Kernel Oops - BUG: unable to handle kernel NULL pointer dereference at 0000009c; EIP is at __ticket_spin_lock+0x8/0x30

Bug #922906 reported by Elroy on 2012-01-27
900
This bug affects 110 people
Affects Status Importance Assigned to Milestone
Skylinux
Fix Released
Medium
linux (Ubuntu)
High
Chris J Arges
Precise
High
Chris J Arges
Quantal
High
Chris J Arges
Raring
High
Chris J Arges

Bug Description

This happened after unplugging a usb storage device.

ProblemType: KernelOops
DistroRelease: Ubuntu 12.04
Package: linux-image-3.2.0-11-generic 3.2.0-11.19
ProcVersionSignature: Ubuntu 3.2.0-11.19-generic 3.2.1
Uname: Linux 3.2.0-11-generic i686
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24.
Annotation: Your system might become unstable now and might need to be restarted.
ApportVersion: 1.91-0ubuntu1
Architecture: i386
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: elroy 1504 F.... pulseaudio
Card0.Amixer.info:
 Card hw:0 'I82801DBICH4'/'Intel 82801DB-ICH4 with AD1981A at irq 17'
   Mixer name : 'Analog Devices AD1981A'
   Components : 'AC97a:41445372'
   Controls : 25
   Simple ctrls : 17
Date: Fri Jan 27 19:32:16 2012
Failure: oops
HibernationDevice: RESUME=UUID=a818f95b-caf9-4a82-bd11-2e3480e5595a
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111012)
Lsusb:
 Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
 Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 003 Device 002: ID 093a:2510 Pixart Imaging, Inc. Optical Mouse
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.2.0-11-generic root=UUID=481773af-0b0e-47ef-8864-302bf969002c ro quiet splash vt.handoff=7
PulseSinks: Error: command ['pacmd', 'list-sinks'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon.
PulseSources: Error: command ['pacmd', 'list-sources'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon.
RelatedPackageVersions: kerneloops-daemon 0.12+git20090217-1ubuntu18
RfKill:
 0: phy0: Wireless LAN
  Soft blocked: no
  Hard blocked: no
SourcePackage: linux
Title: BUG: unable to handle kernel NULL pointer dereference at 0000009c
UpgradeStatus: Upgraded to precise on 2012-01-27 (0 days ago)
dmi.bios.date: 05/28/2003
dmi.bios.vendor: Compaq
dmi.bios.version: 686O2 v2.21
dmi.board.name: 07E4h
dmi.board.vendor: Compaq
dmi.chassis.type: 15
dmi.chassis.vendor: Compaq
dmi.modalias: dmi:bvnCompaq:bvr686O2v2.21:bd05/28/2003:svnCompaq:pn:pvr:rvnCompaq:rn07E4h:rvr:cvnCompaq:ct15:cvr:
dmi.sys.vendor: Compaq

--

SRU Justification:

Impact:
When plugging and unplugging a USB drive occasionally a race condition in the notify subsystem causes a kernel oops.

Fix:
A set up of patches 0520bffba9685d88ad68ede4a41abd08a3e9684e..fe9b25d3ee6bdf6f9c9a9ce61d9d3e144bac13ef found in the for-next branch in the notify.git tree solve this issue:
http://git.infradead.org/users/eparis/notify.git/shortlog/refs/heads/for-next
These have been cherry-picked and tested on precise/quantal and applied already to raring. Only small modifications are needed for 2 of the patches because the locations of the functions had changed other than that the other 7 patches are clean cherry-picks.

Testcase:
Comment #8 and #9 in the upstream bug: https://bugzilla.kernel.org/show_bug.cgi?id=22602 has a test case that easily reproduces this issue within 15-30 minutes. I have applied the above fixes and was able to run this test case overnight in all cases.
In addition I've tested using the LTP tests for inotfy and these run properly with the fix applied.

Elroy (elroy-86) wrote :
Brad Figg (brad-figg) on 2012-01-28
Changed in linux (Ubuntu):
status: New → Confirmed

Thank you for taking the time to file a bug report on this issue.

However, given the number of bugs that the Kernel Team receives during any development cycle it is impossible for us to review them all. Therefore, we occasionally resort to using automated bots to request further testing. This is such a request.

We have noted that there is a newer version of the development kernel than the one you last tested when this issue was found. Please test again with the newer kernel and indicate in the bug if this issue still exists or not.

You can update to the latest development kernel by simply running the following commands in a terminal window:

    sudo apt-get update
    sudo apt-get upgrade

If the bug still exists, change the bug status from Incomplete to Confirmed. If the bug no longer exists, change the bug status from Incomplete to Fix Released.

If you want this bot to quit automatically requesting kernel tests, add a tag named: bot-stop-nagging.

 Thank you for your help, we really do appreciate it.

Changed in linux (Ubuntu):
status: Confirmed → Incomplete
tags: added: kernel-request-3.2.0-12.20
Brad Figg (brad-figg) on 2012-02-15
Changed in linux (Ubuntu):
importance: Undecided → High
tags: added: iso-testing qa-manual-testing rls-mgr-p-tracking

This bug has been reported on the Ubuntu ISO testing tracker.

A list of all reports related to this bug can be found here:
http://iso.qa.ubuntu.com/qatracker/reports/bugs/943861

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
tags: added: kernel-da-key kernel-key ticket-spin-lock

Thank you for taking the time to file a bug report on this issue.

