Bug 250724

Summary: kernel BUG at mm/slub.c:2204!
Product: [Fedora] Fedora Reporter: Martin <mgansser>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: low    
Version: 7Keywords: Reopened
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: 2.6.22.4-65.fc7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-09-12 22:05:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Martin 2007-08-03 08:47:44 UTC 
Description of problem:
when connecting the 3D usb spacenavigator to usb, the kernel crashes.

Steps to Reproduce:
1. Login as root
2. plug in the usb spacenavigator
3. see crash messages, only reset helps

Additional info:
Kernel Version:
# uname -a
Linux gecko2 2.6.22.1-27.fc7 #1 SMP Tue Jul 17 17:13:26 EDT 2007 i686 i686 i386
GNU/Linux

3Dx Driver Version: 3dxware-linux-v1-2-11.tgz

Crash messages:
Aug  3 10:17:03 gecko2 kernel: usb 3-2: new low speed USB device using uhci_hcd
and address 2
Aug  3 10:17:03 gecko2 kernel: usb 3-2: configuration #1 chosen from 1 choice
Aug  3 10:17:03 gecko2 kernel: input: 3Dconnexion SpaceNavigator as
/class/input/input19
Aug  3 10:17:03 gecko2 kernel: input: USB HID v1.10 Multi-Axis Controller
[3Dconnexion SpaceNavigator] on usb-0000:00:1d.2-2
Aug  3 10:17:04 gecko2 kernel: ------------[ cut here ]------------
Aug  3 10:17:04 gecko2 kernel: kernel BUG at mm/slub.c:2204!
Aug  3 10:17:04 gecko2 kernel: invalid opcode: 0000 [#1]
Aug  3 10:17:04 gecko2 kernel: SMP
Aug  3 10:17:04 gecko2 kernel: last sysfs file: /class/input/input19/capabilities/sw
Aug  3 10:17:04 gecko2 kernel: Modules linked in: autofs4 hidp l2cap bluetooth
vmnet(P)(U) vmmon(P)(U) uinput sunrpc cpufreq_ondemand acpi_cpufreq fuse
dm_mirror dm_multipath dm_mod video sbs button dock battery ac parport_pc lp
parport loop stv0299 ves1x93 snd_hda_intel snd_rme96 snd_seq_dummy snd_seq_oss
snd_seq_midi_event dvb_ttpci nvidia(P)(U) snd_seq dvb_core saa7146_vv
snd_seq_device video_buf saa7146 snd_pcm_oss snd_mixer_oss snd_pcm videodev
v4l2_common snd_timer v4l1_compat snd soundcore ttpci_eeprom floppy skge
snd_page_alloc sky2 serio_raw iTCO_wdt i2c_i801 sr_mod iTCO_vendor_support
rtc_cmos cdrom joydev i2c_core ata_generic sg ata_piix libata 3w_9xxx sd_mod
scsi_mod ext3 jbd mbcache ehci_hcd ohci_hcd uhci_hcd
Aug  3 10:17:04 gecko2 kernel: CPU:    0
Aug  3 10:17:04 gecko2 kernel: EIP:    0060:[<c0476f99>]    Tainted: P       VLI
Aug  3 10:17:04 gecko2 kernel: EFLAGS: 00210202   (2.6.22.1-27.fc7 #1)
Aug  3 10:17:04 gecko2 kernel: EIP is at get_slab+0x112/0x1a4
Aug  3 10:17:04 gecko2 kernel: eax: 00000000   ebx: f5792800   ecx: 035340a4  
edx: 000000d0
Aug  3 10:17:04 gecko2 kernel: esi: 035340a4   edi: 000000d0   ebp: c057f02c  
esp: f6f8ee68
