Ubuntu
linux-source-2.6.17 package

kernel bug, you figure it out.

Bug #57642 reported by John Moser
2
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Incomplete
Undecided
Unassigned
linux-source-2.6.17 (Ubuntu)
Won't Fix
Low
Unassigned

Bug Description

Binary package hint: linux-image-2.6.17-6-686

[17529196.336000] BUG: unable to handle kernel NULL pointer dereference at virtual address 00000074
[17529196.336000] printing eip:
[17529196.336000] c02d52d1
[17529196.336000] *pde = 00000000
[17529196.336000] Oops: 0002 [#1]
[17529196.336000] SMP
[17529196.336000] Modules linked in: nls_utf8 binfmt_misc rfcomm l2cap bluetooth powernow_k8 cpufreq_userspace cpufreq_stats freq_table cpufreq_powersave cpufreq_ondemand cpufreq_conservative video tc1100_wmi sony_acpi pcc_acpi hotkey dev_acpi container button acpi_sbs battery ac i2c_acpi_ec nls_iso8859_1 nls_cp437 vfat fat xfs dm_mod md_mod sr_mod sbp2 parport_pc lp parport tsdev snd_emu10k1_synth snd_emux_synth snd_seq_virmidi snd_seq_midi_emul snd_seq_dummy snd_seq_oss snd_seq_midi snd_seq_midi_event snd_seq snd_emu10k1 snd_rawmidi snd_ac97_codec snd_ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm ipv6 snd_seq_device i2c_viapro snd_timer snd_page_alloc snd_util_mem sg i2c_core snd_hwdep snd evdev amd64_agp agpgart shpchp soundcore 8139cp 8139too mii pci_hotplug usblp psmouse serio_raw pcspkr usb_storage usbhid libusual ext3 jbd ehci_hcd ohci1394 ieee1394 uhci_hcd usbcore ide_generic sd_mod sata_via libata scsi_mod ide_cd cdrom generic via82cxxx thermal processor fan fbcon tileblit font bitblit softcursor vesafb capability commoncap
[17529196.336000] CPU: 0
[17529196.336000] EIP: 0060:[<c02d52d1>] Not tainted VLI
[17529196.336000] EFLAGS: 00010206 (2.6.17-6-686 #2)
[17529196.336000] EIP is at mutex_unlock+0x1/0x10
[17529196.336000] eax: 00000074 ebx: 00000000 ecx: 00000000 edx: 00000007
[17529196.336000] esi: caeac94c edi: e3300b64 ebp: e3300b64 esp: c28afdb4
[17529196.336000] ds: 007b es: 007b ss: 0068
[17529196.336000] Process dd (pid: 30638, threadinfo=c28ae000 task=dfb0ba90)
[17529196.336000] Stack: c0178a1f c28afe58 00000001 ef1bec80 c017596c 00000000 00000001 0000000b
[17529196.336000] c0361770 c28afe17 c28afe57 c28affbc 0000000b 000003e8 c0368790 00000001
[17529196.336000] 00028042 00000001 00000000 00000000 dfb0ba90 c28ae000 00000000 003e46b2
[17529196.336000] Call Trace:
[17529196.336000] <c0178a1f> vfs_unlink+0xbf/0x110 <c017596c> do_coredump+0x46c/0x8e0
[17529196.336000] <f88aa79a> scsi_request_fn+0x20a/0x370 [scsi_mod] <c012b14a> del_timer+0x5a/0x70
[17529196.336000] <c011aa90> try_to_wake_up+0x70/0x3e0 <c012bb25> __dequeue_signal+0xc5/0x1a0
[17529196.336000] <c012d7dc> get_signal_to_deliver+0x29c/0x3d0 <c02d6e80> do_page_fault+0x0/0x6f0
[17529196.336000] <c010269b> do_notify_resume+0x8b/0x6e0 <c01580ea> __handle_mm_fault+0x3da/0x8e0
[17529196.336000] <c02d6f88> do_page_fault+0x108/0x6f0 <c02d6e80> do_page_fault+0x0/0x6f0
[17529196.336000] <c01030ca> work_notifysig+0x13/0x19
[17529196.336000] Code: 8d 54 24 04 89 0c 24 89 f9 e8 1c ff ff ff 8b 5c 24 20 8b 74 24 24 8b 7c 24 28 83 c4 2c c3 00 00 00 00 00 00 00 00 00 00 00 00 90 <ff> 00 0f 8e cc 01 00 00 c3 8d b6 00 00 00 00 53 89 c3 e8 08 f5
