Bug 165093

Summary: Kernel force X to reboot when kmem_cache_free
Product: [Fedora] Fedora Reporter: MASA.H <masahase>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED DUPLICATE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 4CC: wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-08-04 17:32:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description MASA.H 2005-08-04 10:29:08 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; ja-JP; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6

Description of problem:
when I use X,suddenly reboot X.
Its reboot is unexpectedly happening.
When I used gedit and gnome terminal, it happened.
But at other time when I use firefox , it happened.
And it has no relation with length using X.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Use X

Additional info:

Unable to handle kernel NULL pointer dereference at 0000000000000000 RIP: 
PGD 31196067 PUD 32772067 PMD 30470067 PTE 0
Oops: 0000 [1] 
CPU 0 
Modules linked in: nls_utf8 cifs fglrx(U) parport_pc lp parport autofs4 nfs lockd sunrpc ipt_REJECT ipt_state ip_conntrack iptable_filter ip_tables md5 ipv6 video button battery ac usb_storage ohci1394 ieee1394 uhci_hcd ehci_hcd shpchp i2c_viapro i2c_core snd_via82xx gameport snd_ac97_codec snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore sk98lin(U) floppy dm_snapshot dm_zero dm_mirror xfs exportfs dm_mod sata_via libata sd_mod scsi_mod
Pid: 3003, comm: X Tainted: PF     2.6.12-1.1398_FC4
RIP: 0010:[<ffffffff8017c398>] <ffffffff8017c398>{kmem_cache_free+24}
RSP: 0018:ffff8100315c3c48  EFLAGS: 00210096
RAX: 000000000000001d RBX: 0000000000000008 RCX: 0000000000718608
RDX: 000000000000001c RSI: ffff810031b75800 RDI: 0000000000000000
RBP: 0000000000200296 R08: ffff81003f63a200 R09: 0000000000000001
R10: 0000000000000006 R11: 0000000000203246 R12: ffff810031b75800
R13: ffff8100315c3d80 R14: ffff81002e467b40 R15: ffff8100315c3d48
FS:  00002aaaaaad2f20(0000) GS:ffffffff80572e00(0000) knlGS:00000000f7fd36c0
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000000 CR3: 0000000032612000 CR4: 00000000000006e0
Process X (pid: 3003, threadinfo ffff8100315c2000, task ffff810032d99850)
Stack: 0000000000000008 ffff81002dec0800 ffff810031b75800 ffffffff803b54db 
       ffffffffffffffff ffff810031b75870 ffff81002dec0b38 ffff81002dec08e0 
       0000004000000000 0000000000000ff8 
Call Trace:<ffffffff803b54db>{unix_stream_recvmsg+1163} <ffffffff802263cc>{socket_has_perm+108}
       <ffffffff8033ffef>{sock_aio_read+335} <ffffffff8019f5bd>{do_sync_read+173}
       <ffffffff8015cad0>{autoremove_wake_function+0} <ffffffff8016f331>{audit_syscall_entry+337}
       <ffffffff8019fa2d>{vfs_read+237} <ffffffff801a0143>{sys_read+83}

Code: 48 8b 1f 8b 13 3b 53 04 73 0e 89 d0 48 89 74 c3 10 8d 42 01 
RIP <ffffffff8017c398>{kmem_cache_free+24} RSP <ffff8100315c3c48>
CR2: 0000000000000000
 <3>Debug: sleeping function called from invalid context at include/linux/rwsem.h:43
in_atomic():0, irqs_disabled():1

Call Trace:<ffffffff8013c7b5>{profile_task_exit+21} <ffffffff8013e3c2>{do_exit+34}
       <ffffffff802a6459>{do_unblank_screen+137} <ffffffff80125416>{do_page_fault+1846}
       <ffffffff80222601>{avc_audit+33} <ffffffff80134073>{__wake_up_common+67}
       <ffffffff80133f44>{recalc_task_prio+324} <ffffffff8010fa7d>{error_exit+0}
       <ffffffff8017c398>{kmem_cache_free+24} <ffffffff803b54db>{unix_stream_recvmsg+1163}
       <ffffffff802263cc>{socket_has_perm+108} <ffffffff8033ffef>{sock_aio_read+335}
       <ffffffff8019f5bd>{do_sync_read+173} <ffffffff8015cad0>{autoremove_wake_function+0}
       <ffffffff8016f331>{audit_syscall_entry+337} <ffffffff8019fa2d>{vfs_read+237}
       <ffffffff801a0143>{sys_read+83} <ffffffff8010f262>{tracesys+209}
[fglrx] free  PCIe = 51118080
[fglrx] max   PCIe = 51118080
[fglrx] free  LFB = 122613760
[fglrx] max   LFB = 122613760
[fglrx] free  Inv = 0
[fglrx] max   Inv = 0
[fglrx] total Inv = 0
[fglrx] total TIM = 0
[fglrx] total FB  = 0
[fglrx] total PCIe = 16384

Comment 1 Dave Jones 2005-08-04 17:32:59 UTC
unfixable due to binary modules loaded.

*** This bug has been marked as a duplicate of 73733 ***

Comment 2 MASA.H 2005-08-04 18:04:04 UTC
I don't use Nvidia binary dirver. But, I use ATI driver.
Are there no difference?

Shuld I send report to not here but ATI?