libreport version: 2.0.6 abrt_version: 2.0.4.981 cmdline: BOOT_IMAGE=/boot/vmlinuz-3.1.1-1.fc16.x86_64 root=UUID=2f77d865-994e-4ebf-995c-71b3048671f7 ro rd.md=0 rd.lvm=0 rd.dm=0 KEYTABLE=us quiet SYSFONT=latarcyrheb-sun16 rhgb rd.luks=0 LANG=en_US.UTF-8 comment: kernel: undefined reason: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 time: Wed Nov 16 11:37:59 2011 backtrace: :BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 :IP: [<ffffffff812ffb2a>] sd_revalidate_disk+0x36/0x16c7 :PGD 701d8067 PUD 7c221067 PMD 0 :Oops: 0000 [#1] SMP :CPU 1 :Modules linked in: ppp_deflate zlib_deflate ppp_async crc_ccitt ppp_generic slhc lp option usb_wwan ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat xt_CHECKSUM iptable_mangle tun bridge stp llc vmnet ppdev parport_pc parport fuse vsock vmci vmmon lockd rfcomm bnep ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack binfmt_misc btusb bluetooth arc4 acer_wmi sparse_keymap joydev uvcvideo i2c_i801 videodev media v4l2_compat_ioctl32 microcode serio_raw snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm iwlagn iTCO_wdt mac80211 iTCO_vendor_support snd_timer cfg80211 snd soundcore snd_page_alloc rfkill tg3 sunrpc uinput uas ums_realtek usb_storage wmi i915 drm_kms_helper drm i2c_algo_bit i2c_core video [last unloaded: scsi_wait_scan] :Pid: 12993, comm: blkid Not tainted 3.1.1-1.fc16.x86_64 #1 Acer Aspire 5738 /JV50 :RIP: 0010:[<ffffffff812ffb2a>] [<ffffffff812ffb2a>] sd_revalidate_disk+0x36/0x16c7 :RSP: 0018:ffff88000c30ba48 EFLAGS: 00010246 :RAX: 0000000000000000 RBX: ffff8800b7826080 RCX: 0000000000000001 :RDX: 0000000000000001 RSI: ffff88000c30ba94 RDI: ffff88007c29a400 :RBP: ffff88000c30bb08 R08: 00000008ffffffff R09: ffff88000c30baa8 :R10: 008000108121279c R11: ffff88007c29a448 R12: 0000000000000000 :R13: ffff88007c29a400 R14: 000000000000001d R15: 0000000000000000 :FS: 00007f7a884de740(0000) GS:ffff8800bb500000(0000) knlGS:0000000000000000 :CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b :CR2: 0000000000000008 CR3: 0000000094a1c000 CR4: 00000000000406e0 :DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 :DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 :Process blkid (pid: 12993, threadinfo ffff88000c30a000, task ffff880058e31730) :Stack: : ffffea00024eb180 ffff88007c29a448 ffff88007c29a478 ffff88007c29a400 : ffff88000c30ba78 ffffffff814b712e ffff88007c29a400 ffffffff8112abc4 : ffff8800b7826158 ffff88007c29a400 ffff88000c30bac8 ffffffff8113cb7b :Call Trace: : [<ffffffff814b712e>] ? _raw_spin_lock+0xe/0x10 : [<ffffffff8112abc4>] ? get_super+0x29/0xa9 : [<ffffffff8113cb7b>] ? iput+0x39/0x182 : [<ffffffff8117e7c9>] rescan_partitions+0xb4/0x43f : [<ffffffff81152c7f>] __blkdev_get+0x1b4/0x397 : [<ffffffff81153122>] ? blkdev_get+0x2c0/0x2c0 : [<ffffffff81153033>] blkdev_get+0x1d1/0x2c0 : [<ffffffff8115215a>] ? bdget+0x112/0x11e : [<ffffffff81153122>] ? blkdev_get+0x2c0/0x2c0 : [<ffffffff81153189>] blkdev_open+0x67/0x6b : [<ffffffff8112771e>] __dentry_open+0x17a/0x2b8 : [<ffffffff814b712e>] ? _raw_spin_lock+0xe/0x10 : [<ffffffff81128647>] nameidata_to_filp+0x60/0x67 : [<ffffffff81134ccc>] do_last+0x461/0x5ad : [<ffffffff81134f1a>] path_openat+0xcf/0x310 : [<ffffffff810fc550>] ? handle_mm_fault+0x1c8/0x1db : [<ffffffff812248ba>] ? rb_insert_color+0x66/0xe1 : [<ffffffff81135258>] do_filp_open+0x38/0x86 : [<ffffffff8113e810>] ? alloc_fd+0x72/0x11d : [<ffffffff811286bc>] do_sys_open+0x6e/0x100 : [<ffffffff810a37c4>] ? audit_syscall_entry+0x145/0x171 : [<ffffffff8112876e>] sys_open+0x20/0x22 : [<ffffffff814bd8c2>] system_call_fastpath+0x16/0x1b :Code: 54 53 48 81 ec 98 00 00 00 66 66 66 66 90 4c 8b a7 28 03 00 00 65 48 8b 04 25 28 00 00 00 48 89 45 c8 31 c0 48 89 bd 70 ff ff ff :RIP [<ffffffff812ffb2a>] sd_revalidate_disk+0x36/0x16c7 : RSP <ffff88000c30ba48> smolt_data: : : :General :================================= :UUID: bc34bfc8-39cd-4118-93ad-6969b4d04ecd :OS: Fedora release 16 (Verne) :Default run level: Unknown :Language: en_US.utf8 :Platform: x86_64 :BogoMIPS: 4389.09 :CPU Vendor: GenuineIntel :CPU Model: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz :CPU Stepping: 10 :CPU Family: 6 :CPU Model Num: 23 :Number of CPUs: 2 :CPU Speed: 2200 :System Memory: 2942 :System Swap: 6999 :Vendor: Acer :System: Aspire 5738 0100 :Form factor: Notebook :Kernel: 3.1.1-1.fc16.x86_64 :SELinux Enabled: 1 :SELinux Policy: targeted :SELinux Enforce: Enforcing :MythTV Remote: Unknown :MythTV Role: Unknown :MythTV Theme: Unknown :MythTV Plugin: :MythTV Tuner: -1 : : :Devices :================================= :(32902:10521:4133:517) pci, None, PCI/ISA, ICH9M LPC Interface Controller :(5348:5784:4133:519) pci, tg3, ETHERNET, NetLink BCM5784M Gigabit Ethernet PCIe :(32902:10818:4133:517) pci, i915, VIDEO, Mobile 4 Series Chipset Integrated Graphics Controller :(32902:10819:4133:517) pci, None, VIDEO, Mobile 4 Series Chipset Integrated Graphics Controller :(32902:10560:4133:517) pci, pcieport, PCI/PCI, 82801I (ICH9 Family) PCI Express Port 1 :(32902:10562:4133:517) pci, pcieport, PCI/PCI, 82801I (ICH9 Family) PCI Express Port 2 :(32902:10568:4133:517) pci, pcieport, PCI/PCI, 82801I (ICH9 Family) PCI Express Port 5 :(32902:10558:4133:517) pci, snd_hda_intel, MULTIMEDIA, 82801I (ICH9 Family) HD Audio Controller :(32902:10537:4133:517) pci, ahci, STORAGE, ICH9M/M-E SATA AHCI Controller :(32902:10549:4133:517) pci, uhci_hcd, USB, 82801I (ICH9 Family) USB UHCI Controller #2 :(32902:10544:4133:517) pci, i801_smbus, SERIAL, 82801I (ICH9 Family) SMBus Controller :(32902:9288:4133:517) pci, None, PCI/PCI, 82801 Mobile PCI Bridge :(32902:131:32902:4869) pci, iwlagn, NETWORK, Centrino Wireless-N 1000 BGN :(32902:10548:4133:517) pci, uhci_hcd, USB, 82801I (ICH9 Family) USB UHCI Controller #1 :(32902:10551:4133:517) pci, uhci_hcd, USB, 