82064 – speakup causes NULL pointer dereference error with gentoo-dev-sources-2.6.10-r7

Bug 82064 - speakup causes NULL pointer dereference error with gentoo-dev-sources-2.6.10-r7

Summary: speakup causes NULL pointer dereference error with gentoo-dev-sources-2.6.10-r7

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Kernel Bug Wranglers and Kernel Maintainers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-02-14 18:14 UTC by spiritus
Modified:	2005-04-28 19:22 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description spiritus 2005-02-14 18:14:17 UTC

Feb 15 02:16:27 security kernel: Unable to handle kernel NULL pointer dereference at virtual address 000
00044
Feb 15 02:16:27 security kernel:  printing eip:
Feb 15 02:16:27 security kernel: c027c9c6
Feb 15 02:16:27 security kernel: *pde = 00000000
Feb 15 02:16:27 security kernel: Oops: 0000 [#1]
Feb 15 02:16:27 security kernel: Modules linked in: ppp_generic slhc fglrx ipv6 ipt_MASQUERADE iptable_m
angle ipt_ULOG iptable_filter snd_seq_midi snd_opl3_synth snd_seq_instr snd_seq_midi_emul snd_ainstr_fm
snd_pcm_oss snd_mixer_oss snd_seq_oss snd_seq_midi_event snd_seq pl2303 usbserial parport_pc parport pcs
pkr tuner saa7134 tda9887 video_buf v4l2_common v4l1_compat ir_common videodev fm801_gp gameport snd_fm8
01 snd_ac97_codec snd_pcm snd_page_alloc snd_opl3_lib snd_timer snd_hwdep snd_mpu401_uart snd_rawmidi sn
d_seq_device snd 8139too mii i2c_i801 i2c_core intel_agp agpgart joydev evdev binfmt_misc nls_cp866 vfat
 fat nls_cp1251 ntfs supermount ip_nat_ftp iptable_nat ip_conntrack_ftp ip_conntrack st dm_mod sbp2 ohci
1394 ieee1394 ohci_hcd uhci_hcd usb_storage usbhid ehci_hcd usbcore
Feb 15 02:16:27 security kernel: CPU:    0
Feb 15 02:16:27 security kernel: EIP:    0060:[<c027c9c6>]    Tainted: P      VLI
Feb 15 02:16:27 security kernel: EFLAGS: 00010246   (2.6.10-gentoo-r7)
Feb 15 02:16:27 security kernel: EIP is at speakup_date+0x16/0x60
Feb 15 02:16:27 security kernel: eax: 00000000   ebx: c04ce000   ecx: 00000006   edx: ddb434e0
Feb 15 02:16:27 security kernel: esi: c04cf9c0   edi: c0433ce4   ebp: c02758b0   esp: c14e9f30
Feb 15 02:16:27 security kernel: ds: 007b   es: 007b   ss: 0068
Feb 15 02:16:27 security kernel: Process events/0 (pid: 3, threadinfo=c14e8000 task=c14dc020)
Feb 15 02:16:27 security kernel: Stack: 00000006 00000001 c02758e6 00000006 00000286 00000297 00000000 c
0129735
Feb 15 02:16:27 security kernel:        00000000 c14e9f74 00000000 dffeb658 dffeb648 dffeb650 c14e8000 f
fffffff
Feb 15 02:16:27 security kernel:        ffffffff 00000001 00000000 c0117be0 00010000 00000000 00000003 0
0000000
Feb 15 02:16:27 security kernel: Call Trace:
Feb 15 02:16:27 security kernel:  [<c02758e6>] console_callback+0x36/0xf0
Feb 15 02:16:27 security kernel:  [<c0129735>] worker_thread+0x1b5/0x260
Feb 15 02:16:27 security kernel:  [<c0117be0>] default_wake_function+0x0/0x20
Feb 15 02:16:27 security kernel:  [<c0117be0>] default_wake_function+0x0/0x20
Feb 15 02:16:27 security kernel:  [<c0129580>] worker_thread+0x0/0x260
Feb 15 02:16:27 security kernel:  [<c012d529>] kthread+0xa9/0xf0
Feb 15 02:16:27 security kernel:  [<c012d480>] kthread+0x0/0xf0
Feb 15 02:16:27 security kernel:  [<c010129d>] kernel_thread_helper+0x5/0x18
Feb 15 02:16:27 security kernel: Code: 0c 8b 7c 24 10 83 c4 14 eb 0b 8d 74 26 00 8d bc 27 00 00 00 00 56
 be c0 f9 4c c0 53 8b 4c 24 0c bb 00 e0 4c c0 8b 04 8b 8b 14 8e <8b> 40 44 89 42 04 89 02 8b 04 8b 8b 14
 8e 8b 40 48 89 42 0c 89


