Bug 768534 - fat_detach: BUG: unable to handle kernel NULL pointer dereference
fat_detach: BUG: unable to handle kernel NULL pointer dereference
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
17
i686 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Eric Paris
Fedora Extras Quality Assurance
abrt_hash:ed34c38b0a7a51c5ba4824f99b2...
: Reopened
: 834899 845437 861615 886466 887516 890667 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-12-16 17:38 EST by Sylvain Arth
Modified: 2013-03-21 20:13 EDT (History)
53 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-03-21 20:13:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Sylvain Arth 2011-12-16 17:38:28 EST
abrt version: 2.0.3
architecture:   i686
cmdline:        ro root=LABEL=esus_root rd_LVM_LV=esus_divers/root rd_LVM_LV=esus_divers/swap rd_MD_UUID=521d9f05:22c63916:7beb4265:663e0af4 rd_NO_LUKS rd_NO_DM LANG=fr_FR.UTF-8 SYSFONT=latarcyrheb-sun16 KEYTABLE=fr-latin9 crashkernel=128M
comment:        I don't know
component:      kernel
kernel:         2.6.40.6-0.fc15.i686.PAE
kernel_tainted: 128
kernel_tainted_long: Kernel has oopsed before.
os_release:     Fedora release 15 (Lovelock)
package:        kernel
reason:         [1255232.395434] BUG: unable to handle kernel NULL pointer dereference at 0000009c
time:           Tue Nov 22 22:25:44 2011

