Bug#575189: NULL pointer dereference in linux-image-2.6.32-4-openvz-amd64

To: submit@bugs.debian.org
Subject: Bug#575189: NULL pointer dereference in linux-image-2.6.32-4-openvz-amd64
From: Алексей Тамаревский <a.e.tamarevskiy@gmail.com>
Date: Wed, 24 Mar 2010 10:05:40 +0600
Message-id: <148746e51003232105s6384dbf8g243d17952ed0756b@mail.gmail.com>
Reply-to: Алексей Тамаревский <a.e.tamarevskiy@gmail.com>, 575189@bugs.debian.org

Package: linux-image-2.6.32-4-openvz-amd64
Version: 2.6.32-10

After few seconds after boot in openvz contaiter, running verlihub
with nearby 100 TCP connections, I see in dmesg:
[ 4538.883509] BUG: unable to handle kernel NULL pointer dereference
at 0000000000000038
[ 4538.883563] IP: [<ffffffff81073ab0>] ub_page_charge+0x65/0xa2
[ 4538.883598] PGD 42b002067 PUD 42afb0067 PMD 0
[ 4538.883630] Oops: 0000 [#1] SMP
[ 4538.883656] last sysfs file: /sys/devices/virtual/net/lo/operstate
[ 4538.883685] CPU 7
[ 4538.883707] Modules linked in: vzethdev vznetdev simfs vzdquota
vzmon vzdev xt_comment xt_tcpudp ipt_LOG xt_length xt_hl xt_tcpmss
xt_TCPMSS iptable_mangle iptable_filter xt_multiport xt_limit xt_dscp
ipt_REJECT ip_tables x_tables bonding ipmi_si ipmi_devintf
ipmi_msghandler snd_pcm psmouse i2c_i801 snd_timer container serio_raw
rng_core i2c_core snd soundcore snd_page_alloc joydev pcspkr evdev
i5k_amb ioatdma i5000_edac button dca processor edac_core shpchp
pci_hotplug ext3 jbd mbcache dm_mirror dm_region_hash dm_log
dm_snapshot dm_mod raid10 raid1 md_mod sg sr_mod cdrom sd_mod
crc_t10dif usbhid usb_storage hid ata_piix aic94xx libsas ata_generic
ehci_hcd uhci_hcd scsi_transport_sas libata scsi_mod usbcore nls_base
e1000e thermal fan thermal_sys [last unloaded: scsi_wait_scan]
[ 4538.884129] Pid: 3625, comm: verlihub Not tainted
2.6.32-4-openvz-amd64 #1 042test001 X7DBR-3
[ 4538.884180] RIP: 0010:[<ffffffff81073ab0>]  [<ffffffff81073ab0>]
ub_page_charge+0x65/0xa2
[ 4538.884233] RSP: 0000:ffff88042b887c58  EFLAGS: 00010246
[ 4538.884269] RAX: 0000000000000001 RBX: 0000000000000001 RCX: 0000000000000000
[ 4538.884299] RDX: 00000000000012d0 RSI: 0000000000000000 RDI: 0000000000000000
[ 4538.884329] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 4538.884358] R10: 0000000000000f5d R11: 0000000000000002 R12: 0000000000000000
[ 4538.884388] R13: 00000000000012d0 R14: 0000000000000000 R15: 0000000000000002
[ 4538.884419] FS:  00007fec621566f0(0000) GS:ffff880011bc0000(0000)
knlGS:0000000000000000
[ 4538.884465] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4538.884492] CR2: 0000000000000038 CR3: 000000041842b000 CR4: 00000000000406e0
[ 4538.884522] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 4538.884552] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 4538.884583] Process verlihub (pid: 3625, veid=1233, threadinfo
ffff88042b886000, task ffff88042a235000)
[ 4538.884631] Stack:
[ 4538.884651]  0000000000000001 0000000000000000 0000000000000000
ffffffff810bbe19
[ 4538.884688] <0> ffff880000023c80 0000000000000000 ffff88042a235000
ffff88042b887fd8
[ 4538.884739] <0> 0000001000000000 0000000000000050 0000100000000000
0000000000001080
[ 4538.884807] Call Trace:
[ 4538.884832]  [<ffffffff810bbe19>] ? __alloc_pages_nodemask+0x62e/0x6ad
[ 4538.884864]  [<ffffffff810e9247>] ? new_slab+0x4b/0x228
[ 4538.884891]  [<ffffffff810e95f0>] ? __slab_alloc+0x1cc/0x388
[ 4538.884920]  [<ffffffff81077bf5>] ? pb_alloc+0x15/0x3a
[ 4538.884947]  [<ffffffff81077bf5>] ? pb_alloc+0x15/0x3a
[ 4538.884973]  [<ffffffff810e9989>] ? kmem_cache_alloc+0x7f/0x138
[ 4538.885002]  [<ffffffff81077bf5>] ? pb_alloc+0x15/0x3a
[ 4538.885030]  [<ffffffff810ce6d8>] ? handle_mm_fault+0x269/0x952
[ 4538.885060]  [<ffffffff8105eeac>] ? virtinfo_notifier_call+0x57/0xa1
[ 4538.885089]  [<ffffffff810d3bfe>] ? __do_brk+0x253/0x35a
[ 4538.885118]  [<ffffffff810327fc>] ? do_page_fault+0x266/0x282
[ 4538.885149]  [<ffffffff812e7845>] ? page_fault+0x25/0x30
[ 4538.885175] Code: fa 66 0f 1f 44 00 00 be 00 10 00 00 c1 ea 16 48
89 ef 83 e2 01 48 d3 e6 e8 23 ff ff ff 85 c0 75 1f 48 89 df 57 9d 0f
1f 44 00 00 <49> 83 7c 24 38 00 74 04 0f 0b eb fe 49 89 6c 24 38 31 c0
eb 23
[ 4538.885365] RIP  [<ffffffff81073ab0>] ub_page_charge+0x65/0xa2
[ 4538.885395]  RSP <ffff88042b887c58>
[ 4538.885418] CR2: 0000000000000038
[ 4538.885670] ---[ end trace 5b3ccb8b85dfed82 ]---


I am using Lenny system, only 2 packages from Sid:
toothy:~# dpkg -l|grep linux-
ii  linux-base                                 2.6.32-10
 Linux image base package
ii  linux-image-2.6.32-4-openvz-amd64          2.6.32-10
 Linux 2.6.32 for 64-bit PCs, OpenVZ support

Reply to:

Prev by Date: Bug#474670: marked as done (initramfs-tools: [alpha] boot failure with linux-image-2.6.22-3-alpha-generic)
Next by Date: Bug#491321: initramfs-tools: does not support splashy
Previous by thread: Bug#474670: marked as done (initramfs-tools: [alpha] boot failure with linux-image-2.6.22-3-alpha-generic)
Next by thread: Bug#491321: initramfs-tools: does not support splashy
Index(es):
- Date
- Thread