Description of problem: A FC5 system running the 2.6.20-2316-smp-i686 kernel displays "bad page state in process ..." messages, and then eventually panics with a "NULL pointer dereference", when starting thunderbird. I have seen this behaviour on this physical host, as well as another vmware based host (hosted on a separate machine). Starting thunderbird on the affected system is enough to trigger this issue. Full logs and dmesg are attached. Bad page state in process 'thunderbird-bin' page:c1307ff0 flags:0x40000000 mapping:c1ae05c8 mapcount:0 count:0 (Not tainted) Trying to fix it up, but a reboot is needed Backtrace: [<c045695b>] bad_page+0x6a/0x96 [<c045719a>] get_page_from_freelist+0x1e1/0x2a7 [<c04572c8>] __alloc_pages+0x68/0x2aa [<c045887c>] __do_page_cache_readahead+0xc5/0x1cc [<c04518f5>] delayacct_end+0x70/0x77 [<c04553e6>] filemap_nopage+0x14d/0x319 [<c045e0ea>] __handle_mm_fault+0x1da/0xc41 [<c0461512>] vma_merge+0x18a/0x19a [<c0462af5>] sys_mprotect+0x56d/0x614 [<c061ffab>] do_page_fault+0x2b7/0x5da [<c061fcf4>] do_page_fault+0x0/0x5da [<c061e95c>] error_code+0x7c/0x84 [<c0610033>] xfrm_state_walk+0x49/0xb7 ======================= ... <these messages repeat for thunderbird-bin and kjournald> BUG: unable to handle kernel NULL pointer dereference at virtual address 0000000 4 printing eip: c045717f *pde = 260a1001 Oops: 0000 [#1] SMP last sysfs file: /block/hdc/hdc1/size Modules linked in: ipt_REDIRECT iptable_nat nf_nat ipt_REJECT xt_tcpudp iptable_ filter ip_tables x_tables nf_conntrack_ftp nf_conntrack_ipv4 nf_conntrack nfnetl ink bridge ipv6 dm_mirror dm_mod video sbs i2c_ec dock button battery asus_acpi backlight ac lp parport_pc parport floppy ata_piix libata scsi_mod e100 uhci_hcd ehci_hcd mii i2c_i810 iTCO_wdt i2c_algo_bit iTCO_vendor_support i2c_i801 i2c_co re pcspkr ext3 jbd CPU: 0 EIP: 0060:[<c045717f>] Tainted: G B VLI EFLAGS: 00210046 (2.6.20-1.2316.fc5smp #1) EIP is at get_page_from_freelist+0x1c6/0x2a7 eax: 00000000 ebx: 47414c46 ecx: 00000000 edx: 47414c47 esi: c13082c0 edi: 00200046 ebp: c06c5c80 esp: e66c9b48 ds: 007b es: 007b ss: 0068 Process thunderbird-bin (pid: 3096, ti=e66c9000 task=e65ff9f0 task.ti=e66c9000) Stack: 00000001 00000044 e66c9bd8 00000001 00000000 00031280 c06c8198 00000000 00000001 00001000 00000001 00000000 00011280 00011280 c06c8194 e65ff9f0 c04572c8 00000044 e66c9bd8 e66c9c34 c04e3007 00000000 00031280 00000000 Call Trace: [<c04572c8>] __alloc_pages+0x68/0x2aa [<c04e3007>] cfq_find_cfq_hash+0x18/0x1b [<c046c83a>] cache_alloc_refill+0x26f/0x468 [<c04ea6d0>] __delay+0x6/0x7 [<c046c5c1>] kmem_cache_alloc+0x4c/0x56 [<c04558d0>] mempool_alloc+0x37/0xd5 [<c048e24b>] bio_alloc_bioset+0x9b/0xf3 [<c048e2ae>] bio_alloc+0xb/0x17 [<c04914a1>] mpage_alloc+0x21/0x79 [<c0492052>] do_mpage_readpage+0x4e4/0x5cc [<f89056de>] ext3_get_block+0x0/0xd0 [ext3] [<c061e717>] _write_unlock_irq+0x5/0x7 [<c0453031>] add_to_page_cache+0x68/0x6f [<c049264d>] mpage_readpages+0xac/0x10f [<f89056de>] ext3_get_block+0x0/0xd0 [ext3] [<c04572c8>] __alloc_pages+0x68/0x2aa [<f8904be7>] ext3_readpages+0x0/0x15 [ext3] [<c04588dc>] __do_page_cache_readahead+0x125/0x1cc [<f89056de>] ext3_get_block+0x0/0xd0 [ext3] [<c04553e6>] filemap_nopage+0x14d/0x319 [<c045e0ea>] __handle_mm_fault+0x1da/0xc41 [<c0461512>] vma_merge+0x18a/0x19a [<c0462af5>] sys_mprotect+0x56d/0x614 [<c061ffab>] do_page_fault+0x2b7/0x5da [<c061fcf4>] do_page_fault+0x0/0x5da [<c061e95c>] error_code+0x7c/0x84 [<c0610033>] xfrm_state_walk+0x49/0xb7 ======================= Code: 8b 4c 24 20 01 4c 82 10 57 9d 8b 06 89 f1 8b 5e 08 8b 56 10 f6 c4 40 74 03 8b 4e 0c 85 d2 0f 95 c2 8d 43 01 0f b6 d2 09 c2 31 c0 <83> 79 04 00 0f 95 c0 09 c2 8b 06 25 f1 9c 0a 00 09 c2 74 07 89 EIP: [<c045717f>] get_page_from_freelist+0x1c6/0x2a7 SS:ESP 0068:e66c9b48 Version-Release number of selected component (if applicable): Linux version 2.6.20-1.2316.fc5smp (brewbuilder.redhat.com) (g cc version 4.1.1 20070105 (Red Hat 4.1.1-51)) #1 SMP Fri Apr 27 20:34:56 EDT 200 7 i686 version. How reproducible: 100% reproducible. Steps to Reproduce: 1. Boot system with the 2.6.20-2316 kernel 2. Start Thunderbird 3. Observe kernel messages printed to serial console Actual results: See attached panic messages Expected results: Able to start thunderbird without having the kernel panic. Additional info: dmesg attached
Created attachment 156265 [details] full console output from the event (multiple bad page state and panic msgs)
Created attachment 156266 [details] dmesg from the affected system Attached dmesg.
Fedora apologizes that these issues have not been resolved yet. We're sorry it's taken so long for your bug to be properly triaged and acted on. We appreciate the time you took to report this issue and want to make sure no important bugs slip through the cracks. If you're currently running a version of Fedora Core between 1 and 6, please note that Fedora no longer maintains these releases. We strongly encourage you to upgrade to a current Fedora release. In order to refocus our efforts as a project we are flagging all of the open bugs for releases which are no longer maintained and closing them. http://fedoraproject.org/wiki/LifeCycle/EOL If this bug is still open against Fedora Core 1 through 6, thirty days from now, it will be closed 'WONTFIX'. If you can reporduce this bug in the latest Fedora version, please change to the respective version. If you are unable to do this, please add a comment to this bug requesting the change. Thanks for your help, and we apologize again that we haven't handled these issues to this point. The process we are following is outlined here: http://fedoraproject.org/wiki/BugZappers/F9CleanUp We will be following the process here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this doesn't happen again. And if you'd like to join the bug triage team to help make things better, check out http://fedoraproject.org/wiki/BugZappers
This bug is open for a Fedora version that is no longer maintained and will not be fixed by Fedora. Therefore we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen thus bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.