backtrace:
:[1255232.395434] BUG: unable to handle kernel NULL pointer dereference at 0000009c
:[1255232.395477] IP: [<c046d983>] do_raw_spin_lock+0xd/0x1e
:[1255232.395505] *pdpt = 000000000e3e7001 *pde = 000000003f5d1067 
:[1255232.395527] Oops: 0002 [#1] SMP 
:[1255232.395544] Modules linked in: btrfs zlib_deflate libcrc32c vfat fat usb_storage uas tcp_lp fuse nfsd lockd nfs_acl auth_rpcgss sunrpc p4_clockmod bnep bluetooth rfkill nf_conntrack_ftp nf_conntrack_tftp ip6t_REJECT nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_ipv6header ts_kmp nf_conntrack_amanda nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack ip6table_filter ip6_tables raid1 snd_usb_audio snd_intel8x0 snd_ac97_codec ppdev ac97_bus snd_seq microcode uvcvideo snd_pcm videodev snd_hwdep snd_usbmidi_lib snd_rawmidi snd_timer snd_seq_device serio_raw snd snd_page_alloc iTCO_wdt parport_pc media parport soundcore iTCO_vendor_support ipv6 r8169 pata_it821x e100 mii nouveau ttm drm_kms_helper drm i2c_algo_bit i2c_core mxm_wmi wmi video [last unloaded: mperf]
:[1255232.395867] 
:[1255232.395878] Pid: 19959, comm: tracker-miner-f Not tainted 2.6.40.6-0.fc15.i686.PAE #1 Compaq Evo D310/0804h
:[1255232.395909] EIP: 0060:[<c046d983>] EFLAGS: 00210206 CPU: 0
:[1255232.395925] EIP is at do_raw_spin_lock+0xd/0x1e
:[1255232.395939] EAX: 0000009c EBX: e17489f8 ECX: 0000ff3f EDX: 00000100
:[1255232.395955] ESI: 00000000 EDI: f8fe2b8c EBP: c23c7f28 ESP: c23c7f28
:[1255232.395971]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
:[1255232.395989] Process tracker-miner-f (pid: 19959, ti=c23c6000 task=e0c0a5e0 task.ti=c23c6000)
:[1255232.396006] Stack:
:[1255232.396006]  c23c7f30 c07fcc94 c23c7f40 f8fe03de e17489f8 e1748a4c c23c7f4c f8fe0874
:[1255232.396006]  e17489f8 c23c7f60 c05058ad e17489f8 e1748a0c f24cf400 c23c7f74 c0505a67
:[1255232.396006]  cf72ac80 c46e3240 e17489f8 c23c7f90 c051ce0f 00000000 cf72ac8c c89e5b00
:[1255232.396006] Call Trace:
:[1255232.396006]  [<c07fcc94>] _raw_spin_lock+0xd/0xf
:[1255232.396006]  [<f8fe03de>] fat_detach+0x20/0x59 [fat]
:[1255232.396006]  [<f8fe0874>] fat_evict_inode+0x5b/0x5e [fat]
:[1255232.396006]  [<c05058ad>] evict+0x57/0xe9
:[1255232.396006]  [<c0505a67>] iput+0xf8/0xfd
:[1255232.396006]  [<c051ce0f>] fsnotify_destroy_mark+0xdf/0xf8
:[1255232.396006]  [<c051e488>] sys_inotify_rm_watch+0x59/0x79
:[1255232.396006]  [<c07fcfbc>] syscall_call+0x7/0xb
:[1255232.396006]  [<c07f007b>] ? native_cpu_up+0x754/0x81b
:[1255232.396006] Code: d0 f2 38 00 5d c3 55 89 e5 3e 8d 74 26 00 3e 81 28 00 00 00 01 74 05 e8 98 f2 38 00 5d c3 55 89 e5 3e 8d 74 26 00 ba 00 01 00 00 <3e> 66 0f c1 10 38 f2 74 06 f3 90 8a 10 eb f6 5d c3 55 89 e5 3e 
:[1255232.396006] EIP: [<c046d983>] do_raw_spin_lock+0xd/0x1e SS:ESP 0068:c23c7f28
:[1255232.396006] CR2: 000000000000009c
:[1255232.441811] ---[ end trace b90b108bfca893b6 ]---
Comment 1 Josh Boyer 2011-12-20 09:06:01 EST
Does this still happen with the 2.6.41.x updates in F15?
Comment 2 Sylvain Arth 2011-12-22 01:29:10 EST
Not yet at least
Comment 3 Stanislaw Gruszka 2012-08-07 11:15:00 EDT
Users hit that also on 3.5. However seems bug is rare  reproducible.
Comment 4 Stanislaw Gruszka 2012-08-07 11:15:49 EDT
*** Bug 845437 has been marked as a duplicate of this bug. ***
Comment 5 Stanislaw Gruszka 2012-08-07 11:16:33 EDT
*** Bug 834899 has been marked as a duplicate of this bug. ***
Comment 6 Stanislaw Gruszka 2012-08-07 11:20:40 EDT
Would be good if we could get steps to reproduce this bug, which allow to reproduce the problem in 100% (i.e. script). Is possible to get such?
Comment 7 Stanislaw Gruszka 2012-10-05 08:06:22 EDT
*** Bug 861615 has been marked as a duplicate of this bug. ***
Comment 8 therufuser 2012-10-12 21:41:48 EDT
I was just unmounting my USB HDD

Package: kernel
OS Release: Fedora release 17 (Beefy Miracle)
Comment 9 Curtis Adkins 2012-10-14 18:52:04 EDT
Just updated to the latest kernel and rebooted.

Package: kernel
OS Release: Fedora release 17 (Beefy Miracle)
Comment 10 Robert Hancock 2012-10-22 12:34:04 EDT
Just saw this on 3.6.1-1.fc17. Might be related to a corrupt FAT file system as I ran fsck on the USB drive I was unmounting at the time and it reported an orphaned LFN file entry.
Comment 11 skkd.h4k1n9 2012-10-27 10:38:52 EDT
That problem occured, when I pressed the unplug-button in Gnome 3 to remove my eBook Reader 4ink (or Trekstor eBook Reader 4) from my Eee PC. After that, I pulled my USB cable out of the Eee PC - and the black / white screen showing the kernel error message appeared.