[17529196.336000] EIP: [<c02d52d1>] mutex_unlock+0x1/0x10 SS:ESP 0068:c28afdb4
[17529196.336000] <1>BUG: unable to handle kernel NULL pointer dereference at virtual address 00000074
[17529218.188000] printing eip:
[17529218.188000] c02d52d1
[17529218.188000] *pde = 00000000
[17529218.188000] Oops: 0002 [#2]
[17529218.188000] SMP
[17529218.188000] Modules linked in: nls_utf8 binfmt_misc rfcomm l2cap bluetooth powernow_k8 cpufreq_userspace cpufreq_stats freq_table cpufreq_powersave cpufreq_ondemand cpufreq_conservative video tc1100_wmi sony_acpi pcc_acpi hotkey dev_acpi container button acpi_sbs battery ac i2c_acpi_ec nls_iso8859_1 nls_cp437 vfat fat xfs dm_mod md_mod sr_mod sbp2 parport_pc lp parport tsdev snd_emu10k1_synth snd_emux_synth snd_seq_virmidi snd_seq_midi_emul snd_seq_dummy snd_seq_oss snd_seq_midi snd_seq_midi_event snd_seq snd_emu10k1 snd_rawmidi snd_ac97_codec snd_ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm ipv6 snd_seq_device i2c_viapro snd_timer snd_page_alloc snd_util_mem sg i2c_core snd_hwdep snd evdev amd64_agp agpgart shpchp soundcore 8139cp 8139too mii pci_hotplug usblp psmouse serio_raw pcspkr usb_storage usbhid libusual ext3 jbd ehci_hcd ohci1394 ieee1394 uhci_hcd usbcore ide_generic sd_mod sata_via libata scsi_mod ide_cd cdrom generic via82cxxx thermal processor fan fbcon tileblit font bitblit softcursor vesafb capability commoncap
[17529218.188000] CPU: 0
[17529218.188000] EIP: 0060:[<c02d52d1>] Not tainted VLI
[17529218.188000] EFLAGS: 00010206 (2.6.17-6-686 #2)
[17529218.188000] EIP is at mutex_unlock+0x1/0x10
[17529218.188000] eax: 00000074 ebx: 00000000 ecx: 00000000 edx: 00000007
[17529218.188000] esi: caeac94c edi: e548663c ebp: e548663c esp: d7e7fdb4
[17529218.188000] ds: 007b es: 007b ss: 0068
[17529218.188000] Process dd (pid: 30695, threadinfo=d7e7e000 task=ee244030)
[17529218.188000] Stack: c0178a1f d7e7fe58 00000001 ef1be740 c017596c 00000000 00000001 0000000b
[17529218.188000] c6c11144 d7e7fe17 d7e7fe57 d7e7ffbc 0000000b 000003e8 c0368790 00000001
[17529218.188000] 00028042 00000001 00000000 00000000 ee244030 d7e7e000 00000000 00000000
[17529218.188000] Call Trace:
[17529218.188000] <c0178a1f> vfs_unlink+0xbf/0x110 <c017596c> do_coredump+0x46c/0x8e0
[17529218.188000] <c0186631> mntput_no_expire+0x21/0x90 <c017a1e1> link_path_walk+0x71/0xf0
[17529218.188000] <c011aa90> try_to_wake_up+0x70/0x3e0 <c012bb25> __dequeue_signal+0xc5/0x1a0
[17529218.188000] <c012d7dc> get_signal_to_deliver+0x29c/0x3d0 <c02d6e80> do_page_fault+0x0/0x6f0
[17529218.188000] <c010269b> do_notify_resume+0x8b/0x6e0 <c0157f15> __handle_mm_fault+0x205/0x8e0
[17529218.188000] <c02d6f88> do_page_fault+0x108/0x6f0 <c02d6e80> do_page_fault+0x0/0x6f0
[17529218.188000] <c01030ca> work_notifysig+0x13/0x19
[17529218.188000] Code: 8d 54 24 04 89 0c 24 89 f9 e8 1c ff ff ff 8b 5c 24 20 8b 74 24 24 8b 7c 24 28 83 c4 2c c3 00 00 00 00 00 00 00 00 00 00 00 00 90 <ff> 00 0f 8e cc 01 00 00 c3 8d b6 00 00 00 00 53 89 c3 e8 08 f5
[17529218.188000] EIP: [<c02d52d1>] mutex_unlock+0x1/0x10 SS:ESP 0068:d7e7fdb4
[17529218.188000]

