Bug 783658

Summary: [abrt] kernel: BUG: unable to handle kernel NULL pointer dereference at 00000050
Product: [Fedora] Fedora Reporter: Vesa Halttunen <vesuri>
Component: kernelAssignee: Eric Sandeen <esandeen>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: gansalmon, itamar, jonathan, kernel-maint, madhu.chinakonda
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Unspecified   
Whiteboard: abrt_hash:15554fa5b5fd5dd04f48dfdfcc6e643b42bb162e
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-04-03 21:25:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Screenshot showing the problem none

Description Vesa Halttunen 2012-01-21 14:55:58 UTC 
libreport version: 2.0.8
abrt_version:   2.0.7
cmdline:        BOOT_IMAGE=/vmlinuz-3.1.8-2.fc16.i686.PAE root=/dev/mapper/Linux-Root ro rd.md=0 rd.dm=0 quiet SYSFONT=latarcyrheb-sun16 rhgb rd.lvm.lv=Linux/Swap KEYTABLE=fi rd.luks=0 rd.lvm.lv=Linux/Root LANG=en_US.UTF-8
comment:        I umounted an ext2 OR FAT32 partition residing on an external SATA drive connected via USB. Since I tried to unmount two partitions roughly at the same time I don't know which of the two partitions was actually being unmounted at that time.
kernel:         3.1.8-2.fc16.i686.PAE
reason:         BUG: unable to handle kernel NULL pointer dereference at 00000050
time:           Wed 18 Jan 2012 12:02:39 AM EET

backtrace:
:BUG: unable to handle kernel NULL pointer dereference at 00000050
:IP: [<c092a7ed>] _raw_spin_lock+0xd/0x20
:*pdpt = 0000000029a6a001 *pde = 000000010f8bb067 
:Oops: 0002 [#1] SMP 
:Modules linked in: vfat fat ppdev parport_pc lp parport fuse 8021q garp stp llc fcoe libfcoe libfc scsi_transport_fc scsi_tgt nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack_ftp ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables joydev snd_hda_codec_idt binfmt_misc microcode snd_hda_intel snd_hda_codec snd_ice1712 snd_ice17xx_ak4xxx snd_ak4xxx_adda snd_hwdep snd_cs8427 snd_seq snd_ac97_codec ac97_bus snd_i2c i2c_i801 snd_mpu401_uart snd_pcm serio_raw snd_rawmidi iTCO_wdt iTCO_vendor_support snd_seq_device snd_timer snd e1000e soundcore snd_page_alloc uinput firewire_ohci firewire_core pata_acpi ata_generic crc_itu_t pata_marvell usb_storage nouveau ttm drm_kms_helper drm i2c_algo_bit i2c_core mxm_wmi wmi video [last unloaded: scsi_wait_scan]
:Pid: 26347, comm: umount Not tainted 3.1.8-2.fc16.i686.PAE #1                  /DP35DP
:EIP: 0060:[<c092a7ed>] EFLAGS: 00010287 CPU: 3
:EIP is at _raw_spin_lock+0xd/0x20
:EAX: 00000050 EBX: df5e5e98 ECX: 00000000 EDX: 00000100
:ESI: df5e5fb4 EDI: 00000000 EBP: c0e05e68 ESP: c0e05e68
: DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
:Process umount (pid: 26347, ti=c0e04000 task=edd89920 task.ti=c0e04000)
:Stack:
: c0e05e7c c0560ca9 df5e5e98 00000000 df5e5f60 c0e05e88 c05bc300 df5e5e98
: c0e05eb4 c05a6a7c c094a7e0 c0e05e9c c056c5fd c0e05ea8 df5e5c48 df5e5ce4
: df5e5e98 df5e5f34 c094a7e0 c0e05ec8 c054f710 df5e5f2c c0e05ee8 df5e5e98
:Call Trace:
: [<c0560ca9>] invalidate_inode_buffers+0x29/0x60
: [<c05bc300>] ext4_clear_inode+0x10/0x60
: [<c05a6a7c>] ext4_evict_inode+0x6c/0x400
: [<c056c5fd>] ? __fsnotify_inode_delete+0xd/0x10
: [<c054f710>] evict+0x80/0x160
: [<c054fc21>] dispose_list+0x31/0x40
: [<c05501bd>] evict_inodes+0x8d/0xc0
: [<c053b5f6>] generic_shutdown_super+0x46/0xb0
: [<c053b689>] kill_block_super+0x29/0x70
: [<c053b9cf>] deactivate_locked_super+0x2f/0x80
: [<c053c2c7>] deactivate_super+0x47/0x60
: [<c05531c9>] mntput_no_expire+0x99/0xe0
: [<c0553c85>] sys_umount+0x65/0x320
: [<c0553f5e>] sys_oldumount+0x1e/0x20
: [<c093199f>] sysenter_do_call+0x12/0x28
:Code: e5 3e 8d 74 26 00 f0 81 00 00 00 10 00 89 d0 50 9d 8d 74 26 00 5d c3 8d b4 26 00 00 00 00 55 89 e5 3e 8d 74 26 00 ba 00 01 00 00 <f0> 66 0f c1 10 38 f2 74 06 f3 90 8a 10 eb f6 5d c3 66 90 55 89 
:EIP: [<c092a7ed>] _raw_spin_lock+0xd/0x20 SS:ESP 0068:c0e05e68
:CR2: 0000000000000050

