[Bugme-new] [Bug 4428] New: Repeated - Unable to handle kernel NULL pointer dereference at virtual address 0000000c

bugme-daemon at osdl.org bugme-daemon at osdl.org
Thu Mar 31 00:01:06 PST 2005


http://bugme.osdl.org/show_bug.cgi?id=4428

           Summary: Repeated - Unable to handle kernel NULL pointer
                    dereference at virtual address 0000000c
    Kernel Version: 2.6.10-1.770_FC2smp
            Status: NEW
          Severity: normal
             Owner: process_other at kernel-bugs.osdl.org
         Submitter: tech at rohost.com


Distribution: Fedora Core 2
Hardware Environment: 2 different servers ( custom | HP Proliant ), both 2 x
Intel(R) XEON(TM) CPU (2.00GHz | 2.40Ghz), 1Ghz RAM
Software Environment: crashes in Exim 4.50, running Apache 1.3.33+mod_php+mod_cgi,
mySQL 4.0.22
Problem Description: After "oops", the computer is still responding to ping, but
otherwise is not reacheable. Needs to be rebooted.

Steps to reproduce:
Appeared in different circumstances in different environments, ( both servers
dual processor though ), load doesn't seem to be very important ( last average
load record showed something between 0.5 and 1 for the last case presented here
), but the process was usually Exim, which is used concurently by many users.
Stack indicates in 2 cases red-black handling in sys_setuid.


1.--------------------------------------------------------------------

kernel: Unable to handle kernel NULL pointer dereference at virtual address 0000000c
kernel: c01b49c0
kernel: *pde = 16bc9001
kernel: Oops: 0000 [#1]
kernel: CPU:    2
kernel: EIP:    0060:[<c01b49c0>]    Not tainted VLI
Using defaults from ksymoops -t elf32-i386 -a i386
kernel: EFLAGS: 00010207   (2.6.10-1.770_FC2smp) 
kernel: eax: d8c260c0   ebx: c04265e4   ecx: d8c260c0   edx: 00000000
kernel: esi: d8c260c0   edi: c5e85840   ebp: c04265e4   esp: ddd71ed4
kernel: ds: 007b   es: 007b   ss: 0068
kernel: Stack: eb62a4c0 c01b4ad1 c5e85840 c5e85840 eb62a4c8 00007dab c0197724
eb62a4c0 
kernel:        0000000f ddd71f58 ddd71f67 ffffffea c01977d8 00000017 00000000
00007dab 
kernel:        c031f1e0 ddd71f58 00000000 d907f740 00007dab c0198951 ffffffff
001f0000 
kernel: Call Trace:
kernel:  [<c01b4ad1>] rb_insert_color+0xad/0xcc
kernel:  [<c0197724>] key_user_lookup+0xd4/0x101
kernel:  [<c01977d8>] key_alloc+0x53/0x2bf
kernel:  [<c0198951>] keyring_alloc+0x1a/0x48
kernel:  [<c0199ecf>] alloc_uid_keyring+0x2b/0x7b
kernel:  [<c0126002>] alloc_uid+0xb6/0x143
kernel:  [<c01294e9>] set_user+0xb/0x8c
kernel:  [<c012974f>] sys_setuid+0x71/0x108
kernel:  [<c0103ccb>] syscall_call+0x7/0xb
kernel: Code: 59 83 bc 82 04 01 00 00 00 75 ea 41 83 f9 01 76 ed 31 c0 5b c3 57
b9 45 00 00 00 89 c7 31 c0 f3 ab 5f c3 53 89 c1 89 d3 8b 50 08 <8b> 42 0c 85 c0
89 41 08 74 02 89 08 89 4a 0c 8b 01 85 c0 89 02 


>>EIP; c01b49c0 <remove_dquot_ref+40/190>   <=====

>>eax; d8c260c0 <pg0+186f80c0/3fad0400>
>>ebx; c04265e4 <kallsyms_addresses+4f88/bbc4>
>>ecx; d8c260c0 <pg0+186f80c0/3fad0400>
>>esi; d8c260c0 <pg0+186f80c0/3fad0400>
>>edi; c5e85840 <pg0+5957840/3fad0400>
>>ebp; c04265e4 <kallsyms_addresses+4f88/bbc4>
>>esp; ddd71ed4 <pg0+1d843ed4/3fad0400>

