242785 – Bad page state in process 'thunderbird-bin' on 2.6.20-2316

Bug 242785 - Bad page state in process 'thunderbird-bin' on 2.6.20-2316

Summary: Bad page state in process 'thunderbird-bin' on 2.6.20-2316

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	5
Hardware:	i686
OS:	Linux
Priority:	low
Severity:	high
Target Milestone:	---
Assignee:	Kernel Maintainer List
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:	bzcl34nup
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-06-05 19:17 UTC by Cameron Schaus
Modified:	2008-05-06 19:40 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-05-06 19:40:06 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
full console output from the event (multiple bad page state and panic msgs) (15.08 KB, text/plain) 2007-06-05 19:17 UTC, Cameron Schaus	no flags	Details
dmesg from the affected system (14.26 KB, text/plain) 2007-06-05 19:18 UTC, Cameron Schaus	no flags	Details
View All

Description Cameron Schaus 2007-06-05 19:17:31 UTC

Description of problem:
A FC5 system running the 2.6.20-2316-smp-i686 kernel displays "bad page state in
process ..." messages, and then eventually panics with a "NULL pointer
dereference", when starting thunderbird.

I have seen this behaviour on this physical host, as well as another vmware
based host (hosted on a separate machine).

Starting thunderbird on the affected system is enough to trigger this issue.

Full logs and dmesg are attached.

 Bad page state in process 'thunderbird-bin'
page:c1307ff0 flags:0x40000000 mapping:c1ae05c8 mapcount:0 count:0 (Not tainted)
Trying to fix it up, but a reboot is needed
Backtrace:
 [<c045695b>] bad_page+0x6a/0x96
 [<c045719a>] get_page_from_freelist+0x1e1/0x2a7
 [<c04572c8>] __alloc_pages+0x68/0x2aa
 [<c045887c>] __do_page_cache_readahead+0xc5/0x1cc
 [<c04518f5>] delayacct_end+0x70/0x77
 [<c04553e6>] filemap_nopage+0x14d/0x319
 [<c045e0ea>] __handle_mm_fault+0x1da/0xc41
 [<c0461512>] vma_merge+0x18a/0x19a
 [<c0462af5>] sys_mprotect+0x56d/0x614
 [<c061ffab>] do_page_fault+0x2b7/0x5da
 [<c061fcf4>] do_page_fault+0x0/0x5da
 [<c061e95c>] error_code+0x7c/0x84
 [<c0610033>] xfrm_state_walk+0x49/0xb7
 =======================

