Bug 503280

Summary: Reading lm_sensors causes kernel crash
Product: [Fedora] Fedora Reporter: Andy Burns <fedora>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 11CC: itamar, kernel-maint
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-06-28 12:45:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andy Burns 2009-05-30 18:18:23 UTC 
Description of problem:

Running rawhide just prior to F11 release, having run sensors-detect, sensors picks up fans and temperatures (apparently via ACPI rather than via specific superI/O driver like it used to with F10).

I went to query the data via snmpd from my separate cacti host and the F11 machine "went flaky" it managed to give me a dmesg with some stack traces before it died completely.

I also noticed in an earlier part of the dmesg

coretemp coretemp.0: Using relative temperature scale!
coretemp coretemp.1: Using relative temperature scale!
w83627ehf: Found W83627DHG chip at 0x290
ACPI: I/O resource w83627ehf [0x295-0x296] conflicts with ACPI region HWRE [0x290-0x299]
ACPI: Device needs an ACPI driver

Version-Release number of selected component (if applicable):

kernel-PAE-2.6.29.4-167.fc11.i686

Additional Info:

kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
BUG: unable to handle kernel paging request at f5df7400
IP: [<f5df7400>] 0xf5df7400
*pdpt = 0000000000973001 *pde = 8000000035c001e3
Oops: 0011 [#1] SMP
last sysfs file: /sys/devices/platform/coretemp.1/name
Modules linked in: fuse ipt_MASQUERADE iptable_nat nf_nat sco bridge stp llc bnep l2cap ipv6 bluetooth hwmon_vid coretemp sunrpc cpufreq_ondemand acpi_cpufreq dm_multipath kvm_intel kvm uinput snd_hda_codec_intelhdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec ata_generic pata_acpi atl1 snd_hwdep snd_pcm firewire_ohci iTCO_wdt snd_timer lirc_imon pcspkr lirc_dev firewire_core serio_raw i2c_i801 usb_storage snd iTCO_vendor_support pata_jmicron mii soundcore asus_atk0110 hwmon snd_page_alloc crc_itu_t i915 drm i2c_algo_bit i2c_core video output [last unloaded: scsi_wait_scan]

Pid: 1811, comm: Xorg Not tainted (2.6.29.4-167.fc11.i686.PAE #1) P5E-VM HDMI
EIP: 0060:[<f5df7400>] EFLAGS: 00213282 CPU: 0
EIP is at 0xf5df7400
EAX: f5df7400 EBX: f5df7400 ECX: f5df7400 EDX: c05d5319
ESI: 00000000 EDI: f25ab600 EBP: f2021b40 ESP: f2021b3c
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process Xorg (pid: 1811, ti=f2020000 task=f268b280 task.ti=f2020000)
Stack:
 c05cd709 f2021b58 c05cb996 006d6900 f25ab600 f5df7414 f5df7400 f2021b78
 c05c88cd f2021b6c 00000000 c05cb886 f25ab600 00000000 00000000 f2021e50
 c04b475e f7f47d40 000f583b 00000000 f2021f64 f2021ec4 f2021ee4 f2021f04
Call Trace:
 [<c05cd709>] ? tty_write_room+0x1d/0x1f
 [<c05cb996>] ? n_tty_poll+0x110/0x122
 [<c05c88cd>] ? tty_poll+0x4f/0x68
 [<c05cb886>] ? n_tty_poll+0x0/0x122
 [<c04b475e>] ? do_select+0x2f0/0x4ef
 [<c04b4cc3>] ? __pollwait+0x0/0xa2
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4d65>] ? pollwake+0x0/0x53
 [<c04b4a76>] ? core_sys_select+0x119/0x194
 [<c04b35a6>] ? do_vfs_ioctl+0x480/0x4ba
 [<c0449e0d>] ? hrtimer_try_to_cancel+0x65/0x6e
 [<c044d0e8>] ? clocksource_read+0xc/0xf
 [<c044d44a>] ? getnstimeofday+0x59/0xec
 [<c04b4ca7>] ? sys_select+0x6f/0x8b
 [<c040945f>] ? sysenter_do_call+0x12/0x34
Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <01> 54 00 00 02 00 00 00 c0 39 c5 f5 28 d9 73 c0 00 00 00 00 78
EIP: [<f5df7400>] 0xf5df7400 SS:ESP 0068:f2021b3c
---[ end trace b3bb01b897a99c75 ]---
[drm] TMDS-8: set mode 1920x1080 b
BUG: unable to handle kernel NULL pointer dereference at 00000004
IP: [<c042ed47>] try_to_wake_up+0x2a/0x231
*pdpt = 000000002e16a001 *pde = 000000005d967067
Oops: 0000 [#2] SMP
last sysfs file: /sys/devices/pci0000:00/0000:00:1e.0/0000:04:03.0/resource
Modules linked in: fuse ipt_MASQUERADE iptable_nat nf_nat sco bridge stp llc bnep l2cap ipv6 bluetooth hwmon_vid coretemp sunrpc cpufreq_ondemand acpi_cpufreq dm_multipath kvm_intel kvm uinput snd_hda_codec_intelhdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec ata_generic pata_acpi atl1 snd_hwdep snd_pcm firewire_ohci iTCO_wdt snd_timer lirc_imon pcspkr lirc_dev firewire_core serio_raw i2c_i801 usb_storage snd iTCO_vendor_support pata_jmicron mii soundcore asus_atk0110 hwmon snd_page_alloc crc_itu_t i915 drm i2c_algo_bit i2c_core video output [last unloaded: scsi_wait_scan]