Trace; c01b4ad1 <remove_dquot_ref+151/190>
Trace; c0197724 <shmem_link+74/b0>
Trace; c01977d8 <shmem_unlink+78/b0>
Trace; c0198951 <sys_truncate+21/1d0>
Trace; c0199ecf <sys_open+6f/a0>
Trace; c0126002 <one_highpage_init+32/c0>
Trace; c01294e9 <hugetlb_init+39/90>
Trace; c012974f <biovec_init_pools+9f/f0>
Trace; c0103ccb <dmi_system_id+32b/344>

This architecture has variable length instructions, decoding before eip
is unreliable, take these instructions with a pinch of salt.

Code;  c01b4995 <remove_dquot_ref+15/190>
00000000 <_EIP>:
Code;  c01b4995 <remove_dquot_ref+15/190>
   0:   59                        pop    %ecx
Code;  c01b4996 <remove_dquot_ref+16/190>
   1:   83 bc 82 04 01 00 00      cmpl   $0x0,0x104(%edx,%eax,4)
Code;  c01b499d <remove_dquot_ref+1d/190>
   8:   00 
Code;  c01b499e <remove_dquot_ref+1e/190>
   9:   75 ea                     jne    fffffff5 <_EIP+0xfffffff5>
Code;  c01b49a0 <remove_dquot_ref+20/190>
   b:   41                        inc    %ecx
Code;  c01b49a1 <remove_dquot_ref+21/190>
   c:   83 f9 01                  cmp    $0x1,%ecx
Code;  c01b49a4 <remove_dquot_ref+24/190>
   f:   76 ed                     jbe    fffffffe <_EIP+0xfffffffe>
Code;  c01b49a6 <remove_dquot_ref+26/190>
  11:   31 c0                     xor    %eax,%eax
Code;  c01b49a8 <remove_dquot_ref+28/190>
  13:   5b                        pop    %ebx
Code;  c01b49a9 <remove_dquot_ref+29/190>
  14:   c3                        ret    
Code;  c01b49aa <remove_dquot_ref+2a/190>
  15:   57                        push   %edi
Code;  c01b49ab <remove_dquot_ref+2b/190>
  16:   b9 45 00 00 00            mov    $0x45,%ecx
Code;  c01b49b0 <remove_dquot_ref+30/190>
  1b:   89 c7                     mov    %eax,%edi
Code;  c01b49b2 <remove_dquot_ref+32/190>
  1d:   31 c0                     xor    %eax,%eax
Code;  c01b49b4 <remove_dquot_ref+34/190>
  1f:   f3 ab                     repz stos %eax,%es:(%edi)
Code;  c01b49b6 <remove_dquot_ref+36/190>
  21:   5f                        pop    %edi
Code;  c01b49b7 <remove_dquot_ref+37/190>
  22:   c3                        ret    
Code;  c01b49b8 <remove_dquot_ref+38/190>
  23:   53                        push   %ebx
Code;  c01b49b9 <remove_dquot_ref+39/190>
  24:   89 c1                     mov    %eax,%ecx
Code;  c01b49bb <remove_dquot_ref+3b/190>
  26:   89 d3                     mov    %edx,%ebx
Code;  c01b49bd <remove_dquot_ref+3d/190>
  28:   8b 50 08                  mov    0x8(%eax),%edx

This decode from eip onwards should be reliable

Code;  c01b49c0 <remove_dquot_ref+40/190>
00000000 <_EIP>:
Code;  c01b49c0 <remove_dquot_ref+40/190>   <=====
   0:   8b 42 0c                  mov    0xc(%edx),%eax   <=====
Code;  c01b49c3 <remove_dquot_ref+43/190>
   3:   85 c0                     test   %eax,%eax
Code;  c01b49c5 <remove_dquot_ref+45/190>
   5:   89 41 08                  mov    %eax,0x8(%ecx)
Code;  c01b49c8 <remove_dquot_ref+48/190>
   8:   74 02                     je     c <_EIP+0xc>
Code;  c01b49ca <remove_dquot_ref+4a/190>
   a:   89 08                     mov    %ecx,(%eax)
Code;  c01b49cc <remove_dquot_ref+4c/190>
   c:   89 4a 0c                  mov    %ecx,0xc(%edx)
Code;  c01b49cf <remove_dquot_ref+4f/190>
   f:   8b 01                     mov    (%ecx),%eax
Code;  c01b49d1 <remove_dquot_ref+51/190>
  11:   85 c0                     test   %eax,%eax
Code;  c01b49d3 <remove_dquot_ref+53/190>
  13:   89 02                     mov    %eax,(%edx)


