2.6.0-test8: panic on boot

2.6.0-test8: panic on boot

[Olivier NICOLAS]

[-- Attachment #1: Type: text/plain, Size: 5937 bytes --]

Distribution: Suse 8.2
Hardware Environment: Compaq Armada E500
Software Environment:
Problem Description: Panic on boot



Linux version 2.6.0-test8 (root@bia) (gcc version 3.3 (SuSE Linux)) #3 
Sat Oct 18 19:00:41 CEST 2003
Video mode to be used for restore is f00
BIOS-provided physical RAM map:
  BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
  BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved)
  BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved)
  BIOS-e820: 0000000000100000 - 0000000007ff0000 (usable)
  BIOS-e820: 0000000007ff0000 - 0000000007ff3800 (reserved)
  BIOS-e820: 0000000007ff3800 - 0000000008000000 (ACPI NVS)
127MB LOWMEM available.
On node 0 totalpages: 32752
   DMA zone: 4096 pages, LIFO batch:1
   Normal zone: 28656 pages, LIFO batch:6
   HighMem zone: 0 pages, LIFO batch:1
DMI 2.3 present.
ACPI: RSDP (v000 COMPAQ                                    ) @ 0x000f9970
ACPI: RSDT (v001 COMPAQ RSDTBL   0x00000001 CPQ  0x00000001) @ 0x07ff4800
ACPI: FADT (v001 COMPAQ CPQB151  0x20020315 CPQ  0x00000001) @ 0x07ff4828
ACPI: DSDT (v001 COMPAQ ARMADAE7 0x00010000 MSFT 0x0100000c) @ 0x00000000
Building zonelist for node : 0
Kernel command line: splash=silent root=/dev/hda6 console=ttyS0,57600n8 
console=tty0
Initializing CPU#0
PID hash table entries: 512 (order 9: 4096 bytes)
Detected 597.007 MHz processor.
Console: colour VGA+ 80x25
Memory: 126084k/131008k available (2029k kernel code, 4388k reserved, 
774k data, 132k init, 0k highmem)
Calibrating delay loop... 1179.64 BogoMIPS
Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
Mount-cache hash table entries: 512 (order: 0, 4096 bytes)
CPU: L1 I cache: 16K, L1 D cache: 16K
CPU: L2 cache: 256K
Intel machine check architecture supported.
Intel machine check reporting enabled on CPU#0.
CPU: Intel Pentium III (Coppermine) stepping 03
Enabling fast FPU save and restore... done.
Enabling unmasked SIMD FPU exception support... done.
Checking 'hlt' instruction... OK.
POSIX conformance testing by UNIFIX
NET: Registered protocol family 16
PCI: PCI BIOS revision 2.10 entry at 0xf0478, last bus=1
PCI: Using configuration type 1
mtrr: v2.0 (20020519)
ACPI: Subsystem revision 20031002
  tbxface-0117 [03] acpi_load_tables      : ACPI Tables successfully 
acquired
Parsing all Control 
Methods:.............................................................................................................................................................................
Table [DSDT](id F004) - 614 Objects with 75 Devices 173 Methods 25 Regions
ACPI Namespace successfully loaded at root c03effdc
evxfevnt-0093 [04] acpi_enable           : Transition to ACPI mode 
successful
evgpeblk-0748 [06] ev_create_gpe_block   : GPE 00 to 15 [_GPE] 2 regs at 
000000000000500C on int 9
