Bug#677655: 3.4-trunk-486: kernel oops: EIP is at __destroy_inode+0x56/0x8d
On Sun, Jul 14, 2013 at 06:32:05PM +0200, Moritz Mühlenhoff wrote: Version: 3.9-1 On Fri, Jul 12, 2013 at 11:19:56AM +0300, Martin-Éric Racine wrote: It still does with 3.2 in stable, but not with 3.9 in testing. Closing with that version, then. No such version (3.9-1) was uploaded, 3.9.4-1 was first 3.9 upload. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130714181954.GA3982@lisko
Bug#677655: 3.4-trunk-486: kernel oops: EIP is at __destroy_inode+0x56/0x8d
reassign 677655 src:linux thanks On Sat, Jun 16, 2012 at 03:48:45AM -0500, Jonathan Nieder wrote: Martin-Éric Racine wrote: Yup, this issue returns every now and then on the exact same host (which was recently migrated from Ubuntu to Debian, now that Ubuntu stopped supporting anything older than non-PAE 686 hardware), whenever someone touches the inode code again. The nice thing, this time, is that it has become non-fatal; the kernel simply reports the oops and continues operating. Thanks for the background. That would have indeed been useful context in the original report (though perhaps it had been long enough since the last appearance that you had forgotten). If I have any more questions, I'll ask them upstream. Does this still occur with current kernels? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130712074654.ga3...@inutil.org
Bug#677655: 3.4-trunk-486: kernel oops: EIP is at __destroy_inode+0x56/0x8d
It still does with 3.2 in stable, but not with 3.9 in testing. Martin-Éric 2013/7/12 Moritz Muehlenhoff j...@inutil.org reassign 677655 src:linux thanks On Sat, Jun 16, 2012 at 03:48:45AM -0500, Jonathan Nieder wrote: Martin-Éric Racine wrote: Yup, this issue returns every now and then on the exact same host (which was recently migrated from Ubuntu to Debian, now that Ubuntu stopped supporting anything older than non-PAE 686 hardware), whenever someone touches the inode code again. The nice thing, this time, is that it has become non-fatal; the kernel simply reports the oops and continues operating. Thanks for the background. That would have indeed been useful context in the original report (though perhaps it had been long enough since the last appearance that you had forgotten). If I have any more questions, I'll ask them upstream. Does this still occur with current kernels? Cheers, Moritz
Bug#677655: 3.4-trunk-486: kernel oops: EIP is at __destroy_inode+0x56/0x8d
2012/6/16 Jonathan Nieder jrnie...@gmail.com: Jonathan Nieder wrote: By the way, searching for that particular address yields the following interesting result. (Nothing else recent, alas.) Better link: https://bugzilla.kernel.org/show_bug.cgi?id=13941 Yup, this issue returns every now and then on the exact same host (which was recently migrated from Ubuntu to Debian, now that Ubuntu stopped supporting anything older than non-PAE 686 hardware), whenever someone touches the inode code again. The nice thing, this time, is that it has become non-fatal; the kernel simply reports the oops and continues operating. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAPZXPQcsOE=E_KNsbfu_0Vfm4Q00+7xD=U+bP_3H941gJs�q...@mail.gmail.com
Bug#677655: 3.4-trunk-486: kernel oops: EIP is at __destroy_inode+0x56/0x8d