2. ----------------------------------------------------------------

kernel: Unable to handle kernel NULL pointer dereference at virtual address 0000000c
kernel: c01b49c0
kernel: *pde = 327aa001
kernel: Oops: 0000 [#1]
kernel: CPU:    1
kernel: EIP:    0060:[<c01b49c0>]    Not tainted VLI
Using defaults from ksymoops -t elf32-i386 -a i386
kernel: EFLAGS: 00010207   (2.6.10-1.770_FC2smp) 
kernel: eax: efdcbe40   ebx: c04265e4   ecx: efdcbe40   edx: 00000000
kernel: esi: efdcbe40   edi: ce4a5800   ebp: c04265e4   esp: d6697ed4
kernel: ds: 007b   es: 007b   ss: 0068
kernel: Stack: e2131c00 c01b4ad1 ce4a5800 ce4a5800 e2131c08 00007f45 c0197724
e2131c00 
kernel:        0000000f d6697f58 d6697f67 ffffffea c01977d8 00000017 00000000
00007f45 
kernel:        c031f1e0 d6697f58 00000000 f62a6f80 00007f45 c0198951 ffffffff
001f0000 
kernel: Call Trace:
kernel:  [<c01b4ad1>] rb_insert_color+0xad/0xcc
Warning (Oops_read): Code line not seen, dumping what data is available


>>EIP; c01b49c0 <remove_dquot_ref+40/190>   <=====

>>eax; efdcbe40 <pg0+2f89de40/3fad0400>
>>ebx; c04265e4 <kallsyms_addresses+4f88/bbc4>
>>ecx; efdcbe40 <pg0+2f89de40/3fad0400>
>>esi; efdcbe40 <pg0+2f89de40/3fad0400>
>>edi; ce4a5800 <pg0+df77800/3fad0400>
>>ebp; c04265e4 <kallsyms_addresses+4f88/bbc4>
>>esp; d6697ed4 <pg0+16169ed4/3fad0400>

Trace; c01b4ad1 <remove_dquot_ref+151/190>

3. ------------------------------------------------------------------

kernel: Unable to handle kernel NULL pointer dereference at virtual address 0000000c
kernel: c01b3ec8
kernel: *pde = 1ab47001
kernel: Oops: 0000 [#1]
kernel: CPU:    2
kernel: EIP:    0060:[<c01b3ec8>]    Not tainted VLI
Using defaults from ksymoops -t elf32-i386 -a i386
kernel: EFLAGS: 00010207   (2.6.10-1.9_FC2smp) 
kernel: eax: c9fc5900   ebx: c0424464   ecx: c9fc5900   edx: 00000000
kernel: esi: c9fc5900   edi: e9894a00   ebp: c0424464   esp: e2284ed4
kernel: ds: 007b   es: 007b   ss: 0068
kernel: Stack: e183b9c0 c01b3fd9 e9894a00 e9894a00 e183b9c8 00007e9d c0196c2c
e183b9c0 
kernel:        0000000f e2284f58 e2284f67 ffffffea c0196ce0 00000017 00000000
00007e9d 
kernel:        c031e260 e2284f58 00000000 f5bc4900 00007e9d c0197e59 ffffffff
001f0000 
kernel: Call Trace:
kernel:  [<c01b3fd9>] rb_insert_color+0xad/0xcc
kernel:  [<c0196c2c>] key_user_lookup+0xd4/0x101
kernel:  [<c0196ce0>] key_alloc+0x53/0x2bf
kernel:  [<c0197e59>] keyring_alloc+0x1a/0x48
kernel:  [<c01993d7>] alloc_uid_keyring+0x2b/0x7b
kernel:  [<c0125c1a>] alloc_uid+0xb6/0x143
kernel:  [<c0129101>] set_user+0xb/0x8c
kernel:  [<c0129367>] sys_setuid+0x71/0x108
kernel:  [<c0103ccb>] syscall_call+0x7/0xb
kernel: Code: 59 83 bc 82 04 01 00 00 00 75 ea 41 83 f9 01 76 ed 31 c0 5b c3 57
b9 45 00 00 00 89 c7 31 c0 f3 ab 5f c3 53 89 c
Error (Oops_code_values): invalid value 0xc in Code line, must be 2, 4, 8 or 16
digits, value ignored


