Ubuntu

Kernel Oops - BUG: unable to handle kernel NULL pointer dereference at 0000009c; EIP is at __ticket_spin_lock+0x8/0x30

Reported by Elroy on 2012-01-27
898
This bug affects 110 people
Affects Status Importance Assigned to Milestone
Linux
Fix Released
Medium
linux (Ubuntu)
High
Chris J Arges
Precise
High
Chris J Arges
Quantal
High
Chris J Arges
Raring
High
Chris J Arges

Bug Description

This happened after unplugging a usb storage device.

ProblemType: KernelOops
DistroRelease: Ubuntu 12.04
Package: linux-image-3.2.0-11-generic 3.2.0-11.19
ProcVersionSignature: Ubuntu 3.2.0-11.19-generic 3.2.1
Uname: Linux 3.2.0-11-generic i686
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24.
Annotation: Your system might become unstable now and might need to be restarted.
ApportVersion: 1.91-0ubuntu1
Architecture: i386
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: elroy 1504 F.... pulseaudio
Card0.Amixer.info:
 Card hw:0 'I82801DBICH4'/'Intel 82801DB-ICH4 with AD1981A at irq 17'
   Mixer name : 'Analog Devices AD1981A'
   Components : 'AC97a:41445372'
   Controls : 25
   Simple ctrls : 17
Date: Fri Jan 27 19:32:16 2012
Failure: oops
HibernationDevice: RESUME=UUID=a818f95b-caf9-4a82-bd11-2e3480e5595a
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111012)
Lsusb:
 Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
 Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 003 Device 002: ID 093a:2510 Pixart Imaging, Inc. Optical Mouse
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.2.0-11-generic root=UUID=481773af-0b0e-47ef-8864-302bf969002c ro quiet splash vt.handoff=7
PulseSinks: Error: command ['pacmd', 'list-sinks'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon.
PulseSources: Error: command ['pacmd', 'list-sources'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon.
RelatedPackageVersions: kerneloops-daemon 0.12+git20090217-1ubuntu18
RfKill:
 0: phy0: Wireless LAN
  Soft blocked: no
  Hard blocked: no
SourcePackage: linux
Title: BUG: unable to handle kernel NULL pointer dereference at 0000009c
UpgradeStatus: Upgraded to precise on 2012-01-27 (0 days ago)
dmi.bios.date: 05/28/2003
dmi.bios.vendor: Compaq
dmi.bios.version: 686O2 v2.21
dmi.board.name: 07E4h
dmi.board.vendor: Compaq
dmi.chassis.type: 15
dmi.chassis.vendor: Compaq
dmi.modalias: dmi:bvnCompaq:bvr686O2v2.21:bd05/28/2003:svnCompaq:pn:pvr:rvnCompaq:rn07E4h:rvr:cvnCompaq:ct15:cvr:
dmi.sys.vendor: Compaq

--

SRU Justification:

Impact:
When plugging and unplugging a USB drive occasionally a race condition in the notify subsystem causes a kernel oops.

Fix:
A set up of patches 0520bffba9685d88ad68ede4a41abd08a3e9684e..fe9b25d3ee6bdf6f9c9a9ce61d9d3e144bac13ef found in the for-next branch in the notify.git tree solve this issue:
http://git.infradead.org/users/eparis/notify.git/shortlog/refs/heads/for-next
These have been cherry-picked and tested on precise/quantal and applied already to raring. Only small modifications are needed for 2 of the patches because the locations of the functions had changed other than that the other 7 patches are clean cherry-picks.

Testcase:
Comment #8 and #9 in the upstream bug: https://bugzilla.kernel.org/show_bug.cgi?id=22602 has a test case that easily reproduces this issue within 15-30 minutes. I have applied the above fixes and was able to run this test case overnight in all cases.
In addition I've tested using the LTP tests for inotfy and these run properly with the fix applied.

Elroy (elroy-86) wrote :
Brad Figg (brad-figg) on 2012-01-28
Changed in linux (Ubuntu):
status: New → Confirmed

Thank you for taking the time to file a bug report on this issue.

