Re: Oops after merge of tty-next

From: Ian Abbott
Date: Mon Jul 23 2012 - 10:51:10 EST


On 2012-07-21 23:41, Alan Cox wrote:
On Fri, 20 Jul 2012 23:07:06 +0100
Ian Abbott <abbotti@xxxxxxxxx> wrote:

I'm getting an Oops in the linux-next tree today after the merge of the
remote-tracking branch 'tty/tty-next'. I bisected it down to commit
36b3c070d2346c890d690d71f6eab02f8c511137 in
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git :

tty: Move the handling of the tty release logic

Ok that's not improbable, I thought I had them all nailed.

Sorry, I don't have a copy of the Oops right now, but it's failing
somewhere in tty_open() or check_tty_count() during system boot,
probably when getty opens one of the vc tty devices.

That would be more surprising as its a path I tested a lot but strange
things occur. What may also be very important is to know what distro you
are using.

Sorry for the late reply. I'm using Gentoo Linux built from source for ~amd64 (unstable).

I've grabbed a few Oops messages (transcribed from photographs, I have the slightly blurry photos to go with the attached text files if needed). The kernel was built from the actual commit point mentioned in the original post. I can provide the kernel binary if needed for disassembly.

The crashes all seem to be while the devfs process is running. One thing strange I noticed is that I'm using Gentoo's "OpenRC" boot system, but the crashes only occur when it is configured to start services in parallel (rc_parallel="YES" in /etc/rc.conf).

--
-=( Ian Abbott @ MEV Ltd. E-mail: <abbotti@xxxxxxxxx> )=-
-=( Tel: +44 (0)161 477 1898 FAX: +44 (0)161 718 3587 )=-
BUG: unable to handle kernel NULL pointer dereference at 0000000000000098
IP: [<ffffffff811ea734>] tty_reopen+0x3a/0x9e
PGD 139ea8067 PUD 139e81067 PMD 0
Oops: 0000 [#1] SMP
CPU 0
Modules linked in: snd_hda_codec_analog sr_mod cdrom powernow_k8 mperf freq_table kvm_amd ehci_hcd snd_hda_intel snd_hda_codec snd_pcm pata_amd kvm forcedeth ohci_amd usbcore usb_common k8temp snd_page_alloc snd_timer snd soundcore

Pid: 1287, comm: devfs Not tainted 3.5.0-rc7-ija1+ #94 System manufacturer System Product Name/M2N-E
RIP: 0010:[<ffffffff811ea734>] [<ffffffff811ea734>] tty_reopen+0x3a/0x9e
RSP: 0018:ffff880139ea1bc8 EFLAGS: 00010246
RAX: 00000000fffffffb RBX: ffff880139e4e800 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff880139e4e838 RDI: ffff880139d8c000
RBP: ffff880139ea1bd8 R08: ffff880139ea1e58 R09: 00007fffffffffff
R10: 00007fffffffffff R11: ffff880139ea1de0 R12: ffff880139d8c000
R13: 0000000000200001 R14: ffff88013a18b690 R15: 0000000000008002
FS: 00007f80396d6700(0000) GS:ffff88013fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000098 CR3: 0000000139ea2000 CR4: 00000000000007f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process devfs (pid: 1287, threadinfo ffff880139ea0000, task ffff88013a18b690)
Stack:
ffff880139e4e800 ffff88013a80abf8 ffff880139ea1c48 ffffffff811ed0d7
ffff880139d8c000 ffff880139e4e838 fffffffb39ea1c28 ffff88013a813c00
0000000000000072 0000000100000000 ffff880139ea1c48 ffff88013a80abf8
Call Trace:
[<ffffffff811ed0d7>] tty_open+0x132/0x37a
[<ffffffff810dd841>] chrdev_open+0x120/0x149
[<ffffffff810dd721>] ? cdev_put+0x20/0x20
[<ffffffff810d8f22>] do_dentry_open.isra.18+0x162/0x231
[<ffffffff810d9bb1>] nameidata_to_filp+0x3d/0x7f
[<ffffffff810e594e>] do_last+0x546/0x6f1
[<ffffffff810e61ff>] path_openat+0xc7/0x359
[<ffffffff810c27f3>] ? handle_mm_fault+0x162/0x177
[<ffffffff810e657a>] do_filp_open+0x33/0x81
[<ffffffff810effe5>] ? alloc_fd+0x6d/0xfc
[<ffffffff810d9cf3>] do_sys_open+0x100/0x192
[<ffffffff810d9da1>] sys_open+0x1c/0x1e
[<ffffffff813efa22>] system_call_fastpath+0x16/0x1b
Code: 48 8b 8f 28 01 00 00 48 8b 57 10 80 e1 80 75 7a 48 8b 8f 28 01 00 00 f7 c1 00 00 20 00 75 6b 48 8b 8f 28 01 00 00 80 e5 04 75 5f <81> ba 98 00 00 00 04 00 01 00 75 16 83 bf 30 01 00 00 00 75 4a
RIP [<ffffffff811ea734>] tty_reopen+0x3a/0x9e
RSP <ffff880139ea1bc8>
CR2: 0000000000000098
---[ end trace 9bcec26548bea90d ]---
general protection fault: 0000 [#1] SMP
CPU 0
Modules linked in: snd_hda_codec_analog snd_hda_intel snd_hda_codec snd_pcm snd_page_alloc sr_mod forcedeth cdrom snd_timer snd powernow_k8 ohci_hcd mperf ehci_hcd freq_table kvm_amd usbcore kvm usb_common k8temp soundcore pata_amd