Aug  3 10:17:04 gecko2 kernel: ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0068
Aug  3 10:17:04 gecko2 kernel: Process keymaninputfilt (pid: 2193, ti=f6f8e000
task=f7b7c600 task.ti=f6f8e000)
Aug  3 10:17:04 gecko2 kernel: Stack: 00000044 f5c19000 00000001 000000d0
f5792800 035340a4 000000d0 c057f02c
Aug  3 10:17:04 gecko2 kernel:        c0477fb2 00000000 c0482e19 f5792800
035340a4 00d4d018 00000000 c0465582
Aug  3 10:17:04 gecko2 kernel:        00200246 f5792800 f5792800 00d4d018
c057f02c f5197900 f5792800 f5197900
Aug  3 10:17:04 gecko2 kernel: Call Trace:
Aug  3 10:17:04 gecko2 kernel:  [<c057f02c>] input_ff_create+0x35/0xdf
Aug  3 10:17:04 gecko2 kernel:  [<c0477fb2>] __kmalloc_track_caller+0x10/0x64
Aug  3 10:17:04 gecko2 kernel:  [<c0482e19>] do_path_lookup+0x162/0x1c7
Aug  3 10:17:04 gecko2 kernel:  [<c0465582>] __kzalloc+0x11/0x38
Aug  3 10:17:04 gecko2 kernel:  [<c057f02c>] input_ff_create+0x35/0xdf
Aug  3 10:17:04 gecko2 kernel:  [<f8c918ef>] uinput_ioctl+0x135/0x51e [uinput]
Aug  3 10:17:04 gecko2 kernel:  [<c0476928>] __slab_alloc+0x248/0x486
Aug  3 10:17:04 gecko2 kernel:  [<c060bd83>] mutex_lock+0x1a/0x29
Aug  3 10:17:04 gecko2 kernel:  [<c049cebd>] inotify_inode_queue_event+0x46/0xd0
Aug  3 10:17:04 gecko2 kernel:  [<f8c917ba>] uinput_ioctl+0x0/0x51e [uinput]
Aug  3 10:17:04 gecko2 kernel:  [<c04848cd>] do_ioctl+0x21/0xa0
Aug  3 10:17:04 gecko2 kernel:  [<c0484b83>] vfs_ioctl+0x237/0x249
Aug  3 10:17:04 gecko2 kernel:  [<c0484be1>] sys_ioctl+0x4c/0x67
Aug  3 10:17:04 gecko2 kernel:  [<c0404f8e>] syscall_call+0x7/0xb
Aug  3 10:17:04 gecko2 kernel:  =======================
Aug  3 10:17:04 gecko2 kernel: Code: 81 f9 00 00 04 00 b3 12 76 25 81 f9 00 00
08 00 b3 13 76 1b 81 f9 00 00 10 00 b3 14 76 11 81 f9 01 00 20 00 19 db 83 c3 16
eb 04 <0f> 0b eb fe f6 44 24 0c 01 74 74 8b 04 9d e0 f1 80 c0 85 c0 75
Aug  3 10:17:04 gecko2 kernel: EIP: [<c0476f99>] get_slab+0x112/0x1a4 SS:ESP
0068:f6f8ee68
Aug  3 10:18:28 gecko2 kernel: usb 3-2: USB disconnect, address 2
Aug  3 10:18:30 gecko2 kernel: usb 3-1: new low speed USB device using uhci_hcd
and address 3
Aug  3 10:18:30 gecko2 kernel: usb 3-1: configuration #1 chosen from 1 choice
Aug  3 10:18:30 gecko2 kernel: input: 3Dconnexion SpaceNavigator as
/class/input/input20
Aug  3 10:18:30 gecko2 kernel: input: USB HID v1.10 Multi-Axis Controller
[3Dconnexion SpaceNavigator] on usb-0000:00:1d.2-1
Comment 1 Martin 2007-08-03 16:46:36 UTC 
Additional info:
Kernel crashed also, if 3dxsrv Daemon isn't running.
Comment 2 Martin 2007-08-03 18:19:11 UTC 
Additional info:
the problem couldn't reproduce with the actual kernel from koji
http://koji.fedoraproject.org/packages/kernel/2.6.23/0.68.rc1.git12.fc8/i686/kernel-2.6.23-0.68.rc1.git12.fc8.i686.rpm

