Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 270141

Summary:	oops - unable to handle kernel paging request at virtual address 60001018
Product:	[Fedora] Fedora	Reporter:	Christopher Beland <beland>
Component:	kernel	Assignee:	Kernel Maintainer List <kernel-maint>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	high	Docs Contact:
Priority:	medium
Version:	7	CC:	chris.brown, esandeen
Target Milestone:	---
Target Release:	---
Hardware:	i686
OS:	Linux
Whiteboard:
Fixed In Version:	2.6.22.5-76.fc7	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2007-10-02 11:57:45 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Christopher Beland 2007-08-31 03:31:03 UTC

kernel-2.6.22.4-65.fc7

I was using pup when it stopped redrawing.  I found an oops on my
terminal and was able to save the output before the system seized up
entirely and I had to hard-reboot.  From my system logs:

Aug 30 19:03:29 localhost gconfd (root-23892): starting (version 2.18.0.1), pid
23892 user 'root'
Aug 30 19:03:29 localhost gconfd (root-23892): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration
source at position 0
Aug 30 19:03:29 localhost gconfd (root-23892): Resolved address
"xml:readwrite:/root/.gconf" to a writable configuration source at position 1
Aug 30 19:03:29 localhost gconfd (root-23892): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source
at position 2
Aug 30 19:03:59 localhost gconfd (root-23892): GConf server is not in use,
shutting down.
Aug 30 19:04:00 localhost gconfd (root-23892): Exiting
Aug 30 19:04:38 localhost kernel: BUG: unable to handle kernel paging request at
virtual address 60001018
Aug 30 19:04:38 localhost kernel:  printing eip:
Aug 30 19:04:38 localhost kernel: ee92768a
Aug 30 19:04:38 localhost kernel: *pde = 00000000
Aug 30 19:04:39 localhost kernel: Oops: 0000 [#1]
Aug 30 19:04:39 localhost kernel: SMP 
Aug 30 19:04:39 localhost kernel: last sysfs file: /block/sda/sda1/stat
Aug 30 19:04:39 localhost kernel: Modules linked in: arc4 ecb blkcipher
rc80211_simple b43 ssb mac80211 cfg80211 i915 drm autofs4
nf_conntrack_netbios_ns nf_conntrack_ipv4 ipt_REJECT iptable_filter ip_tables
nf_conntrack_ipv6 xt_state nf_conntrack nfnetlink xt_tcpudp ip6t_REJECT
ip6table_filter ip6_tables x_tables dm_mirror dm_mod video sbs button dock
battery ac ipv6 snd_intel8x0 snd_seq_dummy snd_intel8x0m snd_ac97_codec ac97_bus
snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device 8139cp firewire_ohci
snd_pcm_oss firewire_core snd_mixer_oss crc_itu_t 8139too snd_pcm mii snd_timer
