Bug 29202

Summary: 2.6.38-rc: fuse BUG, maybe related to detaching external usb drive without umounting
Product: File System Reporter: Florian Mickler (florian)
Component: OtherAssignee: fs_other
Status: CLOSED CODE_FIX    
Severity: normal CC: acpi-bugzilla, acpi_power-battery, caravena, florian, kovariadam, maciej.rutecki, miklos, phill, rjw, rockorequin, tj
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.38-rc3 Subsystem:
Regression: Yes Bisected commit-id:
Bug Depends on:    
Bug Blocks: 27352    
Attachments: Tested fix

Description Florian Mickler 2011-02-15 22:05:47 UTC
This entry is used to track the second(?) issue of bug #28642. It should be closed when the issue is fixed in the mainline kernel.  

In https://bugzilla.kernel.org/show_bug.cgi?id=28642#c7 Adam Kovari wrote:
> In the dmesg I attached, there is one more trace which is something about
> fs/inode. That I find strange, so I just put it here too:
> 
> ------------[ cut here ]------------
> kernel BUG at fs/inode.c:1421!
> invalid opcode: 0000 [#2] PREEMPT SMP 
> last sysfs file:
>
> /sys/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/block/sda/uevent
> CPU 0 
> Modules linked in: tun ipv6 snd_hda_codec_hdmi ses snd_hda_codec_idt arc4
> enclosure ecb snd_hda_intel iwlagn i915 usb_storage snd_hda_codec uvcvideo
> videodev iwlcore drm_kms_helper sdhci_pci mac80211 uas v4l2_compat_ioctl32
> drm
> snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device
> snd_pcm_oss
> snd_hwdep sdhci iTCO_wdt intel_agp lp firewire_ohci dell_wmi i2c_algo_bit
> sparse_keymap snd_mixer_oss ppdev ehci_hcd i2c_i801 mmc_core usbcore
> parport_pc
> processor cfg80211 parport i2c_core iTCO_vendor_support sg wmi dell_laptop
> intel_ips firewire_core e1000e snd_pcm intel_gtt battery button video
> container
> ac serio_raw psmouse pcspkr evdev dcdbas rfkill snd_timer snd soundcore
> snd_page_alloc crc_itu_t fuse ext4 mbcache jbd2 crc16 sr_mod cdrom sd_mod
> ahci
> libahci libata scsi_mod
> 
> Pid: 11485, comm: umount Tainted: G      D W   2.6.38-rc3-mainline #1
> 0667CC/Latitude E6410
> RIP: 0010:[<ffffffff8114b6f0>]  [<ffffffff8114b6f0>] iput+0x240/0x2a0
> RSP: 0018:ffff88011556dda8  EFLAGS: 00010202
> RAX: 0000000000000000 RBX: ffff880117828800 RCX: 0000000000000000
> RDX: 0000000000000016 RSI: ffffffff8155d480 RDI: ffff880117828800
> RBP: ffff88011556ddb8 R08: fffffffcfffffffc R09: fffffffcfffffffc
> R10: 00032034fffffffc R11: fffffff0fffffff8 R12: 0000000000000000
> R13: 0000000000000083 R14: ffff880117828720 R15: ffff880117828380
> FS:  00007fbcf1e02740(0000) GS:ffff8800db400000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: 00007f0448176fc0 CR3: 0000000116e71000 CR4: 00000000000006f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Process umount (pid: 11485, threadinfo ffff88011556c000, task
> ffff8801154ecc50)
> Stack:
>  ffff880117828700 0000000000000000 ffff88011556de08 ffffffff811659a7
>  ffff88011556ddf8 ffffffffa0026e80 ffff88011556df28 ffff880117828700
>  0000000000000083 ffff880117828720 ffff88011556df01 ffff880001813000
> Call Trace:
>  [<ffffffff811659a7>] __blkdev_put+0x137/0x1c0
>  [<ffffffff81165b01>] blkdev_put+0xd1/0x170
>  [<ffffffff811345f9>] kill_block_super+0x49/0x80
>  [<ffffffffa011f98d>] fuse_kill_sb_blk+0x4d/0x60 [fuse]
>  [<ffffffff81134955>] deactivate_locked_super+0x45/0x60
>  [<ffffffff81135735>] deactivate_super+0x45/0x60
>  [<ffffffff8114fc8a>] mntput_no_expire+0x9a/0xe0
>  [<ffffffff81150787>] sys_umount+0x67/0x390
>  [<ffffffff8100bdd2>] system_call_fastpath+0x16/0x1b
> Code: 41 00 83 05 c6 86 5f 00 01 48 89 05 6b 48 41 00 48 89 42 08 48 89 93 88
> 00 00 00 48 c7 83 90 00 00 00 40 ff 55 81 e9 4f fe ff ff <0f> 0b be 6e 05 00
> 00
> 48 c7 c7 0a f8 47 81 e8 8d b3 f0 ff 48 8b 
> RIP  [<ffffffff8114b6f0>] iput+0x240/0x2a0
>  RSP <ffff88011556dda8>
> dell-wmi: Received unknown WMI event (0x11)
> e1000e: eth0 NIC Link is Up 100 Mbps Full Duplex, Flow Control: None
> e1000e 0000:00:19.0: eth0: 10/100 speed: disabling TSO
> ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
> ---[ end trace bc079d007ab92181 ]---
Comment 1 Miklos Szeredi 2011-02-18 11:33:37 UTC
bug 29352 is a duplicate of this
Comment 2 Rafael J. Wysocki 2011-02-18 17:42:51 UTC
*** Bug 29352 has been marked as a duplicate of this bug. ***
Comment 3 Adam Kovari 2011-02-19 13:26:14 UTC
New stack trace from -rc5:


