Re: BUG: update-grub, unable to handle kernel NULL pointer dereference

From: Jeremiah Mahler
Date: Sun May 31 2015 - 19:53:22 EST

Next message: Stephen Rothwell: "linux-next: manual merge of the arm-perf tree with the tree"
Previous message: Wolfram Sang: "Re: [PATCH] I2c:smbus - Fix typo in comment."
In reply to: Jeremiah Mahler: "BUG: update-grub, unable to handle kernel NULL pointer dereference"
Next in thread: Jeremiah Mahler: "[PATCH] fuse: avoid clobbering fc->release with fuse_conn_init(fc)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Miklos, all,

On Sat, May 30, 2015 at 01:03:24AM -0700, Jeremiah Mahler wrote:
> all,
>
> When running update-grub on a system with a Windows partition the kernel
> will oops with a "BUG: unable to handle kernel NULL pointer dereference"
> message. It does this during the call to os-prober. After the oops
> the system locks and requires a hard reset to get it running again.
>
> This bug is present in the current linux-next (20150529) and as far
> back as 20150522 and possibly earlier. That last working kernel I
> have is tagged 4.1.0-rc1+.
>
> Below is a snippet from the back trace. The full log is attached.
>
> ...
> May 29 10:57:03 hudson 50mounted-tests[3413]: debug: running subtest /usr/lib/os-probes/mounted/20microsoft
> May 29 10:57:03 hudson 20microsoft[3416]: debug: /dev/sda1 is a NTFS partition
> May 29 10:57:03 hudson 20microsoft[3431]: result: /dev/sda1:Windows 7 (loader):Windows:chain
> May 29 10:57:03 hudson 50mounted-tests[3432]: debug: os found by subtest /usr/lib/os-probes/mounted/20microsoft
> May 29 10:57:03 hudson kernel: BUG: unable to handle kernel NULL pointer dereference at (null)
> May 29 10:57:03 hudson kernel: IP: [< (null)>] (null)
> May 29 10:57:03 hudson kernel: PGD c9e43067 PUD c7b4a067 PMD 0
> May 29 10:57:03 hudson kernel: Oops: 0010 [#1] SMP
> May 29 10:57:03 hudson kernel: Modules linked in: vfat msdos fat dm_mod cpufreq_conservative cpufreq_stats cpufreq_userspace cpufreq_powersave binfmt_misc nfsd auth_rpcgss oid_registry nfs_acl nfs lockd grace fscache sunrpc joydev arc4 iwldvm mac80211 x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm i915 iTCO_wdt crct10dif_pclmul iTCO_vendor_support iwlwifi snd_hda_codec_hdmi crc32_pclmul snd_hda_codec_realtek crc32c_intel snd_hda_codec_generic cfg80211 snd_hda_intel snd_hda_codec ghash_clmulni_intel i2c_algo_bit aesni_intel drm_kms_helper aes_x86_64 snd_hwdep glue_helper lrw psmouse snd_hda_core gf128mul ablk_helper cryptd evdev mei_me tpm_tis drm snd_pcm serio_raw mei pcspkr tpm thinkpad_acpi wmi i2c_i801 shpchp snd_timer nvram snd battery rfkill lpc_ich ac video intel_smartconnect i2c_core soundcore
> May 29 10:57:03 hudson kernel: button mfd_core processor loop fuse autofs4 ext4 crc16 mbcache jbd2 sg sd_mod ahci libahci libata sdhci_pci scsi_mod xhci_pci ehci_pci sdhci ehci_hcd xhci_hcd mmc_core usbcore thermal usb_common thermal_sys
> May 29 10:57:03 hudson kernel: CPU: 3 PID: 3433 Comm: umount Not tainted 4.1.0-rc4-next-20150522 #404
> May 29 10:57:03 hudson kernel: Hardware name: LENOVO 3443CTO/3443CTO, BIOS G6ET59WW (2.03 ) 09/11/2012
> May 29 10:57:03 hudson kernel: task: ffff880036bbd4d0 ti: ffff880118fd4000 task.ti: ffff880118fd4000
> May 29 10:57:03 hudson kernel: RIP: 0010:[<0000000000000000>] [< (null)>] (null)
> May 29 10:57:03 hudson kernel: RSP: 0018:ffff880118fd7ea0 EFLAGS: 00010246
> May 29 10:57:03 hudson kernel: RAX: 0000000000000000 RBX: ffff8800c95b6000 RCX: ffff8800355c9000
> May 29 10:57:03 hudson kernel: RDX: 0000000000000001 RSI: 0000000000000286 RDI: ffff88003652c800
> May 29 10:57:03 hudson kernel: RBP: ffff8800c95b60c0 R08: 000800010000feb4 R09: 0000fead0000fea5
> May 29 10:57:03 hudson kernel: R10: 0000fead0000fea5 R11: 0000fe9d0000fe95 R12: ffffffffa0241b40
> May 29 10:57:03 hudson kernel: R13: ffff880036bbd4d0 R14: 0000000000000000 R15: 0000000000000000
> May 29 10:57:03 hudson kernel: FS: 00007f8d586b8840(0000) GS:ffff88011e380000(0000) knlGS:0000000000000000
> May 29 10:57:03 hudson kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> May 29 10:57:03 hudson kernel: CR2: 0000000000000000 CR3: 0000000036b7e000 CR4: 00000000001407e0
> May 29 10:57:03 hudson kernel: Stack:
> May 29 10:57:03 hudson kernel: ffffffff811ae1fe 0000000000000028 ffffffffa02430c0 ffff880036bbdb28
> May 29 10:57:03 hudson kernel: ffffffff811ae4de ffff8800c95b6000 ffffffff811ae86c ffff8800c95b6000
> May 29 10:57:03 hudson kernel: ffff8801182fd200 ffffffff81a81400 ffffffff811ca15b 0000000000000000
> May 29 10:57:03 hudson kernel: Call Trace:
> May 29 10:57:03 hudson kernel: [<ffffffff811ae1fe>] ? generic_shutdown_super+0x6e/0xf0
> May 29 10:57:03 hudson kernel: [<ffffffff811ae4de>] ? kill_anon_super+0xe/0x20
> May 29 10:57:03 hudson kernel: [<ffffffff811ae86c>] ? deactivate_locked_super+0x3c/0x70
> May 29 10:57:03 hudson kernel: [<ffffffff811ca15b>] ? cleanup_mnt+0x3b/0x80
> May 29 10:57:03 hudson kernel: [<ffffffff81080d3a>] ? task_work_run+0x9a/0xc0
> May 29 10:57:03 hudson kernel: [<ffffffff81012d5f>] ? do_notify_resume+0x5f/0x80
> May 29 10:57:03 hudson kernel: [<ffffffff81519e84>] ? int_signal+0x12/0x17
> May 29 10:57:03 hudson kernel: Code: Bad RIP value.
> May 29 10:57:03 hudson kernel: RIP [< (null)>] (null)
> May 29 10:57:03 hudson kernel: RSP <ffff880118fd7ea0>
> May 29 10:57:03 hudson kernel: CR2: 0000000000000000
> May 29 10:57:03 hudson kernel: ---[ end trace f8d3aacb091ee378 ]---
> May 29 10:57:03 hudson 50mounted-tests[3434]: warning: failed to umount /var/lib/os-prober/mount
> May 29 10:57:03 hudson os-prober[3436]: debug: os detected by /usr/lib/os-probes/50mounted-tests
> May 29 10:57:03 hudson os-prober[3442]: debug: running /usr/lib/os-probes/50mounted-tests on /dev/sda2
> ...
>
> Any help diagnosing this bug would be appreciated.
>
> --
> - Jeremiah Mahler