Pid: 3246, comm: firefox Tainted: G      D    (2.6.29.4-167.fc11.i686.PAE #1) P5E-VM HDMI
EIP: 0060:[<c042ed47>] EFLAGS: 00210002 CPU: 1
EIP is at try_to_wake_up+0x2a/0x231
EAX: 00005e7f EBX: 00000000 ECX: 00000001 EDX: 00000001
ESI: f2021bf0 EDI: e5cf5d2c EBP: e5cf5d00 ESP: e5cf5ce0
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process firefox (pid: 3246, ti=e5cf4000 task=ed958ca0 task.ti=e5cf4000)
Stack:
 00000001 00100100 00000001 eb11e61c ee05e700 00000001 f2021bf0 e5cf5d2c
 e5cf5d08 c042ef5e e5cf5d38 c04b4daf 00000000 00000000 00000000 00000000
 c042ef4e 00000000 00000000 ee1bc178 f2bfef14 00000001 e5cf5d5c c0427279
Call Trace:
 [<c042ef5e>] ? default_wake_function+0x10/0x12
 [<c04b4daf>] ? pollwake+0x4a/0x53
 [<c042ef4e>] ? default_wake_function+0x0/0x12
 [<c0427279>] ? __wake_up_common+0x39/0x61
 [<c0428c12>] ? __wake_up_sync+0x37/0x49
 [<c06891ef>] ? sock_def_readable+0x34/0x4f
 [<c06f54b6>] ? unix_stream_sendmsg+0x1bf/0x253
 [<c0686829>] ? __sock_sendmsg+0x4a/0x53
 [<c0686902>] ? sock_aio_write+0xd0/0xd9
 [<c0686832>] ? sock_aio_write+0x0/0xd9
 [<c04a88b6>] ? do_sync_readv_writev+0xc6/0xf9
 [<c0686832>] ? sock_aio_write+0x0/0xd9
 [<c04472a1>] ? autoremove_wake_function+0x0/0x34
 [<c056849d>] ? might_fault+0x1c/0x1e
 [<c05684d1>] ? copy_from_user+0x32/0x119
 [<c05365ef>] ? security_file_permission+0x14/0x16
 [<c04a8b59>] ? rw_verify_area+0x9a/0xbb
 [<c04a8f65>] ? do_readv_writev+0x82/0xe4
 [<c0686832>] ? sock_aio_write+0x0/0xd9
 [<c04a8691>] ? fsnotify_access+0x54/0x5f
 [<c044d0e8>] ? clocksource_read+0xc/0xf
 [<c04a9002>] ? vfs_writev+0x3b/0x49
 [<c04a905c>] ? sys_writev+0x4c/0x9f
 [<c040945f>] ? sysenter_do_call+0x12/0x34
Code: c3 55 89 e5 57 56 53 83 ec 14 0f 1f 44 00 00 89 c3 a1 ec c3 8f c0 89 55 e0 ba 00 00 00 00 a8 40 0f 45 d1 f6 c4 08 89 55 e8 74 3b <8b> 43 04 64 8b 0d 84 bc 96 c0 8b 50 10 b8 00 1e 97 c0 03 04 8d
EIP: [<c042ed47>] try_to_wake_up+0x2a/0x231 SS:ESP 0068:e5cf5ce0
---[ end trace b3bb01b897a99c76 ]---
BUG: unable to handle kernel NULL pointer dereference at 00000004
IP: [<c042ed47>] try_to_wake_up+0x2a/0x231
*pdpt = 00000000251d2001 *pde = 000000005d99c067
Oops: 0000 [#3] SMP
last sysfs file: /sys/devices/pci0000:00/0000:00:1e.0/0000:04:03.0/resource
Modules linked in: fuse ipt_MASQUERADE iptable_nat nf_nat sco bridge stp llc bnep l2cap ipv6 bluetooth hwmon_vid coretemp sunrpc cpufreq_ondemand acpi_cpufreq dm_multipath kvm_intel kvm uinput snd_hda_codec_intelhdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec ata_generic pata_acpi atl1 snd_hwdep snd_pcm firewire_ohci iTCO_wdt snd_timer lirc_imon pcspkr lirc_dev firewire_core serio_raw i2c_i801 usb_storage snd iTCO_vendor_support pata_jmicron mii soundcore asus_atk0110 hwmon snd_page_alloc crc_itu_t i915 drm i2c_algo_bit i2c_core video output [last unloaded: scsi_wait_scan]