... <these messages repeat for thunderbird-bin and kjournald>

BUG: unable to handle kernel NULL pointer dereference at virtual address 0000000
4
 printing eip:
c045717f
*pde = 260a1001
Oops: 0000 [#1]
SMP 
last sysfs file: /block/hdc/hdc1/size
Modules linked in: ipt_REDIRECT iptable_nat nf_nat ipt_REJECT xt_tcpudp iptable_
filter ip_tables x_tables nf_conntrack_ftp nf_conntrack_ipv4 nf_conntrack nfnetl
ink bridge ipv6 dm_mirror dm_mod video sbs i2c_ec dock button battery asus_acpi 
backlight ac lp parport_pc parport floppy ata_piix libata scsi_mod e100 uhci_hcd
 ehci_hcd mii i2c_i810 iTCO_wdt i2c_algo_bit iTCO_vendor_support i2c_i801 i2c_co
re pcspkr ext3 jbd
CPU:    0
EIP:    0060:[<c045717f>]    Tainted: G    B VLI
EFLAGS: 00210046   (2.6.20-1.2316.fc5smp #1)
EIP is at get_page_from_freelist+0x1c6/0x2a7
eax: 00000000   ebx: 47414c46   ecx: 00000000   edx: 47414c47
esi: c13082c0   edi: 00200046   ebp: c06c5c80   esp: e66c9b48
ds: 007b   es: 007b   ss: 0068
Process thunderbird-bin (pid: 3096, ti=e66c9000 task=e65ff9f0 task.ti=e66c9000)
Stack: 00000001 00000044 e66c9bd8 00000001 00000000 00031280 c06c8198 00000000 
       00000001 00001000 00000001 00000000 00011280 00011280 c06c8194 e65ff9f0 
       c04572c8 00000044 e66c9bd8 e66c9c34 c04e3007 00000000 00031280 00000000 
Call Trace:
 [<c04572c8>] __alloc_pages+0x68/0x2aa
 [<c04e3007>] cfq_find_cfq_hash+0x18/0x1b
 [<c046c83a>] cache_alloc_refill+0x26f/0x468
 [<c04ea6d0>] __delay+0x6/0x7
 [<c046c5c1>] kmem_cache_alloc+0x4c/0x56
 [<c04558d0>] mempool_alloc+0x37/0xd5
 [<c048e24b>] bio_alloc_bioset+0x9b/0xf3
 [<c048e2ae>] bio_alloc+0xb/0x17
 [<c04914a1>] mpage_alloc+0x21/0x79
 [<c0492052>] do_mpage_readpage+0x4e4/0x5cc
 [<f89056de>] ext3_get_block+0x0/0xd0 [ext3]
 [<c061e717>] _write_unlock_irq+0x5/0x7
 [<c0453031>] add_to_page_cache+0x68/0x6f
 [<c049264d>] mpage_readpages+0xac/0x10f
 [<f89056de>] ext3_get_block+0x0/0xd0 [ext3]
 [<c04572c8>] __alloc_pages+0x68/0x2aa
 [<f8904be7>] ext3_readpages+0x0/0x15 [ext3]
 [<c04588dc>] __do_page_cache_readahead+0x125/0x1cc
 [<f89056de>] ext3_get_block+0x0/0xd0 [ext3]
 [<c04553e6>] filemap_nopage+0x14d/0x319
 [<c045e0ea>] __handle_mm_fault+0x1da/0xc41
 [<c0461512>] vma_merge+0x18a/0x19a
 [<c0462af5>] sys_mprotect+0x56d/0x614
 [<c061ffab>] do_page_fault+0x2b7/0x5da
 [<c061fcf4>] do_page_fault+0x0/0x5da
 [<c061e95c>] error_code+0x7c/0x84
 [<c0610033>] xfrm_state_walk+0x49/0xb7
 =======================
Code: 8b 4c 24 20 01 4c 82 10 57 9d 8b 06 89 f1 8b 5e 08 8b 56 10 f6 c4 40 74 03
 8b 4e 0c 85 d2 0f 95 c2 8d 43 01 0f b6 d2 09 c2 31 c0 <83> 79 04 00 0f 95 c0 09
 c2 8b 06 25 f1 9c 0a 00 09 c2 74 07 89 
EIP: [<c045717f>] get_page_from_freelist+0x1c6/0x2a7 SS:ESP 0068:e66c9b48


Version-Release number of selected component (if applicable):
Linux version 2.6.20-1.2316.fc5smp (brewbuilder.redhat.com) (g
cc version 4.1.1 20070105 (Red Hat 4.1.1-51)) #1 SMP Fri Apr 27 20:34:56 EDT 200
7
i686 version.

How reproducible:
100% reproducible.


Steps to Reproduce:
1. Boot system with the 2.6.20-2316 kernel
2. Start Thunderbird
3. Observe kernel messages printed to serial console
  
Actual results:
See attached panic messages

Expected results:
Able to start thunderbird without having the kernel panic.

Additional info:
dmesg attached

Comment 1 Cameron Schaus 2007-06-05 19:17:31 UTC

Created attachment 156265 [details]
full console output from the event (multiple bad page state and panic msgs)

Comment 2 Cameron Schaus 2007-06-05 19:18:32 UTC

Created attachment 156266 [details]
dmesg from the affected system

Attached dmesg.

Comment 3 Bug Zapper 2008-04-04 07:22:33 UTC

Fedora apologizes that these issues have not been resolved yet. We're
sorry it's taken so long for your bug to be properly triaged and acted
on. We appreciate the time you took to report this issue and want to
make sure no important bugs slip through the cracks.

If you're currently running a version of Fedora Core between 1 and 6,
please note that Fedora no longer maintains these releases. We strongly
encourage you to upgrade to a current Fedora release. In order to
refocus our efforts as a project we are flagging all of the open bugs
for releases which are no longer maintained and closing them.
http://fedoraproject.org/wiki/LifeCycle/EOL

If this bug is still open against Fedora Core 1 through 6, thirty days
from now, it will be closed 'WONTFIX'. If you can reporduce this bug in
the latest Fedora version, please change to the respective version. If
you are unable to do this, please add a comment to this bug requesting
the change.

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we are following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.

And if you'd like to join the bug triage team to help make things
better, check out http://fedoraproject.org/wiki/BugZappers

Comment 4 Bug Zapper 2008-05-06 19:40:04 UTC

This bug is open for a Fedora version that is no longer maintained and
will not be fixed by Fedora. Therefore we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen thus bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.