82801I (ICH9 Family) USB UHCI Controller #4 :(32902:10552:4133:517) pci, uhci_hcd, USB, 82801I (ICH9 Family) USB UHCI Controller #5 :(32902:10816:4133:517) pci, agpgart-intel, HOST/PCI, Mobile 4 Series Chipset Memory Controller Hub :(32902:10550:4133:517) pci, uhci_hcd, USB, 82801I (ICH9 Family) USB UHCI Controller #3 :(32902:10553:4133:517) pci, uhci_hcd, USB, 82801I (ICH9 Family) USB UHCI Controller #6 :(32902:10554:4133:517) pci, ehci_hcd, USB, 82801I (ICH9 Family) USB2 EHCI Controller #1 :(32902:10556:4133:517) pci, ehci_hcd, USB, 82801I (ICH9 Family) USB2 EHCI Controller #2 : : :Filesystem Information :================================= :device mtpt type bsize frsize blocks bfree bavail file ffree favail :------------------------------------------------------------------- :/dev/sda1 / ext4 4096 4096 75152010 13892475 10074952 19095552 17712575 17712575 :
Package: kernel Architecture: x86_64 OS Release: Fedora release 16 (Verne) Comment ----- Hibernate and resume the system
Package: kernel Architecture: x86_64 OS Release: Fedora release 16 (Verne) Comment ----- kernel bug
Package: kernel Architecture: x86_64 OS Release: Fedora release 16 (Verne) Comment ----- Resume the system after hibernating
*** Bug 757708 has been marked as a duplicate of this bug. ***
drivers/scsi/sd.c:2356 static int sd_revalidate_disk(struct gendisk *disk) { struct scsi_disk *sdkp = scsi_disk(disk); ==> struct scsi_device *sdp = sdkp->device; sdkp is NULL here (scsi_disk(disk) returned NULL)
*** Bug 757563 has been marked as a duplicate of this bug. ***
*** Bug 757334 has been marked as a duplicate of this bug. ***
*** Bug 758793 has been marked as a duplicate of this bug. ***
*** Bug 759412 has been marked as a duplicate of this bug. ***
Package: kernel Architecture: x86_64 OS Release: Fedora release 15 (Lovelock) Comment ----- I don't know how this happened exactly as I was switching active Windows while GNOME 3 was running, and the display briefly switched to the text console show the oops. Prior to this I had unmounted and then unplugged a USB stick.
There was a patch posted for this, and a subsequent discussion of it: http://www.spinics.net/lists/linux-scsi/msg55636.html as far as I can tell, it died out with this final question: http://www.spinics.net/lists/linux-scsi/msg55654.html
I spent the afternoon trying to recreate some sort of crash to no avail. Using this: while [ 1 ]; do sudo fdisk -l /dev/sdc; sleep 0.05; done To try and "read" a usb stick here, I then ran this: while [ 1 ]; do echo 1 > /sys/bus/usb/devices/1-1.2/bConfigurationValue ; sleep 1.5; echo 0 > /sys/bus/usb/devices/1-1.2/bConfigurationValue ; done to simulate plug/unplugging it. (I plugged/unplugged by hand for about 15min but that got really old.) There are all kinds of things in dmesg, but none of them are an oops. So it seems to be somewhat difficult to hit.