However, given the number of bugs that the Kernel Team receives during any development cycle it is impossible for us to review them all. Therefore, we occasionally resort to using automated bots to request further testing. This is such a request.

We have noted that there is a newer version of the development kernel than the one you last tested when this issue was found. Please test again with the newer kernel and indicate in the bug if this issue still exists or not.

You can update to the latest development kernel by simply running the following commands in a terminal window:

    sudo apt-get update
    sudo apt-get upgrade

If the bug still exists, change the bug status from Incomplete to Confirmed. If the bug no longer exists, change the bug status from Incomplete to Fix Released.

If you want this bot to quit automatically requesting kernel tests, add a tag named: bot-stop-nagging.

 Thank you for your help, we really do appreciate it.

Changed in linux (Ubuntu):
status: Confirmed → Incomplete
tags: added: kernel-request-3.2.0-17.27

please Bot, read duplicates before asking questions.

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
tags: added: bot-stop-nagging
Joseph Salisbury (jsalisbury) wrote :
Changed in linux:
importance: Unknown → Medium
status: Unknown → In Progress
Joseph Salisbury (jsalisbury) wrote :
Fabio Marconi (fabiomarconi) wrote :

present in 3.2.0-20 beta2
---
Ubuntu Bug Squad volunteer triager
http://wiki.ubuntu.com/BugSquad

summary: - BUG: unable to handle kernel NULL pointer dereference at 0000009c
+ Kernel Oops - BUG: unable to handle kernel NULL pointer dereference at
+ 0000009c; EIP is at __ticket_spin_lock+0x8/0x30
tags: added: metabug
Karma Dorje (taaroa) wrote :
Andy Whitcroft (apw) wrote :

I have found and picked up the nine (*weep*) patches indicated by Joe in comment #8 and applied them to the precise kernel. Could those of you who are able to trigger this test the kernels below and let me know if they work any better for you. Please test the kernels at the URL below and report any testing back here:

    http://people.canonical.com/~apw/lp922906-precise/

Thanks!

Changed in linux (Ubuntu Precise):
status: Confirmed → Incomplete
Karma Dorje (taaroa) wrote :

% uname -rmv
3.2.0-23-generic #36lp922906v201204101802 SMP Tue Apr 10 17:10:23 UTC 2012 x86_64

the second day of testing. so far so good.

Andy Whitcroft (apw) wrote :

@karma -- how often does this normally reproduce for you without the fixes applied?

Joseph Salisbury (jsalisbury) wrote :

I posted a comment to all of the duplicate bugs, asking the bug report to test Andy's test kernel.

Jane Atkinson (irihapeti) wrote :

The problem I reported (Bug #948308) is no longer happening on a 12.04 standard install. Is there any point in that case in installing the test kernel?

Shock (mmiron) wrote :

I'm still getting the kernel oops (#977123) with the apw kernel. I'm removing the duplicate status since it does not seem to be a duplicate. All the patches I've seen in the apw kernel have to do with inotify/fsnotify. I'm triggering the bug by connecting a bluetooth mouse. The problem seems to be at a lower level in the kernel since the same panic is triggered by two different things (usb-unplug and bluetooth pairing).

Luis Henriques (henrix) wrote :

I am able to reproduce the issue very easily using the test application available at https://bugzilla.kernel.org/show_bug.cgi?id=22602 on a virtual machine with a single CPU (haven't tried with multiple CPUs).

Using apw test kernel, I am not able to reproduce it anymore.

Karma Dorje (taaroa) wrote :

@awp — using the test application is available on the https://bugzilla.kernel.org/show_bug.cgi?id=22602

Karma Dorje (taaroa) wrote :

s/awp/apw/ sorry.
first encountered this problem using kernel 2.6.38 on my laptop.

Jani Uusitalo (uusijani) wrote :

I've just hit the Oops (__ticket_spin_lock+0x9/0x30) with the kernel linked to from #11. I'll attach the syslog from after reboot to this comment. Had been running the apw build since Monday this week (7 days now) without problems.

Luis Henriques (henrix) wrote :

@uusijani, the problem you're facing seems to be a different one. The original one was a race condition on the fsnotify that caused a NULL pointer. Your current log points to a different issue related with poll()'ing, probably a duplicated of one of bugs #968825, #974014, #975047, #947958, ...

@mmiron, could you also double check your logs to make sure you're not hitting a different problem? If possible, post any new Oops here.

reanimator (emerg-reanimator) wrote :

I have caught the similar (or even the same) problem once with
_____________________________________________________
Linux version 3.0.0-12-generic (buildd@vernadsky) (gcc version 4.6.1 (Ubuntu/Linaro 4.6.1-9ubuntu3) ) #20-Ubuntu SMP Fri Oct 7 14:50:42 UTC 2011 (Ubuntu 3.0.0-12.20-generic 3.0.4)
___________________________________________________

At that moment the USB flash disk was removed.

log attached

Changed in linux (Ubuntu):
status: Incomplete → Triaged
Changed in linux (Ubuntu Precise):
status: Incomplete → Triaged
Harvey Dueck (g-harvey) wrote :

Seeing something similar with kernel version 3.2.0-27-generic #43-Ubuntu Dell Inc. Vostro 470/0YJPT1

I get a general protection fault, not an oops, but the same __ticket_spin_lock appears.

This has happened to me twice today. I installed Ubuntu 12.04 on this machine two days ago and haven't seen this previously.