i2c_i801 snd iTCO_wdt serio_raw i2c_core rtc_cmos iTCO_vendor_support soundcore
snd_page_alloc joydev sr_mod cdrom sg ata_piix ata_generic libata sd_mod
scsi_mod ext3 jbd mbcache ehci_hcd ohci_hcd uhci_hcd
Aug 30 19:04:39 localhost kernel: CPU:    0
Aug 30 19:04:39 localhost kernel: EIP:    0060:[<ee92768a>]    Not tainted VLI
Aug 30 19:04:39 localhost kernel: EFLAGS: 00010206   (2.6.22.4-65.fc7 #1)
Aug 30 19:04:39 localhost kernel: EIP is at ext3_discard_reservation+0x1c/0x4e
[ext3]
Aug 30 19:04:40 localhost kernel: eax: edd70400   ebx: c1770000   ecx: edec1f08
  edx: ffffffff
Aug 30 19:04:40 localhost kernel: esi: 60001000   edi: c0007c38   ebp: 60001014
  esp: edec1ebc
Aug 30 19:04:40 localhost kernel: ds: 007b   es: 007b   fs: 00d8  gs: 0000  ss: 0068
Aug 30 19:04:40 localhost kernel: Process kswapd0 (pid: 163, ti=edec1000
task=c171f200 task.ti=edec1000)
Aug 30 19:04:40 localhost kernel: Stack: c0007ba0 c0007c38 60001000 edec1f08
ee9310b3 c0007c38 c0007d70 0000004f 
Aug 30 19:04:40 localhost kernel:        c0489a5b 0000004f c0007c38 c0007c40
c0489cff e93c8858 00000000 00000080 
Aug 30 19:04:40 localhost kernel:        00000080 c0489ef2 00000080 d00b2480
cbac6c40 000007d0 ededd060 00000081 
Aug 30 19:04:40 localhost kernel: Call Trace:
Aug 30 19:04:40 localhost kernel:  [<ee9310b3>] ext3_clear_inode+0x5d/0x76 [ext3]
Aug 30 19:04:40 localhost kernel:  [<c0489a5b>] clear_inode+0xcc/0x11a
Aug 30 19:04:40 localhost kernel:  [<c0489cff>] dispose_list+0x33/0xb1
Aug 30 19:04:40 localhost kernel:  [<c0489ef2>] shrink_icache_memory+0x175/0x19d
Aug 30 19:04:40 localhost kernel:  [<c04635ff>] shrink_slab+0xd5/0x134
Aug 30 19:04:40 localhost kernel:  [<c0463971>] kswapd+0x297/0x3f2
Aug 30 19:04:40 localhost kernel:  [<c04370e5>] autoremove_wake_function+0x0/0x35
Aug 30 19:04:40 localhost kernel:  [<c04636da>] kswapd+0x0/0x3f2
Aug 30 19:04:40 localhost kernel:  [<c043701e>] kthread+0x38/0x5e
Aug 30 19:04:40 localhost kernel:  [<c0436fe6>] kthread+0x0/0x5e
Aug 30 19:04:40 localhost kernel:  [<c0405b6b>] kernel_thread_helper+0x7/0x10
Aug 30 19:04:40 localhost kernel:  =======================
Aug 30 19:04:40 localhost kernel: Code: c0 f7 d0 83 e0 08 89 42 0c 89 56 bc 5b
5e c3 55 57 89 c7 56 53 8b 70 bc 8b 80 9c 00 00 00 85 f6 8b 98 64 01 00 00 74 2f
8d 6e 14 <83> 7d 04 00 74 26 8d 83 00 41 00 00 e8 b3 3f ce d1 83 7d 04 00 
Aug 30 19:04:40 localhost kernel: EIP: [<ee92768a>]
ext3_discard_reservation+0x1c/0x4e [ext3] SS:ESP 0068:edec1ebc