*** Bug 761324 has been marked as a duplicate of this bug. ***
*** Bug 761328 has been marked as a duplicate of this bug. ***
*** Bug 767960 has been marked as a duplicate of this bug. ***
*** Bug 768595 has been marked as a duplicate of this bug. ***
*** Bug 768642 has been marked as a duplicate of this bug. ***
1. Insert a SD card with an adapter in a card reader slot. 2. Wait something like 30 seconds. 3. Gnome-Shell crashes. This has happend everytime I have done this, the gnome-shell cannot be recovered even if I make: f2 + r + enter The only way I have seen that the computer recovers "naturally" is when I suspend the machine while the crash is in progress, but the SD card is not recognized though. rating: (null) Package: kernel Architecture: x86_64 OS Release: Fedora release 16 (Verne)
I may have caused this by plugging in a 4GB thumbdrive or 1-2seconds and then unplugging it. rating: (null) Package: kernel Architecture: x86_64 OS Release: Fedora release 16 (Verne)
I have the same issue under F15 with kernel 2.6.41.4-1.fc15.x86_64. It happened twice when removing an 16GB USB stick containing just random data and no valid partition table.
*** Bug 770606 has been marked as a duplicate of this bug. ***
*** Bug 771116 has been marked as a duplicate of this bug. ***
*** Bug 771055 has been marked as a duplicate of this bug. ***
*** Bug 750389 has been marked as a duplicate of this bug. ***
I got this report just after I've disconnected a properly unmounted mass storage USB device. rating: (null) Package: kernel Architecture: x86_64 OS Release: Fedora release 16 (Verne)
Can reproduce on Fedora 16 using kernel 3.1.6-1.fc16.x86_64 when using a USB block device and a damaged cable that seems to 'bounce' the connection (connect, disconnect, repeatedly). Device has a valid 8GB FAT32 partition. Stack trace: http://pastebin.com/raw.php?i=bAHdm0J4
I hit this again: * Used digikam to import photos from my camera, mounted on /media/NIKON D40 * umounted it * ran sync * waited a few seconds (camera light was not blinking) * pulled cable
Created attachment 552276 [details] oops kernel is 2.6.41.4-1.fc15.x86_64 and system is a quad core i7-2600K
Package: kernel Architecture: i686 OS Release: Fedora release 15 (Lovelock) Comment ----- I don't know how this happened.
Package: kernel Architecture: x86_64 OS Release: Fedora release 15 (Lovelock) Comment ----- don't know
Mounting another partition, then unmounting it. Package: kernel Architecture: i686 OS Release: Fedora release 16 (Verne)
*** Bug 787029 has been marked as a duplicate of this bug. ***
*** Bug 789057 has been marked as a duplicate of this bug. ***
*** Bug 789052 has been marked as a duplicate of this bug. ***
Created attachment 560699 [details] Don't dereference sdkp if it is NULL Here's some helpful info. I hit this exact bug on vanilla 3.1.6 doing the same thing as the bug reporters were doing. I ejected then unmounted an sdcard. Then it crashed the same backtrace. Looking at the code I have here: (gdb) li *sd_revalidate_disk+0x39 0x26c9 is in sd_revalidate_disk (/home/rostedt/work/git/nobackup/linux-build.git/drivers/scsi/sd.c:2356). 2351 * @disk: struct gendisk we care about 2352 **/ 2353 static int sd_revalidate_disk(struct gendisk *disk) 2354 { 2355 struct scsi_disk *sdkp = scsi_disk(disk); 2356 struct scsi_device *sdp = sdkp->device; 2357 unsigned char *buffer; 2358 unsigned flush = 0; Seems that scsi_disk(disk) is returning NULL, which will crash when the next line is hit. Looking at the disassembly of this code: 0x00000000000026c9 <+57>: mov 0x8(%rbx),%r15 And in my backtrace, %rbx is zero. The simple solution here is to return if sdkp is NULL. If it isn't suppose to be NULL, perhaps we can add a warn on, but lets not crash the kernel. It's becoming annoying (this is the third time it happened to me). I just wrote the attached patch and will apply it to my custom kernel.