2012/6/16 Ben Hutchings b...@decadent.org.uk: On Fri, 2012-06-15 at 22:37 +0300, Martin-Éric Racine wrote: Hi Jonathan, 2012/6/15 Jonathan Nieder jrnie...@gmail.com: Hi Martin-Éric, Martin-Éric Racine wrote: I'm not sure if it's too early to report on kernel 3.4 or not, but here it goes: Any package uploaded to the archive is open for bug reports. :) Could you send the full oops trace, starting at the first BUG line? (It should include the text Not tainted.) Even better would be full dmesg output from booting and reproducing the bug. Here's the dmesg output at bootup, right after the first few oopses have started to appear. The kernel is trying to free an inode and using an ACL pointer that should presumably be 0x (special value for ACL not in memory) but is instead 0xb4ff. This memory corruption could be a software bug (e.g. use after free) or a hardware fault. What was the last working kernel version on this system? 3.2.0-19 (or whatever 486 kernel is in Testing) is what's normally running on this one. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/capzxpqcn42h4ypn_xghz4cvhxvdazhbtanpkksvxjnzanv1...@mail.gmail.com
Bug#677655: 3.4-trunk-486: kernel oops: EIP is at __destroy_inode+0x56/0x8d
Martin-Éric Racine wrote: Yup, this issue returns every now and then on the exact same host (which was recently migrated from Ubuntu to Debian, now that Ubuntu stopped supporting anything older than non-PAE 686 hardware), whenever someone touches the inode code again. The nice thing, this time, is that it has become non-fatal; the kernel simply reports the oops and continues operating. Thanks for the background. That would have indeed been useful context in the original report (though perhaps it had been long enough since the last appearance that you had forgotten). If I have any more questions, I'll ask them upstream. Thanks, Jonathan -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120616084815.GA24896@burratino
Bug#677655: 3.4-trunk-486: kernel oops: EIP is at __destroy_inode+0x56/0x8d
Package: linux-2.6 Version: 3.4.1-1~experimental.1 Severity: normal I'm not sure if it's too early to report on kernel 3.4 or not, but here it goes: dmesg keeps on reporting spurious kernel oppses involving inode destructions, as seen below, whenever running kernel 3.4-trunk. -- Package-specific info: ** Version: Linux version 3.4-trunk-486 (Debian 3.4.1-1~experimental.1) (debian-kernel@lists.debian.org) (gcc version 4.6.3 (Debian 4.6.3-7) ) #1 Wed Jun 6 14:24:16 UTC 2012 ** Command line: BOOT_IMAGE=/boot/vmlinuz-3.4-trunk-486 root=UUID=97b2628b-28a5-49f2-85f7-495728b3bef8 ro panic=15 pnpbios=off quiet splash ** Tainted: D (128) * Kernel has oopsed before. ** Kernel log: [ 29.054891] DR0: DR1: DR2: DR3: [ 29.054909] DR6: 0ff0 DR7: 0400 [ 29.054928] Process mount (pid: 697, ti=f3eee000 task=f4c69c00 task.ti=f3eee000) [ 29.054944] Stack: [ 29.054955] f551f7d8 c10b6cdd f5624138 c10b5104 f5624138 f3eeff20 f3eeff20 c10b5149 [ 29.054998] f5624198 f5817c00 f5817c80 c10b5362 f5624318 f5624218 f5817c00 [ 29.055040] fff3 c10a9dd3 002e 0027 f5812090 [ 29.055081] Call Trace: [ 29.055107] [c10b6cdd] ? destroy_inode+0x1a/0x3e [ 29.055132] [c10b5104] ? dentry_kill+0x7f/0x8c [ 29.055157] [c10b5149] ? shrink_dentry_list+0x38/0x62 [ 29.055183] [c10b5362] ? shrink_dcache_sb+0x40/0x51 [ 29.055209] [c10a9dd3] ? do_remount_sb+0x5b/0x11c [ 29.055236] [c10b9acc] ? do_mount+0x1de/0x5ca [ 29.055265] [c113b3f0] ? _copy_from_user+0x28/0x47 [ 29.055293] [c108b524] ? memdup_user+0x26/0x43 [ 29.055318] [c10b9f21] ? sys_mount+0x67/0x96 [ 29.055349] [c128e6ec] ? syscall_call+0x7/0xb [ 29.055364] Code: 85 c0 75 0f ba ee 00 00 00 b8 58 a4 33 c1 e8 87 6e f6 ff 8b 43 1c ff 88 c4 01 00 00 8b 43 10 8d 50 ff 83 fa fd 77 14 85 c0 74 10 ff 08 0f 94 c2 84 d2 74 07 31 d2 e8 ee be fa ff 8b 43 14 8d 50 [ 29.055607] EIP: [c10b698e] __destroy_inode+0x56/0x8d SS:ESP 0068:f3eefef0 [ 29.055640] CR2: b4ff [ 29.055657] ---[ end trace b7c0a963a9f117a3 ]--- [ 32.438125] 8139too :00:0d.0: eth0: link up, 100Mbps, full-duplex, lpa 0x45E1 [ 43.136054] eth0: no IPv6 routers present [ 44.435375] snd-malloc: invalid device type 0 [ 44.436817] snd-malloc: invalid device type 0 [ 44.551172] snd-malloc: invalid device type 0 [ 44.555444] snd-malloc: invalid device type 0 [ 44.557438] snd-malloc: invalid device type 0 [ 44.558636] snd-malloc: invalid device type 0 [ 44.560411] snd-malloc: invalid device type 0 [ 44.565241] snd-malloc: invalid device type 0 [ 44.566586] snd-malloc: invalid device type 0 [ 44.567750] snd-malloc: invalid device type 0 [ 44.570206] snd-malloc: invalid device type 0 [ 44.574927] snd-malloc: invalid device type 0 [ 44.576796] snd-malloc: invalid device type 0 [ 44.578073] snd-malloc: invalid device type 0 [ 44.579760] snd-malloc: invalid device type 0 [ 44.584799] snd-malloc: invalid device type 0 [ 44.586063] snd-malloc: invalid device type 0 [ 44.587221] snd-malloc: invalid device type 0 [ 44.590101] snd-malloc: invalid device type 0 [ 44.595537] snd-malloc: invalid device type 0 [ 44.717354] snd-malloc: invalid device type 0 [ 44.718582] snd-malloc: invalid device type 0 [ 44.720941] snd-malloc: invalid device type 0 [ 44.725762] snd-malloc: invalid device type 0 [ 49.744081] Bluetooth: Core ver 2.16 [ 49.744207] NET: Registered protocol family 31 [ 49.744223] Bluetooth: HCI device and connection manager initialized [ 49.745567] Bluetooth: HCI socket layer initialized [ 49.745590] Bluetooth: L2CAP socket layer initialized [ 49.745621] Bluetooth: SCO socket layer initialized [ 49.788365] Bluetooth: RFCOMM TTY layer initialized [ 49.788395] Bluetooth: RFCOMM socket layer initialized [ 49.788412] Bluetooth: RFCOMM ver 1.11 [ 50.045149] Bluetooth: BNEP (Ethernet Emulation) ver 1.3 [ 50.045173] Bluetooth: BNEP filters: protocol multicast [ 64.436997] colord[2225]: segfault at 8 ip 08052674 sp bf8a6c00 error 4 in colord[8048000+2] [ 67.658424] BUG: unable to handle kernel paging request at 00ff [ 67.658453] IP: [c10b698e] __destroy_inode+0x56/0x8d [ 67.658494] *pde = 01462067 *pte = [ 67.658516] Oops: [#2] [ 67.658532] Modules linked in: mperf cpufreq_conservative cpufreq_userspace cpufreq_powersave cpufreq_stats bnep rfcomm bluetooth rfkill snd_cs5535audio snd_ac97_codec snd_pcm snd_page_alloc ecb snd_seq scx200_acb i2c_core cryptd aes_i586 snd_seq_device snd_timer aes_generic snd geode_aes geode_rng rng_core cs5535_mfd soundcore ac97_bus processor evdev thermal_sys ac ext4 crc16 jbd2 mbcache msr usbhid hid sd_mod crc_t10dif ata_generic ohci_hcd pata_cs5536 libata ehci_hcd usbcore scsi_mod button 8139too 8139cp usb_common mii [last unloaded: scsi_wait_scan] [ 67.658775] [ 67.658793] Pid: 1946, comm: gnome-session Tainted: G D
