Ubuntu
linux package

readahead-list null poiner dereferences

Bug #268035 reported by Test-tools
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Won't Fix
High
Unassigned

Bug Description

Hello,

Description: Ubuntu intrepid (development branch)
Release: 8.10

Having a eeepc 701 with /usr as squashfs.

TWO (mutual exlusive) readahead-list null pointer dereferences.

The first one appeared without "linux" meta package installed,
no -restricted packages etc, so only that package
linux-image-2.6.27-2-generic:
  Installiert: 2.6.27-2.3
  Kandidat: 2.6.27-2.3
  Versions-Tabelle:
 *** 2.6.27-2.3 0
        500 http://de.archive.ubuntu.com intrepid/main Packages
        100 /var/lib/dpkg/status
Relevant excerp from dmesg:
[ 39.933615] BUG: unable to handle kernel NULL pointer dereference at 00000000
[ 39.933820] IP: [<00000000>]
[ 39.933939] *pde = 00000000
[ 39.933961] Oops: 0000 [#1] SMP
[ 39.934108] Modules linked in: ext3 jbd loop squashfs unionfs parport_pc lp parport joydev psmouse serio_raw uvcvideo compat_ioctl32 videodev v4l1_compat snd_hda_intel snd_pcsp snd_pcm_oss snd_pcm snd_mixer_oss atl2 video output snd_seq_dummy battery ac eeepc_laptop button snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq iTCO_wdt iTCO_vendor_support snd_timer snd_seq_device intel_agp snd agpgart shpchp pci_hotplug soundcore snd_page_alloc evdev ext2 mbcache sg sd_mod crc_t10dif usbhid hid usb_storage ata_piix pata_acpi ahci libusual ata_generic libata scsi_mod dock uhci_hcd ehci_hcd usbcore thermal processor fan fbcon tileblit font bitblit softcursor uvesafb cn fuse
[ 39.936013]
[ 39.936013] Pid: 3906, comm: readahead-list Not tainted (2.6.27-2-generic #1)
[ 39.936013] EIP: 0060:[<00000000>] EFLAGS: 00010286 CPU: 0
[ 39.936013] EIP is at 0x0
[ 39.936013] EAX: f72731b8 EBX: f6975340 ECX: 00000001 EDX: 00000000
[ 39.936013] ESI: f7273194 EDI: f72731b8 EBP: f699df28 ESP: f699dea8
[ 39.936013] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 39.936013] Process readahead-list (pid: 3906, ti=f699c000 task=f7497110 task.ti=f699c000)
[ 39.936013] Stack: f8cb9642 f6959500 00000000 f699df18 c01b0876 c2189914 c05c780c f688fb88
[ 39.936013] c2189914 00000000 00009914 fffffff4 000000d0 c2189914 f6975340 f6959500
[ 39.936013] 00000000 c2189914 00000000 c0192a7d 00000000 000c68a0 00000000 f7273264
[ 39.936013] Call Trace:
[ 39.936013] [<f8cb9642>] ? squashfs_readpage+0x172/0x510 [squashfs]
[ 39.936013] [<c01b0876>] ? mem_cgroup_charge_common+0x1a6/0x280
[ 39.936013] [<c0192a7d>] ? __inc_zone_page_state+0x1d/0x20
[ 39.936013] [<c0186707>] ? add_to_page_cache_lru+0x47/0x60
[ 39.936013] [<c018e1f8>] ? __do_page_cache_readahead+0x168/0x1e0
[ 39.936013] [<c018e343>] ? force_page_cache_readahead+0x63/0x90
[ 39.936013] [<c01851fb>] ? sys_readahead+0x9b/0xc0
[ 39.936013] [<c0103f6b>] ? sysenter_do_call+0x12/0x2f
[ 39.936013] [<c0390000>] ? do_boot_cpu+0x330/0x40a
[ 39.936013] =======================
[ 39.936013] Code: Bad EIP value.
[ 39.936013] EIP: [<00000000>] 0x0 SS:ESP 0068:f699dea8
[ 39.941137] ---[ end trace e322e72132713db4 ]---