Package: kernel
OS Release: Fedora release 17 (Beefy Miracle)
Comment 12 Stanislaw Gruszka 2012-10-31 08:05:16 EDT
Reported upstream:
https://lkml.org/lkml/2012/10/30/221

Get answer that problem is a race condtion in inotify layer, described here:
https://lkml.org/lkml/2011/6/10/155

So, I'm assigning this bug to Erik  ...
Comment 13 Stanislaw Gruszka 2012-11-06 04:15:16 EST
We have old -next fix for this bug:

http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commitdiff;h=fe9b25d3ee6bdf6f9c9a9ce61d9d3e144bac13ef

I don't know what stop Eric to push that upstream, but I guess we can apply that to fedora.
Comment 14 Gustavo Olivares 2012-11-07 05:31:03 EST
I plugged a "dodgy" external hard drive ... It had given me trouble because the usb connector seems loose and it disconnects itself sometimes.
I was browsing the drive and "had the intention to safely remove it" (without actually clicking on that option yet) when X died and I was at the booting screen with some error message after the last boot message before starting X.

I restarted X by ctl-alt-backspace and I came to the login screen. Then I rebooted the computer and got the BUG message on the desktop.


Package: kernel
Architecture: x86_64
OS Release: Fedora release 17 (Beefy Miracle)
Comment 15 Marek Zukal 2012-11-07 10:22:14 EST
It just happened on 3.6.3-1.fc17.x86_64
Comment 16 Aurelien Marchand 2012-11-16 11:24:40 EST
I unplugged my USB phone (a Nokia e73). 
As for context: I was playing some music from my HD, editing code using nano and a terminal and had Firefox opened on a few tabs.


Package: kernel
Architecture: x86_64
OS Release: Fedora release 17 (Beefy Miracle)
Comment 17 Emmanuel Lartey 2012-11-25 15:35:33 EST
this happened after i disconnected my android phone with the sd card mounted

Package: kernel
Architecture: x86_64
OS Release: Fedora release 17 (Beefy Miracle)
Comment 18 Steven Snow 2012-11-29 08:14:40 EST
I had a USB external HD connected doing a backup through DiskDup. I also had a USB thumb drive connected to transfer some files to it. When I went to eject the thumb drive Gnome crashed, basically showing a terminal screen with what looked like register identifiers and values.

My system is AMD PhenomII 6 core, with 8 GB ram on a Gigabyte Mobo.


Package: kernel
Architecture: x86_64
OS Release: Fedora release 17 (Beefy Miracle)
Comment 19 Housun S.r.l 2012-12-06 05:31:31 EST
Simple login (using gdm, fresh system net-install)

Package: kernel
Architecture: x86_64
OS Release: Fedora release 17 (Beefy Miracle)
Comment 20 Josh Boyer 2012-12-12 13:00:16 EST
*** Bug 886466 has been marked as a duplicate of this bug. ***
Comment 21 raflexras 2012-12-15 21:38:30 EST
Removing a flashdrive (SanDisk-2gb) with out unmounting first.

Package: kernel
OS Release: Fedora release 17 (Beefy Miracle)
Comment 22 Josh Boyer 2012-12-17 09:49:42 EST
*** Bug 887516 has been marked as a duplicate of this bug. ***
Comment 23 carlosm03 2012-12-25 13:26:28 EST
Occurred while umounting an MP4 USB player which has a 4GB internal memory and an 8GB micro SD memory attached.
The MP4 player was connected through a USB hub (Acteck, model ACU-4PU2), there was also a 4GB Kingston USB drive attached to the same USB hub


Package: kernel
OS Release: Fedora release 17 (Beefy Miracle)
Comment 24 tim 2012-12-27 08:01:25 EST
It seems this occurred here yesterday and today as well. I was not doing anything with USB myself though. Perhaps my kernel was doing something with my 2 external USB drives while booting, but I'm not sure how to check. (I don't see anything about this problem in `dmesg` or in /var/log/messages)

What I find interesting (though I'm no expert), is that in this report the reason states "NULL pointer dereference at 0000009c" and I'm pretty sure when I saw the message when I just booted, it did not say 0x9c, but rather 0xf8 (not too sure about the 8, but it was definitely f-something..)

Strange thing is though when I open the "automatic bug reporting tool" from the menu in an attempt to have a look at this report myself, I noticed that in the submitted reports it said my kernel is tainted (Flags:P). Is this normal? I know years ago I've played around a bit with compiling a kernel and getting a whole linux from scratch system running, but this should be an unchanged kernel from the fedora 17 repositories.