smolt_data:
:
:
:General
:=================================
:UUID: ac5d50e4-2362-41fb-b042-6ae54be75876
:OS: Fedora release 16 (Verne)
:Default run level: Unknown
:Language: en_US.UTF-8
:Platform: i686
:BogoMIPS: 5000.35
:CPU Vendor: GenuineIntel
:CPU Model: Intel(R) Core(TM)2 Quad  CPU   Q9300  @ 2.50GHz
:CPU Stepping: 7
:CPU Family: 6
:CPU Model Num: 23
:Number of CPUs: 4
:CPU Speed: 2497
:System Memory: 3963
:System Swap: 2047
:Vendor: Unknown
:System:  
:Form factor: Desktop
:Kernel: 3.1.9-1.fc16.i686.PAE
:SELinux Enabled: 0
:SELinux Policy: targeted
:SELinux Enforce: Unknown
:MythTV Remote: Unknown
:MythTV Role: Unknown
:MythTV Theme: Unknown
:MythTV Plugin: 
:MythTV Tuner: -1
:
:
:Devices
:=================================
:(32902:10688:32902:20548) pci, None, HOST/PCI, 82G33/G31/P35/P31 Express DRAM Controller
:(32902:10689:32902:20548) pci, pcieport, PCI/PCI, 82G33/G31/P35/P31 Express PCI Express Root Port
:(32902:10544:32902:20548) pci, i801_smbus, SERIAL, 82801I (ICH9 Family) SMBus Controller
:(32902:10530:32902:20548) pci, ahci, STORAGE, 82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA AHCI Controller
:(32902:10518:32902:20548) pci, None, PCI/ISA, 82801IR (ICH9R) LPC Interface Controller
:(32902:10572:32902:1) pci, e1000e, ETHERNET, 82566DC-2 Gigabit Network Connection
:(32902:9294:32902:20548) pci, None, PCI/PCI, 82801 PCI Bridge
:(32902:10549:32902:20548) pci, uhci_hcd, USB, 82801I (ICH9 Family) USB UHCI Controller #2
:(32902:10548:32902:20548) pci, uhci_hcd, USB, 82801I (ICH9 Family) USB UHCI Controller #1
:(32902:10553:32902:20548) pci, uhci_hcd, USB, 82801I (ICH9 Family) USB UHCI Controller #6
:(32902:10550:32902:20548) pci, uhci_hcd, USB, 82801I (ICH9 Family) USB UHCI Controller #3
:(32902:10554:32902:20548) pci, ehci_hcd, USB, 82801I (ICH9 Family) USB2 EHCI Controller #1
:(32902:10556:32902:20548) pci, ehci_hcd, USB, 82801I (ICH9 Family) USB2 EHCI Controller #2
:(4523:24833:4523:24833) pci, pata_marvell, STORAGE, 88SE6101/6102 single-port PATA133 interface
:(32902:10564:32902:10564) pci, pcieport, PCI/PCI, 82801I (ICH9 Family) PCI Express Port 3
:(32902:10566:32902:10566) pci, pcieport, PCI/PCI, 82801I (ICH9 Family) PCI Express Port 4
:(32902:10560:32902:10560) pci, pcieport, PCI/PCI, Optiplex 755
:(32902:10562:32902:10562) pci, pcieport, PCI/PCI, 82801I (ICH9 Family) PCI Express Port 2
:(32902:10692:32902:20548) pci, None, SIMPLE, 82G33/G31/P35/P31 Express MEI Controller
:(32902:10568:32902:10568) pci, pcieport, PCI/PCI, 82801I (ICH9 Family) PCI Express Port 5
:(32902:10558:32902:12289) pci, snd_hda_intel, MULTIMEDIA, 82801I (ICH9 Family) HD Audio Controller
:(32902:10551:32902:20548) pci, uhci_hcd, USB, 82801I (ICH9 Family) USB UHCI Controller #4
:(32902:10552:32902:20548) pci, uhci_hcd, USB, 82801I (ICH9 Family) USB UHCI Controller #5
:(4318:1556:5208:13520) pci, nouveau, VIDEO, G92 [GeForce 9800 GT]
:(4172:32803:32902:20548) pci, firewire_ohci, FIREWIRE, TSB43AB22A IEEE-1394a-2000 Controller (PHY/Link) [iOHCI-Lynx]
:(5138:5906:5138:54836) pci, snd_ice1712, MULTIMEDIA_AUDIO, M-Audio Delta Audiophile 2496
:
:
:Filesystem Information
:=================================
:device mtpt type bsize frsize blocks bfree bavail file ffree favail
:-------------------------------------------------------------------
:/dev/mapper/Linux-Root / ext4 4096 4096 2064238 1024341 1003376 524288 355661 355661
:/dev/sda1 /boot ext4 1024 1024 251887 195125 182121 65024 64796 64796
:/dev/sdb1 WITHHELD ext4 4096 4096 72108792 6875966 3213046 18317312 18075569 18075569
:/dev/mapper/Linux-Opt /opt ext4 4096 4096 1548176 1486733 1408090 393216 393111 393111
:/dev/sda6 /home ext4 4096 4096 17117067 8486710 7617207 4349952 4167779 4167779
:/dev/mapper/Linux-Var /var ext4 4096 4096 1184277 425524 365364 301328 277570 277570
:/dev/mapper/Linux-Tmp /tmp ext4 4096 4096 525111 246976 220301 133552 133249 133249
:/dev/sdc2 WITHHELD vfat 16384 16384 5240150 1430164 1430164 0 0 0
:/dev/sdc1 WITHHELD ext2 4096 4096 56274155 3865729 3865729 28590080 28212786 28212786
:
Comment 1 Eric Sandeen 2012-01-23 16:39:29 UTC 
Odds are it was ext4 given the backtrace :)