The second then appeared, after apt-get install linux, the -restricted etc. was then newly installed,
relevant excerp of dmesg:
[ 40.621108] BUG: unable to handle kernel NULL pointer dereference at 00000058
[ 40.621312] IP: [<c01dbd58>] bio_get_nr_vecs+0x8/0x40
[ 40.621451] *pde = 00000000
[ 40.621472] Oops: 0000 [#1] SMP
[ 40.621622] Modules linked in: ext3 jbd loop squashfs unionfs parport_pc lp parport joydev psmouse serio_raw uvcvideo compat_ioctl32 videodev v4l1_compat snd_hda_intel snd_pcsp snd_pcm_oss snd_pcm snd_mixer_oss atl2 video output snd_seq_dummy battery ac eeepc_laptop button snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq iTCO_wdt iTCO_vendor_support snd_timer snd_seq_device intel_agp agpgart snd shpchp pci_hotplug soundcore snd_page_alloc evdev ext2 mbcache sg sd_mod crc_t10dif usbhid hid usb_storage ata_piix pata_acpi ahci libusual ata_generic libata scsi_mod dock uhci_hcd ehci_hcd usbcore thermal processor fan fbcon tileblit font bitblit softcursor uvesafb cn fuse
[ 40.624013]
[ 40.624013] Pid: 3939, comm: readahead-list Not tainted (2.6.27-2-generic #1)
[ 40.624013] EIP: 0060:[<c01dbd58>] EFLAGS: 00010246 CPU: 0
[ 40.624013] EIP is at bio_get_nr_vecs+0x8/0x40
[ 40.624013] EAX: 00000000 EBX: 00001000 ECX: 0000000c EDX: f6ae5ecc
[ 40.624013] ESI: b969fd00 EDI: 00000007 EBP: f6ae5dfc ESP: f6ae5dfc
[ 40.624013] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 40.624013] Process readahead-list (pid: 3939, ti=f6ae4000 task=f6aff110 task.ti=f6ae4000)
[ 40.624013] Stack: f6ae5ea8 c01e1427 f6ae5ecc 00000000 0000123b 00000000 00000002 c2170d38
[ 40.624013] 00000000 f72d4030 0000000c 00000001 00000001 00000000 00000001 00000001
[ 40.624013] 00000000 00000001 f72d3fa0 00000000 00000001 00000001 00000002 00000000
[ 40.624013] Call Trace:
[ 40.624013] [<c01e1427>] ? do_mpage_readpage+0x3d7/0x710
[ 40.624013] [<c0192a7d>] ? __inc_zone_page_state+0x1d/0x20
[ 40.624013] [<c0186686>] ? add_to_page_cache_locked+0xb6/0xf0
[ 40.624013] [<c0186707>] ? add_to_page_cache_lru+0x47/0x60
[ 40.624013] [<c01e1884>] ? mpage_readpages+0xc4/0x100
[ 40.624013] [<f89c82d0>] ? ext2_get_block+0x0/0x60 [ext2]
[ 40.624013] [<c018b34e>] ? __alloc_pages_internal+0xbe/0x4a0
[ 40.624013] [<f89c6d10>] ? ext2_readpages+0x0/0x20 [ext2]
[ 40.624013] [<f89c6d2e>] ? ext2_readpages+0x1e/0x20 [ext2]
[ 40.624013] [<f89c82d0>] ? ext2_get_block+0x0/0x60 [ext2]
[ 40.624013] [<c018e1cc>] ? __do_page_cache_readahead+0x13c/0x1e0
[ 40.624013] [<c018e343>] ? force_page_cache_readahead+0x63/0x90
[ 40.624013] [<c01851fb>] ? sys_readahead+0x9b/0xc0
[ 40.624013] [<c0103f6b>] ? sysenter_do_call+0x12/0x2f
[ 40.624013] [<c0390000>] ? do_boot_cpu+0x330/0x40a
[ 40.624013] =======================
[ 40.624013] Code: 00 00 00 ff 52 44 5d 8d 74 26 00 c3 0f 0b 90 8d 74 26 00 eb f9 8d b4 26 00 00 00 00 8d bc 27 00 00 00 00 55 89 e5 0f 1f 44 00 00 <8b> 40 58 8b 50 34 8b 82 8c 01 00 00 c1 e0 09 8d 88 ff 0f 00 00
[ 40.624013] EIP: [<c01dbd58>] bio_get_nr_vecs+0x8/0x40 SS:ESP 0068:f6ae5dfc
[ 40.631803] ---[ end trace 34684a3408387c70 ]---

So the one or the other appears. (Maybe something from the Bios read

Otherwise it continues to boot and looked at first degree good. But can't confirm that it is void of secondary problems....

