2.0.0 kernel oops without crash

Carsten Paeth (calle@calle.in-berlin.de)
Mon, 1 Jul 1996 21:10:02 +0200 (MET DST)


Hi.

Today I got some kernel oops with a plain 2.0.
After these oops the system was still running
but innd was not working (but running), even an strace on it fails.
The system where the oops happen is an
486 DX4 (Intel) with a AHA-2840/VLB and to ethernetcards
(smc-ultra and ne2000)
This system is not fully converted to ELF some executables
are still aout.

scsi0 : Adaptec AHA274x/284x/294x (EISA/VLB/PCI-Fast SCSI) 3.2/3.1/3.0
scsi : 1 host.
aic7xxx: Scanning channel A for devices.
aic7xxx: Target 0, channel A, now synchronous at 10.0MHz, offset(0xf).
Vendor: QUANTUM Model: FIREBALL1080S Rev: 1Q09
Type: Direct-Access ANSI SCSI revision: 02
Detected scsi disk sda at scsi0, channel 0, id 0, lun 0
aic7xxx: Target 1, channel A, now synchronous at 10.0MHz, offset(0xf).
Vendor: IBM OEM Model: DFHSS4F Rev: 4040
Type: Direct-Access ANSI SCSI revision: 02
Detected scsi disk sdb at scsi0, channel 0, id 1, lun 0
aic7xxx: Target 6, channel A, refusing synchronous negotiation. Using asynchrono
us transfers.
Vendor: TOSHIBA Model: CD-ROM XM-4101TA Rev: 2483
Type: CD-ROM ANSI SCSI revision: 02
Detected scsi CD-ROM sr0 at scsi0, channel 0, id 6, lun 0

### Jul 1 12:11:38 bolzen vmunix
Unable to handle kernel NULL pointer dereference at virtual address c000001b
current->tss.cr3 = 00529000, %cr3 = 00529000
*pde = 00102067
*pte = 00000027
Oops: 0000
CPU: 0
EIP: 0010:[<00153e4c>]
EFLAGS: 00010202
eax: 00000007 ebx: 012bd400 ecx: 00000003 edx: 00000108
esi: 00000007 edi: 00000113 ebp: 00043000 esp: 00653e88
ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
Process batcher (pid: 22194, process nr: 59, stackpage=00653000)
Stack: 01a012dc 01a012dc 00000006 012de00f 0000010b 00000108 012bd400 00000003
001fe994 ffffffe4 0182eee0 01d1ee9c 01e42e14 015e0d8c 01690aa0 01630374
0176e8c4 00f6a770 0182eee0 01d1ee9c 01e42e14 00000007 017ee484 0124ce9c
Call Trace: [<00153f5a>] [<00129ce9>] [<0012a1ef>] [<0012070b>] [<0012083a>] [<0010a3f2>]
Code: f6 46 14 01 75 0d 8b 7c 24 1c 89 74 bc 28 47 89 7c 24 1c ff

Using `/usr/src/linux/System.map' to map addresses to symbols.

>>EIP: 153e4c <ext2_find_entry+280/2c7>
Trace: 153f5a <ext2_lookup+c7/138>
Trace: 129ce9 <lookup+de/f5>
Trace: 12a1ef <open_namei+21a/413>
Trace: 12070b <do_open+71/170>
Trace: 12083a <sys_open+30/4d>
Trace: 10a3f2 <system_call+52/80>

Code: 153e4c <ext2_find_entry+280/2c7> testb $0x1,0x14(%esi)
Code: 153e50 <ext2_find_entry+284/2c7> jne 153e5f <ext2_find_entry+293/2c7>
Code: 153e52 <ext2_find_entry+286/2c7> movl 0x1c(%esp,1),%edi
Code: 153e56 <ext2_find_entry+28a/2c7> movl %esi,0x28(%esp,%edi,4)
Code: 153e5a <ext2_find_entry+28e/2c7> incl %edi
Code: 153e5b <ext2_find_entry+28f/2c7> movl %edi,0x1c(%esp,1)
Code: 153e5f <ext2_find_entry+293/2c7> incl (%eax)
Code: 153e61 <ext2_find_entry+295/2c7> nop
Code: 153e62 <ext2_find_entry+296/2c7> nop
Code: 153e63 <ext2_find_entry+297/2c7> nop

