Ubuntu
linux-meta package

2.6.38 kernel bug at namei.c:406 invalid opcode 0000 SMP

Bug #713891 reported by Gilberto "Velenux" Ficara on 2011-02-06

This bug report is a duplicate of: Bug #713769: natty, invalid opcode: 0000 [#1] SMP. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux-meta (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

Binary package hint: linux-image

I was running fuser on a second proc filesystem mounted to a chroot environment (via mount -t proc none /disk/proc):

# fuser /disk/proc/
Segmentation fault

In /var/log/syslog I found:

Feb 6 01:40:04 ubuntu kernel: [13184.442740] ------------[ cut here ]------------
Feb 6 01:40:04 ubuntu kernel: [13184.442750] kernel BUG at /build/buildd/linux-2.6.38/fs/namei.c:406!
Feb 6 01:40:04 ubuntu kernel: [13184.442756] invalid opcode: 0000 [#9] SMP
Feb 6 01:40:04 ubuntu kernel: [13184.442762] last sysfs file: /sys/devices/system/cpu/cpu1/cache/index2/shared_cpu_map
Feb 6 01:40:04 ubuntu kernel: [13184.442767] Modules linked in: binfmt_misc parport_pc ppdev dm_crypt lp parport psmouse virtio_balloon serio_raw i2c_piix4 squashfs aufs nls_utf8 isofs dm_raid45 xor btrfs lzo_compress zlib_deflate libcrc32c virtio_blk virtio_net floppy virtio_pci virtio_ring virtio
Feb 6 01:40:04 ubuntu kernel: [13184.442803]
Feb 6 01:40:04 ubuntu kernel: [13184.442810] Pid: 17219, comm: fuser Tainted: G S D W 2.6.38-1-generic #28-Ubuntu /Bochs
Feb 6 01:40:04 ubuntu kernel: [13184.442817] EIP: 0060:[<c022b34c>] EFLAGS: 00010246 CPU: 1
Feb 6 01:40:04 ubuntu kernel: [13184.442829] EIP is at nameidata_drop_rcu+0xfc/0x110
Feb 6 01:40:04 ubuntu kernel: [13184.442834] EAX: ea57f1a0 EBX: eca31ebc ECX: 00000000 EDX: 00002d2d
Feb 6 01:40:04 ubuntu kernel: [13184.442839] ESI: f20d6400 EDI: e78d0cc0 EBP: eca31e24 ESP: eca31e0c
Feb 6 01:40:04 ubuntu kernel: [13184.442844] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Feb 6 01:40:04 ubuntu kernel: [13184.442850] Process fuser (pid: 17219, ti=eca30000 task=ea57f1a0 task.ti=eca30000)
Feb 6 01:40:04 ubuntu kernel: [13184.442854] Stack:
Feb 6 01:40:04 ubuntu kernel: [13184.442856] eca31ebc eca31e24 c022b4ff f20d6400 eca31ebc 00000000 eca31e34 c022b825
Feb 6 01:40:04 ubuntu kernel: [13184.442867] 00000000 f72f800b eca31e90 c022ca3d eca31e80 eca31e58 fffffffe f5b6fe00
Feb 6 01:40:04 ubuntu kernel: [13184.442878] 00000002 f6ad4ca0 00000001 ea57f1a0 00000000 00000041 eca31e78 eca31ebc
Feb 6 01:40:04 ubuntu kernel: [13184.442889] Call Trace:
Feb 6 01:40:04 ubuntu kernel: [13184.442898] [<c022b4ff>] ? d_revalidate+0x1f/0x60
Feb 6 01:40:04 ubuntu kernel: [13184.442905] [<c022b825>] force_reval_path.clone.14+0x55/0x70
Feb 6 01:40:04 ubuntu kernel: [13184.442913] [<c022ca3d>] link_path_walk+0x92d/0xa60
Feb 6 01:40:04 ubuntu kernel: [13184.442920] [<c022cdd4>] do_path_lookup+0x44/0x120
Feb 6 01:40:04 ubuntu kernel: [13184.442927] [<c022d211>] user_path_at+0x41/0x80
Feb 6 01:40:04 ubuntu kernel: [13184.442935] [<c0371022>] ? copy_to_user+0x42/0x60
Feb 6 01:40:04 ubuntu kernel: [13184.442941] [<c0224d57>] vfs_fstatat+0x47/0x90
Feb 6 01:40:04 ubuntu kernel: [13184.442947] [<c0224df0>] vfs_stat+0x20/0x30
Feb 6 01:40:04 ubuntu kernel: [13184.442952] [<c0225166>] sys_stat64+0x16/0x30
Feb 6 01:40:04 ubuntu kernel: [13184.442961] [<c05f7524>] syscall_call+0x7/0xb
Feb 6 01:40:04 ubuntu kernel: [13184.442965] Code: fc 89 ec 5d c3 66 90 8b 45 f0 e8 b0 21 f0 ff 90 8b 43 14 8d 74 26 00 85 c0 bb f6 ff ff ff 74 d6 8d 47 04 e8 97 21 f0 ff 90 eb cb <0f> 0b 0f 0b 0f 0b 8d b4 26 00 00 00 00 8d bc 27 00 00 00 00 55
Feb 6 01:40:04 ubuntu kernel: [13184.443024] EIP: [<c022b34c>] nameidata_drop_rcu+0xfc/0x110 SS:ESP 0068:eca31e0c
Feb 6 01:40:04 ubuntu kernel: [13184.443035] ---[ end trace a7919e7f17c0a72f ]---

