Bug 114387

Summary: kernel panic on AMD64: printing on USB printer
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Klaus Singvogel <kssingvo>
Component: KernelAssignee: Greg Kroah-Hartman <gregkh>
Status: RESOLVED INVALID QA Contact: E-mail List <qa-bugs>
Severity: Critical    
Priority: P5 - None CC: aj
Version: Beta 4   
Target Milestone: ---   
Hardware: 64bit   
OS: All   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: hwinfo of g228.suse.de

Description Klaus Singvogel 2005-08-31 12:38:09 UTC 
The machine hostname is: g17.suse.de  
  
I tried to print on my USB printer, and got a kernel panic (3 of 3 tries).  
  
Here is the output on the console:  
--------------------------------------------------------------------------  
Unable to handle kernel NULL pointer dereference at 0000000000000008 RIP:  
<ffffffff8013c571>{run_timer_softirq+321}  
PGD 11cc7067 PUD 11cd3067 PMD 0  
Oops: 0002 [1]  
CPU 0  
Modules linked in: subfs nfsd exportfs cpufreq_ondemand autofs4  
cpufreq_userspace cpufreq_powersave powernow_k8 freq_table ipv6 snd_pcm_oss  
snd_mixer_oss button battery ac af_packet subdomain edd usblp usbhid floppy  
nvidiafb rivafb i2c_algo_bit vgastate e100 mii tulip snd_intel8x0  
snd_ac97_codec ehci_hcd snd_ac97_bus shpchp pci_hotplug ohci_hcd usbcore  
snd_pcm generic snd_timer snd i2c_ali1535 i2c_ali15x3 i2c_ali1563 i2c_core  
soundcore snd_page_alloc dm_mod ext3 jbd ide_cd cdrom ide_disk fan thermal  
processor sata_uli libata alim15x3 ide_core sd_mod scsi_mod  
Pid: 7091, comm: gs Tainted: G     U 2.6.13-rc6-git13-4-default  
RIP: 0010:[<ffffffff8013c571>] <ffffffff8013c571>{run_timer_softirq+321}  
RSP: 0000:ffffffff8048bf38  EFLAGS: 00010083  
RAX: ffffffff8048bf38 RBX: 0000000000000047 RCX: ffffffff804fba00  
RDX: 0000000000000000 RSI: ffffffff804fba00 RDI: 0000000000000000  
RBP: 0000000000000000 R08: 0000000000418984 R09: 0000000000000004  
R10: 000000000000045d R11: 000000004315a316 R12: ffffffff8048bf38  
R13: 00000000000022e0 R14: 0000000000000054 R15: ffffffff8048bf88  
FS:  00002aaaac3519a0(0000) GS:ffffffff80512800(0000) knlGS:0000000000000000  
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033  
CR2: 0000000000000008 CR3: 0000000011d12000 CR4: 00000000000006e0  
Process gs (pid: 7091, threadinfo ffff810011d54000, task ffff81001ebfb5f0)  
Stack: ffffffff804fba00 ffffffff804f8f00 0000000000000001 ffffffff804db0f0  
       000000000000000a ffffffff80138657 0000000000000046 ffff810011d55f58  
       0000000000ffffff ffffffff8010f993  
Call Trace: <IRQ> <ffffffff80138657>{__do_softirq+87}  
<ffffffff8010f993>{call_softirq+31}  
        <ffffffff80111440>{do_softirq+48} <ffffffff8011149d>{do_IRQ+77}  
        <ffffffff8010eede>{ret_from_intr+0}  <EOI>  
  
Code: 48 89 42 08 48 89 10 48 c7 41 08 00 02 20 00 48 c7 01 00 00  
RIP <ffffffff8013c571>{run_timer_softirq+321} RSP <ffffffff8048bf38>  
CR2: 0000000000000008  
<0>Kernel panic - not syncing: Aiee, killing interrupt handler!  
-------------------------------------------------------------------------  
  