I found this via Bug #1017874. No USB devices were connected to the system since the last reboot, so my problem seems unrelated to USB.

syslog excerpt attached.

Karma Dorje (taaroa) wrote :

@g-harvey
This seems to be different problem.
Could you please fill a new bug?

Changed in linux:
status: In Progress → Expired
tags: removed: kernel-key
Karma Dorje (taaroa) on 2012-10-06
tags: added: quantal
Changed in linux (Ubuntu Quantal):
status: New → Triaged
importance: Undecided → High
tags: added: kernel-key
Endre Kollár (taxy443) wrote :

Some duplication of this bug, like:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1074077
and like mine:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1080358
have a following line:
"sdb: detected capacity change from X to 0"

It is an easily reproducible part of same duplication, so i gave him special attention:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1082920

Please check it.

Tim Gardner (timg-tpi) on 2012-11-27
Changed in linux (Ubuntu Quantal):
assignee: nobody → Chris J Arges (christopherarges)
status: Triaged → In Progress
Changed in linux (Ubuntu Precise):
assignee: nobody → Chris J Arges (christopherarges)
status: Triaged → In Progress
Changed in linux (Ubuntu Raring):
assignee: nobody → Chris J Arges (christopherarges)
status: Triaged → In Progress
Chris J Arges (arges) wrote :
Tim Gardner (timg-tpi) on 2012-12-06
Changed in linux (Ubuntu Raring):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.7.0-5.13

---------------
linux (3.7.0-5.13) raring; urgency=low

  [ Lino Sanfilippo ]

  * SAUCE: inotify, fanotify: replace fsnotify_put_group() with
    fsnotify_destroy_group()
    - LP: #922906
  * SAUCE: fsnotify: introduce fsnotify_get_group()
    - LP: #922906
  * SAUCE: fsnotify: use reference counting for groups
    - LP: #922906
  * SAUCE: fsnotify: take groups mark_lock before mark lock
    - LP: #922906
  * SAUCE: fanotify: add an extra flag to mark_remove_from_mask that
    indicates wheather a mark should be destroyed
    - LP: #922906
  * SAUCE: fsnotify: use a mutex instead of a spinlock to protect a groups
    mark list
    - LP: #922906
  * SAUCE: fsnotify: pass group to fsnotify_destroy_mark()
    - LP: #922906
  * SAUCE: fsnotify: introduce locked versions of fsnotify_add_mark() and
    fsnotify_remove_mark()
    - LP: #922906
  * SAUCE: fsnotify: dont put marks on temporary list when clearing marks
    by group
    - LP: #922906
  * SAUCE: fsnotify: change locking order
    - LP: #922906

  [ Tim Gardner ]

  * [Config] CONFIG_NFC_LLCP=y
  * [Config] get-firmware: Filter new files through fwinfo
  * [Config] CONFIG_MTD_NAND_DOCG4=m for all arches
  * [Config] CONFIG_DRM_EXYNOS_HDMI=y
  * [Config] CONFIG_XEN=y for all arches
  * [Config] CONFIG_SND_OMAP_SOC_ZOOM2=m
  * [Config] CONFIG_MMC_DW_EXYNOS=m
  * [Config] CONFIG_GPIO_ADNP=m
  * [Config] find-obsolete-firmware: Use correct path
  * rebase to v3.7-rc8
    - LP: #1084640

  [ Upstream Kernel Changes ]

  * Revert "VFS: don't do protected {sym,hard}links by default"
    - LP: #1084192
 -- Tim Gardner <email address hidden> Wed, 28 Nov 2012 16:07:08 +0000

Changed in linux (Ubuntu Raring):
status: Fix Committed → Fix Released
Chris J Arges (arges) on 2012-12-10
description: updated
Tim Gardner (timg-tpi) on 2012-12-10
Changed in linux (Ubuntu Precise):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Quantal):
status: In Progress → Fix Committed
tags: removed: kernel-key
Chris J Arges (arges) wrote :

These patches have been merged into mainline:
https://lkml.org/lkml/2012/12/20/439

Master (umely) wrote :

Hi, fixed? or...
[ 0.000000] Linux version 3.7.1-030701-generic (root@gomeisa) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #201212171620 SMP Mon Dec 17 21:21:30 UTC 2012
[ 111.935218] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 111.935273] IP: [<ffffffff81045ba9>] __ticket_spin_lock+0x9/0x30
[ 111.935315] PGD 0
[ 111.935330] Oops: 0002 [#1] SMP
[ 111.935791] Pid: 1980, comm: khidpd_04580058 Not tainted 3.7.1-030701-generic #201212171620 Acer, inc. Aspire 5570 /Prespa1
[ 111.935858] RIP: 0010:[<ffffffff81045ba9>] [<ffffffff81045ba9>] __ticket_spin_lock+0x9/0x30
[ 111.936525] Call Trace:
[ 111.936542] [<ffffffff81045c59>] default_spin_lock_flags+0x9/0x10
[ 111.936581] [<ffffffff816c845e>] _raw_spin_lock_irqsave+0x2e/0x40
[ 111.936620] [<ffffffff8107e670>] remove_wait_queue+0x20/0x70
[ 111.936655] [<ffffffffa0510844>] hidp_session+0x354/0x640 [hidp]
[ 111.936692] [<ffffffff81090a20>] ? try_to_wake_up+0x200/0x200
[ 111.936727] [<ffffffff81090a20>] ? try_to_wake_up+0x200/0x200
[ 111.936762] [<ffffffffa05104f0>] ? hidp_recv_ctrl_frame+0xf0/0xf0 [hidp]
[ 111.936800] [<ffffffff8107db90>] kthread+0xc0/0xd0
[ 111.936829] [<ffffffff8107dad0>] ? flush_kthread_worker+0xb0/0xb0
[ 111.936867] [<ffffffff816d102c>] ret_from_fork+0x7c/0xb0
[ 111.936898] [<ffffffff8107dad0>] ? flush_kthread_worker+0xb0/0xb0
[ 111.936933] Code: 00 00 48 c7 c1 b1 59 04 81 48 c7 c2 ae 59 04 81 e9 dd fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 55 b8 00 00 01 00 48 89 e5 <f0> 0f c1 07 89 c2 c1 ea 10 66 39 c2 74 13 66 0f 1f 84 00 00 00
[ 111.937174] RIP [<ffffffff81045ba9>] __ticket_spin_lock+0x9/0x30
[ 111.937213] RSP <ffff8800b5cfbd78>
[ 111.937232] CR2: 0000000000000000

