci_hcd
ehci_hcd [last unloaded: scsi_wait_scan]
Mar  2 17:12:31 localhost kernel: 
Mar  2 17:12:31 localhost kernel: Pid: 2560, comm: Xorg Not tainted
(2.6.25-0.81.rc3.git2.fc9 #1)
Mar  2 17:12:31 localhost kernel: EIP: 0060:[<c0472ea0>] EFLAGS: 00213202 CPU: 1
Mar  2 17:12:31 localhost kernel: EIP is at __do_fault+0x39/0x3ed
Mar  2 17:12:31 localhost kernel: EAX: ea0ec900 EBX: 00102a3c ECX: a14fe000 EDX:
a14fe000
Mar  2 17:12:31 localhost kernel: ESI: 00000000 EDI: 00000001 EBP: f47c6db4 ESP:
f47c6d5c
Mar  2 17:12:31 localhost kernel:  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Mar  2 17:12:31 localhost kernel: Process Xorg (pid: 2560, ti=f47c6000
task=f4152000 task.ti=f47c6000)
Mar  2 17:12:31 localhost kernel: Stack: c2bdaf64 0000000f a14fe000 ea0ec900
f41f8580 00000000 00000000 c2db46e8 
Mar  2 17:12:31 localhost kernel:        fff8f8ec f41526b0 c08d2374 f41526b0
c08d2374 f41526c0 00000001 00102a3c 
Mar  2 17:12:31 localhost kernel:        a14fe000 00000000 f47c6dc4 00102a3c
00000000 fff8f3f8 f47c6e50 c047498a 
Mar  2 17:12:31 localhost kernel: Call Trace:
Mar  2 17:12:31 localhost kernel:  [<c047498a>] ? handle_mm_fault+0x303/0x7a2
Mar  2 17:12:31 localhost kernel:  [<c040a2f8>] ? native_sched_clock+0xb5/0xd1
Mar  2 17:12:31 localhost kernel:  [<c063c519>] ? do_page_fault+0x289/0x6bd
Mar  2 17:12:31 localhost kernel:  [<c043cbfa>] ? down_read_trylock+0x37/0x41
Mar  2 17:12:31 localhost kernel:  [<c063c5ec>] ? do_page_fault+0x35c/0x6bd
Mar  2 17:12:31 localhost kernel:  [<c04852e5>] ? __slab_alloc+0x3f3/0x475
Mar  2 17:12:31 localhost kernel:  [<c040a2f8>] ? native_sched_clock+0xb5/0xd1
Mar  2 17:12:31 localhost kernel:  [<c0483f6f>] ? check_object+0x111/0x185
Mar  2 17:12:31 localhost kernel:  [<c0484eba>] ? __slab_free+0x22e/0x266
Mar  2 17:12:31 localhost kernel:  [<c0485562>] ? kfree+0xd0/0xe5
Mar  2 17:12:31 localhost kernel:  [<c0444bd3>] ? trace_hardirqs_on+0xe9/0x10a
Mar  2 17:12:31 localhost kernel:  [<f91094a6>] ? drm_ioctl+0x1f2/0x229 [drm]
Mar  2 17:12:31 localhost kernel:  [<f91094a6>] ? drm_ioctl+0x1f2/0x229 [drm]
Mar  2 17:12:31 localhost kernel:  [<f91132d3>] ? drm_bo_map_ioctl+0x0/0x1b5 [drm]
Mar  2 17:12:31 localhost kernel:  [<c045eea7>] ? audit_syscall_exit+0x2b1/0x2cc
Mar  2 17:12:31 localhost kernel:  [<c063c290>] ? do_page_fault+0x0/0x6bd
Mar  2 17:12:31 localhost kernel:  [<c063add2>] ? error_code+0x72/0x78
Mar  2 17:12:31 localhost kernel:  =======================
Mar  2 17:12:31 localhost kernel: Code: b8 8b 45 0c 89 55 b4 89 ca 81 e2 00 f0
ff ff 89 4d b0 89 45 e4 8b 45 b4 89 55 e8 89 7d e0 c7 45 ec 00 00 00 00 f6 40 15
04 74 04 <0f> 0b eb fe 8b 4d b4 8b 59 40 8b 4b 08 85 c9 74 19 8b 45 b4 8d 
Mar  2 17:12:31 localhost kernel: EIP: [<c0472ea0>] __do_fault+0x39/0x3ed SS:ESP
0068:f47c6d5c
Mar  2 17:12:31 localhost kernel: ---[ end trace e542d6fd0abe40db ]---

Comment 7 Dave Airlie 2008-03-03 02:07:41 UTC

before X starts can you load the drm module with debug=1

modprobe drm debug=1
modprobe i915

then let X start and attach it..

its probably something simple I'm just having trouble getting any rawhide kernel
to boot here...

Comment 8 Tom London 2008-03-03 14:45:03 UTC

Created attachment 296610 [details]
/var/log/messages with debug=1 for drm module

The last "reliable" rawhide kernel for me is 0.73.  All later ones exhibit this
problem.

Here are the messages from booting 0.81 into runlevel 3, loading the modules as
above, running 'telinit 5', and trying to login.

gdmgreeter start with no problem (in 1024x768). After presenting uname/password
and waiting about 5-10 seconds, screen blacks, shows the "fedora curve", and
then blacks and freezes with "random color stripes".  After a few seconds, gdm
greeter restarts.  I hit the restart button to close off this session.

Comment 9 Tom London 2008-03-03 15:20:22 UTC

Looks like you found it (even before I sent the log!)!!

Boots up fine with 0.83; no log messages..... :-)

Note You need to log in before you can comment on or make changes to this bug.