  
-------------------------------------------------------------------------  
stack segment: 0000 [1]   
CPU 0   
Modules linked in: subfs nfsd exportfs cpufreq_ondemand cpufreq_userspace  
cpufreq_powersave powernow_k8 autofs4 freq_table ipv6 snd_pcm_oss  
snd_mixer_oss button battery ac af_packet subdomain edd usbhid usblp floppy  
nvidiafb rivafb i2c_algo_bit vgastate e100 mii i2c_ali1535 i2c_ali15x3  
ehci_hcd ohci_hcd usbcore generic snd_intel8x0 snd_ac97_codec snd_ac97_bus  
snd_pcm shpchp pci_hotplug snd_timer snd tulip i2c_ali1563 i2c_core soundcore  
snd_page_alloc dm_mod ext3 jbd ide_cd cdrom ide_disk fan thermal processor  
sata_uli libata alim15x3 ide_core sd_mod scsi_mod  
Pid: 6986, comm: gs Tainted: G     U 2.6.13-rc6-git13-4-default  
RIP: 0010:[<ffffffff803211ba>] <ffffffff803211ba>{igmp_rcv+1290}  
RSP: 0000:ffffffff8048bdd8  EFLAGS: 00010202  
RAX: 00000000fb0000e0 RBX: ffff81001b7d0000 RCX: 00000000ff0900f6  
RDX: 0000000000f60000 RSI: 0000000000000016 RDI: ffff81001db68050  
RBP: 0720072007200720 R08: 0000000000000003 R09: 0000000000000001  
R10: 0000000000000000 R11: 0000000000000000 R12: ffff810015ceb7c0  
R13: ffff81001f3ca000 R14: ffff81001db68048 R15: ffff81001e4cac00  
FS:  00002aaaac3519a0(0000) GS:ffffffff80512800(0000) knlGS:0000000000000000  
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b  
CR2: 000000000116c000 CR3: 0000000012109000 CR4: 00000000000006e0  
Process gs (pid: 6986, threadinfo ffff810012150000, task ffff81001e3fe4b0)  
Stack: ffff81001db68030 ffff810015ceb7c0 0000000000000000 ffffffff8044f290   
       ffff81001f3ca000 000000000000003c ffff81001e4cac00 ffffffff802f6287   
       ffff81001db68030 ffff810015ceb7c0   
Call Trace: <IRQ> <ffffffff802f6287>{ip_local_deliver+503}  
<ffffffff802f67f4>{ip_rcv+1172}  
       <ffffffff8825ca88>{:af_packet:packet_rcv_spkt+648}  
<ffffffff802d877e>{netif_receive_skb+878}  
       <ffffffff881e8a08>{:e100:e100_poll+664}  
<ffffffff881a7340>{:usbcore:rh_timer_func+0}  
       <ffffffff802d70eb>{net_rx_action+139}  
<ffffffff80138657>{__do_softirq+87}  
       <ffffffff8010f993>{call_softirq+31} <ffffffff80111440>{do_softirq+48}  
       <ffffffff8011149d>{do_IRQ+77} <ffffffff8010eede>{ret_from_intr+0}  
        <EOI>   
  
Code: 48 39 45 08 66 90 0f 85 5a ff ff ff e9 16 ff ff ff 45 31 c0   
RIP <ffffffff803211ba>{igmp_rcv+1290} RSP <ffffffff8048bdd8>  
 <0>Kernel panic - not syncing: Aiee, killing interrupt handler!  
------------------------------------------------------------------------- 
 
