[Bugme-new] [Bug 4428] New: Repeated - Unable to handle kernel NULL
pointer dereference at virtual address 0000000c
bugme-daemon at osdl.org
bugme-daemon at osdl.org
Thu Mar 31 00:01:06 PST 2005
http://bugme.osdl.org/show_bug.cgi?id=4428
Summary: Repeated - Unable to handle kernel NULL pointer
dereference at virtual address 0000000c
Kernel Version: 2.6.10-1.770_FC2smp
Status: NEW
Severity: normal
Owner: process_other at kernel-bugs.osdl.org
Submitter: tech at rohost.com
Distribution: Fedora Core 2
Hardware Environment: 2 different servers ( custom | HP Proliant ), both 2 x
Intel(R) XEON(TM) CPU (2.00GHz | 2.40Ghz), 1Ghz RAM
Software Environment: crashes in Exim 4.50, running Apache 1.3.33+mod_php+mod_cgi,
mySQL 4.0.22
Problem Description: After "oops", the computer is still responding to ping, but
otherwise is not reacheable. Needs to be rebooted.
Steps to reproduce:
Appeared in different circumstances in different environments, ( both servers
dual processor though ), load doesn't seem to be very important ( last average
load record showed something between 0.5 and 1 for the last case presented here
), but the process was usually Exim, which is used concurently by many users.
Stack indicates in 2 cases red-black handling in sys_setuid.
1.--------------------------------------------------------------------
kernel: Unable to handle kernel NULL pointer dereference at virtual address 0000000c
kernel: c01b49c0
kernel: *pde = 16bc9001
kernel: Oops: 0000 [#1]
kernel: CPU: 2
kernel: EIP: 0060:[<c01b49c0>] Not tainted VLI
Using defaults from ksymoops -t elf32-i386 -a i386
kernel: EFLAGS: 00010207 (2.6.10-1.770_FC2smp)
kernel: eax: d8c260c0 ebx: c04265e4 ecx: d8c260c0 edx: 00000000
kernel: esi: d8c260c0 edi: c5e85840 ebp: c04265e4 esp: ddd71ed4
kernel: ds: 007b es: 007b ss: 0068
kernel: Stack: eb62a4c0 c01b4ad1 c5e85840 c5e85840 eb62a4c8 00007dab c0197724
eb62a4c0
kernel: 0000000f ddd71f58 ddd71f67 ffffffea c01977d8 00000017 00000000
00007dab
kernel: c031f1e0 ddd71f58 00000000 d907f740 00007dab c0198951 ffffffff
001f0000
kernel: Call Trace:
kernel: [<c01b4ad1>] rb_insert_color+0xad/0xcc
kernel: [<c0197724>] key_user_lookup+0xd4/0x101
kernel: [<c01977d8>] key_alloc+0x53/0x2bf
kernel: [<c0198951>] keyring_alloc+0x1a/0x48
kernel: [<c0199ecf>] alloc_uid_keyring+0x2b/0x7b
kernel: [<c0126002>] alloc_uid+0xb6/0x143
kernel: [<c01294e9>] set_user+0xb/0x8c
kernel: [<c012974f>] sys_setuid+0x71/0x108
kernel: [<c0103ccb>] syscall_call+0x7/0xb
kernel: Code: 59 83 bc 82 04 01 00 00 00 75 ea 41 83 f9 01 76 ed 31 c0 5b c3 57
b9 45 00 00 00 89 c7 31 c0 f3 ab 5f c3 53 89 c1 89 d3 8b 50 08 <8b> 42 0c 85 c0
89 41 08 74 02 89 08 89 4a 0c 8b 01 85 c0 89 02
>>EIP; c01b49c0 <remove_dquot_ref+40/190> <=====
>>eax; d8c260c0 <pg0+186f80c0/3fad0400>
>>ebx; c04265e4 <kallsyms_addresses+4f88/bbc4>
>>ecx; d8c260c0 <pg0+186f80c0/3fad0400>
>>esi; d8c260c0 <pg0+186f80c0/3fad0400>
>>edi; c5e85840 <pg0+5957840/3fad0400>
>>ebp; c04265e4 <kallsyms_addresses+4f88/bbc4>
>>esp; ddd71ed4 <pg0+1d843ed4/3fad0400>
Trace; c01b4ad1 <remove_dquot_ref+151/190>
Trace; c0197724 <shmem_link+74/b0>
Trace; c01977d8 <shmem_unlink+78/b0>
Trace; c0198951 <sys_truncate+21/1d0>
Trace; c0199ecf <sys_open+6f/a0>
Trace; c0126002 <one_highpage_init+32/c0>
Trace; c01294e9 <hugetlb_init+39/90>
Trace; c012974f <biovec_init_pools+9f/f0>
Trace; c0103ccb <dmi_system_id+32b/344>
This architecture has variable length instructions, decoding before eip
is unreliable, take these instructions with a pinch of salt.