However, given the number of bugs that the Kernel Team receives during any development cycle it is impossible for us to review them all. Therefore, we occasionally resort to using automated bots to request further testing. This is such a request.

We have noted that there is a newer version of the development kernel than the one you last tested when this issue was found. Please test again with the newer kernel and indicate in the bug if this issue still exists or not.

You can update to the latest development kernel by simply running the following commands in a terminal window:

    sudo apt-get update
    sudo apt-get upgrade

If the bug still exists, change the bug status from Incomplete to Confirmed. If the bug no longer exists, change the bug status from Incomplete to Fix Released.

If you want this bot to quit automatically requesting kernel tests, add a tag named: bot-stop-nagging.

 Thank you for your help, we really do appreciate it.

Changed in linux (Ubuntu):
status: Confirmed → Incomplete
tags: added: kernel-request-3.2.0-12.20
Brad Figg (brad-figg) on 2012-02-15
Changed in linux (Ubuntu):
importance: Undecided → High
tags: added: iso-testing qa-manual-testing rls-mgr-p-tracking

This bug has been reported on the Ubuntu ISO testing tracker.

A list of all reports related to this bug can be found here:
http://iso.qa.ubuntu.com/qatracker/reports/bugs/943861

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
tags: added: kernel-da-key kernel-key ticket-spin-lock

Thank you for taking the time to file a bug report on this issue.

However, given the number of bugs that the Kernel Team receives during any development cycle it is impossible for us to review them all. Therefore, we occasionally resort to using automated bots to request further testing. This is such a request.

We have noted that there is a newer version of the development kernel than the one you last tested when this issue was found. Please test again with the newer kernel and indicate in the bug if this issue still exists or not.

You can update to the latest development kernel by simply running the following commands in a terminal window:

    sudo apt-get update
    sudo apt-get upgrade

If the bug still exists, change the bug status from Incomplete to Confirmed. If the bug no longer exists, change the bug status from Incomplete to Fix Released.

If you want this bot to quit automatically requesting kernel tests, add a tag named: bot-stop-nagging.

 Thank you for your help, we really do appreciate it.

Changed in linux (Ubuntu):
status: Confirmed → Incomplete
tags: added: kernel-request-3.2.0-17.27

please Bot, read duplicates before asking questions.

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
tags: added: bot-stop-nagging
Joseph Salisbury (jsalisbury) wrote :
Changed in linux:
importance: Unknown → Medium
status: Unknown → In Progress
Joseph Salisbury (jsalisbury) wrote :
Fabio Marconi (fabiomarconi) wrote :

present in 3.2.0-20 beta2
---
Ubuntu Bug Squad volunteer triager
http://wiki.ubuntu.com/BugSquad

summary: - BUG: unable to handle kernel NULL pointer dereference at 0000009c
+ Kernel Oops - BUG: unable to handle kernel NULL pointer dereference at
+ 0000009c; EIP is at __ticket_spin_lock+0x8/0x30
tags: added: metabug
Karma Dorje (taaroa) wrote :
Andy Whitcroft (apw) wrote :

I have found and picked up the nine (*weep*) patches indicated by Joe in comment #8 and applied them to the precise kernel. Could those of you who are able to trigger this test the kernels below and let me know if they work any better for you. Please test the kernels at the URL below and report any testing back here:

    http://people.canonical.com/~apw/lp922906-precise/

Thanks!

Changed in linux (Ubuntu Precise):
status: Confirmed → Incomplete
Karma Dorje (taaroa) wrote :

% uname -rmv
3.2.0-23-generic #36lp922906v201204101802 SMP Tue Apr 10 17:10:23 UTC 2012 x86_64

the second day of testing. so far so good.

Andy Whitcroft (apw) wrote :

@karma -- how often does this normally reproduce for you without the fixes applied?

Joseph Salisbury (jsalisbury) wrote :

I posted a comment to all of the duplicate bugs, asking the bug report to test Andy's test kernel.

Jane Atkinson (irihapeti) wrote :

The problem I reported (Bug #948308) is no longer happening on a 12.04 standard install. Is there any point in that case in installing the test kernel?

