Bug 456608

Summary: BUG: unable to handle kernel NULL pointer dereference at 00000002
Product: [Fedora] Fedora Reporter: Tom London <selinux>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: dcantrell
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-10-04 00:13:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 438943    
Attachments:
Description Flags
dmesg output showing 2 BUGs
none
dmesg output from boot of 0.180 showing BUG + numerous "KMALLOC-64 poison/duplicate" bugs
none
dmesg output showing NULL pointer bugs. (also shows kmalloc-64 issues)
none
Another screen shot.... none

Description Tom London 2008-07-24 21:58:17 UTC 
Description of problem:
Attach below dmesg output with 2 occurences of the above BUG.  Include first one
here:

usb 1-6.2: link qh8-0e01/f6ea7300 start 7 [1/2 us]
BUG: unable to handle kernel NULL pointer dereference at 00000002
IP: [<c0427b7d>] sched_mc_power_savings_store+0x1/0x2f
*pde = 7f3ab067 
Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
Modules linked in: i915 drm ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core
ib_addr iscsi_tcp libiscsi scsi_transport_iscsi coretemp nf_conntrack_ipv4
ipt_REJECT iptable_filter ip_tables nf_conntrack_netbios_ns nf_conntrack_ipv6
xt_state nf_conntrack xt_tcpudp ip6t_ipv6header ip6t_REJECT ip6table_filter
ip6_tables x_tables ipv6 cpufreq_ondemand acpi_cpufreq fuse loop kvm_intel kvm
sr_mod cdrom ppdev thinkpad_acpi hwmon snd_hda_intel ata_piix arc4 i2c_i801
snd_seq_dummy i2c_core battery ecb crypto_blkcipher sdhci_pci firewire_ohci
firewire_core sdhci ac mmc_core yenta_socket rsrc_nonstatic snd_seq_oss
crc_itu_t bay snd_seq_midi_event snd_seq snd_seq_device video snd_pcm_oss
snd_mixer_oss output snd_pcm parport_pc parport snd_timer ata_generic
snd_page_alloc iwl3945 rfkill pata_acpi snd_hwdep mac80211 snd iTCO_wdt
iTCO_vendor_support hci_usb soundcore cfg80211 e1000e bluetooth dm_snapshot
dm_zero dm_mirror dm_log dm_mod ahci ext3 jbd mbcache uhci_hcd ohci_hcd ehci_hcd

Pid: 3079, comm: sched-powersave Not tainted (2.6.27-0.173.rc0.git11.fc10.i686 #1)
EIP: 0060:[<c0427b7d>] EFLAGS: 00010282 CPU: 1
EIP is at sched_mc_power_savings_store+0x1/0x2f
EAX: c07b8414 EBX: c0427b7c ECX: 00000002 EDX: ebe42000
ESI: c07b8454 EDI: ebe42000 EBP: f3932f44 ESP: f3932f30
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process sched-powersave (pid: 3079, ti=f3932000 task=f3b647a0 task.ti=f3932000)
Stack: f3932f44 c05896eb c07b80b0 f7c2e7e8 f4191e70 f3932f74 c04d671a 00000002 
       00000002 b7fbb000 ebe46000 f4191e84 c07b80b0 c07b8454 00000002 ebe46000 
       c04d665c f3932f90 c0499ab9 f3932f9c b7fbb000 ebe46000 fffffff7 b7fbb000 
Call Trace:
 [<c05896eb>] ? sysdev_class_store+0x25/0x2a
 [<c04d671a>] ? sysfs_write_file+0xbe/0xe9
 [<c04d665c>] ? sysfs_write_file+0x0/0xe9
 [<c0499ab9>] ? vfs_write+0x89/0xe4
 [<c0499bb7>] ? sys_write+0x40/0x65
 [<c0403d0e>] ? syscall_call+0x7/0xb
 [<c068007b>] ? arch_prepare_kprobe+0xf0/0x16b
 =======================
Code: c0 01 76 0d 8d 43 40 ba b4 f0 79 c0 e8 e5 f0 0a 00 5b 5d c3 55 89 e5 e8 4e
61 00 00 e8 1c 5c 03 00 e8 f9 60 00 00 31 c0 5d c3 55 <8a> 09 ba ea ff ff ff 89
e5 8d 41 d0 3c 01 77 1a 31 c0 80 f9 31 
EIP: [<c0427b7d>] sched_mc_power_savings_store+0x1/0x2f SS:ESP 0068:f3932f30
---[ end trace 114c6d5ae1aeef70 ]---
SELinux: initialized (dev fuse, type fuse), uses genfs_contexts

System eventually hard froze.  Had to reboot via button.


Version-Release number of selected component (if applicable):
kernel-2.6.27-0.173.rc0.git11.fc10.i686

How reproducible:
Every boot.

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Tom London 2008-07-24 21:58:17 UTC 
Created attachment 312600 [details]
dmesg output showing 2 BUGs
Comment 2 Tom London 2008-07-24 22:01:05 UTC 
Created attachment 312601 [details]
dmesg output from boot of 0.180 showing BUG + numerous "KMALLOC-64 poison/duplicate" bugs

This is dmesg output from a cold boot of 0.180 showing above BUG, plus a number
of KMALLOC-64 issues.
Comment 3 Tom London 2008-07-25 13:51:31 UTC 
Got this just now with 0.180.  Looks the same as above.