evgpeblk-0221 [08] ev_save_method_info   : Unknown GPE method type: C16A 
(name not of form _Lnn or _Enn)
evgpeblk-0221 [08] ev_save_method_info   : Unknown GPE method type: C135 
(name not of form _Lnn or _Enn)
Completing Region/Field/Buffer/Package 
initialization:.............................................................................
Initialized 25/25 Regions 0/0 Fields 19/19 Buffers 33/33 Packages (622 
nodes)
Executing all Device _STA and_INI 
methods:............................................................................
76 Devices found containing: 76 _STA, 6 _INI methods
ACPI: Interpreter enabled
ACPI: Using PIC for interrupt routing
dsopcode-0526 [19] ds_init_buffer_field  : <1>Unable to handle kernel 
NULL pointer dereference at virtual address 00000004
  printing eip:
c01de05e
*pde = 00000000
Oops: 0000 [#1]
CPU:    0
EIP:    0060:[<c01de05e>]    Not tainted
EFLAGS: 00010213
EIP is at vsnprintf+0x28e/0x4e0
eax: 00000004   ebx: 0000000a   ecx: 00000004   edx: 00000003
esi: c03efae7   edi: ffffffff   ebp: 00000000   esp: c114bac0
ds: 007b   es: 007b   ss: 0068
Process swapper (pid: 1, threadinfo=c114a000 task=c117b8c0)
Stack: c114bb08 ffffffff 000004a0 00000000 0000000a ffffffff 00000003 
00000002
        00000004 00000004 ffffffff 00000001 c114bb68 c7f02c48 c7f02ee8 
c01de307
        c03efac0 3fc10540 c03292ea c114bb60 c01e6579 c03efac0 c03292c0 
c114bb54
Call Trace:
  [<c01de307>] vsprintf+0x27/0x30
  [<c01e6579>] acpi_os_vprintf+0x12/0x2a
  [<c020992b>] acpi_ut_debug_print+0x97/0x9d
  [<c01e91d2>] acpi_ds_init_buffer_field+0x18d/0x20c
  [<c01e93ac>] acpi_ds_eval_buffer_field_operands+0x15b/0x17d
  [<c01e9f8f>] acpi_ds_exec_end_op+0x22c/0x409
  [<c0201a29>] acpi_ps_append_arg+0x1d/0x85
  [<c02013e5>] acpi_ps_parse_loop+0x6bf/0xa51
  [<c0209a87>] acpi_ut_status_exit+0x49/0x55
  [<c01ea923>] acpi_ds_call_control_method+0x231/0x261
  [<c01ecd52>] acpi_ds_get_current_walk_state+0x3f/0x4a
  [<c0201836>] acpi_ps_parse_aml+0xbf/0x241
  [<c020253e>] acpi_psx_execute+0x226/0x2b0
  [<c01fd9d4>] acpi_ns_execute_control_method+0xe5/0x104
  [<c01fd8ad>] acpi_ns_evaluate_by_handle+0xdf/0x121
  [<c01fd635>] acpi_ns_evaluate_relative+0x141/0x192
  [<c0209a87>] acpi_ut_status_exit+0x49/0x55
  [<c01fdce5>] acpi_ns_handle_to_pathname+0xbf/0xca
  [<c0209cc2>] acpi_ut_evaluate_object+0x42/0x195
  [<c0205f7c>] acpi_rs_get_crs_method_data+0x42/0x8b
  [<c020416f>] acpi_get_current_resources+0x78/0x93
  [<c0211853>] acpi_pci_evaluate_crs+0x4d/0xb2
  [<c0211a31>] acpi_pci_root_add+0x179/0x2b1
  [<c0211a78>] acpi_pci_root_add+0x1c0/0x2b1
  [<c02191f2>] acpi_bus_driver_init+0x85/0x12c
  [<c0219608>] acpi_bus_find_driver+0x8e/0xdf
  [<c0219b64>] acpi_bus_add+0x193/0x1db
  [<c0219cf5>] acpi_bus_scan+0x149/0x1b3
  [<c03cdba3>] acpi_scan_init+0x87/0xc4
  [<c03c0782>] do_initcalls+0x22/0xa0
  [<c012cb3f>] init_workqueues+0xf/0x30
  [<c01050cd>] init+0x2d/0x140
  [<c01050a0>] init+0x0/0x140
  [<c0107269>] kernel_thread_helper+0x5/0xc