Code; c01b4995 <remove_dquot_ref+15/190>
00000000 <_EIP>:
Code; c01b4995 <remove_dquot_ref+15/190>
0: 59 pop %ecx
Code; c01b4996 <remove_dquot_ref+16/190>
1: 83 bc 82 04 01 00 00 cmpl $0x0,0x104(%edx,%eax,4)
Code; c01b499d <remove_dquot_ref+1d/190>
8: 00
Code; c01b499e <remove_dquot_ref+1e/190>
9: 75 ea jne fffffff5 <_EIP+0xfffffff5>
Code; c01b49a0 <remove_dquot_ref+20/190>
b: 41 inc %ecx
Code; c01b49a1 <remove_dquot_ref+21/190>
c: 83 f9 01 cmp $0x1,%ecx
Code; c01b49a4 <remove_dquot_ref+24/190>
f: 76 ed jbe fffffffe <_EIP+0xfffffffe>
Code; c01b49a6 <remove_dquot_ref+26/190>
11: 31 c0 xor %eax,%eax
Code; c01b49a8 <remove_dquot_ref+28/190>
13: 5b pop %ebx
Code; c01b49a9 <remove_dquot_ref+29/190>
14: c3 ret
Code; c01b49aa <remove_dquot_ref+2a/190>
15: 57 push %edi
Code; c01b49ab <remove_dquot_ref+2b/190>
16: b9 45 00 00 00 mov $0x45,%ecx
Code; c01b49b0 <remove_dquot_ref+30/190>
1b: 89 c7 mov %eax,%edi
Code; c01b49b2 <remove_dquot_ref+32/190>
1d: 31 c0 xor %eax,%eax
Code; c01b49b4 <remove_dquot_ref+34/190>
1f: f3 ab repz stos %eax,%es:(%edi)
Code; c01b49b6 <remove_dquot_ref+36/190>
21: 5f pop %edi
Code; c01b49b7 <remove_dquot_ref+37/190>
22: c3 ret
Code; c01b49b8 <remove_dquot_ref+38/190>
23: 53 push %ebx
Code; c01b49b9 <remove_dquot_ref+39/190>
24: 89 c1 mov %eax,%ecx
Code; c01b49bb <remove_dquot_ref+3b/190>
26: 89 d3 mov %edx,%ebx
Code; c01b49bd <remove_dquot_ref+3d/190>
28: 8b 50 08 mov 0x8(%eax),%edx
This decode from eip onwards should be reliable
Code; c01b49c0 <remove_dquot_ref+40/190>
00000000 <_EIP>:
Code; c01b49c0 <remove_dquot_ref+40/190> <=====
0: 8b 42 0c mov 0xc(%edx),%eax <=====
Code; c01b49c3 <remove_dquot_ref+43/190>
3: 85 c0 test %eax,%eax
Code; c01b49c5 <remove_dquot_ref+45/190>
5: 89 41 08 mov %eax,0x8(%ecx)
Code; c01b49c8 <remove_dquot_ref+48/190>
8: 74 02 je c <_EIP+0xc>
Code; c01b49ca <remove_dquot_ref+4a/190>
a: 89 08 mov %ecx,(%eax)
Code; c01b49cc <remove_dquot_ref+4c/190>
c: 89 4a 0c mov %ecx,0xc(%edx)
Code; c01b49cf <remove_dquot_ref+4f/190>
f: 8b 01 mov (%ecx),%eax
Code; c01b49d1 <remove_dquot_ref+51/190>
11: 85 c0 test %eax,%eax
Code; c01b49d3 <remove_dquot_ref+53/190>
13: 89 02 mov %eax,(%edx)
2. ----------------------------------------------------------------
kernel: Unable to handle kernel NULL pointer dereference at virtual address 0000000c
kernel: c01b49c0
kernel: *pde = 327aa001
