Bug 464831 - kernel SMP DEBUG_PAGEALLOC oops
Summary: kernel SMP DEBUG_PAGEALLOC oops
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 10
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-09-30 18:39 UTC by Zach Carter
Modified: 2009-12-18 06:27 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-12-18 06:27:31 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Zach Carter 2008-09-30 18:39:33 UTC
Description of problem:
rc[1387]: segfault at 8 ip 000000000042ad17 sp 00007ffff56db0b0 error 4 in bash[400000+ba000]
BUG: unable to handle kernel NULL pointer dereference at 00000000000006f0
IP: [<ffffffff810654cf>] debug_mutex_add_waiter+0x4b/0x5e
PGD 29c86067 PUD 29df3067 PMD 29c0e067 PTE 0
Oops: 0002 [1] SMP DEBUG_PAGEALLOC
CPU 0 
Modules linked in: bridge stp bnep l2cap bluetooth sunrpc ipt_REJECT nf_conntrack_ipv4 iptable_filter ip_tables ip6t_REJECT nf_conntrack_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 dm_mirror dm_log dm_multipath floppy pcspkr 8139too 8139cp mii i2c_piix4 i2c_core ata_generic pata_acpi [last unloaded: freq_table]
Pid: 1932, comm: gpm Not tainted 2.6.27-0.352.rc7.git1.fc10.x86_64 #1
RIP: 0010:[<ffffffff810654cf>]  [<ffffffff810654cf>] debug_mutex_add_waiter+0x4b/0x5e
RSP: 0018:ffff880029dbbc88  EFLAGS: 00010002
RAX: 0000000000000000 RBX: ffff880029dbbcf8 RCX: 0000000000000129
RDX: 0000000000000007 RSI: ffff880029dbbcf8 RDI: ffff880033d8cb88
RBP: ffff880029dbbca8 R08: 0000000000000000 R09: 0000000000000129
R10: 0000000000000129 R11: ffff880029dbbd58 R12: ffff880033d8cb80
R13: ffff880029dba000 R14: ffff880029d68000 R15: ffff880033d8cbe8
FS:  00007f6119a9a6f0(0000) GS:ffffffff81726a00(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00000000000006f0 CR3: 000000002c50a000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process gpm (pid: 1932, threadinfo ffff880029dba000, task ffff880029d68000)
Stack:  ffff880033d8cb80 ffff880029dbbcf8 ffff880033d8cb80 0000000000000246
 ffff880029dbbd58 ffffffff81378851 ffffffff812886a3 0000000000000296
 ffff880029dbbcd8 ffffffff812886a3 0000000029dbbcf8 0000000000000002
Call Trace:
 [<ffffffff81378851>] __mutex_lock_common+0x101/0x362
 [<ffffffff812886a3>] ? mousedev_close_device+0x20/0xad
 [<ffffffff812886a3>] ? mousedev_close_device+0x20/0xad
 [<ffffffff81378b6a>] mutex_lock_nested+0x3a/0x3f
 [<ffffffff812886a3>] mousedev_close_device+0x20/0xad
 [<ffffffff8128876f>] mousedev_release+0x3f/0x53
 [<ffffffff810d3642>] __fput+0xcf/0x172
 [<ffffffff810d36ff>] fput+0x1a/0x1c
 [<ffffffff810d0899>] filp_close+0x6c/0x77
 [<ffffffff81047339>] put_files_struct+0x79/0xcd
 [<ffffffff810473d9>] exit_files+0x4c/0x54
 [<ffffffff81048d2f>] do_exit+0x272/0x916
 [<ffffffff810d36d9>] ? __fput+0x166/0x172
 [<ffffffff81379bb6>] ? trace_hardirqs_on_thunk+0x3a/0x3f
 [<ffffffff81049451>] do_group_exit+0x7e/0xae
 [<ffffffff81049498>] sys_exit_group+0x17/0x19
 [<ffffffff8101139a>] system_call_fastpath+0x16/0x1b