Code: 80 38 00 74 07 40 4a 83 fa ff 75 f4 29 c8 83 e5 10 89 c3 75
  <0>Kernel panic: Attempted to kill init!



[-- Attachment #2: config.gz --]
[-- Type: application/x-gunzip, Size: 5200 bytes --]

Re: 2.6.0-test8: panic on boot

[Andrew Morton]

Olivier NICOLAS <olivn@trollprod.org> wrote:
>
>  NULL pointer dereference at virtual address 00000004
>    printing eip:
>  c01de05e
>  *pde = 00000000
>  Oops: 0000 [#1]
>  CPU:    0
>  EIP:    0060:[<c01de05e>]    Not tainted
>  EFLAGS: 00010213
>  EIP is at vsnprintf+0x28e/0x4e0
>  eax: 00000004   ebx: 0000000a   ecx: 00000004   edx: 00000003
>  esi: c03efae7   edi: ffffffff   ebp: 00000000   esp: c114bac0
>  ds: 007b   es: 007b   ss: 0068
>  Process swapper (pid: 1, threadinfo=c114a000 task=c117b8c0)
>  Stack: c114bb08 ffffffff 000004a0 00000000 0000000a ffffffff 00000003 
>  00000002
>          00000004 00000004 ffffffff 00000001 c114bb68 c7f02c48 c7f02ee8 
>  c01de307
>          c03efac0 3fc10540 c03292ea c114bb60 c01e6579 c03efac0 c03292c0 
>  c114bb54
>  Call Trace:
>    [<c01de307>] vsprintf+0x27/0x30
>    [<c01e6579>] acpi_os_vprintf+0x12/0x2a
>    [<c020992b>] acpi_ut_debug_print+0x97/0x9d
>    [<c01e91d2>] acpi_ds_init_buffer_field+0x18d/0x20c
>    [<c01e93ac>] acpi_ds_eval_buffer_field_operands+0x15b/0x17d
>    [<c01e9f8f>] acpi_ds_exec_end_op+0x22c/0x409

Well clearly one of the strings in this debug message in
acpi_ds_init_buffer_field() is null:

	/* Entire field must fit within the current length of the buffer */

	if ((bit_offset + bit_count) >
		(8 * (u32) buffer_desc->buffer.length)) {
		ACPI_DEBUG_PRINT ((ACPI_DB_ERROR,
			"Field [%4.4s] size %d exceeds Buffer [%4.4s] size %d (bits)\n",



It is perhaps desirable to make printk() a bit more robust about this sort
of thing.


diff -puN lib/vsprintf.c~printk-handle-bad-pointers lib/vsprintf.c
--- 25/lib/vsprintf.c~printk-handle-bad-pointers	2003-10-18 11:19:05.000000000 -0700
+++ 25-akpm/lib/vsprintf.c	2003-10-18 11:19:25.000000000 -0700
@@ -348,7 +348,7 @@ int vsnprintf(char *buf, size_t size, co
 
 			case 's':
 				s = va_arg(args, char *);
-				if (!s)
+				if ((unsigned long)s < PAGE_SIZE)
 					s = "<NULL>";
 
 				len = strnlen(s, precision);

_

Re: 2.6.0-test8: panic on boot

[Olivier NICOLAS]

Thanks


It works for 2.6.0-test8 with ACPI debug


ACPI: Subsystem revision 20031002
  tbxface-0117 [03] acpi_load_tables      : ACPI Tables successfully 
acquired
Parsing all Control 
Methods:..................................................................................
Table [DSDT](id F004) - 614 Objects with 75 Devices 173 Methods 25 Regions
ACPI Namespace successfully loaded at root c03fe6bc
evxfevnt-0093 [04] acpi_enable           : Transition to ACPI mode 
successful
evgpeblk-0748 [06] ev_create_gpe_block   : GPE 00 to 15 [_GPE] 2 regs at 
000000000000500C on int 9
evgpeblk-0221 [08] ev_save_method_info   : Unknown GPE method type: C16A 
(name not of form _Lnn or _Enn)
evgpeblk-0221 [08] ev_save_method_info   : Unknown GPE method type: C135 
(name not of form _Lnn or _Enn)
Completing Region/Field/Buffer/Package 
initialization:........................................................
Initialized 25/25 Regions 0/0 Fields 19/19 Buffers 33/33 Packages (622 
nodes)
Executing all Device _STA and_INI 
methods:....................................................................
76 Devices found containing: 76 _STA, 6 _INI methods
ACPI: Interpreter enabled
ACPI: Using PIC for interrupt routing
dsopcode-0526 [19] ds_init_buffer_field  : Field [C00C] size 1184 
exceeds Buffer [<NUL] size 1088 (bits)
  psparse-1120: *** Error: Method execution failed [\_SB_.C005.C00B] 
(Node c7f8a748), AE_AML_BUFFER_LIMIT
  psparse-1120: *** Error: Method execution failed [\_SB_.C005.C00F] 
(Node c7f8a688), AE_AML_BUFFER_LIMIT
  psparse-1120: *** Error: Method execution failed [\_SB_.C005._CRS] 
(Node c7f8a5c8), AE_AML_BUFFER_LIMIT
   uteval-0098: *** Error: Method execution failed [\_SB_.C005._CRS] 
(Node c7f8a5c8), AE_AML_BUFFER_LIMIT
ACPI: PCI Root Bridge [C005] (00:00)
PCI: Probing PCI hardware (bus 00)
ACPI: PCI Interrupt Routing Table [\_SB_.C005._PRT]
ACPI: Power Resource [C129] (on)
ACPI: Power Resource [C0DB] (on)
ACPI: PCI Interrupt Link [C142] (IRQs *11)
ACPI: PCI Interrupt Link [C148] (IRQs 11)
ACPI: PCI Interrupt Link [C149] (IRQs *11)
ACPI: PCI Interrupt Link [C14A] (IRQs *11)
ACPI: Power Resource [C15F] (off)
ACPI: Power Resource [C161] (off)
ACPI: Power Resource [C163] (off)
Linux Kernel Card Services
   options:  [pci] [cardbus] [pm]
ACPI: PCI Interrupt Link [C142] enabled at IRQ 11
ACPI: PCI Interrupt Link [C14A] enabled at IRQ 11
ACPI: PCI Interrupt Link [C149] enabled at IRQ 11
PCI: Using ACPI for IRQ routing
PCI: if you experience problems, try using option 'pci=noacpi' or even 
'acpi=off'

