VBoxMount

Kernel Oops on unmount

Bug #299472 reported by Christian Kellner on 2008-11-18

Affects		Status	Importance	Assigned to	Milestone
	VBoxMount	Fix Released	Critical	Christian Kellner

Bug Description

StackTrace:

[98518.092253] nbd0: p1 p2
[98518.199106] nbd0: NBD_DISCONNECT
[98522.352896] BUG: unable to handle kernel NULL pointer dereference at
0000000000000008
[98522.352896] IP: [<ffffffff804148d3>] unix_stream_recvmsg+0x25e/0x557
[98522.352896] PGD 6be05d067 PUD 8239ee067 PMD 0
[98522.352896] Oops: 0002 [1] SMP
[98522.352896] CPU 7
[98522.352896] Modules linked in: tun 8021q bridge vboxdrv ipv6 xfs fuse
nbd loop snd_pcm snd_timer snd soundcore snd_page_alloc joydev i2c_i801
pcspkr i2c_core psmouse rng_core serio_raw iTCO_wdt container button
shpchp pci_hotplug evdev ext3 jbd mbcache dm_mirror dm_log dm_snapshot
dm_mod ide_cd_mod cdrom usbhid hid ff_memless piix ide_pci_generic
ide_core sd_mod floppy ata_generic libata dock ehci_hcd uhci_hcd igb
e1000e 3w_9xxx scsi_mod thermal processor fan thermal_sys
[98522.352896] Pid: 15921, comm: VBoxMount.bin Not tainted
2.6.26-1-amd64 #1
[98522.352896] RIP: 0010:[<ffffffff804148d3>] [<ffffffff804148d3>]
unix_stream_recvmsg+0x25e/0x557
[98522.352896] RSP: 0018:ffff810826563778 EFLAGS: 00010246
[98522.352896] RAX: 0000000000000000 RBX: ffff8108296c0e9c RCX:
ffff81082ce18000
[98522.352896] RDX: 0000000000004101 RSI: 0000000000000246 RDI:
ffff8108296c0e9c
[98522.352896] RBP: 0000000000000000 R08: ffff810826562000 R09:
000000000000b58d
[98522.352896] R10: ffff8100010828f0 R11: 0000000000000007 R12:
ffff8108296c0c00
[98522.352896] R13: ffff8108296c0ca8 R14: ffff810826563b08 R15:
0000000000000001
[98522.352896] FS: 0000000041c6b950(0063) GS:ffff81082cd9e5c0(0000)
knlGS:0000000000000000
[98522.352896] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[98522.352896] CR2: 0000000000000008 CR3: 000000080b96c000 CR4:
00000000000006e0
[98522.352896] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[98522.352896] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
0000000000000400
[98522.352896] Process VBoxMount.bin (pid: 15921, threadinfo
ffff810826562000, task ffff810828e1e7d0)
[98522.352896] Stack: 0000000000000000 0000000000000000
0000000000000010 ffff81082c933800
[98522.352896] ffff8108296c0e9c 0000000000000000 0000000000000000
ffffffa100000000
[98522.352896] 7fffffffffffffff ffff810826563968 0000000000000000
ffff810828e1e7d0
[98522.352896] Call Trace:
[98522.352896] [<ffffffff80246021>] autoremove_wake_function+0x0/0x2e
[98522.352896] [<ffffffff803af9b0>] sock_recvmsg+0xf0/0x10f
[98522.352896] [<ffffffff8024aab6>] getnstimeofday+0x39/0x98
[98522.352896] [<ffffffff80246021>] autoremove_wake_function+0x0/0x2e
[98522.352896] [<ffffffff80248bef>] ktime_get+0xc/0x41