Chris J Arges (arges) wrote :

@umely,
Doesn't look like you are running a stock kernel (3.7.1-030701-generic)
Do you know if this kernel you were running had appropriate patches that were recently committed? If not where is the git tree?

In addition I'm doing a respin of this fix using mainline patches for quantal/precise.

3.8 Raring will contain the appropriate patches from mainline.

Master (umely) wrote :

All works in daily build (04.01.13)
Thanks, wait fix for precise...

Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel for Quantal in -proposed solves the problem (3.5.0-22.33). Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-quantal' to 'verification-done-quantal'.

If verification is not done by one week from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-quantal
Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel for Precise in -proposed solves the problem (3.2.0-36.56). Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-precise' to 'verification-done-precise'.

If verification is not done by one week from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-precise
Karma Dorje (taaroa) wrote :

amd64 verification-done-quantal

Master (umely) wrote :

[ 309.707808] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 309.707898] IP: [<ffffffff8103ec49>] __ticket_spin_lock+0x9/0x30
[ 309.708341] Pid: 2284, comm: khidpd_04580058 Not tainted 3.2.0-36-generic #56-Ubuntu Acer, inc. Aspire 5570 /Prespa1
[ 309.708401] RIP: 0010:[<ffffffff8103ec49>] [<ffffffff8103ec49>] __ticket_spin_lock+0x9/0x30

Luis Henriques (henrix) wrote :

Master, I believe your comment #37 means that the issue isn't fixed in the Precise kernel. Is that correct? Could you please post a complet dmesg?

It looks like Karma Dorje verified that the issue is solved in Quantal (comment #36), and after comparing both kernels (Precise and Quantal), they should both be fixed.

Master (umely) wrote :
Download full text (3.5 KiB)

Luis, yes, the problem still exists in the Precise. For Quantal this oops too occurs.
With 3.8-rc2-raring all work...

dmesg (3.2.0-36.56):
[ 309.707808] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 309.707898] IP: [<ffffffff8103ec49>] __ticket_spin_lock+0x9/0x30
[ 309.707941] PGD 0
[ 309.707957] Oops: 0002 [#1] SMP
[ 309.707980] CPU 0
[ 309.707991] Modules linked in: hidp btusb bnep rfcomm snd_hda_codec_realtek snd_hda_intel snd_hda_codec parport_pc snd_hwdep arc4 ppdev snd_pcm ath3k b43 snd_seq_midi bluetooth snd_rawmidi mmc_block uvcvideo snd_seq_midi_event snd_seq videodev joydev snd_timer snd_seq_device pcmcia mac80211 tifm_sd v4l2_compat_ioctl32 yenta_socket snd tifm_7xx1 pcmcia_rsrc tifm_core pcmcia_core acer_wmi soundcore cfg80211 psmouse snd_page_alloc serio_raw sparse_keymap bcma mac_hid lp parport usbhid hid i915 drm_kms_helper drm wmi i2c_algo_bit sky2 ssb video
[ 309.708331]
[ 309.708341] Pid: 2284, comm: khidpd_04580058 Not tainted 3.2.0-36-generic #56-Ubuntu Acer, inc. Aspire 5570 /Prespa1
[ 309.708401] RIP: 0010:[<ffffffff8103ec49>] [<ffffffff8103ec49>] __ticket_spin_lock+0x9/0x30
[ 309.708442] RSP: 0018:ffff88000a575d90 EFLAGS: 00010082
[ 309.708469] RAX: 0000000000010000 RBX: 0000000000000282 RCX: 0000000180150013
[ 309.708501] RDX: 0000000000000002 RSI: 0000000000000282 RDI: 0000000000000000
[ 309.708533] RBP: ffff88000a575d90 R08: 0000000000000001 R09: 0000000000000000
[ 309.708565] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88000a575e80
[ 309.708597] R13: 0000000000000002 R14: ffff8800b9312470 R15: ffff8800b9311400
[ 309.708630] FS: 0000000000000000(0000) GS:ffff8800bf400000(0000) knlGS:0000000000000000
[ 309.708667] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 309.708694] CR2: 0000000000000000 CR3: 0000000001c05000 CR4: 00000000000006f0
[ 309.708726] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 309.708758] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 309.708791] Process khidpd_04580058 (pid: 2284, threadinfo ffff88000a574000, task ffff880014895c00)
[ 309.708830] Stack:
[ 309.708842] ffff88000a575da0 ffffffff8103ecf9 ffff88000a575dc0 ffffffff8165d69e
[ 309.708883] 0000000000000000 ffff88000a575e80 ffff88000a575e00 ffffffff8108bb8a
[ 309.708923] ffff88000ab7c400 ffff8800b9311470 ffff8800b9312470 000000000000007d
[ 309.708963] Call Trace:
[ 309.708978] [<ffffffff8103ecf9>] default_spin_lock_flags+0x9/0x10
[ 309.709010] [<ffffffff8165d69e>] _raw_spin_lock_irqsave+0x2e/0x40
[ 309.709042] [<ffffffff8108bb8a>] prepare_to_wait+0x2a/0x90
[ 309.709071] [<ffffffffa043611d>] hidp_session+0x3bd/0x510 [hidp]
[ 309.709101] [<ffffffff810606a0>] ? try_to_wake_up+0x200/0x200
[ 309.709131] [<ffffffff810606a0>] ? try_to_wake_up+0x200/0x200
[ 309.709160] [<ffffffff8108bd20>] ? add_wait_queue+0x60/0x60
[ 309.709188] [<ffffffffa0435d60>] ? hidp_recv_ctrl_frame+0xf0/0xf0 [hidp]
[ 309.709220] [<ffffffff8108b27c>] kthread+0x8c/0xa0
[ 309.709244] [<ffffffff81667b74>] kernel_thread_helper+0x4/0x10
[ 309.709272] [<ffffffff8108b1f0>] ? flush_kthread_worker+0xa0/0xa0
[ 309.709303] [<fff...

