kernel-packages team mailing list archive

[Federico Ceratto <922906@xxxxxxxxxxxxxxxxxx>]

I ran in a similar bug  while running inotifywait on kernel:

3.19.0-30-generic #34-Ubuntu SMP Fri Oct 2 22:08:41 UTC 2015 x86_64
x86_64 x86_64 GNU/Linux

------

[3975766.571492] BUG: unable to handle kernel paging request at 00000000812363a7
[3975766.571500] IP: [<00000000812363a7>] 0x812363a7
[3975766.571507] PGD 0 
[3975766.571510] Oops: 0010 [#1] SMP 
[3975766.571514] Modules linked in: tcp_diag udp_diag inet_diag unix_diag nfsd auth_rpcgss nfs_acl lockd grace sunrpc nfnetlink_queue nfnetlink_log nfnetlink bluetooth ufs qnx4 hfsplus hfs minix ntfs msdos jfs xfs libcrc32c 8021q garp mrp vhost_net vhost macvtap macvlan ip6t_REJECT nf_reject_ipv6 xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables vmnet(OE) vmw_vsock_vmci_transport vsock vmw_vmci vmmon(OE) cfg80211 nls_iso8859_1 nvidia(POE) x86_pkg_temp_thermal intel_powerclamp coretemp snd_hda_codec_hdmi hp_wmi snd_hda_codec_realtek kvm_intel snd_hda_codec_generic kvm
[3975766.571558]  sparse_keymap snd_hda_intel crct10dif_pclmul snd_hda_controller crc32_pclmul dm_multipath ghash_clmulni_intel snd_hda_codec aesni_intel snd_hwdep snd_pcm aes_x86_64 scsi_dh snd_seq_midi lrw gf128mul snd_seq_midi_event drm snd_rawmidi snd_seq glue_helper snd_seq_device ablk_helper cryptd mei_me snd_timer sb_edac snd soundcore mei edac_core ioatdma serio_raw 8250_fintek shpchp wmi lpc_ich tpm_infineon mac_hid parport_pc ppdev lp parport autofs4 btrfs xor raid6_pq hid_generic usbhid hid igb i2c_algo_bit firewire_ohci e1000e psmouse dca isci firewire_core ahci ptp libsas libahci crc_itu_t pps_core scsi_transport_sas pata_acpi
[3975766.571600] CPU: 4 PID: 109 Comm: fsnotify_mark Tainted: P         C OE  3.19.0-30-generic #34-Ubuntu
[3975766.571603] Hardware name: Hewlett-Packard HP Z620 Workstation/158A, BIOS J61 v03.65 12/19/2013
[3975766.571606] task: ffff881fa1033ae0 ti: ffff881f9c84c000 task.ti: ffff881f9c84c000
[3975766.571608] RIP: 0010:[<00000000812363a7>]  [<00000000812363a7>] 0x812363a7
[3975766.571613] RSP: 0018:ffff881f9c84fe58  EFLAGS: 00010286
[3975766.571616] RAX: ffffffff81fb1810 RBX: ffff881f9c84fe60 RCX: 0000000000000000
[3975766.571617] RDX: 000000000000bbea RSI: 0000000000000000 RDI: ffffffff81fb1810
[3975766.571619] RBP: ffff881f9c84feb8 R08: ffffffff81d294c8 R09: 0000000180270014
[3975766.571621] R10: ffff88202fc98fe0 R11: ffff880a72398548 R12: ffff881f9c84fe88
[3975766.571623] R13: ffff881f9c84fe50 R14: 0000000000000000 R15: 0000000000000000
[3975766.571625] FS:  0000000000000000(0000) GS:ffff88202fc80000(0000) knlGS:0000000000000000
[3975766.571627] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[3975766.571629] CR2: 00000000812363a7 CR3: 0000000001c13000 CR4: 00000000001427f0
[3975766.571630] Stack:
[3975766.571632]  ffff881f9c84ffd8 ffff880a72398628 ffff880a72398628 ffff881f00020000
[3975766.571635]  ffff881fa1033ae0 ffffffff810b7680 ffff881f9c84fe88 ffff881f9c84fe88
[3975766.571638]  0000000000000000 ffff880f9dc83b40 0000000000000000 ffffffff81236330
[3975766.571641] Call Trace:
[3975766.571650]  [<ffffffff810b7680>] ? wait_woken+0x90/0x90
[3975766.571656]  [<ffffffff81236330>] ? fsnotify_put_mark+0x40/0x40
[3975766.571661]  [<ffffffff81095959>] kthread+0xc9/0xe0
[3975766.571665]  [<ffffffff81095890>] ? kthread_create_on_node+0x1c0/0x1c0
[3975766.571670]  [<ffffffff817cbdd8>] ret_from_fork+0x58/0x90
[3975766.571674]  [<ffffffff81095890>] ? kthread_create_on_node+0x1c0/0x1c0
[3975766.571676] Code:  Bad RIP value.
[3975766.571678] RIP  [<00000000812363a7>] 0x812363a7
[3975766.571683]  RSP <ffff881f9c84fe58>
[3975766.571684] CR2: 00000000812363a7
[3975766.571687] ---[ end trace 52f13d4ec1680637 ]---
[3975766.571693] BUG: unable to handle kernel NULL pointer dereference at 0000000000000088
[3975766.571697] IP: [<ffffffff817cba6e>] _raw_spin_lock+0xe/0x80
[3975766.571704] PGD 0 
[3975766.571706] Oops: 0002 [#2] SMP 