Shock (mmiron) wrote :

I'm still getting the kernel oops (#977123) with the apw kernel. I'm removing the duplicate status since it does not seem to be a duplicate. All the patches I've seen in the apw kernel have to do with inotify/fsnotify. I'm triggering the bug by connecting a bluetooth mouse. The problem seems to be at a lower level in the kernel since the same panic is triggered by two different things (usb-unplug and bluetooth pairing).

Luis Henriques (henrix) wrote :

I am able to reproduce the issue very easily using the test application available at https://bugzilla.kernel.org/show_bug.cgi?id=22602 on a virtual machine with a single CPU (haven't tried with multiple CPUs).

Using apw test kernel, I am not able to reproduce it anymore.

Karma Dorje (taaroa) wrote :

@awp — using the test application is available on the https://bugzilla.kernel.org/show_bug.cgi?id=22602

Karma Dorje (taaroa) wrote :

s/awp/apw/ sorry.
first encountered this problem using kernel 2.6.38 on my laptop.

Jani Uusitalo (uusijani) wrote :

I've just hit the Oops (__ticket_spin_lock+0x9/0x30) with the kernel linked to from #11. I'll attach the syslog from after reboot to this comment. Had been running the apw build since Monday this week (7 days now) without problems.

Luis Henriques (henrix) wrote :

@uusijani, the problem you're facing seems to be a different one. The original one was a race condition on the fsnotify that caused a NULL pointer. Your current log points to a different issue related with poll()'ing, probably a duplicated of one of bugs #968825, #974014, #975047, #947958, ...

@mmiron, could you also double check your logs to make sure you're not hitting a different problem? If possible, post any new Oops here.

reanimator (emerg-reanimator) wrote :

I have caught the similar (or even the same) problem once with
_____________________________________________________
Linux version 3.0.0-12-generic (buildd@vernadsky) (gcc version 4.6.1 (Ubuntu/Linaro 4.6.1-9ubuntu3) ) #20-Ubuntu SMP Fri Oct 7 14:50:42 UTC 2011 (Ubuntu 3.0.0-12.20-generic 3.0.4)
___________________________________________________

At that moment the USB flash disk was removed.

log attached

Changed in linux (Ubuntu):
status: Incomplete → Triaged
Changed in linux (Ubuntu Precise):
status: Incomplete → Triaged
Harvey Dueck (g-harvey) wrote :

Seeing something similar with kernel version 3.2.0-27-generic #43-Ubuntu Dell Inc. Vostro 470/0YJPT1

I get a general protection fault, not an oops, but the same __ticket_spin_lock appears.

This has happened to me twice today. I installed Ubuntu 12.04 on this machine two days ago and haven't seen this previously.

I found this via Bug #1017874. No USB devices were connected to the system since the last reboot, so my problem seems unrelated to USB.

syslog excerpt attached.

Karma Dorje (taaroa) wrote :

@g-harvey
This seems to be different problem.
Could you please fill a new bug?

Changed in linux:
status: In Progress → Expired
tags: removed: kernel-key
Karma Dorje (taaroa) on 2012-10-06
tags: added: quantal
Changed in linux (Ubuntu Quantal):
status: New → Triaged
importance: Undecided → High
tags: added: kernel-key
Endre Kollár (taxy443) wrote :

Some duplication of this bug, like:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1074077
and like mine:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1080358
have a following line:
"sdb: detected capacity change from X to 0"

It is an easily reproducible part of same duplication, so i gave him special attention:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1082920

Please check it.