Read more...

Luis Henriques (henrix) wrote :

Master, I believe the kernel oops you're hitting is actually a different bug, namely in the bluetooth hipd driver. Could you try to reproduce it by disabling/disconnecting any bluetooth device you have? It looks like you're hitting https://bugzilla.kernel.org/show_bug.cgi?id=39882 (which should be fixed by upstream commit 4529eefad087f97b33c0f31984d924b1f15d7bae). If this is case, could you please open a new bug report?

Anyway, it looks like there's a real regression introduced by this fix, which is still under analysis.

Luis Henriques (henrix) wrote :

Just for completeness, here's a link to a test case that makes it easy to reproduce this bug:

https://lkml.org/lkml/2012/12/20/536

tags: added: verification-failed-precise verification-failed-quantal
removed: verification-needed-precise verification-needed-quantal
tags: added: verification-reverted-precise verification-reverted-quantal
removed: verification-failed-precise verification-failed-quantal
Luis Henriques (henrix) wrote :

There's a new Precise kernel available in -proposed that should finally fix this issue. I'm tagging this bug with 'verification-needed-precise' again; anyone available to test this new kernel, please follow the instructions in comment #35.

The Quantal kernel should be available soon.

tags: added: verification-needed-precise
removed: verification-reverted-precise
Master (umely) wrote :

> Master, I believe the kernel oops you're hitting is actually a different bug...
Luis, my bug #928943, but someone is mark as duplicate this bug.
> ...Could you try to reproduce it by disabling/disconnecting any bluetooth device you have?
All others devises (smartphone, handsfree set, computer with bt usb dongle, any notebooks) work good when necessary. Mouse work only (doesn't depend from distro and bluez version) with kernel between 2.6.1 - 2.6.39. And I am compelled to remain on a Natty.
> There's a new Precise kernel available in -proposed that should finally fix this issue.
> I'm tagging this bug with 'verification-needed-precise' again; anyone available to test this new kernel,
> please follow the instructions in comment #35.
Didn't solve a problem...

Luis Henriques (henrix) wrote :

Master, I've took a look at your original bug report and its incorrectly tagged as duplicate of this one. I've fixed that and posted there a test kernel for you. Thank you for all your testing.

Luis Henriques (henrix) wrote :

There's a new Quantal kernel available in -proposed that should finally fix this issue. I'm tagging this bug with 'verification-needed-precise' again; anyone available to test this new kernel, please follow the instructions in comment #34.

tags: added: verification-needed-quantal
removed: verification-reverted-quantal
Luis Henriques (henrix) on 2013-01-11
tags: added: verification-done-precise verification-done-quantal
removed: verification-needed-precise verification-needed-quantal

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :
Download full text (10.1 KiB)

This bug was fixed in the package linux - 3.2.0-36.57

---------------
linux (3.2.0-36.57) precise-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1097389

  [ Chris J Arges ]

  * Revert "SAUCE: fsnotify: dont put marks on temporary list when clearing
    marks by group"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: introduce locked versions of
    fsnotify_add_mark() and fsnotify_remove_mark()"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: pass group to fsnotify_destroy_mark()"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: use a mutex instead of a spinlock to protect a
    groups mark list"
    - LP: #1096137
  * Revert "SAUCE: fanotify: add an extra flag to mark_remove_from_mask
    that indicates wheather a mark should be destroyed"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: take groups mark_lock before mark lock"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: use reference counting for groups"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: introduce fsnotify_get_group()"
    - LP: #1096137

  [ Upstream Kernel Changes ]