...
Andrew Morton wrote:
> Olivier NICOLAS <olivn@trollprod.org> wrote:
> 
>> NULL pointer dereference at virtual address 00000004
>>   printing eip:
>> c01de05e
>> *pde = 00000000
>> Oops: 0000 [#1]
>> CPU:    0
>> EIP:    0060:[<c01de05e>]    Not tainted
>> EFLAGS: 00010213
>> EIP is at vsnprintf+0x28e/0x4e0
>> eax: 00000004   ebx: 0000000a   ecx: 00000004   edx: 00000003
>> esi: c03efae7   edi: ffffffff   ebp: 00000000   esp: c114bac0
>> ds: 007b   es: 007b   ss: 0068
>> Process swapper (pid: 1, threadinfo=c114a000 task=c117b8c0)
>> Stack: c114bb08 ffffffff 000004a0 00000000 0000000a ffffffff 00000003 
>> 00000002
>>         00000004 00000004 ffffffff 00000001 c114bb68 c7f02c48 c7f02ee8 
>> c01de307
>>         c03efac0 3fc10540 c03292ea c114bb60 c01e6579 c03efac0 c03292c0 
>> c114bb54
>> Call Trace:
>>   [<c01de307>] vsprintf+0x27/0x30
>>   [<c01e6579>] acpi_os_vprintf+0x12/0x2a
>>   [<c020992b>] acpi_ut_debug_print+0x97/0x9d
>>   [<c01e91d2>] acpi_ds_init_buffer_field+0x18d/0x20c
>>   [<c01e93ac>] acpi_ds_eval_buffer_field_operands+0x15b/0x17d
>>   [<c01e9f8f>] acpi_ds_exec_end_op+0x22c/0x409
> 
> 
> Well clearly one of the strings in this debug message in
> acpi_ds_init_buffer_field() is null:
> 
> 	/* Entire field must fit within the current length of the buffer */
> 
> 	if ((bit_offset + bit_count) >
> 		(8 * (u32) buffer_desc->buffer.length)) {
> 		ACPI_DEBUG_PRINT ((ACPI_DB_ERROR,
> 			"Field [%4.4s] size %d exceeds Buffer [%4.4s] size %d (bits)\n",
> 
> 
> 
> It is perhaps desirable to make printk() a bit more robust about this sort
> of thing.
> 
> 
> diff -puN lib/vsprintf.c~printk-handle-bad-pointers lib/vsprintf.c
> --- 25/lib/vsprintf.c~printk-handle-bad-pointers	2003-10-18 11:19:05.000000000 -0700
> +++ 25-akpm/lib/vsprintf.c	2003-10-18 11:19:25.000000000 -0700
> @@ -348,7 +348,7 @@ int vsnprintf(char *buf, size_t size, co
>  
>  			case 's':
>  				s = va_arg(args, char *);
> -				if (!s)
> +				if ((unsigned long)s < PAGE_SIZE)
>  					s = "<NULL>";
>  
>  				len = strnlen(s, precision);
> 
> _
> 
> 

Re: 2.6.0-test8: panic on boot

[Andrew Morton]

Olivier NICOLAS <olivn@trollprod.org> wrote:
>
> Thanks
> 
> 
> It works for 2.6.0-test8 with ACPI debug
> 

Fine, thanks.

> dsopcode-0526 [19] ds_init_buffer_field  : Field [C00C] size 1184 
> exceeds Buffer [<NUL] size 1088 (bits)

It is the second pointer which is null.

(The "<NULL>" was truncated because it is a "%4s".  hmm..)