[3975766.571709] Modules linked in: tcp_diag udp_diag inet_diag unix_diag nfsd auth_rpcgss nfs_acl lockd grace sunrpc nfnetlink_queue nfnetlink_log nfnetlink bluetooth ufs qnx4 hfsplus hfs minix ntfs msdos jfs xfs libcrc32c 8021q garp mrp vhost_net vhost macvtap macvlan ip6t_REJECT nf_reject_ipv6 xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables vmnet(OE) vmw_vsock_vmci_transport vsock vmw_vmci vmmon(OE) cfg80211 nls_iso8859_1 nvidia(POE) x86_pkg_temp_thermal intel_powerclamp coretemp snd_hda_codec_hdmi hp_wmi snd_hda_codec_realtek kvm_intel snd_hda_codec_generic kvm
[3975766.571756]  sparse_keymap snd_hda_intel crct10dif_pclmul snd_hda_controller crc32_pclmul dm_multipath ghash_clmulni_intel snd_hda_codec aesni_intel snd_hwdep snd_pcm aes_x86_64 scsi_dh snd_seq_midi lrw gf128mul snd_seq_midi_event drm snd_rawmidi snd_seq glue_helper snd_seq_device ablk_helper cryptd mei_me snd_timer sb_edac snd soundcore mei edac_core ioatdma serio_raw 8250_fintek shpchp wmi lpc_ich tpm_infineon mac_hid parport_pc ppdev lp parport autofs4 btrfs xor raid6_pq hid_generic usbhid hid igb i2c_algo_bit firewire_ohci e1000e psmouse dca isci firewire_core ahci ptp libsas libahci crc_itu_t pps_core scsi_transport_sas pata_acpi
[3975766.571797] CPU: 9 PID: 10292 Comm: inotifywait Tainted: P      D  C OE  3.19.0-30-generic #34-Ubuntu
[3975766.571800] Hardware name: Hewlett-Packard HP Z620 Workstation/158A, BIOS J61 v03.65 12/19/2013
[3975766.571802] task: ffff881f9cb9ce80 ti: ffff88175588c000 task.ti: ffff88175588c000
[3975766.571804] RIP: 0010:[<ffffffff817cba6e>]  [<ffffffff817cba6e>] _raw_spin_lock+0xe/0x80
[3975766.571807] RSP: 0018:ffff88175588fd08  EFLAGS: 00010202
[3975766.571809] RAX: 0000000000020000 RBX: ffff881f9c84fe50 RCX: 0000000000000000
[3975766.571811] RDX: 0000000000000002 RSI: ffff881c7a284e00 RDI: 0000000000000088
[3975766.571813] RBP: ffff88175588fd08 R08: 0000000000000000 R09: ffffffff81237a85
[3975766.571814] R10: 0000000000000296 R11: 000000000000f810 R12: 0000000000000000
[3975766.571816] R13: 0000000000000088 R14: ffff881f9c84fe70 R15: 0000000000000000
[3975766.571818] FS:  0000000000000000(0000) GS:ffff88202fd20000(0000) knlGS:0000000000000000
[3975766.571820] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[3975766.571822] CR2: 0000000000000088 CR3: 0000000001c13000 CR4: 00000000001427f0
[3975766.571824] Stack:
[3975766.571825]  ffff88175588fd38 ffffffff81235df6 ffff88175588fd38 ffff881f9c84fe50
[3975766.571828]  ffff881c7a284e00 ffff881f9c84fe60 ffff88175588fd78 ffffffff812365d8
[3975766.571831]  ffff88175588fdf8 ffff881f9c84fe50 ffff880a72398618 ffff881c7a284e00
[3975766.571835] Call Trace:
[3975766.571841]  [<ffffffff81235df6>] fsnotify_destroy_inode_mark+0x46/0xb0
[3975766.571845]  [<ffffffff812365d8>] fsnotify_destroy_mark_locked+0x128/0x1a0
[3975766.571850]  [<ffffffff81236c2e>] fsnotify_clear_marks_by_group_flags+0x7e/0xb0
[3975766.571854]  [<ffffffff81236c73>] fsnotify_clear_marks_by_group+0x13/0x20
[3975766.571858]  [<ffffffff81235cf6>] fsnotify_destroy_group+0x16/0x50
[3975766.571861]  [<ffffffff81237cb6>] inotify_release+0x26/0x60
[3975766.571868]  [<ffffffff811f6aa7>] __fput+0xe7/0x250
[3975766.571873]  [<ffffffff811f6c5e>] ____fput+0xe/0x10
[3975766.571877]  [<ffffffff81093f24>] task_work_run+0xd4/0xf0
[3975766.571882]  [<ffffffff81079378>] do_exit+0x368/0xa50
[3975766.571886]  [<ffffffff81079af5>] do_group_exit+0x45/0xb0
[3975766.571889]  [<ffffffff81079b74>] SyS_exit_group+0x14/0x20
[3975766.571892]  [<ffffffff817cbe8d>] system_call_fastpath+0x16/0x1b
[3975766.571894] Code: 01 74 dc 83 e0 fe 8d 70 02 0f b7 f6 0f 1f 80 00 00 00 00 eb ca 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 b8 00 00 02 00 <f0> 0f c1 07 89 c2 c1 ea 10 66 39 c2 75 04 5d c3 66 90 41 89 d0 
[3975766.571926] RIP  [<ffffffff817cba6e>] _raw_spin_lock+0xe/0x80
[3975766.571929]  RSP <ffff88175588fd08>
[3975766.571934] CR2: 0000000000000088
[3975766.571937] ---[ end trace 52f13d4ec1680638 ]---
[3975766.571939] Fixing recursive fault but reboot is needed!