Reproducible: Sometimes
Steps to Reproduce:
I had this error when switching terminals in fbconsole(without fglrx driver locaded) and now I have this bug appear sometimes when I use CTRL-ALT-Fx in X-server to switch to consoles. I am unable to reliably reproduce this bug.

Actual Results:  
Sometimes I have only kernel error notification, sometimes PC totally hangs. 


Kernel config seems correct. And I don't remember that this bug appeared in 2.6.
7 and 2.6.9.

Portage 2.0.51-r15 (default-linux/x86/2004.2, gcc-3.4.3-vanilla, glibc-2.3.4.
20041102-r0, 2.6.10-gentoo-r7 i686)
=================================================================
System uname: 2.6.10-gentoo-r7 i686 Intel(R) Celeron(TM) CPU                
1100MHz
Gentoo Base System version 1.6.9
Python:              dev-lang/python-2.3.3-r1 [2.3.3 (#1, Jul 11 2004, 19:39:29)
]
dev-lang/python:     2.3.3-r1
sys-devel/autoconf:  2.59-r6, 2.13
sys-devel/automake:  1.8.5-r2, 1.5, 1.4_p6, 1.6.3, 1.7.9, 1.9.4
sys-devel/binutils:  2.15.92.0.2-r2
sys-devel/libtool:   1.5.2-r7
virtual/os-headers:  2.6.8.1-r2
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CFLAGS="-march=pentium3 -O3"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.2/share/config /usr/kde/
3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config 
/usr/lib/X11/xkb /usr/share/config /var/bind /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=pentium3 -O3"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms"
GENTOO_MIRRORS="http://mirror.datapipe.net/gentoo ftp://ftp.du.se/pub/os/gentoo 
http://trumpetti.atm.tut.fi/gentoo/ ftp://mirrors1.netvisao.pt/gentoo/ http://
www.gigaload.org/gentoo.org/"
LANG="ru_RU.cp1251"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 X aalib acl activefilter alsa apache2 apm arts artswrappersuid 
audiofile avi bash-completion berkdb bitmap-fonts bluetooth caps cdparanoia 
cpdflib crypt cups curl dba dhcp directfb divx4linux divxforlinux doc encode 
erandom esd f77 fam fbcon flac font-server foomaticdb fortran gd gd-external 
gdbm gif gnokii gnome gphoto2 gpm gstreamer gtk gtk2 guile hardened imagemagick 
imlib ipv6 irda jack java jpeg jpeg2k junit kde kerberos ldap libclamav libg++ 
libwww lirc mad mbox mikmod milter mmap mmx mmx2 motif mpeg mppe-mppc multicall 
mysql ncurses nls nptl ntlm oggvorbis opengl oss pam pda pdflib perl png 
portaudiopovray python qt quicktime quotas readline reiserfs ruby samba sasl 
scanner sdl sftplogging slang slp sms socks5 speex spell sse ssl svga tcltk tcpd 
threads tiff truetype truetype-fonts type1-fonts usb v4l v4l2 wifi winbind wmf 
xine xinerama xml2 xmms xscreensaver xv zlib"
Unset:  ASFLAGS, CBUILD, CTARGET, LC_ALL, LDFLAGS, PORTDIR_OVERLAY

Comment 1 spiritus 2005-03-10 17:38:47 UTC

Fixed by removind speakup console support. Seems that's bug in speakup console support kernel code..

Comment 2 Daniel Drake (RETIRED) gentoo-dev

2005-03-13 09:46:49 UTC

Can you please try 2.6.11?

Comment 3 spiritus 2005-03-13 12:08:04 UTC

Yeah may be later I'll recompile my current 2.6.11 kernel with speach console support. This bug isn't reliably reproducable.

Comment 4 spiritus 2005-03-14 04:40:19 UTC

It seems that the speakup console support patch is removed from the genpatches-extra, the part of gentoo-dev-sources-2.6.11. The patch was there up to 2.6.10 (4905_speakup-xxxxx.patch), then it has been removed.