Roland

Tags: linux-2.6.27
Leann Ogasawara (leannogasawara)
Changed in linux:
assignee: nobody → ubuntu-kernel-team
importance: Undecided → High
status: New → Triaged
Revision history for this message
Launchpad Janitor (janitor) wrote : Kernel team bugs

Per a decision made by the Ubuntu Kernel Team, bugs will longer be assigned to the ubuntu-kernel-team in Launchpad as part of the bug triage process. The ubuntu-kernel-team is being unassigned from this bug report. Refer to https://wiki.ubuntu.com/KernelTeamBugPolicies for more information. Thanks.

Revision history for this message
Colin Ian King (colin-king) wrote :

Unfortunately it seems this bug is still an issue. Can you confirm this issue exists with the most recent Jaunty Jackalope 9.04 release - http://www.ubuntu.com/news/ubuntu-9.04-desktop . Please let us know your results. Thanks.

Changed in linux (Ubuntu):
status: Triaged → Incomplete
Revision history for this message
Test-tools (roland-verifysoft) wrote :

Hello,
yes, with jaunty it's the same, see below.
I have updated to karmic, but still running the 2.6.28-12-generic kernel, as I have following
issues with 2.6.30
squashfs now supports v4 fileformat, with .28 I have a v3 fileformat.
That's not the problem, my problem is, that both unionfs and aufs are missing in .30 kernel (Am I right?)
I assume somehow, that this problem vanishes .30 kernel..

[ 17.608022] Pid: 1917, comm: readahead-list Not tainted (2.6.28-12-generic #43-Ubuntu) 701
[ 17.608022] EIP: 0060:[<63766632>] EFLAGS: 00010286 CPU: 0
[ 17.608022] EIP is at 0x63766632
[ 17.608022] EAX: f69d6030 EBX: f65f3b00 ECX: 00000001 EDX: 00000000
[ 17.608022] ESI: f69d600c EDI: f69d6030 EBP: f66e5f28 ESP: f66e5ea8
[ 17.608022] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 17.608022] Process readahead-list (pid: 1917, ti=f66e4000 task=f663bed0 task.ti=f66e4000)
[ 17.608022] Stack:
[ 17.608022] f7d915da f670d900 00000000 f66e5f18 000000d0 c0857e0c f6c0d080 00000005
[ 17.608022] c1f973c0 00000000 000073c0 fffffff4 f669e000 c1f973c0 f65f3b00 f670d900
[ 17.608022] 00000000 c1f973c0 00000000 c019c128 00000000 000e0804 00000000 f69d60dc
[ 17.608022] Call Trace:
[ 17.608022] [<f7d915da>] ? squashfs_readpage+0x16a/0x510 [squashfs]
[ 17.608022] [<c019c128>] ? __inc_zone_page_state+0x18/0x20
[ 17.608022] [<c018f8dc>] ? add_to_page_cache_lru+0x6c/0x80
[ 17.608022] [<c0196d3c>] ? __do_page_cache_readahead+0x1bc/0x1d0
[ 17.608022] [<c0196e23>] ? force_page_cache_readahead+0x63/0x90
[ 17.608022] [<c018e4a6>] ? sys_readahead+0x96/0xc0
[ 17.608022] [<c0103f6b>] ? sysenter_do_call+0x12/0x2f
[ 17.608022] [<c04f0000>] ? quirk_netmos+0xe/0xbb
[ 17.608022] Code: Bad EIP value.
[ 17.608022] EIP: [<63766632>] 0x63766632 SS:ESP 0068:f66e5ea8
[ 17.611853] ---[ end trace 5aba0088f4c30e87 ]---

Roland

Colin Ian King (colin-king)
Changed in linux (Ubuntu):
assignee: nobody → Colin King (colin-king)
status: Incomplete → In Progress
Revision history for this message
Colin Ian King (colin-king) wrote :

Hi, you mentioned you were: "Having a eeepc 701 with /usr as squashfs."