### Jul 1 14:02:48 bolzen vmunix
general protection: 0000
CPU: 0
EIP: 0010:[<0012247e>]
EFLAGS: 00010082
eax: f000ea97 ebx: 01a64000 ecx: 00000282 edx: 000000ac
esi: 00000078 edi: 01714810 ebp: 00061000 esp: 012eae6c
ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
Process batcher (pid: 27432, process nr: 83, stackpage=012ea000)
Stack: 01a64000 00000078 00000004 01714810 00000000 00153d33 00000078 01a012dc
01a012dc 00000006 00c1e00f 00000184 00000180 01a64000 00000000 001fe994
ffffffe4 016004c8 0148f8c4 0052db6c 004cd3b8 015afc7c 0132ccc0 0142f61c
Call Trace: [<00153d33>] [<00153f5a>] [<00129ce9>] [<0012a1ef>] [<0012070b>] [<0012083a>] [<0010a3f2>]
Code: 8b 40 04 89 44 24 10 8b 02 8d 7c 24 0c 89 78 04 51 9d 31 c0
ll_rw_block: device 08:16: only 1024-char blocks implemented (15374272)

Using `/usr/src/linux/System.map' to map addresses to symbols.

>>EIP: 12247e <__wait_on_buffer+3e/e9>
Trace: 153d33 <ext2_find_entry+167/2c7>
Trace: 153f5a <ext2_lookup+c7/138>
Trace: 129ce9 <lookup+de/f5>
Trace: 12a1ef <open_namei+21a/413>
Trace: 12070b <do_open+71/170>
Trace: 12083a <sys_open+30/4d>
Trace: 10a3f2 <system_call+52/80>

Code: 12247e <__wait_on_buffer+3e/e9> movl 0x4(%eax),%eax
Code: 122481 <__wait_on_buffer+41/e9> movl %eax,0x10(%esp,1)
Code: 122485 <__wait_on_buffer+45/e9> movl (%edx),%eax
Code: 122487 <__wait_on_buffer+47/e9> leal 0xc(%esp,1),%edi
Code: 12248b <__wait_on_buffer+4b/e9> movl %edi,0x4(%eax)
Code: 12248e <__wait_on_buffer+4e/e9> pushl %ecx
Code: 12248f <__wait_on_buffer+4f/e9> popf
Code: 122490 <__wait_on_buffer+50/e9> xorl %eax,%eax
Code: 122492 <__wait_on_buffer+52/e9> ### Jul 1 15:03:23 bolzen vmunix

Unable to handle kernel paging request at virtual address c3c7d970
current->tss.cr3 = 011c7000, %cr3 = 011c7000
*pde = 00000000
Oops: 0000
CPU: 0
EIP: 0010:[<0012366f>]
EFLAGS: 00010293
eax: 00ea97f0 ebx: 0000005f ecx: 00000005 edx: 0000be95
esi: 00b4aee0 edi: 00000000 ebp: 00000003 esp: 011cfe58
ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
Process innd (pid: 32286, process nr: 80, stackpage=011cf000)
Stack: 0000005f 00b4aee0 00000000 00000003 00869440 00123950 0000005f 0000005f
00000000 00c63c00 00153e80 0000005f 01a012dc 01a012dc 00000006 008ba00f
00000168 00000168 00c63c00 00000000 001fe994 ffffffe4 016e04c8 00819ee0
Call Trace: [<00123950>] [<00153e80>] [<00153f10>] [<00153f5a>] [<00129ce9>] [<0012a0ec>] [<0012070b>]
[<0012083a>] [<0010a3f2>]
Code: ff 0c 85 b0 79 1d 00 8b 43 20 c1 e8 09 0f be 80 3c 79 1d 00

Using `/usr/src/linux/System.map' to map addresses to symbols.

