Bug 15404

Summary: unable to handle kernel NULL pointer dereference: inotify_inode_queue_event
Product: Power Management Reporter: Matthias-Christian Ott (ott)
Component: Hibernation/SuspendAssignee: power-management_other
Status: CLOSED INSUFFICIENT_DATA    
Severity: low CC: kernel, rjw, rui.zhang
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.32 Subsystem:
Regression: No Bisected commit-id:
Bug Depends on:    
Bug Blocks: 7216    

Description Matthias-Christian Ott 2010-02-26 20:51:51 UTC 
I hibernated my system, woke it up and got the following back trace.

# dmesg
[...]
[ 9283.964879] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 9283.964884] IP: [<ffffffff81114a57>] inotify_inode_queue_event+0x56/0xe8
[ 9283.964891] PGD 6d41a067 PUD 7c897067 PMD 0 
[ 9283.964895] Oops: 0000 [#1] SMP 
[ 9283.964897] last sysfs file: /sys/power/state
[ 9283.964899] CPU 1 
[ 9283.964901] Modules linked in: tun ppdev lp cryptd aes_x86_64 aes_generic cpufreq_powersave cpufreq_conservative cpufreq_stats cpufreq_userspace binfmt_misc uinput acpi_cpufreq loop firewire_sbp2 arc4 ecb snd_hda_codec_intelhdmi snd_hda_codec_realtek snd_usb_audio snd_usb_lib snd_hda_intel snd_seq_midi snd_hda_codec snd_seq_midi_event snd_rawmidi snd_pcm snd_hwdep snd_seq ath5k mac80211 snd_timer ath snd_seq_device snd cfg80211 rfkill soundcore led_class processor pcspkr i2c_i801 parport_pc snd_page_alloc parport evdev ext4 mbcache jbd2 crc16 sg sr_mod sd_mod crc_t10dif cdrom usbhid hid ata_generic ide_pci_generic ahci firewire_ohci uhci_hcd libata i915 r8169 it8213 ehci_hcd floppy firewire_core ide_core crc_itu_t scsi_mod drm_kms_helper mii drm i2c_algo_bit i2c_core video output button usbcore nls_base intel_agp agpgart thermal fan thermal_sys [last unloaded: scsi_wait_scan]
[ 9283.964965] Pid: 1623, comm: pgrep Not tainted 2.6.32-trunk-amd64 #1 C2SEA
[ 9283.964968] RIP: 0010:[<ffffffff81114a57>]  [<ffffffff81114a57>] inotify_inode_queue_event+0x56/0xe8
[ 9283.964973] RSP: 0018:ffff88007c77dee8  EFLAGS: 00010286
[ 9283.964975] RAX: 0000000000000000 RBX: fffffffffffffff0 RCX: 0000000000000000
[ 9283.964978] RDX: 0000000000008001 RSI: 0000000000000020 RDI: ffff88007d694220
[ 9283.964980] RBP: ffff88005fe6bf00 R08: 0000000000000000 R09: ffff88007a5e50c0
[ 9283.964983] R10: ffff88007c77de48 R11: ffffffff8114f739 R12: ffff88007bd0db40
[ 9283.964985] R13: ffff88007d694030 R14: 0000000000000005 R15: ffff88007d694220
[ 9283.964989] FS:  00007febe424f6f0(0000) GS:ffff880001880000(0000) knlGS:0000000000000000
[ 9283.964991] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 9283.964994] CR2: 0000000000000000 CR3: 0000000066f8e000 CR4: 00000000000406e0
[ 9283.964996] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 9283.964999] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 9283.965002] Process pgrep (pid: 1623, threadinfo ffff88007c77c000, task ffff88007b4f0e20)
[ 9283.965004] Stack:
[ 9283.965005]  ffff88007c58d600 0000000000000000 0000000000000000 0000002000000000
[ 9283.965009] <0> ffff88007d694210 0000000000000020 ffff88005fe6bf00 ffff88007bd0db40
[ 9283.965013] <0> ffff88007d694030 0000000000000005 ffff88003785d000 ffffffff810ea620
[ 9283.965018] Call Trace:
[ 9283.965022]  [<ffffffff810ea620>] ? do_sys_open+0xa6/0xfc
[ 9283.965027]  [<ffffffff81010b02>] ? system_call_fastpath+0x16/0x1b
[ 9283.965029] Code: 89 44 24 20 48 39 87 e0 01 00 00 0f 84 9d 00 00 00 4c 8d bf f0 01 00 00 4c 89 ff e8 a5 16 1d 00 48 8b 83 e0 01 00 00 48 8d 58 f0 <48> 8b 43 10 eb 58 44 8b 63 3c 44 85 64 24 1c 74 46 48 8b 6b 28 
[ 9283.965060] RIP  [<ffffffff81114a57>] inotify_inode_queue_event+0x56/0xe8
[ 9283.965064]  RSP <ffff88007c77dee8>
[ 9283.965066] CR2: 0000000000000000
[ 9283.965068] ---[ end trace f0842adb54e2e6bd ]---
Comment 1 Rafael J. Wysocki 2010-02-26 21:36:10 UTC 
If this problem is not reproducible, it will be extremely difficult to track down.
Comment 2 Milko Krachounov 2010-08-10 10:04:14 UTC 
I get similar Oops when trying to start an inotify-using program shortly after resume. I'm not sure if it is the same reason as this bug, but the two Oopses seem surprisingly similar, and I was told that I should report it, so I put it here as a comment. What additional data could be useful? Also, is there something I could do to get more data, should it happen again?