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/922906

Title:
  Kernel Oops - BUG: unable to handle kernel NULL pointer dereference at
  0000009c; EIP is at __ticket_spin_lock+0x8/0x30

Status in Linux:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Precise:
  Fix Released
Status in linux source package in Quantal:
  Fix Released
Status in linux source package in Raring:
  Fix Released

Bug description:
  This happened after unplugging a usb storage device.

  ProblemType: KernelOops
  DistroRelease: Ubuntu 12.04
  Package: linux-image-3.2.0-11-generic 3.2.0-11.19
  ProcVersionSignature: Ubuntu 3.2.0-11.19-generic 3.2.1
  Uname: Linux 3.2.0-11-generic i686
  AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24.
  Annotation: Your system might become unstable now and might need to be restarted.
  ApportVersion: 1.91-0ubuntu1
  Architecture: i386
  AudioDevicesInUse:
   USER        PID ACCESS COMMAND
   /dev/snd/controlC0:  elroy      1504 F.... pulseaudio
  Card0.Amixer.info:
   Card hw:0 'I82801DBICH4'/'Intel 82801DB-ICH4 with AD1981A at irq 17'
     Mixer name	: 'Analog Devices AD1981A'
     Components	: 'AC97a:41445372'
     Controls      : 25
     Simple ctrls  : 17
  Date: Fri Jan 27 19:32:16 2012
  Failure: oops
  HibernationDevice: RESUME=UUID=a818f95b-caf9-4a82-bd11-2e3480e5595a
  InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111012)
  Lsusb:
   Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
   Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
   Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
   Bus 003 Device 002: ID 093a:2510 Pixart Imaging, Inc. Optical Mouse
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.2.0-11-generic root=UUID=481773af-0b0e-47ef-8864-302bf969002c ro quiet splash vt.handoff=7
  PulseSinks: Error: command ['pacmd', 'list-sinks'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon.
  PulseSources: Error: command ['pacmd', 'list-sources'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon.
  RelatedPackageVersions: kerneloops-daemon 0.12+git20090217-1ubuntu18
  RfKill:
   0: phy0: Wireless LAN
    Soft blocked: no
    Hard blocked: no
  SourcePackage: linux
  Title: BUG: unable to handle kernel NULL pointer dereference at 0000009c
  UpgradeStatus: Upgraded to precise on 2012-01-27 (0 days ago)
  dmi.bios.date: 05/28/2003
  dmi.bios.vendor: Compaq
  dmi.bios.version: 686O2 v2.21
  dmi.board.name: 07E4h
  dmi.board.vendor: Compaq
  dmi.chassis.type: 15
  dmi.chassis.vendor: Compaq
  dmi.modalias: dmi:bvnCompaq:bvr686O2v2.21:bd05/28/2003:svnCompaq:pn:pvr:rvnCompaq:rn07E4h:rvr:cvnCompaq:ct15:cvr:
  dmi.sys.vendor: Compaq

  --

  SRU Justification:

  Impact:
  When plugging and unplugging a USB drive occasionally a race condition in the notify subsystem causes a kernel oops.

  Fix:
  A set up of patches 0520bffba9685d88ad68ede4a41abd08a3e9684e..fe9b25d3ee6bdf6f9c9a9ce61d9d3e144bac13ef found in the for-next branch in the notify.git tree solve this issue:
  http://git.infradead.org/users/eparis/notify.git/shortlog/refs/heads/for-next
  These have been cherry-picked and tested on precise/quantal and applied already to raring. Only small modifications are needed for 2 of the patches because the locations of the functions had changed other than that the other 7 patches are clean cherry-picks.

  Testcase:
  Comment #8 and #9 in the upstream bug: https://bugzilla.kernel.org/show_bug.cgi?id=22602 has a test case that easily reproduces this issue within 15-30 minutes. I have applied the above fixes and was able to run this test case overnight in all cases.
  In addition I've tested using the LTP tests for inotfy and these run properly with the fix applied.

To manage notifications about this bug go to:
https://bugs.launchpad.net/linux/+bug/922906/+subscriptions