Comment 5 Daniel Drake (RETIRED) gentoo-dev

2005-03-14 09:02:31 UTC

Sorry, should have been more specific. This patch was missing from gentoo-dev-sources-2.6.11 but was re-included in 2.6.11-r1 and onwards. Please merge the newest revision, it contains 4900_speakup-20050303.patch

Comment 6 spiritus 2005-03-14 16:12:32 UTC

ok

Comment 7 spiritus 2005-03-15 15:37:16 UTC

I've configured with speakup and installed the gentoo-dev-sources-2.6.11-r3. After uptime of about a day I haven't yet triggered the bug with speakup.

Comment 8 Daniel Drake (RETIRED) gentoo-dev

2005-03-16 06:25:53 UTC

Ok, was it happening on a daily basis beforehand?

Comment 9 spiritus 2005-03-16 15:01:45 UTC

Yes It has randomly appeared several times. I have noticed Oops only when I was seating in the fbconsole after unsuccessful X.org upgrade until solved USE=hardened+X.org problem, all other times Oops have just been logged to a syslog silently.

$ grep -B5 -A5 speakup_date /var/log/kern.log
Jan 23 18:01:59 security kernel: Oops: 0000 [#1]
Jan 23 18:01:59 security kernel: Modules linked in: ppp_deflate zlib_deflate bsd_comp arc4 ppp_mppe_mppc ppp_async crc_ccitt ipv6 ppp_generic slhc sg tuner evdev saa7134 tda9887 video_buf v4l2_common v4l1_compat i2c_core ir_common videodev sd_mod ipt_MASQUERADE ipt_ULOG iptable_filter iptable_mangle 8139too mii snd_seq_midi snd_opl3_synth snd_seq_instr snd_seq_midi_emul snd_ainstr_fm snd_pcm_oss snd_mixer_oss snd_seq_oss snd_seq_midi_event snd_seq snd_fm801 snd_ac97_codec snd_pcm snd_page_alloc snd_opl3_lib snd_timer snd_hwdep snd_mpu401_uart snd_rawmidi snd_seq_device snd nls_cp866 vfat fat nls_cp1251 ntfs supermount ip_nat_ftp iptable_nat ip_conntrack_ftp ip_conntrack st dm_mod sbp2 ohci1394 ieee1394 ohci_hcd uhci_hcd usb_storage usbhid ehci_hcd usbcore
Jan 23 18:01:59 security kernel: CPU:    0
Jan 23 18:01:59 security kernel: EIP:    0060:[<c0270dee>]    Not tainted VLI
Jan 23 18:01:59 security kernel: EFLAGS: 00010282   (2.6.10-gentoo-r2)
Jan 23 18:01:59 security kernel: EIP is at speakup_date+0x1e/0x70
Jan 23 18:01:59 security kernel: eax: 00000000   ebx: c0556000   ecx: 00000007   edx: dd418f20
Jan 23 18:01:59 security kernel: esi: c05579c0   edi: c0425f64   ebp: c0269fd0   esp: dfe59f34
Jan 23 18:01:59 security kernel: ds: 007b   es: 007b   ss: 0068
Jan 23 18:01:59 security kernel: Process events/0 (pid: 3, threadinfo=dfe58000 task=dfe66020)
Jan 23 18:01:59 security kernel: Stack: 00000007 00000000 c026a00c 00000007 00000296 00000297 00000000 c0127e8d
--
Jan 24 10:55:02 security kernel: Oops: 0000 [#1]
Jan 24 10:55:02 security kernel: Modules linked in: agpgart ufs ppp_deflate zlib_deflate bsd_comp arc4 ppp_mppe_mppc ppp_async crc_ccitt ipv6 ppp_generic slhc sg tuner evdev saa7134 tda9887 video_buf v4l2_common v4l1_compat i2c_core ir_common videodev sd_mod ipt_MASQUERADE iptable_mangle ipt_ULOG iptable_filter 8139too mii snd_seq_midi snd_opl3_synth snd_seq_instr snd_seq_midi_emul snd_ainstr_fm snd_pcm_oss snd_mixer_oss snd_seq_oss snd_seq_midi_event snd_seq snd_fm801 snd_ac97_codec snd_pcm snd_page_alloc snd_opl3_lib snd_timer snd_hwdep snd_mpu401_uart snd_rawmidi snd_seq_device snd nls_cp866 vfat fat nls_cp1251 ntfs supermount ip_nat_ftp iptable_nat ip_conntrack_ftp ip_conntrack st dm_mod sbp2 ohci1394 ieee1394 ohci_hcd uhci_hcd usb_storage usbhid ehci_hcd usbcore