Tim Gardner (timg-tpi) on 2012-11-27
Changed in linux (Ubuntu Quantal):
assignee: nobody → Chris J Arges (christopherarges)
status: Triaged → In Progress
Changed in linux (Ubuntu Precise):
assignee: nobody → Chris J Arges (christopherarges)
status: Triaged → In Progress
Changed in linux (Ubuntu Raring):
assignee: nobody → Chris J Arges (christopherarges)
status: Triaged → In Progress
Chris J Arges (arges) wrote :
Tim Gardner (timg-tpi) on 2012-12-06
Changed in linux (Ubuntu Raring):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.7.0-5.13

---------------
linux (3.7.0-5.13) raring; urgency=low

  [ Lino Sanfilippo ]

  * SAUCE: inotify, fanotify: replace fsnotify_put_group() with
    fsnotify_destroy_group()
    - LP: #922906
  * SAUCE: fsnotify: introduce fsnotify_get_group()
    - LP: #922906
  * SAUCE: fsnotify: use reference counting for groups
    - LP: #922906
  * SAUCE: fsnotify: take groups mark_lock before mark lock
    - LP: #922906
  * SAUCE: fanotify: add an extra flag to mark_remove_from_mask that
    indicates wheather a mark should be destroyed
    - LP: #922906
  * SAUCE: fsnotify: use a mutex instead of a spinlock to protect a groups
    mark list
    - LP: #922906
  * SAUCE: fsnotify: pass group to fsnotify_destroy_mark()
    - LP: #922906
  * SAUCE: fsnotify: introduce locked versions of fsnotify_add_mark() and
    fsnotify_remove_mark()
    - LP: #922906
  * SAUCE: fsnotify: dont put marks on temporary list when clearing marks
    by group
    - LP: #922906
  * SAUCE: fsnotify: change locking order
    - LP: #922906

  [ Tim Gardner ]

  * [Config] CONFIG_NFC_LLCP=y
  * [Config] get-firmware: Filter new files through fwinfo
  * [Config] CONFIG_MTD_NAND_DOCG4=m for all arches
  * [Config] CONFIG_DRM_EXYNOS_HDMI=y
  * [Config] CONFIG_XEN=y for all arches
  * [Config] CONFIG_SND_OMAP_SOC_ZOOM2=m
  * [Config] CONFIG_MMC_DW_EXYNOS=m
  * [Config] CONFIG_GPIO_ADNP=m
  * [Config] find-obsolete-firmware: Use correct path
  * rebase to v3.7-rc8
    - LP: #1084640

  [ Upstream Kernel Changes ]

  * Revert "VFS: don't do protected {sym,hard}links by default"
    - LP: #1084192
 -- Tim Gardner <email address hidden> Wed, 28 Nov 2012 16:07:08 +0000

Changed in linux (Ubuntu Raring):
status: Fix Committed → Fix Released
Chris J Arges (arges) on 2012-12-10
description: updated
Tim Gardner (timg-tpi) on 2012-12-10
Changed in linux (Ubuntu Precise):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Quantal):
status: In Progress → Fix Committed
tags: removed: kernel-key
Chris J Arges (arges) wrote :

These patches have been merged into mainline:
https://lkml.org/lkml/2012/12/20/439

Master (umely) wrote :

Hi, fixed? or...
[ 0.000000] Linux version 3.7.1-030701-generic (root@gomeisa) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #201212171620 SMP Mon Dec 17 21:21:30 UTC 2012
[ 111.935218] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 111.935273] IP: [<ffffffff81045ba9>] __ticket_spin_lock+0x9/0x30
[ 111.935315] PGD 0
[ 111.935330] Oops: 0002 [#1] SMP
[ 111.935791] Pid: 1980, comm: khidpd_04580058 Not tainted 3.7.1-030701-generic #201212171620 Acer, inc. Aspire 5570 /Prespa1
[ 111.935858] RIP: 0010:[<ffffffff81045ba9>] [<ffffffff81045ba9>] __ticket_spin_lock+0x9/0x30
[ 111.936525] Call Trace:
[ 111.936542] [<ffffffff81045c59>] default_spin_lock_flags+0x9/0x10
[ 111.936581] [<ffffffff816c845e>] _raw_spin_lock_irqsave+0x2e/0x40
[ 111.936620] [<ffffffff8107e670>] remove_wait_queue+0x20/0x70
[ 111.936655] [<ffffffffa0510844>] hidp_session+0x354/0x640 [hidp]
[ 111.936692] [<ffffffff81090a20>] ? try_to_wake_up+0x200/0x200
[ 111.936727] [<ffffffff81090a20>] ? try_to_wake_up+0x200/0x200
[ 111.936762] [<ffffffffa05104f0>] ? hidp_recv_ctrl_frame+0xf0/0xf0 [hidp]
[ 111.936800] [<ffffffff8107db90>] kthread+0xc0/0xd0
[ 111.936829] [<ffffffff8107dad0>] ? flush_kthread_worker+0xb0/0xb0
[ 111.936867] [<ffffffff816d102c>] ret_from_fork+0x7c/0xb0
[ 111.936898] [<ffffffff8107dad0>] ? flush_kthread_worker+0xb0/0xb0
[ 111.936933] Code: 00 00 48 c7 c1 b1 59 04 81 48 c7 c2 ae 59 04 81 e9 dd fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 55 b8 00 00 01 00 48 89 e5 <f0> 0f c1 07 89 c2 c1 ea 10 66 39 c2 74 13 66 0f 1f 84 00 00 00
[ 111.937174] RIP [<ffffffff81045ba9>] __ticket_spin_lock+0x9/0x30
[ 111.937213] RSP <ffff8800b5cfbd78>
[ 111.937232] CR2: 0000000000000000

