Bug#582088: linux-image-2.6.32-5-686: null pointer dereference in __mark_inode_dirty+0x15/0x10b

[Jonathan Nieder]

Thiemo Nagel wrote:

 I've found BUG: unable to handle kernel NULL pointer 7 times in the 2
 years of log files that I keep.  It was associated with __mark_inode_dirty
 only once, though.  Other occurrences have been:

 (null) (Debian 2.6.32-27)
 strcmp+0x6/0x19 (Debian 2.6.32-27)
 __d_lookup+0xb5/0xd3 (Debian 2.6.32-15)
 drm_mm_put_block+0x1e/0x123 (Debian 2.6.32-13)
 rw_verify_area+0x43/0xac (2.6.31.5)

Interesting.  Is this the same machine as http://bugs.debian.org/593792?



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#582088: linux-image-2.6.32-5-686: null pointer dereference in __mark_inode_dirty+0x15/0x10b

[Thiemo Nagel]

On 11/24/2011 09:25 AM, Jonathan Nieder wrote:

Interesting.  Is this the same machine ashttp://bugs.debian.org/593792?


Yes, it is.  Last year, I've tried to exclude memory problems by running 
memtest86+ for probably ~24h, there were no errors.


BTW:  I've stopped using curlftpfs because I felt that it was slow and 
unstable, so if the issue is connected to that, it's no surprise that 
the bug didn't show up again.  But I can try to trigger it again...


Cheers,
Thiemo



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#582088: linux-image-2.6.32-5-686: null pointer dereference in __mark_inode_dirty+0x15/0x10b

[Jonathan Nieder]

tags 593792 - moreinfo
# only happens rarely
tags 582088 + unreproducible
severity 582088 normal
merge 582088 593792
retitle 582088 [Eee PC 1000HG, fuse] symptoms of memory corruption
quit

Thiemo Nagel wrote:
 On 11/24/2011 09:25 AM, Jonathan Nieder wrote:

 Interesting.  Is this the same machine as http://bugs.debian.org/593792?

 Yes, it is.  Last year, I've tried to exclude memory problems by running
 memtest86+ for probably ~24h, there were no errors.

 BTW:  I've stopped using curlftpfs because I felt that it was slow and
 unstable, so if the issue is connected to that, it's no surprise that the
 bug didn't show up again.  But I can try to trigger it again...

Ok, let's merge the bugs.  If you can trigger it again, that would be
great.



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#582088: linux-image-2.6.32-5-686: null pointer dereference in __mark_inode_dirty+0x15/0x10b

[Thiemo Nagel]

Dear Jonathan,

On 10/21/2011 01:26 AM, Jonathan Nieder wrote:

I came across this BUG yesterday on my Asus Eee PC 1000HG.  I had probably
done 10-15 suspend/resume cycles that day.  I think I had mounted curlftpfs
over a somewhat flaky 3G connection earlier that day, but I didn't access it
at the time of the BUG (though I cannot speak for cron jobs, etc.).  Apart
from that, I was only ext3 and the usual system stuff (tmpfs, proc, sysfs,
devpts, binfmt_misc).

[...]

BUG: unable to handle kernel NULL pointer dereference at 0008
IP: [c10c90f1] __mark_inode_dirty+0x15/0x10b


In other words, __mark_inode_dirty was called with (sb-s_op == NULL).
Weird.

Did this ever happen again?