1. hibernating 2. plug-in mobile broadband usb stick 3. resuming 4. crash Package: kernel OS Release: Fedora release 16 (Verne)
(In reply to comment #35) > Created attachment 560699 [details] > Don't dereference sdkp if it is NULL > > Here's some helpful info. I hit this exact bug on vanilla 3.1.6 doing the same > thing as the bug reporters were doing. I ejected then unmounted an sdcard. Then > it crashed the same backtrace. Looking at the code I have here: > > (gdb) li *sd_revalidate_disk+0x39 > 0x26c9 is in sd_revalidate_disk > (/home/rostedt/work/git/nobackup/linux-build.git/drivers/scsi/sd.c:2356). > 2351 * @disk: struct gendisk we care about > 2352 **/ > 2353 static int sd_revalidate_disk(struct gendisk *disk) > 2354 { > 2355 struct scsi_disk *sdkp = scsi_disk(disk); > 2356 struct scsi_device *sdp = sdkp->device; > 2357 unsigned char *buffer; > 2358 unsigned flush = 0; > > > Seems that scsi_disk(disk) is returning NULL, which will crash when the next > line is hit. > > Looking at the disassembly of this code: > > 0x00000000000026c9 <+57>: mov 0x8(%rbx),%r15 > > And in my backtrace, %rbx is zero. The simple solution here is to return if > sdkp is NULL. If it isn't suppose to be NULL, perhaps we can add a warn on, but > lets not crash the kernel. It's becoming annoying (this is the third time it > happened to me). > > I just wrote the attached patch and will apply it to my custom kernel. Yeah, that's basically the exact same patch that was sent upstream. James replied with something hand-wavy about that not being proper. The maintainer's response was... lacking. However, I think I agree with you. I don't care if it shouldn't be NULL, because it obviously is and we shouldn't crash. I'll poke upstream about this one more time and if it doesn't go anywhere we should just apply this patch.
There's yet another thread asking for status on this upstream and no response. http://thread.gmane.org/gmane.linux.scsi/71496/focus=1233463 I'm applying Steven's patch across the releases. There's no good excuse for letting Fedora users trip over this at this point.
Applied across all Fedora branches.
*** Bug 787047 has been marked as a duplicate of this bug. ***
Patch is just workaround, I prefer if we add WARN_ON(), so we will know this bug is still unfixed.
(In reply to comment #41) > Patch is just workaround, I prefer if we add WARN_ON(), so we will know this > bug is still unfixed. I'm not opposed to that. I'll look at doing it later today, though I will probably use WARN_ONCE.
Created attachment 561664 [details] WARN_ONCE on null skdp Stanislaw, Steven, does this look suitable? I tried to think of printing more information that might be relevant to root cause, but that is going to be much more involved than doing a simple stop-gap patch. One would need to likely track the reference counting on the device from creation to tear-down.
*** Bug 790423 has been marked as a duplicate of this bug. ***
(In reply to comment #43) > Stanislaw, Steven, does this look suitable? Patch is ok for me.
(In reply to comment #45) > (In reply to comment #43) > > Stanislaw, Steven, does this look suitable? > Patch is ok for me. Thanks. I've updated the patch in the f17 and master branches since those are the newest kernel where this remains unfixed.
*** Bug 790982 has been marked as a duplicate of this bug. ***
Seems proper fix showed up: http://marc.info/?l=linux-scsi&m=132935572512352&w=2
(In reply to comment #48) > Seems proper fix showed up: > http://marc.info/?l=linux-scsi&m=132935572512352&w=2 Yep, I saw that too. I'm watching the thread to see if it works for some of the users reporting the issue (and to see if/when it goes into the block tree). I'll bring it into Fedora soon.
*** Bug 795081 has been marked as a duplicate of this bug. ***
kernel-3.2.7-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/kernel-3.2.7-1.fc16
kernel-2.6.42.7-1.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/kernel-2.6.42.7-1.fc15
Package kernel-2.6.42.7-1.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing kernel-2.6.42.7-1.fc15' as soon as you are able to, then reboot. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-2136/kernel-2.6.42.7-1.fc15 then log in and leave karma (feedback).
kernel-3.2.7-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
kernel-2.6.42.7-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
*** Bug 799308 has been marked as a duplicate of this bug. ***