Chris J Arges (arges) wrote :

@umely,
Doesn't look like you are running a stock kernel (3.7.1-030701-generic)
Do you know if this kernel you were running had appropriate patches that were recently committed? If not where is the git tree?

In addition I'm doing a respin of this fix using mainline patches for quantal/precise.

3.8 Raring will contain the appropriate patches from mainline.

Master (umely) wrote :

All works in daily build (04.01.13)
Thanks, wait fix for precise...

Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel for Quantal in -proposed solves the problem (3.5.0-22.33). Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-quantal' to 'verification-done-quantal'.

If verification is not done by one week from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-quantal
Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel for Precise in -proposed solves the problem (3.2.0-36.56). Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-precise' to 'verification-done-precise'.

If verification is not done by one week from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-precise
Karma Dorje (taaroa) wrote :

amd64 verification-done-quantal

Master (umely) wrote :

[ 309.707808] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 309.707898] IP: [<ffffffff8103ec49>] __ticket_spin_lock+0x9/0x30
[ 309.708341] Pid: 2284, comm: khidpd_04580058 Not tainted 3.2.0-36-generic #56-Ubuntu Acer, inc. Aspire 5570 /Prespa1
[ 309.708401] RIP: 0010:[<ffffffff8103ec49>] [<ffffffff8103ec49>] __ticket_spin_lock+0x9/0x30

Luis Henriques (henrix) wrote :

Master, I believe your comment #37 means that the issue isn't fixed in the Precise kernel. Is that correct? Could you please post a complet dmesg?

It looks like Karma Dorje verified that the issue is solved in Quantal (comment #36), and after comparing both kernels (Precise and Quantal), they should both be fixed.

Master (umely) wrote :
Download full text (3.5 KiB)

Luis, yes, the problem still exists in the Precise. For Quantal this oops too occurs.
With 3.8-rc2-raring all work...

