2.6.17-10-generic (edgy) -- BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000

I have the same problem.

This may be related to NFS as I have my home drive mounted over NFS using the nfs-user-server in edgy.

Nov 11 17:30:05 os-i03 kernel: [17179760.284000] BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] printing eip:
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] c011a6b1
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] *pde = 1071c067
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] Oops: 0000 [#1]
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] SMP
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] Modules linked in: binfmt_misc rfcomm l2cap bluetooth vmnet vmmon mga drm speedstep_lib cpufreq_userspace cpufreq_stats freq_table cpufreq_powersave cpufreq_ondemand cpufreq_conservative video tc1100_wmi sony_acpi sbs pcc_acpi i2c_ec i2c_core hotkey dev_acpi container button battery asus_acpi ac ipv6 nfs lockd sunrpc af_packet lp sg snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm_oss snd_pcm snd_mixer_oss snd_seq_dummy snd_seq_oss e100 matrox_w1 mii wire floppy tsdev serio_raw evdev pcspkr psmouse snd_seq_midi snd_rawmidi snd_seq_midi_event hw_random shpchp pci_hotplug intel_agp agpgart parport_pc parport snd_seq snd_timer snd_seq_device snd soundcore snd_page_alloc ext3 jbd sd_mod uhci_hcd usbcore ide_generic aic7xxx scsi_transport_spi scsi_mod ide_cd cdrom piix generic thermal processor fan fbcon tileblit font bitblit softcursor vesafb capability commoncap
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] CPU: 0
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] EIP: 0060:[kmap_atomic+17/128] Tainted: P VLI
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] EFLAGS: 00210202 (2.6.17-10-generic #2)
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] EIP is at kmap_atomic+0x11/0x80
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] eax: 00000000 ebx: 00000000 ecx: c39a0000 edx: 00000003
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] esi: 00000003 edi: 000003f8 ebp: c5fd4450 esp: c39a1d7c
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] ds: 007b es: 007b ss: 0068
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] Process beagled-helper (pid: 5275, threadinfo=c39a0000 task=c48db560)
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] Stack: 00000004 00000c08 e0ba9ca8 000003fc c5e013c0 00000400 c5fd4450 e0baac42
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] 00000004 c036f7a8 00200206 00200046 c5fd44fc 00000000 00000000 c01e2370
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] 00000001 c01e2c0a 00000c00 00000000 c5fd44fc c3282f20 00000000 c5fd44f8
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] Call Trace:
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] <e0ba9ca8> nfs_readpage_truncate_uninitialised_page+0xe8/0x130 [nfs] <e0baac42> nfs_readpage+0x272/0x4f0 [nfs]
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] <c01e2370> radix_tree_node_alloc+0x10/0x60 <c01e2c0a> radix_tree_insert+0x1ca/0x210
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] <c014c698> do_generic_mapping_read+0x508/0x590 <c014d118> __generic_file_aio_read+0xf8/0x270
Nov 11 17:30:05 os-i03 kernel: [17179760.284000] <c014b8a0> fil...

I have compiled and installed kernel 2.6.18.2 from kernel.org, using the same .config file as 2.6.17-10-generic and can confirm that the problem does not exist in this version of the kernel. Everything works OK in 2.6.18.2. Hopefully this will guide us in fixing the edgy kernel. Thanks

We've hit this bug in a LAB with 50 Ubuntu-running PCs and NFS-mounted home.

It's trivially triggered by a few mins of Firefox usage.

Can someone *please* look into it.