BUG: unable to handle kernel NULL pointer dereference at 00000002
IP: [<c0427b9e>] sched_mc_power_savings_store+0x1/0x2f
*pde = 7efdc067 
Oops: 0000 [#2] SMP DEBUG_PAGEALLOC
Modules linked in: i915 drm ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core
ib_addr iscsi_tcp libiscsi scsi_transport_iscsi coretemp nf_conntrack_ipv4
ipt_REJECT iptable_filter ip_tables nf_conntrack_netbios_ns nf_conntrack_ipv6
xt_state nf_conntrack xt_tcpudp ip6t_ipv6header ip6t_REJECT ip6table_filter
ip6_tables x_tables ipv6 cpufreq_ondemand acpi_cpufreq fuse loop kvm_intel kvm
sr_mod cdrom ppdev thinkpad_acpi hwmon sdhci_pci snd_hda_intel sdhci
firewire_ohci yenta_socket mmc_core i2c_i801 ata_piix i2c_core ata_generic
firewire_core crc_itu_t iTCO_wdt iTCO_vendor_support rsrc_nonstatic pata_acpi
snd_seq_dummy arc4 snd_seq_oss snd_seq_midi_event snd_seq ecb snd_seq_device
crypto_blkcipher battery ac snd_pcm_oss snd_mixer_oss video output bay snd_pcm
parport_pc parport snd_timer snd_page_alloc iwl3945 hci_usb rfkill bluetooth
mac80211 snd_hwdep cfg80211 snd e1000e soundcore dm_snapshot dm_zero dm_mirror
dm_log dm_mod ahci ext3 jbd mbcache uhci_hcd ohci_hcd ehci_hcd

Pid: 3378, comm: sched-powersave Tainted: G      D  
(2.6.27-0.180.rc0.git11.fc10.i686 #1)
EIP: 0060:[<c0427b9e>] EFLAGS: 00010282 CPU: 0
EIP is at sched_mc_power_savings_store+0x1/0x2f
EAX: c07b8414 EBX: c0427b9d ECX: 00000002 EDX: ebe0f000
ESI: c07b8454 EDI: ebe0f000 EBP: ebfd9f44 ESP: ebfd9f30
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process sched-powersave (pid: 3378, ti=ebfd9000 task=f3b747a0 task.ti=ebfd9000)
Stack: ebfd9f44 c05896db c07b80b0 f7c2e7e8 f3f49e70 ebfd9f74 c04d6726 00000002 
       00000002 b7f9d000 ebf4b200 f3f49e84 c07b80b0 c07b8454 00000002 ebf4b200 
       c04d6668 ebfd9f90 c0499aed ebfd9f9c b7f9d000 ebf4b200 fffffff7 b7f9d000 
Call Trace:
 [<c05896db>] ? sysdev_class_store+0x25/0x2a
 [<c04d6726>] ? sysfs_write_file+0xbe/0xe9
 [<c04d6668>] ? sysfs_write_file+0x0/0xe9
 [<c0499aed>] ? vfs_write+0x89/0xe4
 [<c0499beb>] ? sys_write+0x40/0x65
 [<c0403cba>] ? syscall_call+0x7/0xb
 [<c068007b>] ? arch_prepare_kprobe+0x110/0x16b
 =======================
Code: c0 01 76 0d 8d 43 40 ba b4 f0 79 c0 e8 d0 f0 0a 00 5b 5d c3 55 89 e5 e8 4d
61 00 00 e8 1b 5c 03 00 e8 f8 60 00 00 31 c0 5d c3 55 <8a> 09 ba ea ff ff ff 89
e5 8d 41 d0 3c 01 77 1a 31 c0 80 f9 31 
EIP: [<c0427b9e>] sched_mc_power_savings_store+0x1/0x2f SS:ESP 0068:ebfd9f30
---[ end trace 15a40c77a307c9e8 ]---
wlan0: authenticate with AP 00:12:17:46:42:51
Comment 4 Tom London 2008-07-27 16:28:00 UTC 
Looks like the same with 0.183: 
http://www.kerneloops.org/submitresult.php?number=44805
Comment 5 Tom London 2008-07-27 17:59:59 UTC 
Looks like the same with 0.186:
http://www.kerneloops.org/submitresult.php?number=44828
Comment 6 Tom London 2008-07-28 20:36:51 UTC 
Created attachment 312817 [details]
dmesg output showing NULL pointer bugs.  (also shows kmalloc-64 issues)

More of the same .... (with 0.186)
Comment 7 Tom London 2008-07-28 20:45:40 UTC 
Created attachment 312818 [details]
Another screen shot....

Another crash....
Comment 8 Tom London 2008-07-29 13:57:13 UTC 
Comment on attachment 312818 [details]
Another screen shot....

Sorry, filed this on the wrong BZ....
Comment 9 Jesse Keating 2008-10-03 23:32:19 UTC 
Still with recent kernels?
Comment 10 Tom London 2008-10-04 00:01:41 UTC 
Nope.  Haven't seen this in quite a while.

Close?