dmesg (3.2.0-36.56):
[ 309.707808] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 309.707898] IP: [<ffffffff8103ec49>] __ticket_spin_lock+0x9/0x30
[ 309.707941] PGD 0
[ 309.707957] Oops: 0002 [#1] SMP
[ 309.707980] CPU 0
[ 309.707991] Modules linked in: hidp btusb bnep rfcomm snd_hda_codec_realtek snd_hda_intel snd_hda_codec parport_pc snd_hwdep arc4 ppdev snd_pcm ath3k b43 snd_seq_midi bluetooth snd_rawmidi mmc_block uvcvideo snd_seq_midi_event snd_seq videodev joydev snd_timer snd_seq_device pcmcia mac80211 tifm_sd v4l2_compat_ioctl32 yenta_socket snd tifm_7xx1 pcmcia_rsrc tifm_core pcmcia_core acer_wmi soundcore cfg80211 psmouse snd_page_alloc serio_raw sparse_keymap bcma mac_hid lp parport usbhid hid i915 drm_kms_helper drm wmi i2c_algo_bit sky2 ssb video
[ 309.708331]
[ 309.708341] Pid: 2284, comm: khidpd_04580058 Not tainted 3.2.0-36-generic #56-Ubuntu Acer, inc. Aspire 5570 /Prespa1
[ 309.708401] RIP: 0010:[<ffffffff8103ec49>] [<ffffffff8103ec49>] __ticket_spin_lock+0x9/0x30
[ 309.708442] RSP: 0018:ffff88000a575d90 EFLAGS: 00010082
[ 309.708469] RAX: 0000000000010000 RBX: 0000000000000282 RCX: 0000000180150013
[ 309.708501] RDX: 0000000000000002 RSI: 0000000000000282 RDI: 0000000000000000
[ 309.708533] RBP: ffff88000a575d90 R08: 0000000000000001 R09: 0000000000000000
[ 309.708565] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88000a575e80
[ 309.708597] R13: 0000000000000002 R14: ffff8800b9312470 R15: ffff8800b9311400
[ 309.708630] FS: 0000000000000000(0000) GS:ffff8800bf400000(0000) knlGS:0000000000000000
[ 309.708667] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 309.708694] CR2: 0000000000000000 CR3: 0000000001c05000 CR4: 00000000000006f0
[ 309.708726] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 309.708758] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 309.708791] Process khidpd_04580058 (pid: 2284, threadinfo ffff88000a574000, task ffff880014895c00)
[ 309.708830] Stack:
[ 309.708842] ffff88000a575da0 ffffffff8103ecf9 ffff88000a575dc0 ffffffff8165d69e
[ 309.708883] 0000000000000000 ffff88000a575e80 ffff88000a575e00 ffffffff8108bb8a
[ 309.708923] ffff88000ab7c400 ffff8800b9311470 ffff8800b9312470 000000000000007d
[ 309.708963] Call Trace:
[ 309.708978] [<ffffffff8103ecf9>] default_spin_lock_flags+0x9/0x10
[ 309.709010] [<ffffffff8165d69e>] _raw_spin_lock_irqsave+0x2e/0x40
[ 309.709042] [<ffffffff8108bb8a>] prepare_to_wait+0x2a/0x90
[ 309.709071] [<ffffffffa043611d>] hidp_session+0x3bd/0x510 [hidp]
[ 309.709101] [<ffffffff810606a0>] ? try_to_wake_up+0x200/0x200
[ 309.709131] [<ffffffff810606a0>] ? try_to_wake_up+0x200/0x200
[ 309.709160] [<ffffffff8108bd20>] ? add_wait_queue+0x60/0x60
[ 309.709188] [<ffffffffa0435d60>] ? hidp_recv_ctrl_frame+0xf0/0xf0 [hidp]
[ 309.709220] [<ffffffff8108b27c>] kthread+0x8c/0xa0
[ 309.709244] [<ffffffff81667b74>] kernel_thread_helper+0x4/0x10
[ 309.709272] [<ffffffff8108b1f0>] ? flush_kthread_worker+0xa0/0xa0
[ 309.709303] [<fff...

Read more...

Luis Henriques (henrix) wrote :

Master, I believe the kernel oops you're hitting is actually a different bug, namely in the bluetooth hipd driver. Could you try to reproduce it by disabling/disconnecting any bluetooth device you have? It looks like you're hitting https://bugzilla.kernel.org/show_bug.cgi?id=39882 (which should be fixed by upstream commit 4529eefad087f97b33c0f31984d924b1f15d7bae). If this is case, could you please open a new bug report?

Anyway, it looks like there's a real regression introduced by this fix, which is still under analysis.

Luis Henriques (henrix) wrote :

Just for completeness, here's a link to a test case that makes it easy to reproduce this bug:

https://lkml.org/lkml/2012/12/20/536

tags: added: verification-failed-precise verification-failed-quantal
removed: verification-needed-precise verification-needed-quantal
tags: added: verification-reverted-precise verification-reverted-quantal
removed: verification-failed-precise verification-failed-quantal
Luis Henriques (henrix) wrote :

There's a new Precise kernel available in -proposed that should finally fix this issue. I'm tagging this bug with 'verification-needed-precise' again; anyone available to test this new kernel, please follow the instructions in comment #35.