Hmm, make that 80+ PCs

Here is a possible patch from LKML: http://lkml.org/lkml/2006/9/18/35

Assigned to kernel team

It happens to me with latest kernel 2.6.20-16-generic from feisty :

$ uname -a
Linux nanook 2.6.20-16-generic #2 SMP Wed May 23 01:46:23 UTC 2007 i686 GNU/Linux

Just after using my NFSv4 share, I got this:

[83308.164030] BUG: unable to handle kernel NULL pointer dereference at virtual address 0000000c
[83308.164041] printing eip:
[83308.164044] f98878ef
[83308.164046] *pde = 00000000
[83308.164051] Oops: 0000 [#1]
[83308.164053] SMP
[83308.164058] Modules linked in: nls_cp437 isofs udf binfmt_misc rfcomm l2cap bluetooth nfs lockd sunrpc autofs4 radeon drm speedstep_lib cpufreq_userspace cpufreq_stats cpufreq_powersave cpufreq_ondemand freq_table cpufreq_conservative tc1100_wmi pcc_acpi dev_acpi sony_acpi video sbs i2c_ec dock button battery container ac asus_acpi backlight af_packet sr_mod sbp2 parport_pc lp parport snd_atiixp snd_ac97_codec ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq sg snd_timer snd_seq_device sd_mod snd i2c_piix4 soundcore i2c_core usblp psmouse snd_page_alloc serio_raw pcspkr shpchp pci_hotplug ati_agp agpgart evdev tsdev ext3 jbd mbcache ide_cd cdrom ide_disk ata_generic libata 8139too generic usb_storage scsi_mod libusual usbhid hid raid10 ohci1394 ieee1394 ehci_hcd atiixp 8139cp mii ohci_hcd usbcore raid456 xor raid1 raid0 multipath linear md_mod thermal processor fan dm_mod fbcon tileblit font bitblit softcursor vesafb capability commoncap
[83308.164211] CPU: 1
[83308.164212] EIP: 0060:[<f98878ef>] Not tainted VLI
[83308.164214] EFLAGS: 00010246 (2.6.20-16-generic #2)
[83308.164239] EIP is at nfs_update_inode+0xbf/0x6a0 [nfs]
[83308.164243] eax: 00000000 ebx: 000081a4 ecx: 000081a4 edx: 00008000
[83308.164248] esi: 0191491e edi: f3ef73c0 ebp: d75d31dc esp: c8ba1de0
[83308.164252] ds: 007b es: 007b ss: 0068
[83308.164256] Process umount (pid: 17395, ti=c8ba0000 task=caa8f030 task.ti=c8ba0000)
[83308.164259] Stack: c02ed98b 00000001 f54f62e8 00000004 00000000 caa8f030 c013ae50 cfee00b0
[83308.164271] d75d30b4 c8ba1e20 d75d31dc c0130ec5 f54f6280 00000000 d75d31dc cfee00b0
[83308.164284] f54f6280 d75d31dc f9889224 cfee0000 00000000 f98979c2 cfee0000 cf58a510
[83308.164296] Call Trace:
[83308.164299] [<c02ed98b>] out_of_line_wait_on_bit+0x7b/0x90
[83308.164326] [<c013ae50>] wake_bit_function+0x0/0x60
[83308.164346] [<c0130ec5>] sigprocmask+0x65/0x100
[83308.164371] [<f9889224>] nfs_post_op_update_inode+0x24/0x50 [nfs]
[83308.164397] [<f98979c2>] nfs4_proc_delegreturn+0x192/0x1a0 [nfs]
[83308.164458] [<f98a34d7>] nfs_do_return_delegation+0x17/0x30 [nfs]
[83308.164491] [<f988615c>] nfs_dentry_iput+0x1c/0x50 [nfs]
[83308.164515] [<c0187a52>] shrink_dcache_for_umount_subtree+0x82/0x230
[83308.164538] [<c011e0d9>] __wake_up_common+0x39/0x60
[83308.164562] [<c0188817>] shrink_dcache_for_umount+0x37/0x50
[83308.164571] [<c0178318>] generic_shutdown_super+0x18/0xf0
[83308.164589] [<c0178439>] kill_anon_super+0x9/0x40
[83308.164599] [<f9889ddc>] nfs_kill_super+0xc/0x20 [nfs]
[83308.164621] [<c01784ed>] deactivate_super+0x5d/0x80
[83308.164633] [<c018cdd2>] expire_mount_list+0xc2/0x140
[83308.1...