kernel: Oops: 0000 [#1]
kernel: CPU: 1
kernel: EIP: 0060:[<c01b49c0>] Not tainted VLI
Using defaults from ksymoops -t elf32-i386 -a i386
kernel: EFLAGS: 00010207 (2.6.10-1.770_FC2smp)
kernel: eax: efdcbe40 ebx: c04265e4 ecx: efdcbe40 edx: 00000000
kernel: esi: efdcbe40 edi: ce4a5800 ebp: c04265e4 esp: d6697ed4
kernel: ds: 007b es: 007b ss: 0068
kernel: Stack: e2131c00 c01b4ad1 ce4a5800 ce4a5800 e2131c08 00007f45 c0197724
e2131c00
kernel: 0000000f d6697f58 d6697f67 ffffffea c01977d8 00000017 00000000
00007f45
kernel: c031f1e0 d6697f58 00000000 f62a6f80 00007f45 c0198951 ffffffff
001f0000
kernel: Call Trace:
kernel: [<c01b4ad1>] rb_insert_color+0xad/0xcc
Warning (Oops_read): Code line not seen, dumping what data is available
>>EIP; c01b49c0 <remove_dquot_ref+40/190> <=====
>>eax; efdcbe40 <pg0+2f89de40/3fad0400>
>>ebx; c04265e4 <kallsyms_addresses+4f88/bbc4>
>>ecx; efdcbe40 <pg0+2f89de40/3fad0400>
>>esi; efdcbe40 <pg0+2f89de40/3fad0400>
>>edi; ce4a5800 <pg0+df77800/3fad0400>
>>ebp; c04265e4 <kallsyms_addresses+4f88/bbc4>
>>esp; d6697ed4 <pg0+16169ed4/3fad0400>
Trace; c01b4ad1 <remove_dquot_ref+151/190>
3. ------------------------------------------------------------------
kernel: Unable to handle kernel NULL pointer dereference at virtual address 0000000c
kernel: c01b3ec8
kernel: *pde = 1ab47001
kernel: Oops: 0000 [#1]
kernel: CPU: 2
kernel: EIP: 0060:[<c01b3ec8>] Not tainted VLI
Using defaults from ksymoops -t elf32-i386 -a i386
kernel: EFLAGS: 00010207 (2.6.10-1.9_FC2smp)
kernel: eax: c9fc5900 ebx: c0424464 ecx: c9fc5900 edx: 00000000
kernel: esi: c9fc5900 edi: e9894a00 ebp: c0424464 esp: e2284ed4
kernel: ds: 007b es: 007b ss: 0068
kernel: Stack: e183b9c0 c01b3fd9 e9894a00 e9894a00 e183b9c8 00007e9d c0196c2c
e183b9c0
kernel: 0000000f e2284f58 e2284f67 ffffffea c0196ce0 00000017 00000000
00007e9d
kernel: c031e260 e2284f58 00000000 f5bc4900 00007e9d c0197e59 ffffffff
001f0000
kernel: Call Trace:
kernel: [<c01b3fd9>] rb_insert_color+0xad/0xcc
kernel: [<c0196c2c>] key_user_lookup+0xd4/0x101
kernel: [<c0196ce0>] key_alloc+0x53/0x2bf
kernel: [<c0197e59>] keyring_alloc+0x1a/0x48
kernel: [<c01993d7>] alloc_uid_keyring+0x2b/0x7b
kernel: [<c0125c1a>] alloc_uid+0xb6/0x143
kernel: [<c0129101>] set_user+0xb/0x8c
kernel: [<c0129367>] sys_setuid+0x71/0x108
kernel: [<c0103ccb>] syscall_call+0x7/0xb