  * fsnotify: introduce fsnotify_get_group()
    - LP: #1096137
  * fsnotify: use reference counting for groups
    - LP: #1096137
  * fsnotify: take groups mark_lock before mark lock
    - LP: #1096137
  * fanotify: add an extra flag to mark_remove_from_mask that indicates
    wheather a mark should be destroyed
    - LP: #1096137
  * fsnotify: use a mutex instead of a spinlock to protect a groups mark
    list
    - LP: #1096137
  * fsnotify: pass group to fsnotify_destroy_mark()
    - LP: #1096137
  * fsnotify: introduce locked versions of fsnotify_add_mark() and
    fsnotify_remove_mark()
    - LP: #1096137
  * fsnotify: dont put marks on temporary list when clearing marks by group
    - LP: #1096137
  * fsnotify: change locking order
    - LP: #1096137

linux (3.2.0-36.56) precise-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1095351

  [ Chris J Arges ]

  * SAUCE: add eeprom_bad_csum_allow module parameter
    - LP: #1070182

  [ Colin Ian King ]

  * SAUCE: samsung-laptop: disable in UEFI mode
    - LP: #1040557

  [ Herton Ronaldo Krzesinski ]

  * SAUCE: usb: cdc-wdm: fix regression on buffer deallocation
    - LP: #1074157

  [ Kees Cook ]

  * SAUCE: exec: do not leave bprm->interp on stack
    - LP: #1068888
    - CVE-2012-4530

  [ Leann Ogasawara ]

  * Add ceph to virtual kernel flavor
    - LP: #1063784

  [ Lino Sanfilippo ]

  * SAUCE: fsnotify: introduce fsnotify_get_group()
    - LP: #922906
  * SAUCE: fsnotify: use reference counting for groups
    - LP: #922906
  * SAUCE: fsnotify: take groups mark_lock before mark lock
    - LP: #922906
  * SAUCE: fanotify: add an extra flag to mark_remove_from_mask that
    indicates wheather a mark should be destroyed
    - LP: #922906
  * SAUCE: fsnotify: use a mutex instead of a spinlock to protect a groups
    mark list
    - LP: #922906
  * SAUCE: fsnotify: pass group to fsnotify_destroy_mark()
    - LP: #922906
  * SAUCE: fsnotify: introduce locked versions of fsnotify_add_mark() and
    fsnotify_remove_mark()
    - LP: #922906
  * SAUCE: fsnotify: dont put marks on temporary list when ...

Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (21.3 KiB)

This bug was fixed in the package linux - 3.5.0-22.34

---------------
linux (3.5.0-22.34) quantal-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1097343

  [ Chris J Arges ]

  * Revert "SAUCE: fsnotify: dont put marks on temporary list when clearing
    marks by group"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: introduce locked versions of
    fsnotify_add_mark() and fsnotify_remove_mark()"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: pass group to fsnotify_destroy_mark()"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: use a mutex instead of a spinlock to protect a
    groups mark list"
    - LP: #1096137
  * Revert "SAUCE: fanotify: add an extra flag to mark_remove_from_mask
    that indicates wheather a mark should be destroyed"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: take groups mark_lock before mark lock"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: use reference counting for groups"
    - LP: #1096137
  * Revert "SAUCE: fsnotify: introduce fsnotify_get_group()"
    - LP: #1096137

  [ Upstream Kernel Changes ]

  * fsnotify: introduce fsnotify_get_group()
    - LP: #1096137
  * fsnotify: use reference counting for groups
    - LP: #1096137
  * fsnotify: take groups mark_lock before mark lock
    - LP: #1096137
  * fanotify: add an extra flag to mark_remove_from_mask that indicates
    wheather a mark should be destroyed
    - LP: #1096137
  * fsnotify: use a mutex instead of a spinlock to protect a groups mark
    list
    - LP: #1096137
  * fsnotify: pass group to fsnotify_destroy_mark()
    - LP: #1096137
  * fsnotify: introduce locked versions of fsnotify_add_mark() and
    fsnotify_remove_mark()
    - LP: #1096137
  * fsnotify: dont put marks on temporary list when clearing marks by group
    - LP: #1096137
  * fsnotify: change locking order
    - LP: #1096137

linux (3.5.0-22.33) quantal-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1095349

  [ Chris J Arges ]

  * SAUCE: add eeprom_bad_csum_allow module parameter
    - LP: #1070182

  [ Colin Ian King ]

  * SAUCE: samsung-laptop: disable in UEFI mode
    - LP: #1040557

  [ Kees Cook ]

  * SAUCE: exec: do not leave bprm->interp on stack
    - LP: #1068888
    - CVE-2012-4530

  [ Leann Ogasawara ]

  * Add ceph to linux-image for virtual instances
    - LP: #1063784

  [ Lino Sanfilippo ]

  * SAUCE: fsnotify: introduce fsnotify_get_group()
    - LP: #922906
  * SAUCE: fsnotify: use reference counting for groups
    - LP: #922906
  * SAUCE: fsnotify: take groups mark_lock before mark lock
    - LP: #922906
  * SAUCE: fanotify: add an extra flag to mark_remove_from_mask that
    indicates wheather a mark should be destroyed
    - LP: #922906
  * SAUCE: fsnotify: use a mutex instead of a spinlock to protect a groups
    mark list
    - LP: #922906
  * SAUCE: fsnotify: pass group to fsnotify_destroy_mark()
    - LP: #922906
  * SAUCE: fsnotify: introduce locked versions of fsnotify_add_mark() and
    fsnotify_remove_mark()
    - LP: #922906
  * SAUCE: fsnotify: dont put marks on temporary list when clearing marks
    by group
    - LP: #922906

  [ Tomas Hozza ]

  * SAUCE: tools: hv: Netlink source a...