The Quantal kernel should be available soon.

tags: added: verification-needed-precise
removed: verification-reverted-precise
Master (umely) wrote :

> Master, I believe the kernel oops you're hitting is actually a different bug...
Luis, my bug #928943, but someone is mark as duplicate this bug.
> ...Could you try to reproduce it by disabling/disconnecting any bluetooth device you have?
All others devises (smartphone, handsfree set, computer with bt usb dongle, any notebooks) work good when necessary. Mouse work only (doesn't depend from distro and bluez version) with kernel between 2.6.1 - 2.6.39. And I am compelled to remain on a Natty.
> There's a new Precise kernel available in -proposed that should finally fix this issue.
> I'm tagging this bug with 'verification-needed-precise' again; anyone available to test this new kernel,
> please follow the instructions in comment #35.
Didn't solve a problem...

Luis Henriques (henrix) wrote :

Master, I've took a look at your original bug report and its incorrectly tagged as duplicate of this one. I've fixed that and posted there a test kernel for you. Thank you for all your testing.

Luis Henriques (henrix) wrote :

There's a new Quantal kernel available in -proposed that should finally fix this issue. I'm tagging this bug with 'verification-needed-precise' again; anyone available to test this new kernel, please follow the instructions in comment #34.

tags: added: verification-needed-quantal
removed: verification-reverted-quantal
Luis Henriques (henrix) on 2013-01-11
tags: added: verification-done-precise verification-done-quantal
removed: verification-needed-precise verification-needed-quantal

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :
Download full text (10.1 KiB)

This bug was fixed in the package linux - 3.2.0-36.57

---------------
linux (3.2.0-36.57) precise-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1097389

  [ Chris J Arges ]

  * Revert "SAUCE: fsnotify: dont put marks on temporary list when clearing
    marks by group"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: introduce locked versions of
    fsnotify_add_mark() and fsnotify_remove_mark()"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: pass group to fsnotify_destroy_mark()"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: use a mutex instead of a spinlock to protect a
    groups mark list"
    - LP: #1096137
  * Revert "SAUCE: fanotify: add an extra flag to mark_remove_from_mask
    that indicates wheather a mark should be destroyed"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: take groups mark_lock before mark lock"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: use reference counting for groups"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: introduce fsnotify_get_group()"
    - LP: #1096137

  [ Upstream Kernel Changes ]

  * fsnotify: introduce fsnotify_get_group()
    - LP: #1096137
  * fsnotify: use reference counting for groups
    - LP: #1096137
  * fsnotify: take groups mark_lock before mark lock
    - LP: #1096137
  * fanotify: add an extra flag to mark_remove_from_mask that indicates
    wheather a mark should be destroyed
    - LP: #1096137
  * fsnotify: use a mutex instead of a spinlock to protect a groups mark
    list
    - LP: #1096137
  * fsnotify: pass group to fsnotify_destroy_mark()
    - LP: #1096137
  * fsnotify: introduce locked versions of fsnotify_add_mark() and
    fsnotify_remove_mark()
    - LP: #1096137
  * fsnotify: dont put marks on temporary list when clearing marks by group
    - LP: #1096137
  * fsnotify: change locking order
    - LP: #1096137

linux (3.2.0-36.56) precise-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1095351

  [ Chris J Arges ]

  * SAUCE: add eeprom_bad_csum_allow module parameter
    - LP: #1070182

  [ Colin Ian King ]

  * SAUCE: samsung-laptop: disable in UEFI mode
    - LP: #1040557

  [ Herton Ronaldo Krzesinski ]

  * SAUCE: usb: cdc-wdm: fix regression on buffer deallocation
    - LP: #1074157

  [ Kees Cook ]

  * SAUCE: exec: do not leave bprm->interp on stack
    - LP: #1068888
    - CVE-2012-4530

  [ Leann Ogasawara ]

  * Add ceph to virtual kernel flavor
    - LP: #1063784

  [ Lino Sanfilippo ]