I've found BUG: unable to handle kernel NULL pointer 7 times in the 2 
years of log files that I keep.  It was associated with 
__mark_inode_dirty only once, though.  Other occurrences have been:


(null) (Debian 2.6.32-27)
strcmp+0x6/0x19 (Debian 2.6.32-27)
__d_lookup+0xb5/0xd3 (Debian 2.6.32-15)
drm_mm_put_block+0x1e/0x123 (Debian 2.6.32-13)
rw_verify_area+0x43/0xac (2.6.31.5)

Cheers,
Thiemo



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#582088: linux-image-2.6.32-5-686: null pointer dereference in __mark_inode_dirty+0x15/0x10b

[Jonathan Nieder]

Hi Thiemo,

Thiemo Nagel wrote:

 I came across this BUG yesterday on my Asus Eee PC 1000HG.  I had probably
 done 10-15 suspend/resume cycles that day.  I think I had mounted curlftpfs
 over a somewhat flaky 3G connection earlier that day, but I didn't access it
 at the time of the BUG (though I cannot speak for cron jobs, etc.).  Apart
 from that, I was only ext3 and the usual system stuff (tmpfs, proc, sysfs,
 devpts, binfmt_misc).
[...]
 BUG: unable to handle kernel NULL pointer dereference at 0008
 IP: [c10c90f1] __mark_inode_dirty+0x15/0x10b

In other words, __mark_inode_dirty was called with (sb-s_op == NULL).
Weird.

Did this ever happen again?

Sorry for the long silence,
Jonathan



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#582088: linux-image-2.6.32-5-686: null pointer dereference in __mark_inode_dirty+0x15/0x10b

[Thiemo Nagel]

Package: linux-2.6
Version: 2.6.32-12
Severity: important

I came across this BUG yesterday on my Asus Eee PC 1000HG.  I had probably
done 10-15 suspend/resume cycles that day.  I think I had mounted curlftpfs
over a somewhat flaky 3G connection earlier that day, but I didn't access it
at the time of the BUG (though I cannot speak for cron jobs, etc.).  Apart
from that, I was only ext3 and the usual system stuff (tmpfs, proc, sysfs,
devpts, binfmt_misc).

When I tried to suspend ~25 minutes later, suspend hung at the following
stage:

[34146.247219] Freezing remaining freezable tasks ... (elapsed 0.00 seconds) 
done.
[34146.247767] PM: Entering mem sleep
[34146.247767] Suspending console(s) (use no_console_suspend to debug)

Cheers!

Thiemo

P.S.:  That's the backtrace, it has been submitted to kerneloops, too.