>>EIP; c01b3ec8 <get_new_inode_fast+68/100>   <=====

>>eax; c9fc5900 <pg0+9a97900/3fad0400>
>>ebx; c0424464 <kallsyms_addresses+2e08/bbc4>
>>ecx; c9fc5900 <pg0+9a97900/3fad0400>
>>esi; c9fc5900 <pg0+9a97900/3fad0400>
>>edi; e9894a00 <pg0+29366a00/3fad0400>
>>ebp; c0424464 <kallsyms_addresses+2e08/bbc4>
>>esp; e2284ed4 <pg0+21d56ed4/3fad0400>

Trace; c01b3fd9 <iunique+79/90>
Trace; c0196c2c <shmem_lock+2c/a0>
Trace; c0196ce0 <shmem_get_inode+10/1a0>
Trace; c0197e59 <shmem_remount_fs+29/a0>
Trace; c01993d7 <sys_access+117/160>
Trace; c0125c1a <page_table_range_init+a/b0>
Trace; c0129101 <kmem_cache_init+151/2d0>
Trace; c0129367 <init_emergency_pool+27/80>
Trace; c0103ccb <dmi_system_id+32b/344>

Code;  c01b3ec8 <get_new_inode_fast+68/100>
00000000 <_EIP>:
Code;  c01b3ec8 <get_new_inode_fast+68/100>   <=====
   0:   59                        pop    %ecx   <=====
Code;  c01b3ec9 <get_new_inode_fast+69/100>
   1:   83 bc 82 04 01 00 00      cmpl   $0x0,0x104(%edx,%eax,4)
Code;  c01b3ed0 <get_new_inode_fast+70/100>
   8:   00 
Code;  c01b3ed1 <get_new_inode_fast+71/100>
   9:   75 ea                     jne    fffffff5 <_EIP+0xfffffff5>
Code;  c01b3ed3 <get_new_inode_fast+73/100>
   b:   41                        inc    %ecx
Code;  c01b3ed4 <get_new_inode_fast+74/100>
   c:   83 f9 01                  cmp    $0x1,%ecx
Code;  c01b3ed7 <get_new_inode_fast+77/100>
   f:   76 ed                     jbe    fffffffe <_EIP+0xfffffffe>
Code;  c01b3ed9 <get_new_inode_fast+79/100>
  11:   31 c0                     xor    %eax,%eax
Code;  c01b3edb <get_new_inode_fast+7b/100>
  13:   5b                        pop    %ebx
Code;  c01b3edc <get_new_inode_fast+7c/100>
  14:   c3                        ret    
Code;  c01b3edd <get_new_inode_fast+7d/100>
  15:   57                        push   %edi
Code;  c01b3ede <get_new_inode_fast+7e/100>
  16:   b9 45 00 00 00            mov    $0x45,%ecx
Code;  c01b3ee3 <get_new_inode_fast+83/100>
  1b:   89 c7                     mov    %eax,%edi
Code;  c01b3ee5 <get_new_inode_fast+85/100>
  1d:   31 c0                     xor    %eax,%eax
Code;  c01b3ee7 <get_new_inode_fast+87/100>
  1f:   f3 ab                     repz stos %eax,%es:(%edi)
Code;  c01b3ee9 <get_new_inode_fast+89/100>
  21:   5f                        pop    %edi
Code;  c01b3eea <get_new_inode_fast+8a/100>
  22:   c3                        ret    
Code;  c01b3eeb <get_new_inode_fast+8b/100>
  23:   53                        push   %ebx
Code;  c01b3eec <get_new_inode_fast+8c/100>
  24:   89 00                     mov    %eax,(%eax)

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.



More information about the Bugme-new mailing list