Now I'm not sure if this is related, but a little while ago I was trying to install a couple (very) old windows games using wine. (To the best of my knowledge all legal, though mostly second hand, so can't be entirely sure) Sadly none of them worked. But shortly after that every time I tried to do something using wine, SELinux would yell at me about wine trying to do something related to the kernel. Some detail regarding this (I haven't copied the whole result):
# cat /var/log/messages-20121209 | grep wine
SELinux is preventing wine-preloader from mmap_zero access on the memprotect . For complete SELinux messages. run sealert -l 3c2edffc-8afb-44c5-998e-da8fc1abaa3d

I won't go into too much detail right now because maybe none of this is related. But being a bug that's this obscure and the fact that I've now seen this happen twice in 2 days (unless I've had 2 messages about the same event), I thought I'd just mention this.
Comment 25 Josh Boyer 2012-12-27 09:08:46 EST
There are patches to address this issue that have gone into the 3.8-rc1 kernel.  At the moment, they are not suitable for backporting according to Eric.  Rawhide should move to 3.8-rcX sometime next week.
Comment 26 Josh Boyer 2012-12-29 10:00:09 EST
*** Bug 890667 has been marked as a duplicate of this bug. ***
Comment 27 Germano Massullo 2012-12-29 18:29:36 EST
I simply umounted a USB drive I was using

Package: kernel
Architecture: x86_64
OS Release: Fedora release 18 (Spherical Cow)
Comment 28 David 2013-01-03 16:48:31 EST
I was trying ejecting a Flash Drive using the notification's popup bar and the screen droped to command line for a split second. Then a message came up stating that there was a problem with the kernel.

Package: kernel
Architecture: x86_64
OS Release: Fedora release 18 (Spherical Cow)
Comment 29 Samarjit Adhikari 2013-01-14 12:21:24 EST
Any expected date when this bug will get resolved?  It seems many people already faced the kernel crash.
Comment 30 Josh Boyer 2013-01-14 13:35:04 EST
(In reply to comment #29)
> Any expected date when this bug will get resolved?  It seems many people
> already faced the kernel crash.

It should be fixed in rawhide already.  As mentioned in comment #25, the fixes are not suitable for backporting according to the maintainer.  This can either be CLOSED->RAWHIDE, or we can leave it open until F17 rebases to 3.8.
Comment 31 mttwedwards 2013-01-17 16:39:29 EST
Upgraded from F17 to F18 on 16JAN2013. Unplugged Droid Bionic from USB mass storage connection and screen dropped to kernel dump. 

Package: kernel
Architecture: x86_64
OS Release: Fedora release 18 (Spherical Cow)
Comment 32 Rob Melville 2013-01-18 18:28:21 EST
Was unmounting USB memory stick via Dolphin after copying a small text file onto it. Have not been able to replicate fault.

Package: kernel
Architecture: x86_64
OS Release: Fedora release 17 (Beefy Miracle)
Comment 33 ted.feasel 2013-01-24 20:29:45 EST
ejecting usb flash drive after copying files to flash drive. flash drive formatted fat32

Package: kernel
Architecture: x86_64
OS Release: Fedora release 18 (Spherical Cow)
Comment 34 novasharp 2013-01-27 13:27:11 EST
I ran the command 'sudo grub2-mkconfig -o /boot/grub2/grub.cfg' after I had just changed the timeout to -1.

Package: kernel
Architecture: x86_64
OS Release: Fedora release 18 (Spherical Cow)
Comment 35 JPRochette 2013-01-29 22:10:24 EST
Je ne sais pas à part le fait que j'ai retiré mon Dell de son dock.

Package: kernel
Architecture: x86_64
OS Release: Fedora release 17 (Beefy Miracle)
Comment 36 Al 2013-01-31 05:11:02 EST
Happened to me too, fedora 18.

Was viewing a file off a USB key. Didn't write anything to it. Ripped out the USB key without unmounting, hit this issue.
Comment 37 nicolas.duclert 2013-02-16 08:55:04 EST
I don't eject the usb key before I unplug it from the computer.