This got triggered and crashed Wine when I did:

dd if=/bin/cat of=/dev/zero bs=1 count=512

An attempt with /dev/null triggered a second one.

Mark Reitblatt (mark-reitblatt)
Changed in linux-source-2.6.17:
importance: Untriaged → Low
Revision history for this message
Ben Collins (ben-collins) wrote :

Can you reproduce this consistently?

Revision history for this message
John Moser (nigelenki) wrote :

Nope, dd doesn't cause a crash anymore (rebooted and ran a full memtest86+ pass); although it does segfault if I attempt to dd /bin/cat into /dev/null or /dev/zero.

I believe some earlier conditions may have caused an inconsistent state in the kernel which got triggered by the dd attempts; however, I do not see why dd should segfault. There may be a bug in dd; or the kernel may be doing something that ties into these BUG reports.

Unfortunately this is as far as I can go with this; I have no method to reproduce it, hopefully some kernel guru figures this out. The only lead I have is that you should check to make sure 'dd' doesn't have a bug itself. 'cat /bin/cat > /dev/null' doesn't segfault so I doubt there is a specific kernel bug; but we'll see. The above messages have to come from somewhere.

Revision history for this message
Dennis Kaarsemaker (dennis) wrote : Re: [Bug 57642] Re: kernel bug, you figure it out.

dd segfaulting should not happen with LOCALE=C LC_ALL=C dd -- known bug
in language packs.

Revision history for this message
John Moser (nigelenki) wrote :

So, after reporting this bug, I did a reboot, full memtest86+ pass (no errors), and went on my way.

I was running GIMP this time, trying to "open location" (which failed) when I got the same bug.

bluefox@icebox:/tmp/x/mtrace$ dmesg | grep BUG
[17793612.096000] BUG: unable to handle kernel NULL pointer dereference at virtual address 00000074
bluefox@icebox:/tmp/x/mtrace$ uptime
 23:49:11 up 7 days, 2:35, 9 users, load average: 1.79, 1.17, 0.82
bluefox@icebox:/tmp/x/mtrace$ uname -a
Linux icebox 2.6.17-6-686 #2 SMP Fri Aug 11 22:09:15 UTC 2006 i686 GNU/Linux

Honestly I have no clue. It just HAPPENS out of NOWHERE, some random thing goes wrong, and then I go happily along my way.

Revision history for this message
Matthew Garrett (mjg59) wrote :

Either a buggy driver is scribbling over your RAM, or your hardware is
broken. Given the lack of similar reports I'd suspect the latter, but
can we have an lsmod?