Pid: 2836, comm: gnome-terminal Tainted: G      D    (2.6.29.4-167.fc11.i686.PAE #1) P5E-VM HDMI
EIP: 0060:[<c042ed47>] EFLAGS: 00210002 CPU: 1
EIP is at try_to_wake_up+0x2a/0x231
EAX: 00005e7f EBX: 00000000 ECX: 00000001 EDX: 00000001
ESI: f2021bf0 EDI: e51c7d2c EBP: e51c7d00 ESP: e51c7ce0
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process gnome-terminal (pid: 2836, ti=e51c6000 task=f0c58000 task.ti=e51c6000)
Stack:
 00000001 00000002 00000001 f2a8031c e201cd80 00000001 f2021bf0 e51c7d2c
 e51c7d08 c042ef5e e51c7d38 c04b4daf 00000000 00000000 00000000 00000000
 c042ef4e 00000000 00000000 ee1bc15c eb11d694 00000001 e51c7d5c c0427279
Call Trace:
 [<c042ef5e>] ? default_wake_function+0x10/0x12
 [<c04b4daf>] ? pollwake+0x4a/0x53
 [<c042ef4e>] ? default_wake_function+0x0/0x12
 [<c0427279>] ? __wake_up_common+0x39/0x61
 [<c0428c12>] ? __wake_up_sync+0x37/0x49
 [<c06891ef>] ? sock_def_readable+0x34/0x4f
 [<c06f54b6>] ? unix_stream_sendmsg+0x1bf/0x253
 [<c0686829>] ? __sock_sendmsg+0x4a/0x53
 [<c0686902>] ? sock_aio_write+0xd0/0xd9
 [<c0686832>] ? sock_aio_write+0x0/0xd9
 [<c04a88b6>] ? do_sync_readv_writev+0xc6/0xf9
 [<c0686832>] ? sock_aio_write+0x0/0xd9
 [<c04472a1>] ? autoremove_wake_function+0x0/0x34
 [<c056849d>] ? might_fault+0x1c/0x1e
 [<c05684d1>] ? copy_from_user+0x32/0x119
 [<c05365ef>] ? security_file_permission+0x14/0x16
 [<c04a8b59>] ? rw_verify_area+0x9a/0xbb
 [<c04a8f65>] ? do_readv_writev+0x82/0xe4
 [<c0686832>] ? sock_aio_write+0x0/0xd9
 [<c0450ed7>] ? tick_program_event+0x26/0x2e
 [<c04a9002>] ? vfs_writev+0x3b/0x49
 [<c04a905c>] ? sys_writev+0x4c/0x9f
 [<c040945f>] ? sysenter_do_call+0x12/0x34
Code: c3 55 89 e5 57 56 53 83 ec 14 0f 1f 44 00 00 89 c3 a1 ec c3 8f c0 89 55 e0 ba 00 00 00 00 a8 40 0f 45 d1 f6 c4 08 89 55 e8 74 3b <8b> 43 04 64 8b 0d 84 bc 96 c0 8b 50 10 b8 00 1e 97 c0 03 04 8d
EIP: [<c042ed47>] try_to_wake_up+0x2a/0x231 SS:ESP 0068:e51c7ce0
---[ end trace b3bb01b897a99c77 ]---
Comment 1 Bug Zapper 2009-06-09 16:51:12 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 2 Bug Zapper 2010-04-27 14:35:24 UTC 
This message is a reminder that Fedora 11 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 11.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '11'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 11's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 11 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 3 Bug Zapper 2010-06-28 12:45:52 UTC 
Fedora 11 changed to end-of-life (EOL) status on 2010-06-25. Fedora 11 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.