Pid: 1287, comm: devfs Tainted: G W 3.5.0-rc7-ija1+ #94 System manufacturer System Product Name/M2N-E
RIP: 0010:[<ffffffff811ea975>] [<ffffffff811ea975>] check_tty_count+0x36/0xa0
RSP: 0018:ffff880139eafbb8 EFLAGS: 00010203
RAX: 65742e746978652e RBX: 0000000000000002 RCX: 0000000000000000
RDX: ffff880139db7a08 RSI: ffffffff8142a000 RDI: ffffffff817ca2c8
RBP: ffff880139eafbd8 R08: ffffffff8142a000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff880139db7800
R13: 0000000000200002 R14: ffff88013aa9b690 R15: 0000000000008002
FS: 00007f945d5c8700(0000) GS:ffff88013fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f945c7abac1 CR3: 0000000139eb5000 CR4: 00000000000007f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process devfs (pid 1287, threadinfo ffff880139eae000, task ffff88013aa9b690)
Stack:
ffff880139eafbd8 ffffffff8142a000 ffff880139e71500 ffff88013b3c70a8
ffff880139eafc48 ffffffff811ed15d ffff880139db7800 ffff880139e71538
fffffffb39eafc28 ffff88013b1e8000 00000000000000af 0000000200000000
Call Trace:
[<ffffffff811ed15d>] tty_open+0x1b8/0x37a
[<ffffffff810dd841>] chrdev_open+0x120/0x149
[<ffffffff810dd721>] ? cdev_put+0x20/0x20
[<ffffffff810d8f22>] do_dentry_open.isra.18+0x162/0x231
[<ffffffff810d9bb1>] nameidata_to_filp+0x3d/0x7f
[<ffffffff810e594e>] do_last+0x546/0x6f1
[<ffffffff810e61ff>] path_openat+0xc7/0x359
[<ffffffff810c27f3>] ? handle_mm_fault+0x162/0x177
[<ffffffff810e657a>] do_filp_open+0x33/0x81
[<ffffffff810effe5>] ? alloc_fd+0x6d/0xfc
[<ffffffff810d9cf3>] do_sys_open+0x100/0x192
[<ffffffff810d9da1>] sys_open+0x1c/0x1e
[<ffffffff813efa22>] system_call_fastpath+0x16/0x1b
Code: c7 c8 a2 7c 81 53 31 db 48 83 ec 10 48 89 75 e8 e8 36 e9 1f 00 49 8b 84 24 08 02 00 00 49 8d 94 24 08 02 00 00 4c 8b 45 e8 eb 05 <48> 8b 00 ff c3 48 39 d0 75 f6 80 05 42 f9 5d 00 01 49 8b 44 24
RIP [<ffffffff811ea975>] check_tty_count+0x36/0xa0
RSP <ffff880139eafbb8>
---[ end trace 777fdcbd2ab06483 ]---
BUG: unable to handle kernel paging request at 000000010400009c
IP: [<ffffffff811ea734>] tty_reopen+0x3a/0x9e
PGD 139ebc067 PUD 0
Oops: 0000 [#1] SMP
CPU 0
Modules linked in: snd_hda_codec_analog ehci_hcd forcedeth snd_hda_intel snd_hda_codec snd_pcm sr_mod snd_page_alloc snd_timer cdrom powernow_k8 snd ohci_hcd mperf freq_table kvm_amd kvm usbcore k8temp soundcore pata_amd usb_common