I found something interesting on '2.6.23-rc1 short-form changelog' on
http://lwn.net/Articles/242483/

mm/slub.c: make code static
Comment 3 Chuck Ebbert 2007-08-03 23:07:56 UTC 
It should not be bugging here, it should just fail the memory allocation.
We can fix the bug, but the driver will probably not work in any case.
Comment 4 Chuck Ebbert 2007-08-14 19:20:02 UTC 
Fix is in 2.6.22.2-52.fc7, in testing now.
Comment 5 Martin 2007-08-14 20:28:13 UTC 
the bug isn't solved with kernel 2.6.22.2-52.fc7

Aug 14 22:10:32 gecko2 kernel: usb 3-2: new low speed USB device using uhci_hcd
and address 2
Aug 14 22:10:33 gecko2 kernel: usb 3-2: configuration #1 chosen from 1 choice
Aug 14 22:10:33 gecko2 kernel: input: 3Dconnexion SpaceNavigator as
/class/input/input19
Aug 14 22:10:33 gecko2 kernel: input: USB HID v1.10 Multi-Axis Controller
[3Dconnexion SpaceNavigator] on usb-0000:00:1d.2-2
Aug 14 22:10:33 gecko2 kernel: BUG: unable to handle kernel NULL pointer
dereference at virtual address 00000010
Aug 14 22:10:33 gecko2 kernel:  printing eip:
Aug 14 22:10:33 gecko2 kernel: c0464067
Aug 14 22:10:33 gecko2 kernel: *pde = 7adff067
Aug 14 22:10:33 gecko2 kernel: Oops: 0002 [#1]
Aug 14 22:10:33 gecko2 kernel: SMP
Aug 14 22:10:33 gecko2 kernel: last sysfs file: /class/input/input19/event19/dev
Aug 14 22:10:33 gecko2 kernel: Modules linked in: autofs4 hidp l2cap bluetooth
uinput sunrpc cpufreq_ondemand acpi_cpufreq fuse dm_mirror dm_multipath dm_mod
video sbs button dock battery ac snd_rme96 stv0299 ves1x93 snd_hda_intel
dvb_ttpci nvidia(P)(U) snd_seq_dummy dvb_core snd_seq_oss snd_seq_midi_event
saa7146_vv snd_seq video_buf saa7146 snd_seq_device videodev snd_pcm_oss
snd_mixer_oss snd_pcm snd_timer v4l2_common v4l1_compat sky2 ttpci_eeprom skge
snd soundcore joydev snd_page_alloc iTCO_wdt i2c_i801 sr_mod cdrom rtc_cmos
ata_generic iTCO_vendor_support floppy i2c_core serio_raw sg ata_piix libata
3w_9xxx sd_mod scsi_mod ext3 jbd mbcache ehci_hcd ohci_hcd uhci_hcd
Aug 14 22:10:33 gecko2 kernel: CPU:    1
Aug 14 22:10:33 gecko2 kernel: EIP:    0060:[<c0464067>]    Tainted: P       VLI
Aug 14 22:10:33 gecko2 kernel: EFLAGS: 00210202   (2.6.22.2-52.fc7 #1)
Aug 14 22:10:33 gecko2 kernel: EIP is at __kzalloc+0x22/0x38
Aug 14 22:10:33 gecko2 kernel: eax: 00000000   ebx: 035340a4   ecx: 00d4d029  
edx: 00000010