Bug#677655: 3.4-trunk-486: kernel oops: EIP is at __destroy_inode+0x56/0x8d
Hi Martin-Éric, Martin-Éric Racine wrote: I'm not sure if it's too early to report on kernel 3.4 or not, but here it goes: Any package uploaded to the archive is open for bug reports. :) [...] ** Kernel log: [ 29.054891] DR0: DR1: DR2: DR3: [ 29.054909] DR6: 0ff0 DR7: 0400 [ 29.054928] Process mount (pid: 697, ti=f3eee000 task=f4c69c00 task.ti=f3eee000) [ 29.054944] Stack: [ 29.054955] f551f7d8 c10b6cdd f5624138 c10b5104 f5624138 f3eeff20 f3eeff20 c10b5149 [ 29.054998] f5624198 f5817c00 f5817c80 c10b5362 f5624318 f5624218 f5817c00 [ 29.055040] fff3 c10a9dd3 002e 0027 f5812090 [ 29.055081] Call Trace: [ 29.055107] [c10b6cdd] ? destroy_inode+0x1a/0x3e [ 29.055132] [c10b5104] ? dentry_kill+0x7f/0x8c [ 29.055157] [c10b5149] ? shrink_dentry_list+0x38/0x62 [ 29.055183] [c10b5362] ? shrink_dcache_sb+0x40/0x51 [ 29.055209] [c10a9dd3] ? do_remount_sb+0x5b/0x11c [ 29.055236] [c10b9acc] ? do_mount+0x1de/0x5ca [ 29.055265] [c113b3f0] ? _copy_from_user+0x28/0x47 [ 29.055293] [c108b524] ? memdup_user+0x26/0x43 [ 29.055318] [c10b9f21] ? sys_mount+0x67/0x96 [ 29.055349] [c128e6ec] ? syscall_call+0x7/0xb [ 29.055364] Code: 85 c0 75 0f ba ee 00 00 00 b8 58 a4 33 c1 e8 87 6e f6 ff 8b 43 1c ff 88 c4 01 00 00 8b 43 10 8d 50 ff 83 fa fd 77 14 85 c0 74 10 ff 08 0f 94 c2 84 d2 74 07 31 d2 e8 ee be fa ff 8b 43 14 8d 50 [ 29.055607] EIP: [c10b698e] __destroy_inode+0x56/0x8d SS:ESP 0068:f3eefef0 [ 29.055640] CR2: b4ff [ 29.055657] ---[ end trace b7c0a963a9f117a3 ]--- Could you send the full oops trace, starting at the first BUG line? (It should include the text Not tainted.) Even better would be full dmesg output from booting and reproducing the bug. Thanks for catching it, Jonathan -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120615185243.GA11941@burratino
Bug#677655: 3.4-trunk-486: kernel oops: EIP is at __destroy_inode+0x56/0x8d
Hi Jonathan, 2012/6/15 Jonathan Nieder jrnie...@gmail.com: Hi Martin-Éric, Martin-Éric Racine wrote: I'm not sure if it's too early to report on kernel 3.4 or not, but here it goes: Any package uploaded to the archive is open for bug reports. :) Could you send the full oops trace, starting at the first BUG line? (It should include the text Not tainted.) Even better would be full dmesg output from booting and reproducing the bug. Here's the dmesg output at bootup, right after the first few oopses have started to appear. Cheers! Martin-Éric 6[0.00] Initializing cgroup subsys cpuset 6[0.00] Initializing cgroup subsys cpu 5[0.00] Linux version 3.4-trunk-486 (Debian 3.4.1-1~experimental.1) (debian-kernel@lists.debian.org) (gcc version 4.6.3 (Debian 4.6.3-7) ) #1 Wed Jun 6 14:24:16 UTC 2012 6[0.00] BIOS-provided physical RAM map: 6[0.00] BIOS-e820: - 0009e800 (usable) 6[0.00] BIOS-e820: 0009e800 - 000a (reserved) 6[0.00] BIOS-e820: 000f - 0010 (reserved) 6[0.00] BIOS-e820: 0010 - 37fb (usable) 6[0.00] BIOS-e820: 37fb - 37fb3000 (ACPI NVS) 6[0.00] BIOS-e820: 37fb3000 - 37fc (ACPI data) 6[0.00] BIOS-e820: - 0001 (reserved) 5[0.00] Notice: NX (Execute Disable) protection missing in CPU! 6[0.00] DMI 2.2 present. 