---

After this oops, I ran a fsck on this hard drive (which I just
installed a about a week ago, to replace a failing drive), and got:

fsck 1.39 (29-May-2006)
e2fsck 1.39 (29-May-2006)
/1: recovering journal
Clearing orphaned inode 65708 (uid=500, gid=500, mode=0100644, size=13186)
Clearing orphaned inode 317220 (uid=0, gid=0, mode=0100755, size=84916)
Clearing orphaned inode 313171 (uid=0, gid=0, mode=0100755, size=313848)
Clearing orphaned inode 262647 (uid=0, gid=0, mode=0100644, size=1564)
Clearing orphaned inode 7880818 (uid=0, gid=0, mode=0100644, size=5184268)
Clearing orphaned inode 314073 (uid=0, gid=0, mode=0100755, size=169984)
Clearing orphaned inode 415790 (uid=0, gid=0, mode=0100755, size=111132)
Clearing orphaned inode 415789 (uid=0, gid=0, mode=0100755, size=6612)
Clearing orphaned inode 319473 (uid=0, gid=0, mode=0100755, size=16392)
Clearing orphaned inode 4964435 (uid=0, gid=0, mode=0100644, size=4908032)
Clearing orphaned inode 100104 (uid=0, gid=0, mode=0100644, size=5453824)
Clearing orphaned inode 4966975 (uid=0, gid=0, mode=0100644, size=1704960)
Clearing orphaned inode 3195868 (uid=0, gid=0, mode=0100644, size=696320)
Clearing orphaned inode 99336 (uid=0, gid=0, mode=0100644, size=15584256)
Clearing orphaned inode 461082 (uid=0, gid=0, mode=0100755, size=115056)
Clearing orphaned inode 317110 (uid=0, gid=0, mode=0100755, size=470092)
Clearing orphaned inode 317329 (uid=0, gid=0, mode=0100755, size=1138020)
Clearing orphaned inode 317668 (uid=0, gid=0, mode=0100755, size=150068)
Clearing orphaned inode 317429 (uid=0, gid=0, mode=0100755, size=382888)
Clearing orphaned inode 315548 (uid=0, gid=0, mode=0100755, size=30488)
Clearing orphaned inode 508459 (uid=27, gid=27, mode=0100600, size=0)
Clearing orphaned inode 508457 (uid=27, gid=27, mode=0100600, size=0)
Clearing orphaned inode 508456 (uid=27, gid=27, mode=0100600, size=0)
Clearing orphaned inode 508455 (uid=27, gid=27, mode=0100600, size=0)
Clearing orphaned inode 508438 (uid=27, gid=27, mode=0100600, size=0)
/1: clean, 354532/12025856 files, 14916237/24045280 blocks

Comment 1 Chuck Ebbert 2007-09-01 00:04:22 UTC

void ext3_discard_reservation(struct inode *inode)
{
        struct ext3_inode_info *ei = EXT3_I(inode);
        struct ext3_block_alloc_info *block_i = ei->i_block_alloc_info;
        struct ext3_reserve_window_node *rsv;
        spinlock_t *rsv_lock = &EXT3_SB(inode->i_sb)->s_rsv_window_lock;

        if (!block_i)
                return;

        rsv = &block_i->rsv_window_node;         <=====| block_i == 0x60001000
        if (!rsv_is_empty(&rsv->rsv_window)) {   <=====| rsv == 0x60001014
                spin_lock(rsv_lock);
                if (!rsv_is_empty(&rsv->rsv_window))
                        rsv_window_remove(inode->i_sb, rsv);
                spin_unlock(rsv_lock);
        }
}

Comment 2 Christopher Brown 2007-10-01 14:32:08 UTC

Hello,

I'm reviewing this bug as part of the kernel bug triage project, an attempt to
isolate current bugs in the fedora kernel.

http://fedoraproject.org/wiki/KernelBugTriage

I am CC'ing myself to this bug and will try and assist you in resolving it if I can.

There hasn't been much activity on this bug for a while. Could you tell me if
you are still having problems with the latest kernel?

If the problem no longer exists then please close this bug or I'll do so in a
few days if there is no additional information lodged.

Comment 3 Christopher Beland 2007-10-01 18:59:45 UTC

I haven't experienced this problem again since, but given the sporadic nature of
this kind of problem, it's unclear to me that it was caused by a software bug
which has since been fixed.

Comment 4 Christopher Brown 2007-10-02 11:57:45 UTC

Okay Christopher, thanks for the update. I'll close then but please re-open if
it comes back.

Cheers
Chris

Comment 5 Eric Sandeen 2007-10-02 14:27:54 UTC

For posterity, I think it's possible that this patch might have addressed the
problem.  It's hard to tell without a bit more investigation, or heavy thought.

:)

http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=a6c15c2b0fbfd5c0a84f5f0e1e3f20f85d2b8692

-Eric

Comment 6 Christopher Beland 2008-01-14 17:21:20 UTC

Occurring again; see bug 428329.