Aug 14 22:10:33 gecko2 kernel: esi: 035340a4   edi: 00000010   ebp: 00000000  
esp: f0d99ea8
Aug 14 22:10:33 gecko2 kernel: ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0068
Aug 14 22:10:33 gecko2 kernel: Process keymaninputfilt (pid: 2158, ti=f0d99000
task=f7ec6c00 task.ti=f0d99000)
Aug 14 22:10:33 gecko2 kernel: Stack: 00200246 efe3f800 efe3f800 00d4d018
c057dba8 efac5240 efe3f800 efac5240
Aug 14 22:10:33 gecko2 kernel:        00000000 f8cc78ef c0420b97 0e2a226d
00000000 f020a000 c2019a80 00200086
Aug 14 22:10:33 gecko2 kernel:        00000000 f0d99f28 f7ec6c00 000f4586
00000000 000f4586 c2019a80 c043b0ed
Aug 14 22:10:33 gecko2 kernel: Call Trace:
Aug 14 22:10:33 gecko2 kernel:  [<c057dba8>] input_ff_create+0x35/0xdf
Aug 14 22:10:33 gecko2 kernel:  [<f8cc78ef>] uinput_ioctl+0x135/0x51e [uinput]
Aug 14 22:10:33 gecko2 kernel:  [<c0420b97>] task_tick_fair+0x55/0x7a
Aug 14 22:10:33 gecko2 kernel:  [<c043b0ed>] getnstimeofday+0x30/0xbf
Aug 14 22:10:33 gecko2 kernel:  [<c043cf3e>] clockevents_program_event+0xb5/0xbc
Aug 14 22:10:33 gecko2 kernel:  [<c043dcee>] tick_program_event+0x33/0x52
Aug 14 22:10:33 gecko2 kernel:  [<f8cc77ba>] uinput_ioctl+0x0/0x51e [uinput]
Aug 14 22:10:33 gecko2 kernel:  [<c04833f5>] do_ioctl+0x21/0xa0
Aug 14 22:10:33 gecko2 kernel:  [<c043df2f>] tick_sched_timer+0x0/0xbb
Aug 14 22:10:33 gecko2 kernel:  [<c04836ab>] vfs_ioctl+0x237/0x249
Aug 14 22:10:33 gecko2 kernel:  [<c0483709>] sys_ioctl+0x4c/0x67
Aug 14 22:10:33 gecko2 kernel:  [<c0404f8e>] syscall_call+0x7/0xb
Aug 14 22:10:33 gecko2 kernel:  =======================
Aug 14 22:10:33 gecko2 kernel: Code: f3 a4 5a 59 5b 5e 5f 5d c3 57 56 89 c6 53
83 ec 04 8b 4c 24 10 e8 74 2a 01 00 85 c0 89 c2 74 1a 89 f1 31 c0 c1 e9 02 89 d7
89 f3 <f3> ab f6 c3 02 74 02 66 ab f6 c3 01 74 01 aa 5b 89 d0 5b 5e 5f
Aug 14 22:10:33 gecko2 kernel: EIP: [<c0464067>] __kzalloc+0x22/0x38 SS:ESP
0068:f0d99ea8
Aug 14 22:10:50 gecko2 kernel: usb 3-2: USB disconnect, address 2
Aug 14 22:10:57 gecko2 kernel: usb 3-2: new low speed USB device using uhci_hcd
and address 3
Aug 14 22:10:57 gecko2 kernel: usb 3-2: configuration #1 chosen from 1 choice
Aug 14 22:10:57 gecko2 kernel: input: 3Dconnexion SpaceNavigator as
/class/input/input20
Aug 14 22:10:57 gecko2 kernel: input: USB HID v1.10 Multi-Axis Controller
[3Dconnexion SpaceNavigator] on usb-0000:00:1d.2-2