Jan 24 10:55:02 security kernel: CPU:    0
Jan 24 10:55:02 security kernel: EIP:    0060:[<c0270dee>]    Not tainted VLI
Jan 24 10:55:02 security kernel: EFLAGS: 00010282   (2.6.10-gentoo-r2)
Jan 24 10:55:02 security kernel: EIP is at speakup_date+0x1e/0x70
Jan 24 10:55:02 security kernel: eax: 00000000   ebx: c0556000   ecx: 00000006   edx: dd429f20
Jan 24 10:55:02 security kernel: esi: c05579c0   edi: c0425f64   ebp: c0269fd0   esp: dfe59f34
Jan 24 10:55:02 security kernel: ds: 007b   es: 007b   ss: 0068
Jan 24 10:55:02 security kernel: Process events/0 (pid: 3, threadinfo=dfe58000 task=dfe66020)
Jan 24 10:55:02 security kernel: Stack: 00000006 00000000 c026a00c 00000006 00000296 00000297 00000000 c0127e8d
--
Feb 15 02:16:27 security kernel: Oops: 0000 [#1]
Feb 15 02:16:27 security kernel: Modules linked in: ppp_generic slhc fglrx ipv6 ipt_MASQUERADE iptable_mangle ipt_ULOG iptable_filter snd_seq_midi snd_opl3_synth snd_seq_instr snd_seq_midi_emul snd_ainstr_fmsnd_pcm_oss snd_mixer_oss snd_seq_oss snd_seq_midi_event snd_seq pl2303 usbserial parport_pc parport pcspkr tuner saa7134 tda9887 video_buf v4l2_common v4l1_compat ir_common videodev fm801_gp gameport snd_fm801 snd_ac97_codec snd_pcm snd_page_alloc snd_opl3_lib snd_timer snd_hwdep snd_mpu401_uart snd_rawmidi snd_seq_device snd 8139too mii i2c_i801 i2c_core intel_agp agpgart joydev evdev binfmt_misc nls_cp866 vfat fat nls_cp1251 ntfs supermount ip_nat_ftp iptable_nat ip_conntrack_ftp ip_conntrack st dm_mod sbp2 ohci1394 ieee1394 ohci_hcd uhci_hcd usb_storage usbhid ehci_hcd usbcore
Feb 15 02:16:27 security kernel: CPU:    0
Feb 15 02:16:27 security kernel: EIP:    0060:[<c027c9c6>]    Tainted: P      VLI
Feb 15 02:16:27 security kernel: EFLAGS: 00010246   (2.6.10-gentoo-r7)
Feb 15 02:16:27 security kernel: EIP is at speakup_date+0x16/0x60
Feb 15 02:16:27 security kernel: eax: 00000000   ebx: c04ce000   ecx: 00000006   edx: ddb434e0
Feb 15 02:16:27 security kernel: esi: c04cf9c0   edi: c0433ce4   ebp: c02758b0   esp: c14e9f30
Feb 15 02:16:27 security kernel: ds: 007b   es: 007b   ss: 0068
Feb 15 02:16:27 security kernel: Process events/0 (pid: 3, threadinfo=c14e8000 task=c14dc020)
Feb 15 02:16:27 security kernel: Stack: 00000006 00000001 c02758e6 00000006 00000286 00000297 00000000 c0129735

That's with the following kernels:

$ for x in "Jan 23" "Jan 24" "Feb 15"; do echo $x;grep -o '.*Linux version.*gentoo.*' /var/log/kern.log|grep "$x"|cut -d'(' -f1|grep -o "Linux.*"|sort|uniq;done
Jan 23
Linux version 2.6.10-gentoo-r2
Jan 24
Linux version 2.6.10-gentoo-r2
Feb 15
Linux version 2.6.10-gentoo-r7

Comment 10 Daniel Drake (RETIRED) gentoo-dev

2005-04-28 09:34:36 UTC

Haven't heard anything. Please let us know if one of these messages reappears.

Comment 11 spiritus 2005-04-28 19:22:11 UTC

okay