[140563.090750] BUG: unable to handle kernel NULL pointer dereference at (null)
[140563.090756] IP: [<ffffffff81115cff>] inotify_inode_queue_event+0x56/0xe8
[140563.090766] PGD 24c638067 PUD 10a299067 PMD 0 
[140563.090771] Oops: 0000 [#1] SMP 
[140563.090774] last sysfs file: /sys/power/state
[140563.090778] CPU 1 
[140563.090780] Modules linked in: usb_storage nfs lockd fscache nfs_acl auth_rpcgss sunrpc parport_pc ppdev acpi_cpufreq lp cpufreq_powersave parport cpufreq_conservative cpufreq_userspace cpufreq_stats sco bnep rfcomm l2cap vboxnetadp vboxnetflt vboxdrv uinput xt_tcpudp ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 ip_tables x_tables fuse ext4 jbd2 crc16 firewire_sbp2 loop snd_emu10k1_synth snd_emux_synth snd_seq_virmidi snd_seq_midi_emul snd_hda_codec_analog tuner_simple tuner_types tuner snd_emu10k1 tvaudio tda7432 bttv snd_ac97_codec ac97_bus snd_hda_intel snd_util_mem snd_hda_codec snd_pcm_oss snd_mixer_oss snd_pcm snd_hwdep snd_seq_midi snd_rawmidi v4l2_common videodev snd_seq_midi_event v4l1_compat snd_seq v4l2_compat_ioctl32 cdc_ether snd_timer btusb snd_seq_device usbnet ir_common videobuf_dma_sg videobuf_core snd btcx_risc bluetooth asus_atk0110 mii tveeprom rfkill soundcore i2c_i801 psmouse processor serio_raw emu10k1_gp snd_page_alloc gameport pcspkr evdev ext3 jbd mbcache raid456 async_raid6_recov async_pq raid6_pq async_xor xor async_memcpy async_tx raid1 raid0 md_mod sg sr_mod sd_mod i915 drm_kms_helper crc_t10dif cdrom drm firewire_ohci firewire_core ata_generic usbhid hid uhci_hcd floppy crc_itu_t i2c_algo_bit ahci pata_jmicron button libata ehci_hcd scsi_mod skge thermal usbcore nls_base i2c_core video thermal_sys output [last unloaded: scsi_wait_scan]
[140563.090902] Pid: 15253, comm: kopete Not tainted 2.6.32-5-amd64 #1 System Product Name
[140563.090905] RIP: 0010:[<ffffffff81115cff>]  [<ffffffff81115cff>] inotify_inode_queue_event+0x56/0xe8
[140563.090912] RSP: 0018:ffff8801ee515ee8  EFLAGS: 00010286
[140563.090915] RAX: 0000000000000000 RBX: fffffffffffffff0 RCX: 0000000000000000
[140563.090918] RDX: 0000000000088001 RSI: 0000000000000020 RDI: ffff88027af8f220
[140563.090921] RBP: ffff88023ec22840 R08: 0000000000000000 R09: ffff8801605a5180
[140563.090924] R10: ffff8801ee515e48 R11: ffffffff811511c1 R12: ffff880128dd9240
[140563.090928] R13: ffff88027af8f028 R14: 000000000000000e R15: ffff88027af8f220
[140563.090932] FS:  00007fe4addfe760(0000) GS:ffff880008a80000(0000) knlGS:0000000000000000
[140563.090935] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[140563.090938] CR2: 0000000000000000 CR3: 0000000257fd5000 CR4: 00000000000006e0
[140563.090941] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[140563.090945] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[140563.090948] Process kopete (pid: 15253, threadinfo ffff8801ee514000, task ffff8801b5a9f810)
[140563.090951] Stack:
[140563.090953]  ffff8802447f42c0 0000000000000000 0000000000000000 0000002000000000
[140563.090957] <0> ffff88027af8f210 0000000000000020 ffff88023ec22840 ffff880128dd9240
[140563.090963] <0> ffff88027af8f028 000000000000000e ffff88019edcf000 ffffffff810eb584
[140563.090968] Call Trace:
[140563.090974]  [<ffffffff810eb584>] ? do_sys_open+0xa6/0xfc
[140563.090979]  [<ffffffff81010b42>] ? system_call_fastpath+0x16/0x1b
[140563.090982] Code: 89 44 24 20 48 39 87 e8 01 00 00 0f 84 9d 00 00 00 4c 8d bf f8 01 00 00 4c 89 ff e8 04 26 1e 00 48 8b 83 e8 01 00 00 48 8d 58 f0 <48> 8b 43 10 eb 58 44 8b 63 3c 44 85 64 24 1c 74 46 48 8b 6b 28 
[140563.091020] RIP  [<ffffffff81115cff>] inotify_inode_queue_event+0x56/0xe8
[140563.091025]  RSP <ffff8801ee515ee8>
[140563.091027] CR2: 0000000000000000
[140563.091031] ---[ end trace 8357f91c081e3c99 ]---
Comment 3 Rafael J. Wysocki 2011-01-16 22:26:27 UTC 
Is the problem still present in 2.6.37?
Comment 4 Zhang Rui 2012-01-18 01:59:25 UTC 
Bug closed as there is no response from the bug reporter.
Please feel free to re-open it if the problem still exists in the latest upstream kernel.