nearly the same error when connecting a Plantronic headset:

Aug 14 22:04:00 gecko2 kernel: input: Plantronics Plantronics Headset as
/class/input/input19
Aug 14 22:04:00 gecko2 kernel: input: USB HID v1.00 Device [Plantronics
Plantronics Headset] on usb-0000:00:1d.0-2
Aug 14 22:04:00 gecko2 kernel: usbcore: registered new interface driver
snd-usb-audio
Aug 14 22:04:00 gecko2 kernel: BUG: unable to handle kernel NULL pointer
dereference at virtual address 00000010
Aug 14 22:04:00 gecko2 kernel:  printing eip:
Aug 14 22:04:00 gecko2 kernel: c0464067
Aug 14 22:04:00 gecko2 kernel: *pde = 7cb1a067
Aug 14 22:04:00 gecko2 kernel: Oops: 0002 [#1]
Aug 14 22:04:00 gecko2 kernel: SMP
Aug 14 22:04:00 gecko2 kernel: last sysfs file: /class/input/input19/event19/dev
Aug 14 22:04:00 gecko2 kernel: Modules linked in: snd_usb_audio snd_usb_lib
snd_rawmidi snd_hwdep nvidia(P)(U) autofs4 hidp l2cap bluetooth parport_pc
parport uinput sunrpc cpufreq_ondemand acpi_cpufreq fuse dm_mirror dm_multipath
dm_mod video sbs button dock battery ac stv0299 ves1x93 dvb_ttpci snd_hda_intel
dvb_core saa7146_vv snd_seq_dummy video_buf saa7146 snd_seq_oss videodev
snd_rme96 snd_seq_midi_event snd_seq v4l2_common sky2 v4l1_compat skge
ttpci_eeprom snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd
serio_raw soundcore rtc_cmos floppy ata_generic iTCO_wdt i2c_i801 snd_page_alloc
joydev iTCO_vendor_support i2c_core sr_mod cdrom sg ata_piix libata 3w_9xxx
sd_mod scsi_mod ext3 jbd mbcache ehci_hcd ohci_hcd uhci_hcd
Aug 14 22:04:00 gecko2 kernel: CPU:    1
Aug 14 22:04:00 gecko2 kernel: EIP:    0060:[<c0464067>]    Tainted: P       VLI
Aug 14 22:04:00 gecko2 kernel: EFLAGS: 00210202   (2.6.22.2-52.fc7 #1)
Aug 14 22:04:00 gecko2 kernel: EIP is at __kzalloc+0x22/0x38
Aug 14 22:04:00 gecko2 kernel: eax: 00000000   ebx: 035340a4   ecx: 00d4d029  
edx: 00000010
Aug 14 22:04:00 gecko2 kernel: esi: 035340a4   edi: 00000010   ebp: 00000000  
esp: f6f2dea8
Aug 14 22:04:00 gecko2 kernel: ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0068
Aug 14 22:04:00 gecko2 kernel: Process keymaninputfilt (pid: 2130, ti=f6f2d000
task=f73b8600 task.ti=f6f2d000)
Aug 14 22:04:00 gecko2 kernel: Stack: 00200246 f29f3000 f29f3000 00d4d018
c057dba8 f5228180 f29f3000 f5228180
Aug 14 22:04:00 gecko2 kernel:        00000000 f8d338ef c164a600 c164a600
00000000 f2f66a00 c0475414 ffffffff
Aug 14 22:04:00 gecko2 kernel:        000000d0 c0721ab0 00000000 00200246
000000d0 c0721ab0 000000d0 f7ab86c8
Aug 14 22:04:00 gecko2 kernel: Call Trace:
Aug 14 22:04:00 gecko2 kernel:  [<c057dba8>] input_ff_create+0x35/0xdf
Aug 14 22:04:00 gecko2 kernel:  [<f8d338ef>] uinput_ioctl+0x135/0x51e [uinput]
Aug 14 22:04:00 gecko2 kernel:  [<c0475414>] __slab_alloc+0x248/0x486
Aug 14 22:04:00 gecko2 kernel:  [<c060a983>] mutex_lock+0x1a/0x29
Aug 14 22:04:00 gecko2 kernel:  [<c049b9e5>] inotify_inode_queue_event+0x46/0xd0
Aug 14 22:04:00 gecko2 kernel:  [<f8d337ba>] uinput_ioctl+0x0/0x51e [uinput]
Aug 14 22:04:00 gecko2 kernel:  [<c04833f5>] do_ioctl+0x21/0xa0
Aug 14 22:04:00 gecko2 kernel:  [<c04836ab>] vfs_ioctl+0x237/0x249
Aug 14 22:04:00 gecko2 kernel:  [<c0483709>] sys_ioctl+0x4c/0x67
Aug 14 22:04:00 gecko2 kernel:  [<c0404f8e>] syscall_call+0x7/0xb
Aug 14 22:04:00 gecko2 kernel:  =======================
Aug 14 22:04:00 gecko2 kernel: Code: f3 a4 5a 59 5b 5e 5f 5d c3 57 56 89 c6 53
83 ec 04 8b 4c 24 10 e8 74 2a 01 00 85 c0 89 c2 74 1a 89 f1 31 c0 c1 e9 02 89 d7
89 f3 <f3> ab f6 c3 02 74 02 66 ab f6 c3 01 74 01 aa 5b 89 d0 5b 5e 5f
Aug 14 22:04:00 gecko2 kernel: EIP: [<c0464067>] __kzalloc+0x22/0x38 SS:ESP
0068:f6f2dea8
Aug 14 22:04:48 gecko2 kernel: usb 1-2: USB disconnect, address 2

# uname -a
Linux gecko2 2.6.22.2-52.fc7 #1 SMP Fri Aug 10 15:59:22 EDT 2007 i686 i686 i386
GNU/Linux

kernel 2.6.23-0.101.rc2.git5.fc8 however works perfekt, why 2.6.22 not ?
Comment 6 Chuck Ebbert 2007-08-14 22:53:55 UTC 
(In reply to comment #5)
> kernel 2.6.23-0.101.rc2.git5.fc8 however works perfekt, why 2.6.22 not ?

That kernel has major updates to the memory allocator. 2.6.22.2-57.fc7 should
have enough of a workaround for this problem. (And thanks for testing.)
Comment 7 Chuck Ebbert 2007-08-15 18:36:07 UTC 
2.6.22.2-57.fc7 has been sent to updates-testing
Comment 8 Martin 2007-08-15 20:59:22 UTC 
(In reply to comment #6)
> (In reply to comment #5)
> > kernel 2.6.23-0.101.rc2.git5.fc8 however works perfekt, why 2.6.22 not ?
> 
> That kernel has major updates to the memory allocator. 2.6.22.2-57.fc7 should
> have enough of a workaround for this problem. (And thanks for testing.)
kernel 2.6.22.2-57.fc7 works now perfect for me, no longer kernel Oops.
great thanks.
Bug Report can be closed as solved.
Comment 9 Chuck Ebbert 2007-08-15 21:18:16 UTC 
Bug can't be closed until kernel is released, changing to MODIFIED.