Thank you for taking the time to report this bug and helping to make Ubuntu better. The issue that you reported is one that should be reproducable with the live environment of the Desktop CD of the development release - Gutsy Gibbon. It would help us greatly if you could test with it so we can work on getting it fixed in the actively developed kernel. You can find out more about the development release at http://www.ubuntu.com/testing/ . Thanks again and we appreciate your help.

It's an edgy-only bug.

It would have been great if it could have been fixed as a backport in edgy, but we've long since upgraded to feisty.

SR

I have seen many Oopses at nfs_update_inode with the current Gutsy kernel. I reported them to the linux-nfs list (http://linux-nfs.org/pipermail/nfsv4/2007-September/006828.html) and got a reply that these problems are supposed to be fixed in the current development kernel. Testing with 2.6.23-rc8 now, have not seen any Oopses yet.

There is a set of patches out for 2.6.22 which fix many problems with NFS. The kernel team might want to consider adding at least the patch which (supposedly) fixes this Oops to the Gutsy release kernel:

http://client.linux-nfs.org/Linux-2.6.x/2.6.22/linux-2.6.22-010-fix_nfs_reval_fsid.dif

The other patches can be found here:

http://client.linux-nfs.org/Linux-2.6.x/2.6.22/

I can confirm what knarf just said : same story on a fresh installed Gutsy system, using a 2.6.22 kernel :
    $ uname -a
    Linux nanook 2.6.22-14-generic #1 SMP Sun Oct 14 23:05:12 GMT 2007 i686 GNU/Linux

Once in a while nautilus hangs, and dmesg shows this :
[119042.147998] BUG: unable to handle kernel NULL pointer dereference at virtual address 0000000c
[119042.148007] printing eip:
[119042.148009] f8c8acf5
[119042.148011] *pde = 00000000
[119042.148015] Oops: 0000 [#1]
[119042.148017] SMP
[119042.148021] Modules linked in: rfcomm l2cap bluetooth af_packet ppdev autofs4 sbs container dock ac video button battery nfs lockd sunrpc sbp2 parport_pc lp parport snd_atiixp snd_ac97_codec ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq joydev snd_timer snd_seq_device snd soundcore snd_page_alloc usbhid hid serio_raw psmouse pcspkr i2c_piix4 shpchp ati_agp agpgart pci_hotplug i2c_core evdev ext3 jbd mbcache ide_disk ide_cd cdrom atiixp ide_core ohci_hcd ohci1394 ieee1394 ata_generic libata scsi_mod ehci_hcd 8139too 8139cp mii usbcore thermal processor fan fuse apparmor commoncap
[119042.148101] CPU: 1
[119042.148102] EIP: 0060:[<f8c8acf5>] Not tainted VLI
[119042.148104] EFLAGS: 00010246 (2.6.22-14-generic #1)
[119042.148125] EIP is at nfs_update_inode+0xc5/0x6d0 [nfs]
[119042.148128] eax: 00000000 ebx: 000081a4 ecx: 000081a4 edx: 00008000
[119042.148131] esi: 02aa1ca3 edi: f6bc4900 ebp: decd3618 esp: f269fdd8
[119042.148134] ds: 007b es: 007b fs: 00d8 gs: 0033 ss: 0068
[119042.148138] Process umount.nfs4 (pid: 19023, ti=f269e000 task=f20039f0 task.ti=f269e000)
[119042.148140] Stack: decd3618 c02f300b 00000001 e74a5880 00000004 00000000 f20039f0 efc8d0b0
[119042.148150] decd34f0 f269fe1c decd3618 01c594f3 c01320c5 e74a5800 00000000 decd3618
[119042.148159] efc8d0b0 e74a5800 decd3618 f8c8c6d4 efc8d000 00000000 f8c9a4fb efc8d000
[119042.148168] Call Trace:
[119042.148173] [<c02f300b>] out_of_line_wait_on_bit+0x7b/0x90
[119042.148199] [<c01320c5>] sigprocmask+0x65/0x100
[119042.148217] [<f8c8c6d4>] nfs_post_op_update_inode+0x24/0x50 [nfs]
[119042.148235] [<f8c9a4fb>] nfs4_proc_delegreturn+0x17b/0x180 [nfs]
[119042.148272] [<f8ca6867>] nfs_do_return_delegation+0x17/0x30 [nfs]
[119042.148292] [<f8c892e9>] nfs_dentry_iput+0x29/0x80 [nfs]
[119042.148309] [<c0191f02>] shrink_dcache_for_umount_subtree+0x82/0x230
[119042.148317] [<c017b123>] add_partial+0x13/0x40
[119042.148325] [<c017b123>] add_partial+0x13/0x40
[119042.148333] [<c017beb1>] __slab_free+0x111/0x2a0
[119042.148345] [<c0192d27>] shrink_dcache_for_umount+0x37/0x50
[119042.148351] [<c0182258>] generic_shutdown_super+0x18/0xf0
[119042.148363] [<c0182359>] kill_anon_super+0x9/0x40
[119042.148370] [<f8c8d28c>] nfs_kill_super+0xc/0x20 [nfs]
[119042.148384] [<c018240d>] deactivate_super+0x5d/0x80
[119042.148392] [<c0197112>] expire_mount_list+0xc2/0x140
[119042.148411] [<c0198293>] shrink_submounts+0xb3/0xd0
[119042.148431] [<c0197299>] sys_umount+0x109/0x270
[119042.148453] [<c01928b7>] dput+0x87/0x100
[119042.148459] [<c01816eb>] __fput+0x12b/0x1a0
[119042....

