Strange OOPS in 2.0.25 kernel

Flavio Spada (fl@mahler.crcc.it)
Mon, 2 Dec 1996 11:49:10 +0100 (MET)

Hello, i have a system that ran fine for some months with 1.2.13 kernel.
About two weeks ago i installed 2.0.25 kernel and related commands
and libraries.
After 7 days from last reboot i got the oops:

---------------------------------------------------------------------------
Unable to handle kernel NULL pointer dereference at virtual address c0000000
current->tss.cr3 = 00a46000, %cr3 = 00a46000
*pde = 00102067
*pte = 00000027
Oops: 0000
CPU: 0
EIP: 0010:[<0011d69a>]
EFLAGS: 00010006
eax: 000003fc ebx: 0057c000 ecx: 00000000 edx: 00000003
esi: 001caf78 edi: 001caf78 ebp: 00000000 esp: 0006cf44
ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
Process cron (pid: 9630, process nr: 24, stackpage=0006c000)
Stack: 00881c0c 0071c11c 00bf811c 0071c51c 00000005 0006cfb4 001da314 001caf78
ffaa0055 00000246 0011220c 00000204 00000003 00bcfc0c 0800dfc0 00000000
0006cfb4 00000000 00000000 001100d0 40009f18 00f75000 fffffff4 00000019
Call Trace: [<0011220c>] [<001100d0>] [<00109ec2>] [<0010a822>]
Code: 81 39 aa ff 55 00 0f 85 3a 01 00 00 8b 41 04 89 43 04 8b 43

ksymoops output:
Using `System.map.486' to map addresses to symbols.

>>EIP: 11d69a <kmalloc+ca/220>
Trace: 11220c <do_fork+41c/7d0>
Trace: 1100d0 <do_page_fault>
Trace: 109ec2 <sys_fork+12/20>
Trace: 10a822 <system_call+52/80>

Code: 11d69a <kmalloc+ca/220> cmpl $0x55ffaa,(%ecx)
Code: 11d6a0 <kmalloc+d0/220> jne 11d7e0 <kmalloc+210/220>
Code: 11d6a6 <kmalloc+d6/220> movl 0x4(%ecx),%eax
Code: 11d6a9 <kmalloc+d9/220> movl %eax,0x4(%ebx)
Code: 11d6ac <kmalloc+dc/220> movl 0x0(%ebx),%eax
Code: 11d6af <kmalloc+df/220> nop
Code: 11d6b0 <kmalloc+e0/220> nop
---------------------------------------------------------------------------

Every time cron executes a command i found the following message in syslog:
Problem: block on freelist at 00000000 isn't free.

After the reboot the machine works fine for 5 days and then i got these oops:

---------------------------------------------------------------------------
Unable to handle kernel paging request at virtual address c8008b80
current->tss.cr3 = 00952000, %cr3 = 00952000
*pde = 00000000
Oops: 0000
CPU: 0
EIP: 0010:[<00123c60>]
EFLAGS: 00010202
eax: 08008b80 ebx: 00010302 ecx: 00000302 edx: 00000444
esi: 00018432 edi: 00000302 ebp: 00018730 esp: 00ccdb10
ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
Process busexe (pid: 2458, process nr: 19, stackpage=00ccd000)
Stack: 00018730 00000001 001e0302 00000400 00c5c3a0 001244fa 00000302 00018730
00000400 00018730 00ccdc3c 001ec73c 00018730 00000302 00000302 001588b0
00000302 00018730 00000400 00000000 00018730 000000b2 00c5c2e8 00000400
Call Trace: [<001244fa>] [<001588b0>] [<00158fa4>] [<001592c0>] [<001573b9>] [<00124ea2>] [<0015a86e>]
[<00130f4c>] [<0013109f>] [<00130f4c>] [<00131aa0>] [<0011002b>] [<001100d0>] [<0010a6b7>] [<0010a8f2>]
Code: 39 28 75 2c 66 39 58 04 75 26 8b 4c 24 20 39 48 20 74 26 57

busexe is my application.

ksymoops output:
Using `System.map.486' to map addresses to symbols.

>>EIP: 123c60 <get_hash_table+30/d0>
Trace: 1244fa <getblk+3a/4c0>
Trace: 1588b0 <ext2_alloc_block+80/1b0>
Trace: 158fa4 <block_getblk+174/2a0>
Trace: 1592c0 <ext2_getblk+110/240>
Trace: 1573b9 <ext2_file_write+1b9/4a0>
Trace: 124ea2 <__brelse+22/50>
Trace: 15a86e <ext2_create+15e/180>
Trace: 130f4c <dump_write+1c/30>
Trace: 13109f <writenote+af/e0>
Trace: 130f4c <dump_write+1c/30>
Trace: 131aa0 <elf_core_dump+9d0/a70>
Trace: 11002b <mem_init+20b/230>
Trace: 1100d0 <do_page_fault>
Trace: 10a6b7 <do_signal+217/2b0>
Trace: 10a8f2 <signal_return+12/40>

Code: 123c60 <get_hash_table+30/d0> cmpl %ebp,(%eax)
Code: 123c62 <get_hash_table+32/d0> jne 123c90 <get_hash_table+60/d0>
Code: 123c64 <get_hash_table+34/d0> cmpw %bx,0x4(%eax)
Code: 123c68 <get_hash_table+38/d0> jne 123c90 <get_hash_table+60/d0>
Code: 123c6a <get_hash_table+3a/d0> movl 0x20(%esp,1),%ecx
Code: 123c6e <get_hash_table+3e/d0> cmpl %ecx,0x20(%eax)
Code: 123c71 <get_hash_table+41/d0> je 123c99 <get_hash_table+69/d0>
Code: 123c73 <get_hash_table+43/d0> pushl %edi