Was it still properly connected when you unmounted, or was it possibly previously disconnected...
Comment 2 Vesa Halttunen 2012-01-23 18:51:21 UTC 
(In reply to comment #1)
> Was it still properly connected when you unmounted, or was it possibly
> previously disconnected...

It was still connected.

Somewhat off-topic, but for some reason I've been seeing a lot of kernel oopses after installing Fedora 16. I've practically never seen any on any earlier Fedora release on exactly the same hardware. Some of them have also been ext4-related but not umount-related. Unfortunately abrt hasn't stored/hasn't been able to store information about them. I guess I'll have to start taking screenshots with a camera and posting bugs that way...
Comment 3 Eric Sandeen 2012-01-23 19:08:22 UTC 
If you use hibernate, that's suspect.  Tons of people are hitting bugs post-hibernate, and I cannot get a handle on the problem.
Comment 4 Eric Sandeen 2012-01-23 19:13:10 UTC 
void invalidate_inode_buffers(struct inode *inode)
{
        if (inode_has_buffers(inode)) {
                struct address_space *mapping = &inode->i_data;
                struct list_head *list = &mapping->private_list;
                struct address_space *buffer_mapping = mapping->assoc_mapping;

                spin_lock(&buffer_mapping->private_lock);
                while (!list_empty(list))
                        __remove_assoc_queue(BH_ENTRY(list->next));
                spin_unlock(&buffer_mapping->private_lock);
        }
}

we oopsed down the spin_lock path; private_lock is offset 0x50 (80) into the address_space, so presumably inode->i_data->assoc_mapping was NULL.