>>EIP: 12366f <refile_buffer+152/411>
Trace: 123950 <__brelse+22/3f>
Trace: 153e80 <ext2_find_entry+2b4/2c7>
Trace: 153f10 <ext2_lookup+7d/138>
Trace: 153f5a <ext2_lookup+c7/138>
Trace: 129ce9 <lookup+de/f5>
Trace: 12a0ec <open_namei+117/413>
Trace: 12070b <do_open+71/170>
Trace: 12083a <sys_open+30/4d>
Trace: 10a3f2 <system_call+52/80>

Code: 12366f <refile_buffer+152/411> decl 0x1d79b0(,%eax,4)
Code: 123676 <refile_buffer+159/411> movl 0x20(%ebx),%eax
Code: 123679 <refile_buffer+15c/411> shrl $0x9,%eax
Code: 12367c <refile_buffer+15f/411> movsbl 0x1d793c(%eax),%eax
Code: 123683 <refile_buffer+166/411>

### Jul 1 15:37:47 bolzen vmunix
general protection: 0000
CPU: 0
EIP: 0010:[<0014c12e>]
EFLAGS: 00010006
eax: 000001d8 ebx: 00000206 ecx: 00d48214 edx: 6d6f63b8
esi: 6d6f6364 edi: 00d48214 ebp: 00b9bfa0 esp: 00b9bf5c
ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
Process squidstat (pid: 21420, process nr: 101, stackpage=00b9b000)
Stack: 00d48214 00000005 0014c149 00d48214 00d48214 00000005 00b0ed58 00b9bfa0
0013ddb7 00d48214 00d483d8 001fcc64 00110955 00d48214 00000001 ffffffff
001fcacc 00000001 00115fb7 00b9bfbc 40001fb0 08000b48 bffffe3c 0010a37b
Call Trace: [<0014c149>] [<0013ddb7>] [<00110955>] [<00115fb7>] [<0010a37b>]
Code: 83 3a 00 75 e2 53 9d 5b 5e c3 55 57 56 53 8b 7c 24 14 ff 47
Aiee, killing interrupt handler
Using `/usr/src/linux/System.map' to map addresses to symbols.

>>EIP: 14c12e <remove_sock+53/5d>
Trace: 14c149 <destroy_sock+11/25f>
Trace: 13ddb7 <net_timer+b4/f9>
Trace: 110955 <timer_bh+84/185>
Trace: 115fb7 <do_bottom_half+3f/64>
Trace: 10a37b <handle_bottom_half+b/20>

Code: 14c12e <remove_sock+53/5d> cmpl $0x0,(%edx)
Code: 14c131 <remove_sock+56/5d> jne ffffffe7 <_EIP+ffffffe7>
Code: 14c133 <remove_sock+58/5d> pushl %ebx
Code: 14c134 <remove_sock+59/5d> popf
Code: 14c135 <remove_sock+5a/5d> popl %ebx
Code: 14c136 <remove_sock+5b/5d> popl %esi
Code: 14c137 <remove_sock+5c/5d> ret
Code: 14c149 <destroy_sock+11/25f> pushl %ebp
Code: 14c139 <destroy_sock+1/25f> pushl %edi
Code: 14c13a <destroy_sock+2/25f> pushl %esi
Code: 14c13b <destroy_sock+3/25f> pushl %ebx
Code: 14c13c <destroy_sock+4/25f> movl 0x14(%esp,1),%edi
Code: 14c140 <destroy_sock+8/25f> incl 0x0(%edi)
Code: 14c143 <destroy_sock+b/25f> nop
Code: 14c144 <destroy_sock+c/25f> nop
Code: 14c145 <destroy_sock+d/25f> nop

calle

-- 
calle@calle.in-berlin.de