# lsb_release -rd
Description: Ubuntu natty (development branch)
Release: 11.04

linux-image-generic version 2.6.38.1.15

The system is a virtual machine running on KVM (host is Fedora 13 with kernel 2.6.34.7-66.fc13.x86_64).

I've seen that there's a new kernel release incoming, I'll check if it's fixed tomorrow.

Kai Jauch (kaijauch) on 2011-02-14

Changed in linux-meta (Ubuntu):
status:	New → Confirmed

Revision history for this message

Kai Jauch (kaijauch) wrote on 2011-02-14:

Download full text (4.8 KiB)

Confirmed on a daily-live usb system. Running fuser on any directory or file of the live-fs causes a segmentation fault of fuser and the kernel BUG message.

See also
https://bugzilla.redhat.com/show_bug.cgi?id=675934
https://lkml.org/lkml/2011/2/11/1

linux-image-generic 2.6.38.3.17
linux-image-2.6.38-3-generic 2.6.38-3.30

ubuntu@ubuntu:~$ fuser /etc
Segmentation fault
ubuntu@ubuntu:~$ mount
aufs on / type aufs (rw)
none on /proc type proc (rw,noexec,nosuid,nodev)
none on /sys type sysfs (rw,noexec,nosuid,nodev)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
/dev/sdb1 on /cdrom type vfat (ro,noatime,fmask=0022,dmask=0022,codepage=cp437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
/dev/loop0 on /rofs type squashfs (ro,noatime)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,mode=0755)
none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)
gvfs-fuse-daemon on /home/ubuntu/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=ubuntu)

Confirmed on a daily-live usb system. Running fuser on any directory or file of the live-fs causes a segmentation fault of fuser and the kernel BUG message.

See also
https://bugzilla.redhat.com/show_bug.cgi?id=675934
https://lkml.org/lkml/2011/2/11/1