---------------------------------------------------------------------------

and

---------------------------------------------------------------------------
Unable to handle kernel NULL pointer dereference at virtual address c0000028
current->tss.cr3 = 00018000, %cr3 = 00018000
*pde = 00102067
*pte = 00000027
Oops: 0000
CPU: 0
EIP: 0010:[<001238f4>]
EFLAGS: 00010202
eax: 00000000 ebx: 00000000 ecx: 00000000 edx: 00c94bf4
esi: 000007aa edi: 00000000 ebp: 00000000 esp: 0023bf7c
ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
Process init (pid: 1, process nr: 1, stackpage=0023b000)
Stack: 00000000 bfffffc4 bfffffc4 bffffd4c 00000000 00000000 00000000 00000000
00000000 00123a7e 00000000 00000000 0023c018 00123aa7 00000000 0010a822
bffffd60 00000000 00000002 bfffffc4 bfffffc4 bffffd4c ffffffda 4e5d002b
Call Trace: [<00123a7e>] [<00123aa7>] [<0010a822>]
Code: 39 58 28 75 cf 8b 48 18 89 4c 24 10 83 3c 9d a4 b6 1c 00 00

ksymoops output:
Using `System.map.486' to map addresses to symbols.

>>EIP: 1238f4 <sync_buffers+54/1a0>
Trace: 123a7e <fsync_dev+e/30>
Trace: 123aa7 <sys_sync+7/10>
Trace: 10a822 <system_call+52/80>

Code: 1238f4 <sync_buffers+54/1a0> cmpl %ebx,0x28(%eax)
Code: 1238f7 <sync_buffers+57/1a0> jne ffffffd4 <_EIP+ffffffd4>
Code: 1238f9 <sync_buffers+59/1a0> movl 0x18(%eax),%ecx
Code: 1238fc <sync_buffers+5c/1a0> movl %ecx,0x10(%esp,1)
Code: 123900 <sync_buffers+60/1a0> cmpl $0x0,0x1cb6a4(,%ebx,4)
---------------------------------------------------------------------------

and

---------------------------------------------------------------------------
Unable to handle kernel paging request at virtual address c8008b80
current->tss.cr3 = 00fb4000, %cr3 = 00fb4000
*pde = 00000000
Oops: 0000
CPU: 0
EIP: 0010:[<00123c60>]
EFLAGS: 00010202
eax: 08008b80 ebx: 00d50302 ecx: 00000400 edx: 00000444
esi: 0000843e edi: 00000302 ebp: 0000873c esp: 00ee5e74
ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
Process gzip (pid: 2941, process nr: 27, stackpage=00ee5000)
Stack: 00d54cc0 0000873c 00000302 00000000 00ebe000 0012549d 00000302 0000873c
00000400 00ee5f20 00000044 00000000 00ebe000 0000873c 00000302 00000100
00d54cc0 00be0302 00000000 0000873f 00158ad5 00be39d4 00ee5f1c 00000043
Call Trace: [<0012549d>] [<00158ad5>] [<00125913>] [<0011b3b5>] [<0011b48c>] [<0011b820>] [<00121e0a>]
[<0010a822>]
Code: 39 28 75 2c 66 39 58 04 75 26 8b 4c 24 20 39 48 20 74 26 57

ksymoops output:
Using `System.map.486' to map addresses to symbols.

>>EIP: 123c60 <get_hash_table+30/d0>
Trace: 12549d <brw_page+14d/390>
Trace: 158ad5 <ext2_bmap+f5/280>
Trace: 125913 <generic_readpage+73/80>
Trace: 11b3b5 <try_to_read_ahead+25/110>
Trace: 11b48c <try_to_read_ahead+fc/110>
Trace: 11b820 <generic_file_read+2c0/5f0>
Trace: 121e0a <sys_read+8a/b0>
Trace: 10a822 <system_call+52/80>

Code: 123c60 <get_hash_table+30/d0> cmpl %ebp,(%eax)
Code: 123c62 <get_hash_table+32/d0> jne 123c90 <get_hash_table+60/d0>
Code: 123c64 <get_hash_table+34/d0> cmpw %bx,0x4(%eax)
Code: 123c68 <get_hash_table+38/d0> jne 123c90 <get_hash_table+60/d0>
Code: 123c6a <get_hash_table+3a/d0> movl 0x20(%esp,1),%ecx
Code: 123c6e <get_hash_table+3e/d0> cmpl %ecx,0x20(%eax)
Code: 123c71 <get_hash_table+41/d0> je 123c99 <get_hash_table+69/d0>
Code: 123c73 <get_hash_table+43/d0> pushl %edi
---------------------------------------------------------------------------

==== hardware ====
486/33 (Intel) with 16MB
tty00 at 0x03f8 (irq = 4) is a 16450
tty01 at 0x02f8 (irq = 3) is a 16450
tty02 at 0x03e8 (irq = 4) is a 16550A
tty03 at 0x02e8 (irq = 3) is a 16550A
hda: Conner Peripherals 270MB - CFS270A, 258MB w/32kB Cache, CHS=600/14/63
ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
Floppy drive(s): fd0 is 1.44M

Thanks.

------------------------------------------------------------------------------
Spada Flavio CRCC s.r.l, via Passerini 2, 20052 Monza (MI) ITALY
Tel. +39.39.387998 FAX +39.39.382115
e-mail: fl@crcc.it
------------------------------------------------------------------------------