kernel: Code: 59 83 bc 82 04 01 00 00 00 75 ea 41 83 f9 01 76 ed 31 c0 5b c3 57
b9 45 00 00 00 89 c7 31 c0 f3 ab 5f c3 53 89 c
Error (Oops_code_values): invalid value 0xc in Code line, must be 2, 4, 8 or 16
digits, value ignored
>>EIP; c01b3ec8 <get_new_inode_fast+68/100> <=====
>>eax; c9fc5900 <pg0+9a97900/3fad0400>
>>ebx; c0424464 <kallsyms_addresses+2e08/bbc4>
>>ecx; c9fc5900 <pg0+9a97900/3fad0400>
>>esi; c9fc5900 <pg0+9a97900/3fad0400>
>>edi; e9894a00 <pg0+29366a00/3fad0400>
>>ebp; c0424464 <kallsyms_addresses+2e08/bbc4>
>>esp; e2284ed4 <pg0+21d56ed4/3fad0400>
Trace; c01b3fd9 <iunique+79/90>
Trace; c0196c2c <shmem_lock+2c/a0>
Trace; c0196ce0 <shmem_get_inode+10/1a0>
Trace; c0197e59 <shmem_remount_fs+29/a0>
Trace; c01993d7 <sys_access+117/160>
Trace; c0125c1a <page_table_range_init+a/b0>
Trace; c0129101 <kmem_cache_init+151/2d0>
Trace; c0129367 <init_emergency_pool+27/80>
Trace; c0103ccb <dmi_system_id+32b/344>
Code; c01b3ec8 <get_new_inode_fast+68/100>
00000000 <_EIP>:
Code; c01b3ec8 <get_new_inode_fast+68/100> <=====
0: 59 pop %ecx <=====
Code; c01b3ec9 <get_new_inode_fast+69/100>
1: 83 bc 82 04 01 00 00 cmpl $0x0,0x104(%edx,%eax,4)
Code; c01b3ed0 <get_new_inode_fast+70/100>
8: 00
Code; c01b3ed1 <get_new_inode_fast+71/100>
9: 75 ea jne fffffff5 <_EIP+0xfffffff5>
Code; c01b3ed3 <get_new_inode_fast+73/100>
b: 41 inc %ecx
Code; c01b3ed4 <get_new_inode_fast+74/100>
c: 83 f9 01 cmp $0x1,%ecx
Code; c01b3ed7 <get_new_inode_fast+77/100>
f: 76 ed jbe fffffffe <_EIP+0xfffffffe>
Code; c01b3ed9 <get_new_inode_fast+79/100>
11: 31 c0 xor %eax,%eax
Code; c01b3edb <get_new_inode_fast+7b/100>
13: 5b pop %ebx
Code; c01b3edc <get_new_inode_fast+7c/100>
14: c3 ret
Code; c01b3edd <get_new_inode_fast+7d/100>
15: 57 push %edi
Code; c01b3ede <get_new_inode_fast+7e/100>
16: b9 45 00 00 00 mov $0x45,%ecx
Code; c01b3ee3 <get_new_inode_fast+83/100>
1b: 89 c7 mov %eax,%edi
Code; c01b3ee5 <get_new_inode_fast+85/100>
1d: 31 c0 xor %eax,%eax
Code; c01b3ee7 <get_new_inode_fast+87/100>
1f: f3 ab repz stos %eax,%es:(%edi)
Code; c01b3ee9 <get_new_inode_fast+89/100>
21: 5f pop %edi
Code; c01b3eea <get_new_inode_fast+8a/100>
22: c3 ret
Code; c01b3eeb <get_new_inode_fast+8b/100>
23: 53 push %ebx
Code; c01b3eec <get_new_inode_fast+8c/100>
24: 89 00 mov %eax,(%eax)
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Bugme-new
mailing list