linux-image-generic 2.6.38.3.17
linux-image-2.6.38-3-generic 2.6.38-3.30

[  970.160390] ------------[ cut here ]------------
[  970.161808] kernel BUG at /build/buildd/linux-2.6.38/fs/namei.c:406!
[  970.163227] invalid opcode: 0000 [#11] SMP 
[  970.164641] last sysfs file: /sys/devices/system/cpu/cpu1/cache/index2/shared_cpu_map
[  970.166117] CPU 0 
[  970.166127] Modules linked in: parport_pc ppdev rfcomm lp parport dm_crypt sco bnep l2cap binfmt_misc btusb bluetooth snd_hda_codec_hdmi snd_hda_codec_idt snd_hda_intel snd_hda_codec snd_hwdep snd_pcm joydev arc4 snd_seq_midi snd_rawmidi snd_seq_midi_event iwlagn snd_seq snd_timer snd_seq_device iwlcore uvcvideo dell_wmi mac80211 dell_wmi_aio videodev sparse_keymap v4l2_compat_ioctl32 dell_laptop snd dcdbas psmouse cfg80211 soundcore serio_raw snd_page_alloc squashfs aufs nls_iso8859_1 nls_cp437 vfat fat dm_raid45 xor btrfs zlib_deflate libcrc32c usb_storage usbhid hid uas i915 drm_kms_helper firewire_ohci ahci libahci e1000e drm i2c_algo_bit video sdhci_pci sdhci firewire_core crc_itu_t
[  970.170016] 
[  970.170016] Pid: 4350, comm: fuser Tainted: G      D     2.6.38-3-generic #30-Ubuntu       /Latitude E6400                  
[  970.170016] RIP: 0010:[<ffffffff8116f707>]  [<ffffffff8116f707>] nameidata_drop_rcu+0x127/0x130
[  970.170016] RSP: 0018:ffff8800c8181c68  EFLAGS: 00010246
[  970.170016] RAX: ffff880094c416c0 RBX: ffff8800c8181dc8 RCX: ffff8800cd8ede40
[  970.170016] RDX: 0000000000000001 RSI: 0000000000000002 RDI: ffff8800c8181dc8
[  970.170016] RBP: ffff8800c8181ca8 R08: 0000000000000000 R09: 0000000000000000
[  970.170016] R10: 0000000000000001 R11: 0000000000000246 R12: ffff8800cd89a300
[  970.170016] R13: ffff8800caae6780 R14: ffff8800c8181d28 R15: ffff880094c416c0
[  970.170016] FS:  00007fad7e8f3720(0000) GS:ffff8800dce00000(0000) knlGS:0000000000000000
[  970.170016] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  970.170016] CR2: 00000000015c33a8 CR3: 00000000ad952000 CR4: 00000000000006f0
[  970.170016] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  970.170016] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  970.170016] Process fuser (pid: 4350, threadinfo ffff8800c8180000, task ffff880094c416c0)
[  970.170016] Stack:
[  970.170016]  ffff8800c8181d28 ffff880094c416c0 ffff8800c8181ca8 ffff8800cd89a300
[  970.170016]  ffff8800c8181dc8 0000000000000000 ffff8800c8181d28 ffff880094c416c0
[  970.170016]  ffff8800c8181cc8 ffffffff8116fcc5 ffff8800c8181dc8 0000000000000000
[  970.170016] Call Trace:
[  970.170016]  [<ffffffff8116fcc5>] force_reval_path.clone.16+0x55/0x70
[  970.170016]  [<ffffffff81171172>] link_path_walk+0xac2/0xba0
[  970.170016]  [<ffffffff8111743d>] ? lru_cache_add_lru+0x2d/0x50
[  970.170016]  [<ffffffff811391fd>] ? page_add_new_anon_rmap+0x8d/0xa0
[  970.170016]  [<ffffffff8117154b>] do_path_lookup+0x5b/0x160
[  970.170016]  [<ffffffff81171a77>] user_path_at+0x57/0xa0
[  970.170016]  [<ffffffffa027fd29>] ? au_refresh_iattr+0xd9/0xf0 [aufs]
[  970.170016]  [<ffffffff81167d98>] ? cp_new_stat+0xf8/0x110
[  970.170016]  [<ffffffff81168059>] vfs_fstatat+0x39/0x70
[  970.218277]  [<ffffffff811680cb>] vfs_stat+0x1b/0x20
[  970.218277]  [<ffffffff8116830a>] sys_newstat+0x1a/0x40
[  970.218277]  [<ffffffff8100c002>] system_call_fastpath+0x16/0x1b
[  970.218277] Code: c3 4c 89 f7 e8 1b 95 ec ff 66 90 48 8b 43 20 0f 1f 44 00 00 48 85 c0 bb f6 ff ff ff 74 cb 49 8d 7d 04 e8 fd 94 ec ff 66 90 eb be <0f> 0b 0f 0b 0f 0b 0f 1f 00 55 48 89 e5 48 83 ec 50 48 89 5d d8 
[  970.218277] RIP  [<ffffffff8116f707>] nameidata_drop_rcu+0x127/0x130
[  970.218277]  RSP <ffff8800c8181c68>
[  970.219000] ---[ end trace 2be6bc47e8681441 ]---