  * SAUCE: fsnotify: introduce fsnotify_get_group()
    - LP: #922906
  * SAUCE: fsnotify: use reference counting for groups
    - LP: #922906
  * SAUCE: fsnotify: take groups mark_lock before mark lock
    - LP: #922906
  * SAUCE: fanotify: add an extra flag to mark_remove_from_mask that
    indicates wheather a mark should be destroyed
    - LP: #922906
  * SAUCE: fsnotify: use a mutex instead of a spinlock to protect a groups
    mark list
    - LP: #922906
  * SAUCE: fsnotify: pass group to fsnotify_destroy_mark()
    - LP: #922906
  * SAUCE: fsnotify: introduce locked versions of fsnotify_add_mark() and
    fsnotify_remove_mark()
    - LP: #922906
  * SAUCE: fsnotify: dont put marks on temporary list when ...

Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (21.3 KiB)

This bug was fixed in the package linux - 3.5.0-22.34

---------------
linux (3.5.0-22.34) quantal-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1097343

  [ Chris J Arges ]

  * Revert "SAUCE: fsnotify: dont put marks on temporary list when clearing
    marks by group"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: introduce locked versions of
    fsnotify_add_mark() and fsnotify_remove_mark()"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: pass group to fsnotify_destroy_mark()"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: use a mutex instead of a spinlock to protect a
    groups mark list"
    - LP: #1096137
  * Revert "SAUCE: fanotify: add an extra flag to mark_remove_from_mask
    that indicates wheather a mark should be destroyed"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: take groups mark_lock before mark lock"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: use reference counting for groups"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: introduce fsnotify_get_group()"
    - LP: #1096137

  [ Upstream Kernel Changes ]

  * fsnotify: introduce fsnotify_get_group()
    - LP: #1096137
  * fsnotify: use reference counting for groups
    - LP: #1096137
  * fsnotify: take groups mark_lock before mark lock
    - LP: #1096137
  * fanotify: add an extra flag to mark_remove_from_mask that indicates
    wheather a mark should be destroyed
    - LP: #1096137
  * fsnotify: use a mutex instead of a spinlock to protect a groups mark
    list
    - LP: #1096137
  * fsnotify: pass group to fsnotify_destroy_mark()
    - LP: #1096137
  * fsnotify: introduce locked versions of fsnotify_add_mark() and
    fsnotify_remove_mark()
    - LP: #1096137
  * fsnotify: dont put marks on temporary list when clearing marks by group
    - LP: #1096137
  * fsnotify: change locking order
    - LP: #1096137

linux (3.5.0-22.33) quantal-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1095349

  [ Chris J Arges ]

  * SAUCE: add eeprom_bad_csum_allow module parameter
    - LP: #1070182

  [ Colin Ian King ]

  * SAUCE: samsung-laptop: disable in UEFI mode
    - LP: #1040557

  [ Kees Cook ]

  * SAUCE: exec: do not leave bprm->interp on stack
    - LP: #1068888
    - CVE-2012-4530

  [ Leann Ogasawara ]

  * Add ceph to linux-image for virtual instances
    - LP: #1063784

  [ Lino Sanfilippo ]

  * SAUCE: fsnotify: introduce fsnotify_get_group()
    - LP: #922906
  * SAUCE: fsnotify: use reference counting for groups
    - LP: #922906
  * SAUCE: fsnotify: take groups mark_lock before mark lock
    - LP: #922906
  * SAUCE: fanotify: add an extra flag to mark_remove_from_mask that
    indicates wheather a mark should be destroyed
    - LP: #922906
  * SAUCE: fsnotify: use a mutex instead of a spinlock to protect a groups
    mark list
    - LP: #922906
  * SAUCE: fsnotify: pass group to fsnotify_destroy_mark()
    - LP: #922906
  * SAUCE: fsnotify: introduce locked versions of fsnotify_add_mark() and
    fsnotify_remove_mark()
    - LP: #922906
  * SAUCE: fsnotify: dont put marks on temporary list when clearing marks
    by group
    - LP: #922906

  [ Tomas Hozza ]

  * SAUCE: tools: hv: Netlink source a...

Changed in linux (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux:
status: Expired → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.