Changed in linux (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux:
status: Expired → Fix Released
Download full text (8.1 KiB)

I ran in a similar bug while running inotifywait on kernel:

3.19.0-30-generic #34-Ubuntu SMP Fri Oct 2 22:08:41 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

------

[3975766.571492] BUG: unable to handle kernel paging request at 00000000812363a7
[3975766.571500] IP: [<00000000812363a7>] 0x812363a7
[3975766.571507] PGD 0
[3975766.571510] Oops: 0010 [#1] SMP
[3975766.571514] Modules linked in: tcp_diag udp_diag inet_diag unix_diag nfsd auth_rpcgss nfs_acl lockd grace sunrpc nfnetlink_queue nfnetlink_log nfnetlink bluetooth ufs qnx4 hfsplus hfs minix ntfs msdos jfs xfs libcrc32c 8021q garp mrp vhost_net vhost macvtap macvlan ip6t_REJECT nf_reject_ipv6 xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables vmnet(OE) vmw_vsock_vmci_transport vsock vmw_vmci vmmon(OE) cfg80211 nls_iso8859_1 nvidia(POE) x86_pkg_temp_thermal intel_powerclamp coretemp snd_hda_codec_hdmi hp_wmi snd_hda_codec_realtek kvm_intel snd_hda_codec_generic kvm
[3975766.571558] sparse_keymap snd_hda_intel crct10dif_pclmul snd_hda_controller crc32_pclmul dm_multipath ghash_clmulni_intel snd_hda_codec aesni_intel snd_hwdep snd_pcm aes_x86_64 scsi_dh snd_seq_midi lrw gf128mul snd_seq_midi_event drm snd_rawmidi snd_seq glue_helper snd_seq_device ablk_helper cryptd mei_me snd_timer sb_edac snd soundcore mei edac_core ioatdma serio_raw 8250_fintek shpchp wmi lpc_ich tpm_infineon mac_hid parport_pc ppdev lp parport autofs4 btrfs xor raid6_pq hid_generic usbhid hid igb i2c_algo_bit firewire_ohci e1000e psmouse dca isci firewire_core ahci ptp libsas libahci crc_itu_t pps_core scsi_transport_sas pata_acpi
[3975766.571600] CPU: 4 PID: 109 Comm: fsnotify_mark Tainted: P C OE 3.19.0-30-generic #34-Ubuntu
[3975766.571603] Hardware name: Hewlett-Packard HP Z620 Workstation/158A, BIOS J61 v03.65 12/19/2013
[3975766.571606] task: ffff881fa1033ae0 ti: ffff881f9c84c000 task.ti: ffff881f9c84c000
[3975766.571608] RIP: 0010:[<00000000812363a7>] [<00000000812363a7>] 0x812363a7
[3975766.571613] RSP: 0018:ffff881f9c84fe58 EFLAGS: 00010286
[3975766.571616] RAX: ffffffff81fb1810 RBX: ffff881f9c84fe60 RCX: 0000000000000000
[3975766.571617] RDX: 000000000000bbea RSI: 0000000000000000 RDI: ffffffff81fb1810
[3975766.571619] RBP: ffff881f9c84feb8 R08: ffffffff81d294c8 R09: 0000000180270014
[3975766.571621] R10: ffff88202fc98fe0 R11: ffff880a72398548 R12: ffff881f9c84fe88
[3975766.571623] R13: ffff881f9c84fe50 R14: 0000000000000000 R15: 0000000000000000
[3975766.571625] FS: 0000000000000000(0000) GS:ffff88202fc80000(0000) knlGS:0000000000000000
[3975766.571627] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[3975766.571629] CR2: 00000000812363a7 CR3: 0000000001c13000 CR4: 00000000001427f0
[3975766.571630] Stack:
[3975766.571632] ffff881f9c84ffd8 ffff880a72398628 ffff880a72398628 ffff881f00020000
[3975766.571635] ffff881fa1033ae0 ffffffff810b7680 ffff881f9c84fe88 ffff881f9c84fe88
[3975766.571638] 0000000000000000 ffff880f9dc83b40 0000000000000000 ffffffff81236330...

Read more...

Federico Ceratto, as this report is closed, it has nothing to do with your problem.

However, it will help immensely if you filed a new report via a terminal:
ubuntu-bug linux

Please feel free to subscribe me to it.

Download full text (4.6 KiB)

I had this problem repeatedly even after this ticked was closed. So I
switched to Debian wheezy and never had the problem again.

