Hi
>From time to time Fedora users reports crash at fat_detach.
It happens randomly and seldom. Seems to be related with
unmount operation.
Early reports are from 3.0 and problem still randomly occurs
on recent kernels.
Calltraces looks like below:
BUG: unable to handle kernel NULL pointer dereference at 0000009c
IP: [<c046d983>] do_raw_spin_lock+0xd/0x1e
[<c07fcc94>] _raw_spin_lock+0xd/0xf
[<f8fe03de>] fat_detach+0x20/0x59 [fat]
[<f8fe0874>] fat_evict_inode+0x5b/0x5e [fat]
[<c05058ad>] evict+0x57/0xe9
[<c0505a67>] iput+0xf8/0xfd
[<c051ce0f>] fsnotify_destroy_mark+0xdf/0xf8
[<c051e488>] sys_inotify_rm_watch+0x59/0x79
[<c07fcfbc>] syscall_call+0x7/0xb
what most likely indicate that fat_evict is called with
inode with i_sb->s_fs_info == NULL.
Some more info about this problem can be found here:
https://bugzilla.redhat.com/show_bug.cgi?id=768534
Any insight on this isssue is welcome.
Thanks
Stanislaw
On Tue, 2012-10-30 at 14:44 +0100, Stanislaw Gruszka wrote:
> From time to time Fedora users reports crash at fat_detach.
> It happens randomly and seldom. Seems to be related with
> unmount operation.
>
> Early reports are from 3.0 and problem still randomly occurs
> on recent kernels.
>
> Calltraces looks like below:
>
> BUG: unable to handle kernel NULL pointer dereference at 0000009c
> IP: [<c046d983>] do_raw_spin_lock+0xd/0x1e
>
> [<c07fcc94>] _raw_spin_lock+0xd/0xf
> [<f8fe03de>] fat_detach+0x20/0x59 [fat]
> [<f8fe0874>] fat_evict_inode+0x5b/0x5e [fat]
> [<c05058ad>] evict+0x57/0xe9
> [<c0505a67>] iput+0xf8/0xfd
> [<c051ce0f>] fsnotify_destroy_mark+0xdf/0xf8
> [<c051e488>] sys_inotify_rm_watch+0x59/0x79
> [<c07fcfbc>] syscall_call+0x7/0xb
>
> what most likely indicate that fat_evict is called with
> inode with i_sb->s_fs_info == NULL.
>
> Some more info about this problem can be found here:
> https://bugzilla.redhat.com/show_bug.cgi?id=768534
>
> Any insight on this isssue is welcome.
0) I remembered running into an almost identical Oops recently, but not
reporting it because I was unable to reproduce it. It appeared to be
triggered by unmounting and/or removing a USB stick.
1) For what it's worth, the last few lines in the logs before this Oops
were:
[...]
Oct 17 11:50:41 x61 udisksd[1170]: Mounted /dev/sdb1 at /run/media/[...]/LIVE on behalf of uid 1000
Oct 17 11:52:36 x61 udisksd[1170]: Cleaning up mount point /run/media/[...]/LIVE (device 8:17 is not mounted)
Oct 17 11:52:36 x61 kernel: [15141.653798] VFS: Busy inodes after unmount of sdb1. Self-destruct in 5 seconds. Have a nice day...
Paul Bolle
Paul Bolle <[email protected]> writes:
>> BUG: unable to handle kernel NULL pointer dereference at 0000009c
>> IP: [<c046d983>] do_raw_spin_lock+0xd/0x1e
>>
>> [<c07fcc94>] _raw_spin_lock+0xd/0xf
>> [<f8fe03de>] fat_detach+0x20/0x59 [fat]
>> [<f8fe0874>] fat_evict_inode+0x5b/0x5e [fat]
>> [<c05058ad>] evict+0x57/0xe9
>> [<c0505a67>] iput+0xf8/0xfd
>> [<c051ce0f>] fsnotify_destroy_mark+0xdf/0xf8
>> [<c051e488>] sys_inotify_rm_watch+0x59/0x79
>> [<c07fcfbc>] syscall_call+0x7/0xb
>>
>> what most likely indicate that fat_evict is called with
>> inode with i_sb->s_fs_info == NULL.
This bug is known as the inotify bug. I recall I talked about this,
maybe years ago.
Eric?
--
OGAWA Hirofumi <[email protected]>
On Wed, 2012-10-31 at 09:49 +0900, OGAWA Hirofumi wrote:
> This bug is known as the inotify bug. I recall I talked about this,
> maybe years ago.
Would that be this thread: https://lkml.org/lkml/2011/6/10/155 ?
Paul Bolle
Paul Bolle <[email protected]> writes:
> On Wed, 2012-10-31 at 09:49 +0900, OGAWA Hirofumi wrote:
>> This bug is known as the inotify bug. I recall I talked about this,
>> maybe years ago.
>
> Would that be this thread: https://lkml.org/lkml/2011/6/10/155 ?
Sure, exactly.
--
OGAWA Hirofumi <[email protected]>
2012/10/31, OGAWA Hirofumi <[email protected]>:
> Paul Bolle <[email protected]> writes:
>
>> On Wed, 2012-10-31 at 09:49 +0900, OGAWA Hirofumi wrote:
>>> This bug is known as the inotify bug. I recall I talked about this,
>>> maybe years ago.
>>
>> Would that be this thread: https://lkml.org/lkml/2011/6/10/155 ?
>
> Sure, exactly.
I found related patch.
http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commitdiff;h=fe9b25d3ee6bdf6f9c9a9ce61d9d3e144bac13ef
Maybe the above patch should be applied to fix this issue in stable kernel.
Thanks.
> --
> OGAWA Hirofumi <[email protected]>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
On Tue, Nov 06, 2012 at 04:37:03PM +0900, Namjae Jeon wrote:
> 2012/10/31, OGAWA Hirofumi <[email protected]>:
> > Paul Bolle <[email protected]> writes:
> >
> >> On Wed, 2012-10-31 at 09:49 +0900, OGAWA Hirofumi wrote:
> >>> This bug is known as the inotify bug. I recall I talked about this,
> >>> maybe years ago.
> >>
> >> Would that be this thread: https://lkml.org/lkml/2011/6/10/155 ?
> >
> > Sure, exactly.
>
> I found related patch.
> http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commitdiff;h=fe9b25d3ee6bdf6f9c9a9ce61d9d3e144bac13ef
>
> Maybe the above patch should be applied to fix this issue in stable kernel.
First is should go to Linus tree. This commit is more than half year old.
Eric, is there any problem with pull request from your tree?
Stanislaw