Before question arise: I installed latest BIOS (from Jul 2005) last 
Thursday. :-)
Comment 1 Klaus Singvogel 2005-08-31 13:24:20 UTC 
gs[12094]: segfault at 000000006987e93e rip 00000000006585a1 rsp 
00007fffffe59000 error 6 
foomatic-rip[12092]: segfault at 000000000000ff08 rip 000000000048cc85 rsp 
00007fffffbd4a40 error 4 
Unable to handle kernel NULL pointer dereference at 0000000000000001 RIP:  
<ffffffff88210820>{:e100:e100_poll+176} 
PGD a148067 PUD a12a067 PMD 0  
Oops: 0000 [1]  
CPU 0  
Modules linked in: subfs nfsd exportfs autofs4 cpufreq_ondemand 
cpufreq_userspace cpufreq_powersave powernow_k8 freq_table ipv6 snd_pcm_oss 
snd_mixer_oss button battery ac af_packet subdomain edd usblp usbhid floppy 
e100 ehci_hcd mii nvidiafb rivafb i2c_algo_bit vgastate ohci_hcd usbcore 
i2c_ali1535 i2c_ali15x3 generic shpchp pci_hotplug snd_intel8x0 tulip 
i2c_ali1563 i2c_core snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd 
soundcore snd_page_alloc dm_mod ext3 jbd ide_cd cdrom ide_disk fan thermal 
processor sata_uli libata alim15x3 ide_core sd_mod scsi_mod 
Pid: 12091, comm: foomatic-rip Tainted: G     U 2.6.13-rc6-git13-4-default 
RIP: 0010:[<ffffffff88210820>] <ffffffff88210820>{:e100:e100_poll+176} 
RSP: 0000:ffffffff8048bec8  EFLAGS: 00010246 
RAX: ffff81001fbb8800 RBX: 000000000000003c RCX: 00000000006be088 
RDX: ffff81001fbb8870 RSI: 000000001dc36812 RDI: ffff81001fbb8870 
RBP: ffff8100133c82c0 R08: 0000000000000000 R09: 0000000000000010 
R10: ffff81001ca564d0 R11: 0000000000000000 R12: 0000000000000001 
R13: ffff81001ed4d380 R14: 000000000000003c R15: ffff81001d6b1e20 
FS:  00002aaaab297060(0000) GS:ffffffff80512800(0000) knlGS:0000000000000000 
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 
CR2: 0000000000000001 CR3: 000000000a164000 CR4: 00000000000006e0 
Process foomatic-rip (pid: 12091, threadinfo ffff8100136c4000, task 
ffff810012c210f0) 
Stack: ffffffff8048bef8 ffffffff8048bf3c ffff81001ed4d000 0000000100000010  
       00ffa02200000000 ffff81001ed4d000 0000000000000000 0000000000000000  
       000000010008d619 ffff810012c210f0  
Call Trace: <IRQ> <ffffffff802d70eb>{net_rx_action+139} 
<ffffffff80138657>{__do_softirq+87} 
       <ffffffff8010f993>{call_softirq+31} <ffffffff80111440>{do_softirq+48} 
       <ffffffff8011149d>{do_IRQ+77} <ffffffff8010eede>{ret_from_intr+0} 
        <EOI> <ffffffff80169d0e>{find_vma+46} 
<ffffffff8012092a>{do_page_fault+970} 
       <ffffffff8010f295>{error_exit+0} <ffffffff80169d10>{find_vma+48} 
       <ffffffff8012092a>{do_page_fault+970} <ffffffff8010f295>{error_exit+0} 
       <ffffffff80169d10>{find_vma+48} <ffffffff8012092a>{do_page_fault+970} 
       <ffffffff8010f295>{error_exit+0} <ffffffff80169d10>{find_vma+48} 
       <ffffffff8012092a>{do_page_fault+970} <ffffffff8010f295>{error_exit+0} 
       <ffffffff80169d10>{find_vma+48} <ffffffff8012092a>{do_page_fault+970} 
       <ffffffff8010f295>{error_exit+0} <ffffffff80169d10>{find_vma+48} 
       <ffffffff8012092a>{do_page_fault+970} <ffffffff8010f295>{error_exit+0} 
       <ffffffff80169d10>{find_vma+48} <ffffffff8012092a>{do_page_fault+970} 
       <ffffffff8010f295>{error_exit+0} <ffffffff80169d10>{find_vma+48} 
       <ffffffff8012092a>{do_page_fault+970} <ffffffff8010f295>{error_exit+0} 
       <ffffffff80169d10>{find_vma+48} <ffffffff8012092a>{do_page_fault+970} 
       <ffffffff8010f295>{error_exit+0} <ffffffff80169d10>{find_vma+48} 
       <ffffffff8012092a>{do_page_fault+970} <ffffffff8010f295>{error_exit+0} 
       <ffffffff80169d10>{find_vma+48} <ffffffff8012092a>{do_page_fault+970} 
       <ffffffff8010f295>{error_exit+0} <ffffffff80169d10>{find_vma+48} 
       <ffffffff8012092a>{do_page_fault+970} <ffffffff8010f295>{error_exit+0} 
       <ffffffff80169d10>{find_vma+48} <ffffffff8012092a>{do_page_fault+970} 
       <ffffffff8010f295>{error_exit+0} <ffffffff80169d10>{find_vma+48} 
       <ffffffff8012092a>{do_page_fault+970} <ffffffff8010f295>{error_exit+0} 
       <ffffffff80169d10>{find_vma+48} <ffffffff8012092a>{do_page_fault+970} 
       <ffffffff8010f295>{error_exit+0} <ffffffff80169d10>{find_vma+48} 
        