(gdb) offsetof private_lock address_space
$3 = 80

Oh; I said "Odds are it was ext4" but I meant ext2; the ext4 driver handles ext2 in F16.  I'll see if I can see how we got here...
Comment 5 Vesa Halttunen 2012-01-23 19:29:50 UTC 
(In reply to comment #3)
> If you use hibernate, that's suspect.

I don't.

(In reply to comment #4)
> Oh; I said "Odds are it was ext4" but I meant ext2; the ext4 driver handles
> ext2 in F16.  I'll see if I can see how we got here...

Yep, it's ext2 - it's the /dev/sdc1 partition listed under "Filesystem Information".
Comment 6 Eric Sandeen 2012-01-23 20:58:20 UTC 
Were you using quotas on the ext2 fs?
Comment 7 Vesa Halttunen 2012-01-23 21:52:21 UTC 
(In reply to comment #6)
> Were you using quotas on the ext2 fs?

No.
Comment 8 Eric Sandeen 2012-01-23 22:53:12 UTC 
Well, nothing obvious here.  :(  Is this repeatable?  Anything interesting about the files on the fs, or what you were doing to it prior to the unmount?
Comment 9 Vesa Halttunen 2012-01-23 23:08:13 UTC 
(In reply to comment #8)
> Well, nothing obvious here.  :(  Is this repeatable?

I think I've seen this particular problem twice, but can't repeat for example right now. Or let's try...

...nope. :)

> Anything interesting
> about the files on the fs, or what you were doing to it prior to the unmount?

Perhaps the most interesting thing is that the drive is connected via USB:

[ 4739.717029] usb 2-2: new high speed USB device number 7 using ehci_hcd
[ 4739.963310] usb 2-2: New USB device found, idVendor=07ff, idProduct=00ff
[ 4739.963314] usb 2-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 4739.963317] usb 2-2: Product: ATAPI-6 Bridge Controller
[ 4739.963319] usb 2-2: Manufacturer: Prolific Technology Inc.
[ 4739.963321] usb 2-2: SerialNumber: 283A
[ 4739.963796] scsi9 : usb-storage 2-2:1.0
[ 4740.963951] scsi 9:0:0:0: Direct-Access     ST332062 0A               3.AA PQ: 0 ANSI: 0

I ran e2fsck on the fs and the fs seemed to be fine. I don't remember doing anything particularly special before this happened.
Comment 10 Dave Jones 2012-03-22 16:37:50 UTC 
[mass update]
kernel-3.3.0-4.fc16 has been pushed to the Fedora 16 stable repository.
Please retest with this update.
Comment 11 Dave Jones 2012-03-22 16:43:09 UTC 
[mass update]
kernel-3.3.0-4.fc16 has been pushed to the Fedora 16 stable repository.
Please retest with this update.
Comment 12 Dave Jones 2012-03-22 16:51:14 UTC 
[mass update]
kernel-3.3.0-4.fc16 has been pushed to the Fedora 16 stable repository.
Please retest with this update.
Comment 13 Vesa Halttunen 2012-04-03 13:06:18 UTC 
Created attachment 574860 [details]
Screenshot showing the problem

Still reproducible with 3.3.0-4.fc16.i686.PAE. I unmounted the ext2 filesystem on an external USB drive and got this.
Comment 14 Vesa Halttunen 2012-04-03 21:19:26 UTC 
I'm afraid this bug is invalid. Even though I've been dealing with faulty memory numerous times and running memtest86 has usually been the first thing I do when a system starts crashing, for some reason I didn't run the test this time since the system seemed otherwise stable. After noticing that files also got randomly corrupted on all the drives connected to the system and the drives themselves reported to be fine, I ran the test and of course one of the memory modules was broken. I'm pretty sure it has been causing this problem as well.

Please close this bug with any resolution you see fit. I'll reopen the bug if the problem persists.
Comment 15 Eric Sandeen 2012-04-03 21:25:26 UTC 
Ok, based on the previous comment, this is not a bug, but bad hardware.  Thanks for the feedback!  Do reopen if it reappears.

Thanks,
-Eric