Pid: 1287, comm: devfs Not tainted 3.5.0-rc7-ija1+ #94 System manufacturer System Product Name/M2N-E
RIP: 0010:[<ffffffff811ea734>] [<ffffffff811ea734>] tty_reopen+0x3a/0x9e
RSP: 0018:ffff880139eabbc8 EFLAGS: 00010246
RAX: 00000000fffffffb RBX: ffff8801384d6300 RCX: 0000000000000000
RDX: 0000000104000004 RSI: ffff8801384d6338 RDI: ffff88013a1a4800
RBP: ffff880139eabbd8 R08: ffff880139eabe58 R09: 00007fffffffffff
R10: 00007fffffffffff R11: ffff880139eabde0 R12: ffff88013a1a4800
R13: 0000000000200002 R14: ffff88013a0b8610 R15: 0000000000008002
FS: 00007f9988343700(0000) GS:ffff88013fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000010400009c CR3: 0000000139eae000 CR4: 00000000000007f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process devfs (pid: 1287, threadinfo ffff880139eaa000, task ffff88013a0b8610)
Stack:
ffff8801384d6300 ffff88013a802e50 ffff880139eabc48 ffffffff811ed0d7
ffff88013a1a4800 ffff8801384d6338 fffffffb39eabc28 ffff88013a80bc00
0000000000000050 0000000200000000 ffff880139eabc48 ffff88013a802e50
Call Trace:
[<ffffffff811ed0d7>] tty_open+0x132/0x37a
[<ffffffff810dd841>] chrdev_open+0x120/0x149
[<ffffffff810dd721>] ? cdev_put+0x20/0x20
[<ffffffff810d8f22>] do_dentry_open.isra.18+0x162/0x231
[<ffffffff810d9bb1>] nameidata_to_filp+0x3d/0x7f
[<ffffffff810e594e>] do_last+0x546/0x6f1
[<ffffffff810e61ff>] path_openat+0xc7/0x359
[<ffffffff810c27f3>] ? handle_mm_fault+0x162/0x177
[<ffffffff810e657a>] do_filp_open+0x33/0x81
[<ffffffff810effe5>] ? alloc_fd+0x6d/0xfc
[<ffffffff810d9cf3>] do_sys_open+0x100/0x192
[<ffffffff810d9da1>] sys_open+0x1c/0x1e
[<ffffffff813efa22>] system_call_fastpath+0x16/0x1b
Code: 48 8b 8f 28 01 00 00 48 8b 57 10 80 e1 80 75 7a 48 8b 8f 28 01 00 00 f7 c1 00 00 20 00 75 6b 48 8b 8f 28 01 00 00 80 e5 04 75 5f <81> ba 98 00 00 00 04 00 01 00 75 16 83 bf 30 01 00 00 00 75 4a
RIP [<ffffffff811ea734>] tty_reopen+0x3a/0x9e
RSP <ffff880139eabbc8>
CR2: 000000010400009c
---[ end trace 3ae581f91590274 ]---