I found the patch that introduced the bug. It was a two line change to
fuse back in 4.1.0-rc3.

From daccc092d1a24fc8e4be5dfd462703631fd8c199 Mon Sep 17 00:00:00 2001
From: Miklos Szeredi <mszeredi@xxxxxxx>
Date: Wed, 20 May 2015 15:18:58 +0200
Subject: [PATCH] fuse: initialize fc->release before calling it

fc->release is called from fuse_conn_put() which was used in the error
cleanup before fc->release was initialized.

Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxx>
Fixes: a325f9b92273 ("fuse: update fuse_conn_init() and separate out fuse_conn_kill()")
Cc: <stable@xxxxxxxxxxxxxxx> #v2.6.31+
---
fs/fuse/inode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 082ac1c..4a57f3e 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -1025,6 +1025,7 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
if (!fc)
goto err_fput;

+ fc->release = fuse_free_conn;
fuse_conn_init(fc);

fc->dev = sb->s_dev;
@@ -1040,7 +1041,6 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
fc->dont_mask = 1;
sb->s_flags |= MS_POSIXACL;

- fc->release = fuse_free_conn;
fc->flags = d.flags;
fc->user_id = d.user_id;
fc->group_id = d.group_id;
--
2.1.4

--
- Jeremiah Mahler
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen Rothwell: "linux-next: manual merge of the arm-perf tree with the tree"
Previous message: Wolfram Sang: "Re: [PATCH] I2c:smbus - Fix typo in comment."
In reply to: Jeremiah Mahler: "BUG: update-grub, unable to handle kernel NULL pointer dereference"
Next in thread: Jeremiah Mahler: "[PATCH] fuse: avoid clobbering fc->release with fuse_conn_init(fc)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]