The 18 month support period for Edgy Eft 6.10 has reached it's end of life. As a result, we are closing the linux-source-2.6.17 Edgy Eft kernel task. However, Hardy Heron 8.04 was recently released. It would be helpful if you could test the new release and verify if this is still an issue - http://www.ubuntu.com/getubuntu/download . If the issue still exists, please update this report by changing the Status of the Hardy "linux" kernel task from "Incomplete" to "New". We appreciate your patience and understanding as we make this transition. Thanks!

The Ubuntu Kernel Team is planning to move to the 2.6.27 kernel for the upcoming Intrepid Ibex 8.10 release. As a result, the kernel team would appreciate it if you could please test this newer 2.6.27 Ubuntu kernel. There are one of two ways you should be able to test:

1) If you are comfortable installing packages on your own, the linux-image-2.6.27-* package is currently available for you to install and test.

--or--

2) The upcoming Alpha5 for Intrepid Ibex 8.10 will contain this newer 2.6.27 Ubuntu kernel. Alpha5 is set to be released Thursday Sept 4. Please watch http://www.ubuntu.com/testing for Alpha5 to be announced. You should then be able to test via a LiveCD.

Please let us know immediately if this newer 2.6.27 kernel resolves the bug reported here or if the issue remains. More importantly, please open a new bug report for each new bug/regression introduced by the 2.6.27 kernel and tag the bug report with 'linux-2.6.27'. Also, please specifically note if the issue does or does not appear in the 2.6.26 kernel. Thanks again, we really appreicate your help and feedback.

Unfortunately this bug report is being closed because we received no response to the last inquiry for information. However, the Intrepid Ibex 8.10 Beta release was most recently announced - http://www.ubuntu.com/testing/intrepid/beta . If you are able to confirm this is still an issue with this most recent release please feel free to reopen this report. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks.

Per a decision made by the Ubuntu Kernel Team, bugs will longer be assigned to the ubuntu-kernel-team in Launchpad as part of the bug triage process. The ubuntu-kernel-team is being unassigned from this bug report. Refer to https://wiki.ubuntu.com/KernelTeamBugPolicies for more information. Thanks.