Code: 85 c0 75 23 e8 13 6a 12 00 85 c0 74 1a 83 3d 68 31 18 01 00 75 11 be 3a 00 00 00 48 c7 c7 31 f9 48 81 e8 76 03 fe ff 49 8b 45 00 <48> 89 98 f0 06 00 00 4c 89 63 18 59 5b 41 5c 41 5d c9 c3 55 48 
RIP  [<ffffffff810654cf>] debug_mutex_add_waiter+0x4b/0x5e
 RSP <ffff880029dbbc88>
CR2: 00000000000006f0
---[ end trace f9860e35d5f80eb2 ]---
Fixing recursive fault but reboot is needed!
eth0: link up, 100Mbps, full-duplex, lpa 0x05E1
eth0: no IPv6 routers present
SELinux: initialized (dev 0:13, type nfs), uses genfs_contexts
SELinux: initialized (dev 0:14, type nfs), uses genfs_contexts
BUG: unable to handle kernel paging request at ffff880028513f58
IP: [<ffffffff8100fd1f>] copy_thread+0x47/0x1ae
PGD 202063 PUD 206063 PMD 2b9b1163 PTE 28513160
Oops: 0002 [2] SMP DEBUG_PAGEALLOC
CPU 0 
Modules linked in: nfs lockd nfs_acl bridge stp bnep l2cap bluetooth sunrpc ipt_REJECT nf_conntrack_ipv4 iptable_filter ip_tables ip6t_REJECT nf_conntrack_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 dm_mirror dm_log dm_multipath floppy pcspkr 8139too 8139cp mii i2c_piix4 i2c_core ata_generic pata_acpi [last unloaded: freq_table]
Pid: 618, comm: udevd Tainted: G      D   2.6.27-0.352.rc7.git1.fc10.x86_64 #1
RIP: 0010:[<ffffffff8100fd1f>]  [<ffffffff8100fd1f>] copy_thread+0x47/0x1ae
RSP: 0018:ffff8800338d9d98  EFLAGS: 00010286
RAX: ffff880028514000 RBX: ffff880034088000 RCX: 000000000000002a
RDX: 00007fff0abef6c0 RSI: ffff8800338d9f58 RDI: ffff880028513f58
RBP: ffff8800338d9dc8 R08: ffff880034088000 R09: ffff8800338d9f58
R10: 000000b02b94df00 R11: ffff88003387a370 R12: ffff8800308622d0
R13: ffff880028513f58 R14: 0000000001200011 R15: 0000000001200011
FS:  00007f1f02bdf780(0000) GS:ffffffff81726a00(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffff880028513f58 CR3: 000000003454e000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process udevd (pid: 618, threadinfo ffff8800338d8000, task ffff8800308622d0)
Stack:  ffff88003387a368 0000000000000000 0000000000000000 ffff880034088000
 0000000000000000 0000000000000000 ffff8800338d9e78 ffffffff810445a1
 ffffe20001355d00 ffff88003f834000 ffff8800338f8d90 ffffe20001355d00
Call Trace:
 [<ffffffff810445a1>] copy_process+0xc6d/0x13dd
 [<ffffffff81044e1a>] do_fork+0x109/0x259
 [<ffffffff81067acf>] ? trace_hardirqs_on_caller+0x1f/0x133
 [<ffffffff81067bf0>] ? trace_hardirqs_on+0xd/0xf
 [<ffffffff8101139a>] ? system_call_fastpath+0x16/0x1b
 [<ffffffff8100f622>] sys_clone+0x28/0x2a
 [<ffffffff810118b7>] ptregscall_common+0x67/0xb0


Code: 00 65 4c 8b 24 25 00 00 00 00 49 89 f6 4c 89 ce 48 83 fa ff 4c 8d a8 58 1f 00 00 4c 89 c3 4c 89 ef 49 0f 44 d5 48 05 00 20 00 00 <f3> a5 49 c7 45 50 00 00 00 00 49 89 95 98 00 00 00 49 89 80 e8 
RIP  [<ffffffff8100fd1f>] copy_thread+0x47/0x1ae
 RSP <ffff8800338d9d98>
CR2: ffff880028513f58
---[ end trace f9860e35d5f80eb2 ]---
SELinux: initialized (dev 0:15, type nfs), uses genfs_contexts


Version-Release number of selected component (if applicable):

Fedora 10 Beta

How reproducible:

Its happened twice today.  I haven't seen a pattern, it seems to happen at random times.


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

This is a kvm guest, the host is Fedora 9 64 bit

Comment 1 Zach Carter 2008-10-01 16:07:51 UTC
More possibly relevant info:

The F9 kvm host is running the mainline 2.6.27-rc7 kernel.  Getting lots of these errors in dmesg:

vcpu not ready for apic_round_robin

Comment 2 Zach Carter 2008-10-01 17:13:29 UTC
Also reproduced the issue with the kvm server running mainline 2.6.27-rc8, and the Fedora packaged kernel 2.6.26.3-29.fc9.x86_64

Latest F9 kvm package is installed:  kvm-65-9.fc9.x86_64

Comment 3 Bug Zapper 2008-11-26 03:17:36 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 4 Bug Zapper 2009-11-18 08:26:55 UTC
This message is a reminder that Fedora 10 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 10.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '10'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 10's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 10 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 5 Bug Zapper 2009-12-18 06:27:31 UTC
Fedora 10 changed to end-of-life (EOL) status on 2009-12-17. Fedora 10 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.