[32597.132891] BUG: unable to handle kernel NULL pointer dereference at 0008
[32597.132914] IP: [c10c90f1] __mark_inode_dirty+0x15/0x10b
[32597.132939] *pde =  
[32597.132950] Oops:  [#1] SMP 
[32597.132962] last sysfs file: 
/sys/devices/pci:00/:00:1f.2/host0/target0:0:0/0:0:0:0/block/sda/sda6/stat
[32597.132975] Modules linked in: ppp_deflate zlib_deflate bsd_comp ppp_async 
crc_ccitt ppp_generic slhc nls_utf8 nls_cp437 vfat fat ppdev lp parport sco 
bridge stp bnep rfcomm l2cap crc16 bluetooth xt_multiport iptable_filter 
ip_tables x_tables acpi_cpufreq cpufreq_conservative cpufreq_powersave 
cpufreq_userspace cpufreq_stats binfmt_misc fuse loop snd_hda_codec_realtek 
snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss arc4 ecb 
snd_pcm option snd_seq_midi uvcvideo usbserial snd_rawmidi videodev 
snd_seq_midi_event ath5k v4l1_compat usb_storage i915 mac80211 snd_seq 
snd_timer drm_kms_helper ath snd_seq_device drm joydev eeepc_laptop snd 
cfg80211 i2c_algo_bit uhci_hcd ehci_hcd i2c_core soundcore tpm_tis rng_core 
led_class atl1e rfkill battery tpm ac psmouse snd_page_alloc usbcore tpm_bios 
video processor output button evdev serio_raw pci_hotplug nls_base ext3 jbd 
mbcache sha256_generic aes_i586 aes_generic cbc dm_crypt dm_mod fan sd_mod 
crc_t10dif ata_generic ata_
 piix l
ibata scsi_mod thermal thermal_sys
[32597.133274] 
[32597.133287] Pid: 3073, comm: firefox-bin Not tainted (2.6.32-5-686 #1) 1000HG
[32597.133299] EIP: 0060:[c10c90f1] EFLAGS: 00210202 CPU: 0
[32597.133311] EIP is at __mark_inode_dirty+0x15/0x10b
[32597.133322] EAX:  EBX: cda1ae10 ECX: f6d0b000 EDX: 0001
[32597.13] ESI: 0001 EDI: 0001 EBP: 2a6017dd ESP: ef757e58
[32597.133344]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[32597.133356] Process firefox-bin (pid: 3073, ti=ef756000 task=f6fc3300 
task.ti=ef756000)
[32597.133365] Stack:
[32597.133372]  0001 cda1ae10 0001 c10c1a1c 4bf196a5 f565c680 0001 
0001
[32597.133397] 0 0001  c10b9277 f6fc3300 ef757f64 cda1ae88 
0de8 0800
[32597.133424] 0 f54a562c f565c680 f54a5600  0001 c2008a24 
0001 c1b6f5c0
[32597.133452] Call Trace:
[32597.133469]  [c10c1a1c] ? file_update_time+0xbd/0xde
[32597.133485]  [c10b9277] ? pipe_write+0x436/0x440
[32597.133525]  [c10b3112] ? do_sync_write+0xc0/0x107
[32597.133543]  [c10445ce] ? autoremove_wake_function+0x0/0x2d
[32597.133560]  [c10b2e5e] ? fsnotify_modify+0x5a/0x61
[32597.133576]  [c11023e0] ? security_file_permission+0xc/0xd
[32597.133591]  [c10b3052] ? do_sync_write+0x0/0x107
[32597.133606]  [c10b3a3e] ? vfs_write+0x7e/0xd6
[32597.133620]  [c10b3b2e] ? sys_write+0x3c/0x63
[32597.133636]  [c10030fb] ? sysenter_do_call+0x12/0x28
[32597.133645] Code: 83 c4 18 85 db 74 0c fe 43 08 89 d8 5b 5e e9 5e 7f ff ff 
5b 5e c3 57 f6 c2 03 56 89 d6 53 89 c3 8b 80 a4 00 00 00 74 0e 8b 40 20 8b 50 
08 85 d2 74 04 89 d8 ff d2 0f ae f0 89 f6 89 f0 23 83 40 
[32597.133790] EIP: [c10c90f1] __mark_inode_dirty+0x15/0x10b SS:ESP 
0068:ef757e58
[32597.133808] CR2: 0008
[32597.133819] ---[ end trace 1813c313639e8caf ]---


-- Package-specific info:
** Version:
Linux version 2.6.32-5-686 (Debian 2.6.32-12) (b...@decadent.org.uk) (gcc 
version 4.3.4 (Debian 4.3.4-10) ) #1 SMP Sat May 1 04:16:37 UTC 2010

** Command line:
BOOT_IMAGE=/vmlinuz-2.6.32-5-686 root=/dev/mapper/sda7_crypt ro vga=6 quiet

** Not tainted

** Kernel log:
[ 3778.144035] CPU1 is up
[ 3778.144202] ACPI: Waking up from system sleep state S3
[ 3778.205401] pci :00:02.0: restoring config space at offset 0x1 (was 
0x97, writing 0x93)
[ 3778.205483] HDA Intel :00:1b.0: restoring config space at offset 0x1 
(was 0x16, writing 0x12)
[ 3778.205539] pcieport :00:1c.0: restoring config space at offset 0x9 (was 
0x1fff1, writing 0x40314021)
[ 3778.205551] pcieport :00:1c.0: restoring config space at offset 0x8 (was 
0xfff0, writing 0x40104000)
[ 3778.205563] pcieport :00:1c.0: restoring config space at offset 0x7 (was 
0xf0, writing 0x1010)
[ 3778.205584] pcieport :00:1c.0: restoring config space at offset 0x1 (was 
0x100104, writing 0x100507)
[