7[0.00] DMI: First International Computer, Inc. ION603/ION603, BIOS 6.00 PG 11/08/2007 7[0.00] e820 update range: - 0001 (usable) == (reserved) 7[0.00] e820 remove range: 000a - 0010 (usable) 6[0.00] last_pfn = 0x37fb0 max_arch_pfn = 0x10 7[0.00] initial memory mapped : 0 - 0180 7[0.00] Base memory trampoline at [c009b000] 9b000 size 12288 6[0.00] init_memory_mapping: -377fe000 7[0.00] 00 - 40 page 4k 7[0.00] 40 - 003740 page 2M 7[0.00] 003740 - 00377fe000 page 4k 7[0.00] kernel direct mapping tables up to 377fe000 @ 17fb000-180 6[0.00] RAMDISK: 35fca000 - 36fdd000 4[0.00] ACPI: RSDP 000f5910 00014 (v00 AMDGX3) 4[0.00] ACPI: RSDT 37fb3000 00028 (v01 AMDGX3 AWRDACPI 42302E31 AWRD ) 4[0.00] ACPI: FACP 37fb3080 00074 (v01 AMDGX3 AWRDACPI 42302E31 AWRD ) 4[0.00] ACPI Warning: Invalid length for Pm2ControlBlock: 16, using default 8 (20120320/tbfadt-629) 4[0.00] ACPI: DSDT 37fb3100 01581 (v01 AMDGX3 AWRDACPI 1017 MSFT 0300) 4[0.00] ACPI: FACS 37fb 00040 5[0.00] 7MB HIGHMEM available. 5[0.00] 887MB LOWMEM available. 6[0.00] mapped low ram: 0 - 377fe000 6[0.00] low ram: 0 - 377fe000 4[0.00] Zone PFN ranges: 4[0.00] DMA 0x0010 - 0x1000 4[0.00] Normal 0x1000 - 0x000377fe 4[0.00] HighMem 0x000377fe - 0x00037fb0 4[0.00] Movable zone start PFN for each node 4[0.00] Early memory PFN ranges 4[0.00] 0: 0x0010 - 0x009e 4[0.00] 0: 0x0100 - 0x00037fb0 7[0.00] On node 0 totalpages: 229182 7[0.00] free_area_init_node: node 0, pgdat c13e6e08, node_mem_map f70fd200 7[0.00] DMA zone: 32 pages used for memmap 7[0.00] DMA zone: 0 pages reserved 7[0.00] DMA zone: 3950 pages, LIFO batch:0 7[0.00] Normal zone: 1744 pages used for memmap 7[0.00] Normal zone: 221486 pages, LIFO batch:31 7[0.00] HighMem zone: 16 pages used for memmap 7[0.00] HighMem zone: 1954 pages, LIFO batch:0 6[0.00] Using APIC driver default 6[0.00] ACPI: PM-Timer IO Port: 0x9c10 6[0.00] No local APIC present or hardware disabled 6[0.00] APIC: disable apic facility 6[0.00] APIC: switched to apic NOOP 7[0.00] nr_irqs_gsi: 16 6[0.00] PM: Registered nosave memory: 0009e000 - 0009f000 6[0.00] PM: Registered nosave memory: 0009f000 - 000a 6[0.00] PM: Registered nosave memory: 000a - 000f 6[0.00] PM: Registered nosave memory: 000f - 0010 6[0.00] Allocating PCI resources starting at 37fc (gap: 37fc:c803) 6[0.00] Booting paravirtualized kernel on bare hardware 7[0.00] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768 7[0.00] pcpu-alloc: [0] 0 4[0.00] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 227390 5[0.00] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-3.4-trunk-486 root=UUID=97b2628b-28a5-49f2-85f7-495728b3bef8 ro panic=15 pnpbios=off quiet splash 6[0.00] PID hash table entries: 4096 (order: 2, 16384
Bug#677655: 3.4-trunk-486: kernel oops: EIP is at __destroy_inode+0x56/0x8d
Martin-Éric Racine wrote:
Here's the dmesg output at bootup, right after the first few oopses
have started to appear.
Thanks, nice and quick.
Let's see:
[...]
6[ 28.167997] EXT4-fs (sda1): re-mounted. Opts: (null)
6[ 28.721401] EXT4-fs (sda1): re-mounted. Opts: (null)
1[ 29.595342] BUG: unable to handle kernel paging request at b4ff
1[ 29.595373] IP: [c10b698e] __destroy_inode+0x56/0x8d
Bad pointer.