Regards,
Fede

On Fri, Dec 18, 2015 at 2:40 AM, Christopher M. Penalver
<email address hidden> wrote:
> Federico Ceratto, as this report is closed, it has nothing to do with
> your problem.
>
> However, it will help immensely if you filed a new report via a terminal:
> ubuntu-bug linux
>
> Please feel free to subscribe me to it.
>
> --
> You received this bug notification because you are subscribed to a
> duplicate bug report (1017874).
> https://bugs.launchpad.net/bugs/922906
>
> Title:
> Kernel Oops - BUG: unable to handle kernel NULL pointer dereference at
> 0000009c; EIP is at __ticket_spin_lock+0x8/0x30
>
> Status in Linux:
> Fix Released
> Status in linux package in Ubuntu:
> Fix Released
> Status in linux source package in Precise:
> Fix Released
> Status in linux source package in Quantal:
> Fix Released
> Status in linux source package in Raring:
> Fix Released
>
> Bug description:
> This happened after unplugging a usb storage device.
>
> ProblemType: KernelOops
> DistroRelease: Ubuntu 12.04
> Package: linux-image-3.2.0-11-generic 3.2.0-11.19
> ProcVersionSignature: Ubuntu 3.2.0-11.19-generic 3.2.1
> Uname: Linux 3.2.0-11-generic i686
> AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24.
> Annotation: Your system might become unstable now and might need to be restarted.
> ApportVersion: 1.91-0ubuntu1
> Architecture: i386
> AudioDevicesInUse:
> USER PID ACCESS COMMAND
> /dev/snd/controlC0: elroy 1504 F.... pulseaudio
> Card0.Amixer.info:
> Card hw:0 'I82801DBICH4'/'Intel 82801DB-ICH4 with AD1981A at irq 17'
> Mixer name : 'Analog Devices AD1981A'
> Components : 'AC97a:41445372'
> Controls : 25
> Simple ctrls : 17
> Date: Fri Jan 27 19:32:16 2012
> Failure: oops
> HibernationDevice: RESUME=UUID=a818f95b-caf9-4a82-bd11-2e3480e5595a
> InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111012)
> Lsusb:
> Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
> Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
> Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
> Bus 003 Device 002: ID 093a:2510 Pixart Imaging, Inc. Optical Mouse
> ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.2.0-11-generic root=UUID=481773af-0b0e-47ef-8864-302bf969002c ro quiet splash vt.handoff=7
> PulseSinks: Error: command ['pacmd', 'list-sinks'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon.
> PulseSources: Error: command ['pacmd', 'list-sources'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon.
> RelatedPackageVersions: kerneloops-daemon 0.12+git20090217-1ubuntu18
> RfKill:
> 0: phy0: Wireless LAN
> Soft blocked: no
> Hard blocked: no
> SourcePackage: linux
> Title: BUG: unable to handle kernel NULL pointer dereference at 0000009c
> UpgradeStatus: Upgraded to precise on 2012-01-27 (0 days ago)
> dmi.bios.date: 05/28/2003
> dmi.bios.vendor: Co...

Read more...

Juan Montoya (th3pr0ph3t) wrote :
Download full text (9.0 KiB)

unsubscribe

2015-12-18 3:10 GMT-05:00 Fede <email address hidden>:

> I had this problem repeatedly even after this ticked was closed. So I
> switched to Debian wheezy and never had the problem again.
>
> Regards,
> Fede
>
> On Fri, Dec 18, 2015 at 2:40 AM, Christopher M. Penalver
> <email address hidden> wrote:
> > Federico Ceratto, as this report is closed, it has nothing to do with
> > your problem.
> >
> > However, it will help immensely if you filed a new report via a terminal:
> > ubuntu-bug linux
> >
> > Please feel free to subscribe me to it.
> >
> > --
> > You received this bug notification because you are subscribed to a
> > duplicate bug report (1017874).
> > https://bugs.launchpad.net/bugs/922906
> >
> > Title:
> > Kernel Oops - BUG: unable to handle kernel NULL pointer dereference at
> > 0000009c; EIP is at __ticket_spin_lock+0x8/0x30
> >
> > Status in Linux:
> > Fix Released
> > Status in linux package in Ubuntu:
> > Fix Released
> > Status in linux source package in Precise:
> > Fix Released
> > Status in linux source package in Quantal:
> > Fix Released
> > Status in linux source package in Raring:
> > Fix Released
> >
> > Bug description:
> > This happened after unplugging a usb storage device.
> >
> > ProblemType: KernelOops
> > DistroRelease: Ubuntu 12.04
> > Package: linux-image-3.2.0-11-generic 3.2.0-11.19
> > ProcVersionSignature: Ubuntu 3.2.0-11.19-generic 3.2.1
> > Uname: Linux 3.2.0-11-generic i686
> > AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24.
> > Annotation: Your system might become unstable now and might need to be
> restarted.
> > ApportVersion: 1.91-0ubuntu1
> > Architecture: i386
> > AudioDevicesInUse:
> > USER PID ACCESS COMMAND
> > /dev/snd/controlC0: elroy 1504 F.... pulseaudio
> > Card0.Amixer.info:
> > Card hw:0 'I82801DBICH4'/'Intel 82801DB-ICH4 with AD1981A at irq 17'
> > Mixer name : 'Analog Devices AD1981A'
> > Components : 'AC97a:41445372'
> > Controls : 25
> > Simple ctrls : 17
> > Date: Fri Jan 27 19:32:16 2012
> > Failure: oops
> > HibernationDevice: RESUME=UUID=a818f95b-caf9-4a82-bd11-2e3480e5595a
> > InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386
> (20111012)
> > Lsusb:
> > Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
> > Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
> > Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
> > Bus 003 Device 002: ID 093a:2510 Pixart Imaging, Inc. Optical Mouse
> > ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.2.0-11-generic
> root=UUID=481773af-0b0e-47ef-8864-302bf969002c ro quiet splash vt.handoff=7
> > PulseSinks: Error: command ['pacmd', 'list-sinks'] failed with exit
> code 1: No PulseAudio daemon running, or not running as session daemon.
> > PulseSources: Error: command ['pacmd', 'list-sources'] failed with
> exit code 1: No PulseAudio daemon running, or not running as session daemon.
> > RelatedPackageVersions: kerneloops-daemon 0.12+git20090217-1ubuntu18
> > RfKill:
> > 0: phy0: Wireless LAN
> > Soft blocked: no
> > Hard blo...

Read more...

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.