[98522.352896] [<ffffffff8022904d>] hrtick_start_fair+0xfb/0x144
[98522.352896] [<ffffffff8021a45e>] apic_wait_icr_idle+0xe/0x15
[98522.352896] [<ffffffff8021a45e>] apic_wait_icr_idle+0xe/0x15
[98522.352896] [<ffffffff8022c184>] try_to_wake_up+0x118/0x129
[98522.352896] [<ffffffff803b0fbd>] kernel_recvmsg+0x32/0x44
[98522.352896] [<ffffffffa02243df>] :nbd:sock_xmit+0x242/0x2a4
[98522.352896] [<ffffffff8022ad5c>] __wake_up+0x38/0x4f
[98522.352896] [<ffffffff80245ffa>] __wake_up_bit+0x28/0x2d
[98522.352896] [<ffffffff803646b7>] mix_pool_bytes_extract+0x5c/0x155
[98522.352896] [<ffffffff8030c5bb>] freed_request+0x24/0x44
[98522.352896] [<ffffffff8030c87e>] __blk_end_request+0x39/0x41
[98522.352896] [<ffffffffa0224d77>] :nbd:nbd_ioctl+0x3fb/0x814
[98522.352896] [<ffffffff8022f012>] hrtick_set+0x88/0xf7
[98522.352896] [<ffffffff8042848c>] thread_return+0x6b/0xac
[98522.352896] [<ffffffff8024f25a>] get_futex_value_locked+0x1d/0x38
[98522.352896] [<ffffffff8024f61f>] futex_wait+0x373/0x394
[98522.352896] [<ffffffff80319c09>] __next_cpu+0x19/0x26
[98522.352896] [<ffffffff8027c8ad>] zone_statistics+0x3a/0x8e
[98522.352896] [<ffffffff8027625b>] get_page_from_freelist+0x45a/0x5ff
[98522.352896] [<ffffffff80270fba>] find_lock_page+0x1f/0x8a
[98522.352896] [<ffffffff802f1e9d>] dummy_file_ioctl+0x0/0x3
[98522.352896] [<ffffffff803107ed>] blkdev_driver_ioctl+0x5d/0x72
[98522.352896] [<ffffffff80310e36>] blkdev_ioctl+0x634/0x692
[98522.352896] [<ffffffff80281613>] handle_mm_fault+0x3f4/0x867
[98522.352896] [<ffffffff802504eb>] do_futex+0x81/0x783
[98522.352896] [<ffffffff802be746>] block_ioctl+0x1b/0x1f
[98522.352896] [<ffffffff802a6435>] vfs_ioctl+0x21/0x6b
[98522.352896] [<ffffffff802a66c7>] do_vfs_ioctl+0x248/0x261
[98522.352896] [<ffffffff802a6731>] sys_ioctl+0x51/0x70
[98522.352896] [<ffffffff8020be9a>] system_call_after_swapgs+0x8a/0x8f
[98522.352896]
[98522.352896]
[98522.352896] Code: 9c 02 00 00 41 fe 84 24 9c 02 00 00 48 8b 7c 24 40
e8 07 3e 01 00 48 89 df 48 89 44 24 40 e8 47 4f 01 00 49 8b 84 24 e0 01
00 00 <f0> 0f ba 70 08 01 e9 64 ff ff ff 49 8b 7c 24 70 48 8d 74 24 50
[98522.352896] RIP [<ffffffff804148d3>] unix_stream_recvmsg+0x25e/0x557
[98522.352896] RSP <ffff810826563778>
[98522.352896] CR2: 0000000000000008
[98522.352896] ---[ end trace 999b035b6766f164 ]---

Revision history for this message

Christian Kellner (gicmo) wrote on 2008-11-19:

Should be fixed in rev 18.

Changed in vboxmount:
assignee:	nobody → gicmo
importance:	Undecided → Critical
status:	New → Fix Committed

Revision history for this message

Christian Kellner (gicmo) wrote on 2008-11-22:

Fixed in vboxmount 0.2.2. (https://launchpad.net/vboxmount/trunk/0.2.2)

Changed in vboxmount:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.