[...]
4[ 29.595737] EIP is at __destroy_inode+0x56/0x8d
4[ 29.595756] EAX: b4ff EBX: f54f1d38 ECX: f6871ed8 EDX: b4fe
4[ 29.595777] ESI: f55475d8 EDI: f54f1d38 EBP: ESP: f6871ef0
4[ 29.595798] DS: 007b ES: 007b FS: GS: 00e0 SS: 0068
4[ 29.595818] CR0: 8005003b CR2: b4ff CR3: 36877000 CR4: 0090
4[ 29.595839] DR0: DR1: DR2: DR3:
4[ 29.595856] DR6: 0ff0 DR7: 0400
0[ 29.595876] Process mount (pid: 693, ti=f687 task=f37f1810
task.ti=f687)
Call chain: mount - do_mount - do_remount_sb - shrink_dcache_db - ...
[...]
0[ 29.596036] Code: 85 c0 75 0f ba ee 00 00 00 b8 58 a4 33 c1 e8 87 6e f6
ff 8b 43 1c ff 88 c4 01 00 00 8b 43 10 8d 50 ff 83 fa fd 77 14 85 c0 74 10
ff 08 0f 94 c2 84 d2 74 07 31 d2 e8 ee be fa ff 8b 43 14 8d 50
Decoding, this is:
1c: 8b 43 10mov0x10(%ebx),%eax
1f: 8d 50 fflea-0x1(%eax),%edx
22: 83 fa fdcmp$0xfffd,%edx
25: 77 14 ja 0x3b
27: 85 c0 test %eax,%eax
29: 74 10 je 0x3b
2b:* ff 08 decl (%eax) -- trapping instruction
2d: 0f 94 c2sete %dl
which corresponds to
77d: 8b 43 10mov0x10(%ebx),%eax
780: 8d 50 fflea-0x1(%eax),%edx
783: 83 fa fdcmp$0xfffd,%edx
786: 77 05 ja 78d __destroy_inode+0x57
posix_acl_release(inode-i_acl);
788: e8 94 ff ff ff call 721 posix_acl_release
from fs/inode.c. (Your call to posix_acl_release is inlined while mine
is not because your kernel was built with an older GCC and I'm too
lazy to downgrade.) Here's posix_acl_release:
static inline void
posix_acl_release(struct posix_acl *acl)
{
if (acl atomic_dec_and_test(acl-a_refcount))
kfree_rcu(acl, a_rcu);
}
a_refcount is at offset 0 in struct posix_acl. The dec_and_test
fails because acl is a bad pointer.
So inode is incompletely initialized, I guess. Climbing the call
chain:
0[ 29.595892] Stack:
4[ 29.595903] f54f1d38 c10b6cdd f5538898 c10b5104 f5538898 f6871f20
f6871f20 c10b5149
4[ 29.595946] f55388f8 f5817c00 f5817c80 c10b5362 f55b8a78 f55389f8
f5817c00
4[ 29.595988] fff3 c10a9dd3 002e
0027 f5812090
0[ 29.596030] Call Trace:
4[ 29.596036] [c10b6cdd] ? destroy_inode+0x1a/0x3e
4[ 29.596036] [c10b5104] ? dentry_kill+0x7f/0x8c
4[ 29.596036] [c10b5149] ? shrink_dentry_list+0x38/0x62
4[ 29.596036] [c10b5362] ? shrink_dcache_sb+0x40/0x51
4[ 29.596036] [c10a9dd3] ? do_remount_sb+0x5b/0x11c
4[ 29.596036] [c10b9acc] ? do_mount+0x1de/0x5ca
4[ 29.596036] [c113b3f0] ? _copy_from_user+0x28/0x47
4[ 29.596036] [c108b524] ? memdup_user+0x26/0x43
4[ 29.596036] [c10b9f21] ? sys_mount+0x67/0x96
4[ 29.596036] [c128e6ec] ? syscall_call+0x7/0xb
0[ 29.596036] EIP: [c10b698e] __destroy_inode+0x56/0x8d SS:ESP
0068:f6871ef0
Probably:
dentry_kill - d_kill - dentry_iput - iput - ...