Revision history for this message
John Moser (nigelenki) wrote : Re: [Bug 57642] Re: [Bug 57642] Re: kernel bug, you figure it out.
Download full text (5.4 KiB)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

bluefox@icebox:~/mtrace$ lsmod
Module Size Used by
isofs 37308 1
udf 89028 0
nls_utf8 2368 1
binfmt_misc 12488 1
rfcomm 40564 0
l2cap 25440 5 rfcomm
bluetooth 51812 4 rfcomm,l2cap
powernow_k8 14112 0
cpufreq_userspace 4576 0
cpufreq_stats 6880 0
freq_table 5248 2 powernow_k8,cpufreq_stats
cpufreq_powersave 2048 0
cpufreq_ondemand 8076 1
cpufreq_conservative 7976 0
video 16164 0
tc1100_wmi 7396 0
sony_acpi 5612 0
pcc_acpi 13344 0
hotkey 10436 0
dev_acpi 11428 0
container 4736 0
button 6960 0
acpi_sbs 22412 0
battery 10372 1 acpi_sbs
ac 5476 1 acpi_sbs
i2c_acpi_ec 5344 1 acpi_sbs
nls_iso8859_1 4416 1
nls_cp437 6080 2
vfat 13824 2
fat 55516 1 vfat
xfs 616856 1
dm_mod 61272 0
md_mod 82068 0
sr_mod 17284 0
ipv6 269440 12
sbp2 23688 0
parport_pc 36868 0
lp 12356 0
parport 38600 2 parport_pc,lp
snd_emu10k1_synth 8000 0
snd_emux_synth 38624 1 snd_emu10k1_synth
snd_seq_virmidi 7808 1 snd_emux_synth
snd_seq_midi_emul 7360 1 snd_emux_synth
snd_seq_dummy 4132 0
snd_seq_oss 35744 0
tsdev 8256 0
snd_seq_midi 9184 0
snd_seq_midi_event 8160 3 snd_seq_virmidi,snd_seq_oss,snd_seq_midi
snd_seq 58224 9
snd_emux_synth,snd_seq_virmidi,snd_seq_midi_emul,snd_seq_dummy,snd_seq_oss,snd_seq_midi,snd_seq_midi_event
usb_storage 74176 1
8139cp 23968 0
snd_emu10k1 127744 2 snd_emu10k1_synth
snd_rawmidi 26368 3 snd_seq_virmidi,snd_seq_midi,snd_emu10k1
snd_ac97_codec 96864 1 snd_emu10k1
snd_ac97_bus 2560 1 snd_ac97_codec
snd_pcm_oss 46624 0
snd_mixer_oss 18880 1 snd_pcm_oss
sg 36508 0
snd_pcm 83812 3 snd_emu10k1,snd_ac97_codec,snd_pcm_oss
shpchp 41696 0
pci_hotplug 32316 1 shpchp
snd_seq_device 9004 8
snd_emu10k1_synth,snd_emux_synth,snd_seq_dummy,snd_seq_oss,snd_seq_midi,snd_seq,snd_emu10k1,snd_rawmidi
snd_timer 24548 3 snd_seq,snd_emu10k1,snd_pcm
snd_page_alloc 10568 2 snd_emu10k1,snd_pcm
snd_util_mem 5184 2 snd_emux_synth,snd_emu10k1
snd_hwdep 9892 2 snd_emux_synth,snd_emu10k1
evdev 10528 3
amd64_agp 13028 1
agpgart 34088 1 amd64_agp
i2c_viapro 9044 0
8139too 28224 0
mii 6048 2 8139cp,8139too
snd 57156 15
snd_emux_synth,snd_seq_virmidi,snd_seq_oss,snd_seq,snd_emu10k1,snd_rawmidi,snd_ac9...

Read more...

Revision history for this message
Launchpad Janitor (janitor) wrote : This bug is now reported against the 'linux' package

The 18 month support period for Edgy Eft 6.10 has reached its end of life. As a result, we are closing the linux-source-2.6.17 Edgy Eft kernel task. However, development has already began for the upcoming Intrepid Ibex 8.10 release. It would be helpful if you could test the upcoming release and verify if this is still an issue - http://www.ubuntu.com/testing . If the issue still exists, please update this report by changing the Status of the "linux" task from "Incomplete" to "New". We appreciate your patience and understanding as we make this transition. Thanks!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.