 
Code: 41 0f b7 04 24 66 89 44 24 24 41 f6 45 01 08 74 1f 49 8b 75  
RIP <ffffffff88210820>{:e100:e100_poll+176} RSP <ffffffff8048bec8> 
CR2: 0000000000000001 
 <0>Kernel panic - not syncing: Aiee, killing interrupt handler!
Comment 2 Olaf Kirch 2005-08-31 15:29:46 UTC 
This looks like something is badly corrupting memory, possibly usblp. 
It dies in three different places.
Comment 3 Andreas Kleen 2005-08-31 15:54:36 UTC 
It looks like some timer being very broken.

The stack segment fault in the second oops is weird though - the 
faulting instruction is
   0:   48 39 45 08             cmp    %rax,0x8(%rbp)
which doesn't even reference the stack.

I guess it's something for Greg since it's likely caused by the USB printing.
Comment 4 Klaus Singvogel 2005-09-05 11:38:52 UTC 
still present in beta4
Comment 5 Andreas Jaeger 2005-09-05 11:44:29 UTC 
Andreas: FYI, Machine is in our office, can be reproduced everytime.
Comment 6 Olaf Hering 2005-09-05 11:49:19 UTC 
Klaus, please post only the very first oops or panic. the reason for every
following oops is undefined.
does that happen on i386 as well?
Comment 7 Klaus Singvogel 2005-09-05 11:57:49 UTC 
Olaf:  
 
I did post the first oops (at least according to my understanding). 
 
I tried this issue several times to reproduce the problem. Every debug output 
was copied&pasted after the machine came up again. 
 
Yes, they look different, but are reflecting the same problem. 
 
If you want to try yourself: feel free and come to my (new) office in 3rd 
floor. :-)
Comment 8 Klaus Singvogel 2005-09-05 12:02:25 UTC 
Sorry, forgot 2nd part: no, I can reproduce this on x86_64 only.
Comment 9 Klaus Singvogel 2005-09-05 15:22:15 UTC 
New information: 
I tested now this printer (with same install configuration) at Johannes  
AMD64 testmachine and this one did _not_ crash. It seems that this bug is host 
specific.
Comment 10 Michael Gross 2005-09-06 10:00:47 UTC 
Please validate if this bug is really `new' (and therefore `unassigned'). Thanks.
Comment 11 Greg Kroah-Hartman 2005-09-09 22:59:19 UTC 
I don't see the printer driver in the oops traceback at all.

By "host specific" do you mean the type of hardware?  I can't duplicate
this here at all :(

Have a 'hwinfo' dump for the machine that dies?
Comment 12 Klaus Singvogel 2005-09-12 07:35:00 UTC 
Created attachment 49564 [details]
hwinfo of g228.suse.de
Comment 13 Klaus Singvogel 2005-09-12 07:36:12 UTC 
The machine got several hostnames through DHCP in the past. Current hostname 
is g228.suse.de. Feel free to login, if you want to.
Comment 14 Greg Kroah-Hartman 2006-02-11 00:16:32 UTC 
Does the same problem happen with Beta 3 of 10.1?
Comment 15 Klaus Singvogel 2006-02-13 09:00:43 UTC 
Sorry, forget that one...
The RAM was broken at the machine. After replacing it, the problems are gone.
Comment 16 Andreas Kleen 2006-02-13 09:23:19 UTC 
broken hardware.