Meaning dentry-d_inode has invalid -i_acl. Walking further:
sys_mount - do_mount - do_remount - do_remount_sb -
- shrink_dcache_sb - shrink_dentry_list -
- try_prune_one_dentry - dentry_kill
I got nothin'. Could you try 3.5-rc2 or newer so we can pester
upstream? Like this:
0. prerequisites:
apt-get install git build-essential
1. grab the kernel history if you don't already have it:
git clone \
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
2. checkout latest, configure, build:
cd linux
git fetch --all
git checkout origin/master
cp /boot/config-$(uname -r) .config; # current configuration
scripts/config --disable DEBUG_INFO
make localmodconfig; # optional: minimize configuration
make deb-pkg; # optionally with -jnum for parallel build
dpkg -i ../name of package; # as root
reboot
... test test test ...
3. celebrate or complain
If it fails, please send a summary of symptoms to
linux-fsde...@vger.kernel.org, cc-ing either me or this bug log so we
can track it. Be sure to mention:
- steps to reproduce, expected result, actual result, and how the
difference indicates a bug (should be
Bug#677655: 3.4-trunk-486: kernel oops: EIP is at __destroy_inode+0x56/0x8d
On Fri, 2012-06-15 at 22:37 +0300, Martin-Éric Racine wrote: Hi Jonathan, 2012/6/15 Jonathan Nieder jrnie...@gmail.com: Hi Martin-Éric, Martin-Éric Racine wrote: I'm not sure if it's too early to report on kernel 3.4 or not, but here it goes: Any package uploaded to the archive is open for bug reports. :) Could you send the full oops trace, starting at the first BUG line? (It should include the text Not tainted.) Even better would be full dmesg output from booting and reproducing the bug. Here's the dmesg output at bootup, right after the first few oopses have started to appear. The kernel is trying to free an inode and using an ACL pointer that should presumably be 0x (special value for ACL not in memory) but is instead 0xb4ff. This memory corruption could be a software bug (e.g. use after free) or a hardware fault. What was the last working kernel version on this system? Ben. -- Ben Hutchings We get into the habit of living before acquiring the habit of thinking. - Albert Camus signature.asc Description: This is a digitally signed message part
Bug#677655: 3.4-trunk-486: kernel oops: EIP is at __destroy_inode+0x56/0x8d
Ben Hutchings wrote: On Fri, 2012-06-15 at 22:37 +0300, Martin-Éric Racine wrote: Here's the dmesg output at bootup, right after the first few oopses have started to appear. The kernel is trying to free an inode and using an ACL pointer that should presumably be 0x (special value for ACL not in memory) but is instead 0xb4ff. This memory corruption could be a software bug (e.g. use after free) or a hardware fault. What was the last working kernel version on this system? By the way, searching for that particular address yields the following interesting result. (Nothing else recent, alas.) https://launchpad.net/bugs/848864 Thanks, Jonathan -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120616010042.GD3547@burratino
Bug#677655: 3.4-trunk-486: kernel oops: EIP is at __destroy_inode+0x56/0x8d
Jonathan Nieder wrote: By the way, searching for that particular address yields the following interesting result. (Nothing else recent, alas.) Better link: https://bugzilla.kernel.org/show_bug.cgi?id=13941 -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120616022318.GC3201@burratino
Bug#677655: 3.4-trunk-486: kernel oops: EIP is at __destroy_inode+0x56/0x8d
On Fri, 2012-06-15 at 21:23 -0500, Jonathan Nieder wrote: Jonathan Nieder wrote: By the way, searching for that particular address yields the following interesting result. (Nothing else recent, alas.) Better link: https://bugzilla.kernel.org/show_bug.cgi?id=13941 Oohkay, so you've seen this same bug across a wide range of kernel versions (and presumably compiler versions). It would have been helpful to mention this instead of letting Jonathan work it out. It does seem unlikely that this would be a hardware fault, since the source line and value involved are the same while memory layout must have changed a lot over those 13 upstream stable releases. Ben. -- Ben Hutchings We get into the habit of living before acquiring the habit of thinking. - Albert Camus signature.asc Description: This is a digitally signed message part