Package: kernel
Architecture: x86_64
OS Release: Fedora release 18 (Spherical Cow)
Comment 38 Viktor Lašut 2013-03-05 03:39:47 EST
vysunutie USB

Package: kernel
OS Release: Fedora release 17 (Beefy Miracle)
Comment 39 Dean Peterson 2013-03-09 14:18:10 EST
I believe I just hit the up arrow toolbar button in Thunar to go to a parent directory.  Both the directory I was on and its parent were on an external USB drive.  I had just recently mounted and unmounted a different local disk from a command line, but that was on a completely separate and unrelated path.

Package: kernel
Architecture: x86_64
OS Release: Fedora release 18 (Spherical Cow)
Comment 40 Mohamed Anis Mekki 2013-03-09 17:27:36 EST
I was asked to submit this bug. Bug showed up right after login.

Package: kernel
OS Release: Fedora release 18 (Spherical Cow)
Comment 41 Fedora Update System 2013-03-10 10:13:57 EDT
kernel-3.8.2-105.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/FEDORA-2013-3638/kernel-3.8.2-105.fc17
Comment 42 chocko 2013-03-10 15:18:44 EDT
The copy of approximately 40GB  between 2 extern usb drive had just finished. So i decided to eject them, clicking with the mouse near the left bottom corner. I don't remember which filesystem i have asked to be ejected at first. I think it was indeed the request of the first of them, which has triggered the crash ...
The involved filesystems are FAT, NTFS and ext.

Please find the screen at the moment of the crash : http://i.imgur.com/ZM34rVM.jpg

Please find below the the fdisk log :

Disk /dev/sda: 250.1 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders, total 488397168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000bc14a

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1              63      498014      248976   83  Linux
/dev/sda2          498015   234500804   117001395   8e  Linux LVM
/dev/sda3   *   234502144   234706943      102400    7  HPFS/NTFS/exFAT
/dev/sda4       234706944   488394751   126843904    7  HPFS/NTFS/exFAT

Disk /dev/mapper/sugarbox-swap_forall: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders, total 8388608 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/mapper/sugarbox-holybox_root: 82.5 GB, 82514542592 bytes
255 heads, 63 sectors/track, 10031 cylinders, total 161161216 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/mapper/sugarbox-sugelecbox: 26.8 GB, 26805796864 bytes
255 heads, 63 sectors/track, 3258 cylinders, total 52355072 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/sdb: 8589 MB, 8589934080 bytes
255 heads, 63 sectors/track, 1044 cylinders, total 16777215 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/sdd: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders, total 1953525168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xc65a9ab8

   Device Boot      Start         End      Blocks   Id  System
/dev/sdd1            2048  1953523119   976760536    7  HPFS/NTFS/exFAT

Disk /dev/sde: 250.1 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders, total 488397168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00028964

   Device Boot      Start         End      Blocks   Id  System
/dev/sde1              63   373125689   186562813+   c  W95 FAT32 (LBA)
/dev/sde2       373125690   488392064    57633187+  83  Linux

Package: kernel
OS Release: Fedora release 17 (Beefy Miracle)
Comment 43 Fedora Update System 2013-03-14 11:16:55 EDT
kernel-3.8.2-105.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/FEDORA-2013-3638/kernel-3.8.2-105.fc17
Comment 44 Fedora Update System 2013-03-14 18:54:05 EDT
kernel-3.8.3-101.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/kernel-3.8.3-101.fc17
Comment 45 Fedora Update System 2013-03-15 21:26:40 EDT
Package kernel-3.8.3-101.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing kernel-3.8.3-101.fc17'
as soon as you are able to, then reboot.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-3909/kernel-3.8.3-101.fc17
then log in and leave karma (feedback).
Comment 46 Aurelien Marchand 2013-03-21 08:58:48 EDT
xorg crashed and was unresponsive. I hit CTRL-ALT-F1, but got no console. I then hit once the power button (which sends a CTRL-ATL-DEL, IIRC) but not answer as well, so I did a hard reset. I suspect the CTRL-ALT-DEL triggered this bug.

Package: kernel
Architecture: x86_64
OS Release: Fedora release 17 (Beefy Miracle)
Comment 47 Fedora Update System 2013-03-21 20:13:23 EDT
kernel-3.8.3-103.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.