Can you describe a little more what the setup is - is this your own squashfs configuration, or booting from the live CD?

It may be worth while first doing a thorough memory check test to make sure memory corruption is not the root cause. Can you run memtest86+ (from the boot memory, or select "Test Memory" from the Live CD) and let me know if this passes or not.

Thanks.

Colin Ian King (colin-king)
Changed in linux (Ubuntu):
status: In Progress → Incomplete
Revision history for this message
Test-tools (roland-verifysoft) wrote :

Hi, first, memtest86 ran without finding any errors last night.

I make a usr.sqfs with issuing:
mksquashfs /usr usr.sqfs

The relevant entries in /etc/fstab are then
/.filesystems/usr/usr.sqfs /usr squashfs ro,loop,nodev 0 0
unionfs /usr unionfs nodev,noatime,dirs=/.filesystems/usr/overlay=rw:/usr=ro 0 0

Revision history for this message
Test-tools (roland-verifysoft) wrote :

Hi, I can confirm that the problem vanishes with karmic, using the 2.6.30-5 kernel,
using a v4 squashfs file..

I see following todo for karmic:
- Needage of squahsfs-tools v4
 The v3 and v4 are incompatible, both from kernel and squashfs-tools.
 squashfs-tools should the be provided in the two variants, otherwise people
 will run in problem..
- Needage of unionfs and/or aufs filesystem, not yet available in karmic

Roland

Colin Ian King (colin-king)
Changed in linux (Ubuntu):
status: Incomplete → In Progress
Revision history for this message
Test-tools (roland-verifysoft) wrote :

Hello,

I'm currently using karmic with the jaunty 2.6.28-12-generic kernel.

As it seams, that aufs will be available in Alpha2, but unionfs not,
I then switched for the overlay from unionfs to aufs, this bug
just disappears. Therefor unionfs was damaging squashfs structs...
(And we have now a workaround)

Roland "Test-tools" Bär

Revision history for this message
Test-tools (roland-verifysoft) wrote :

Hello,

in the meantime I have a karmic 2.6.30 with unionfs patched from
https://bugzilla.filesystems.org/show_bug.cgi?id=632
up and running, using the previous constellation with unionfs.

The bug has vanished, so must be fixed upstream for in the meantime.

For 2.6.28, check if we are using the current patch:
http://download.filesystems.org/unionfs/unionfs-2.x/unionfs-2.5.2_for_2.6.28.10.diff.gz

Roland "Test-tools" Bär

Revision history for this message
laptop battery (myshuqian) wrote :

here you can get more info for your laptop battery
http://mysilverblog.inube.com/
http://mysilverblog.spaces.live.com
http://mysilverblog.mindsay.com/
http://blogs.albawaba.com/mysilverblog
http://www.freeblognetwork.com/mysilverblog/
http://goldlaptopbattery.blogspot.com/
http://www.soulcast.com/mysilverblog/
http://goldlaptopbattery.spruz.com

Revision history for this message
laptop battery (myshuqian) wrote :

here you can get many better blogs for take those links
http://4newbattery.inube.com/
http://4newbattery.mindsay.com/
http://www.freeblognetwork.com/4newbattery/
http://4newbattery.edublogs.org/
http://4newbattery.blogspot.com/
http://www.soulcast.com/4newbattery/

Jeremy Foshee (jeremyfoshee)
Changed in linux (Ubuntu):
assignee: Colin King (colin-king) → nobody
status: In Progress → Triaged
Revision history for this message
Brad Figg (brad-figg) wrote : Unsupported series, setting status to "Won't Fix".

This bug was filed against a series that is no longer supported and so is being marked as Won't Fix. If this issue still exists in a supported series, please file a new bug.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.