Additional info: reporter: libreport-2.1.9 WARNING: CPU: 0 PID: 639 at mm/page_alloc.c:2412 __alloc_pages_nodemask+0x36c/0xa30() Modules linked in: b43 joydev bcma iTCO_wdt mac80211 applesmc(+) iTCO_vendor_support input_polldev microcode uvcvideo snd_hda_codec_realtek videobuf2_vmalloc videobuf2_memops snd_hda_intel videobuf2_core snd_hda_codec videodev cfg80211 i2c_i801 snd_hwdep btusb snd_seq bluetooth bcm5974 media snd_seq_device snd_pcm rfkill lpc_ich snd_page_alloc mfd_core snd_timer snd apple_bl soundcore shpchp acpi_cpufreq mperf vfat fat squashfs btrfs xor zlib_deflate raid6_pq libcrc32c firewire_ohci ata_generic pata_acpi firewire_core nouveau crc_itu_t sky2 ssb mmc_core mxm_wmi wmi i2c_algo_bit usb_storage drm_kms_helper ttm drm i2c_core video loop CPU: 0 PID: 639 Comm: systemd-udevd Not tainted 3.11.8-300.fc20.x86_64 #1 Hardware name: Apple Inc. MacBookPro4,1/Mac-F42C89C8, BIOS MBP41.88Z.00C1.B03.0802271651 02/27/08 0000000000000009 ffff880133809868 ffffffff8164374b 0000000000000000 ffff8801338098a0 ffffffff8106715d 0000000000000002 0000000000000000 000000000010c0d0 0000000000000000 0000000000000000 ffff8801338098b0 Call Trace: [<ffffffff8164374b>] dump_stack+0x45/0x56 [<ffffffff8106715d>] warn_slowpath_common+0x7d/0xa0 [<ffffffff8106723a>] warn_slowpath_null+0x1a/0x20 [<ffffffff8114574c>] __alloc_pages_nodemask+0x36c/0xa30 [<ffffffff81305096>] ? sprintf+0x46/0x50 [<ffffffff81019ee5>] ? native_sched_clock+0x15/0x80 [<ffffffff81183189>] alloc_pages_current+0xa9/0x170 [<ffffffff81140701>] __get_free_pages+0x21/0x70 [<ffffffff8118ccce>] kmalloc_order_trace+0x2e/0xa0 [<ffffffff8118f0ea>] __kmalloc+0x1ca/0x250 [<ffffffff8118d99e>] ? kfree+0x13e/0x180 [<ffffffffa05412bc>] applesmc_init_smcreg+0x24c/0x310 [applesmc] [<ffffffffa0541392>] applesmc_probe+0x12/0x30 [applesmc] [<ffffffff813ef90c>] platform_drv_probe+0x3c/0x70 [<ffffffff813ecfe2>] ? driver_sysfs_add+0x82/0xb0 [<ffffffff813ed6a7>] driver_probe_device+0x87/0x390 [<ffffffff813ed9b0>] ? driver_probe_device+0x390/0x390 [<ffffffff813ed9eb>] __device_attach+0x3b/0x40 [<ffffffff813eb6a3>] bus_for_each_drv+0x63/0xa0 [<ffffffff813ed5a8>] device_attach+0x88/0xa0 [<ffffffff813ec918>] bus_probe_device+0x98/0xc0 [<ffffffff813ea5e4>] device_add+0x4c4/0x7a0 [<ffffffff813ef3e1>] platform_device_add+0xd1/0x2d0 [<ffffffff813efb60>] platform_device_register_full+0xe0/0x120 [<ffffffffa0546000>] ? 0xffffffffa0545fff [<ffffffffa0546098>] applesmc_init+0x98/0x1000 [applesmc] [<ffffffff810020fa>] do_one_initcall+0xfa/0x1b0 [<ffffffff810524b3>] ? set_memory_nx+0x43/0x50 [<ffffffff810cc69d>] load_module+0x1bbd/0x2660 [<ffffffff810c89a0>] ? store_uevent+0x40/0x40 [<ffffffff810cd2b6>] SyS_finit_module+0x86/0xb0 [<ffffffff81652959>] system_call_fastpath+0x16/0x1b
Created attachment 827559 [details] File: dmesg
Hi Chris, It seems that commit commit 5f4513864304672e6ea9eac60583eeac32e679f2 has added the following: Author: Henrik Rydberg <rydberg> Date: Thu Sep 26 08:33:16 2013 +0200 hwmon: (applesmc) Check key count before proceeding After reports from Chris and Josh Boyer of a rare crash in applesmc, Guenter pointed at the initialization problem fixed below. The patch has not been verified to fix the crash, but should be applied regardless. Reported-by: <jwboyer> Suggested-by: Guenter Roeck <linux> Signed-off-by: Henrik Rydberg <rydberg> Cc: stable.org Signed-off-by: Guenter Roeck <linux> diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c index 62c2e32..98814d1 100644 --- a/drivers/hwmon/applesmc.c +++ b/drivers/hwmon/applesmc.c @@ -525,16 +525,25 @@ static int applesmc_init_smcreg_try(void) { struct applesmc_registers *s = &smcreg; bool left_light_sensor, right_light_sensor; + unsigned int count; u8 tmp[1]; int ret; if (s->init_complete) return 0; - ret = read_register_count(&s->key_count); + ret = read_register_count(&count); if (ret) return ret; + if (s->cache && s->key_count != count) { + pr_warn("key count changed from %d to %d\n", + s->key_count, count); + kfree(s->cache); + s->cache = NULL; + } + s->key_count = count; + if (!s->cache) s->cache = kcalloc(s->key_count, sizeof(*s->cache), GFP_KERNEL); if (!s->cache) so now we will try to allocate an insane amount of memory and we will barf: [ 8.603053] applesmc: key count changed from 261 to 1392508929 The issue is that this machine returns 1392508929 on that register so we try to allocate 1392508929 * sizeof (*s->cache) which obviously fails. Can you attach the output of dmidecode to this BZ please? thanks, Michele
Possibly related to bug 1011719.
Created attachment 828118 [details] dmidecode
Just a note for anyone seeing this BZ. We discussed this on LKML: https://lkml.org/lkml/2013/11/24/38 It's an extremely rare one-time off event, so we let it rest for now unless more people start seeing this
*********** MASS BUG UPDATE ************** We apologize for the inconvenience. There is a large number of bugs to go through and several of them have gone stale. Due to this, we are doing a mass bug update across all of the Fedora 20 kernel bugs. Fedora 20 has now been rebased to 3.13.4-200.fc20. Please test this kernel update and let us know if you issue has been resolved or if it is still present with the newer kernel. If you experience different issues, please open a new bug report for those.
*********** MASS BUG UPDATE ************** This bug has been in a needinfo state for several weeks and is being closed with insufficient data due to inactivity. If this is still an issue with Fedora 20, please feel free to reopen the bug and provide the additional information requested.