------------[ cut here ]------------
kernel BUG at fs/inode.c:1421!
invalid opcode: 0000 [#2] PREEMPT SMP 
last sysfs file: /sys/devices/pci0000:00/0000:00:19.0/net/eth0/carrier
CPU 3 
Modules linked in: aesni_intel cryptd aes_x86_64 aes_generic ses enclosure usb_storage uas uvcvideo videodev v4l2_compat_ioctl32 snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss arc4 ecb snd_hda_codec_hdmi iwlagn i915 iwlcore drm_kms_helper snd_hda_codec_idt drm mac80211 ehci_hcd snd_hda_intel ppdev snd_hda_codec e1000e serio_raw firewire_ohci pcspkr psmouse i2c_algo_bit cfg80211 parport_pc usbcore ipv6 dell_wmi dell_laptop firewire_core sg lp iTCO_wdt sdhci_pci iTCO_vendor_support sdhci video evdev dcdbas sparse_keymap intel_agp i2c_i801 parport intel_gtt i2c_core mmc_core ac processor button container intel_ips battery wmi snd_hwdep snd_pcm rfkill snd_timer snd soundcore snd_page_alloc crc_itu_t fuse ext4 mbcache jbd2 crc16 sr_mod cdrom sd_mod ahci libahci libata scsi_mod

Pid: 4313, comm: umount Tainted: G      D W   2.6.38-rc5-mainline #1 Dell Inc. Latitude E6410/0667CC
RIP: 0010:[<ffffffff8114c5f0>]  [<ffffffff8114c5f0>] iput+0x240/0x2a0
RSP: 0018:ffff880070bcbda8  EFLAGS: 00010202
RAX: 0000000000000000 RBX: ffff880117a70b80 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81562580 RDI: ffff880117a70b80
RBP: ffff880070bcbdb8 R08: 2222222222222222 R09: 2222222222222222
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000083 R14: ffff880117a70aa0 R15: ffff880117828a80
FS:  00007f35b184a740(0000) GS:ffff8800db4c0000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000001c0f0a8 CR3: 0000000116d43000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process umount (pid: 4313, threadinfo ffff880070bca000, task ffff88008ee6b780)
Stack:
 ffff880117a70a80 0000000000000000 ffff880070bcbe08 ffffffff811668a7
 ffff880070bcbdf8 ffffffffa0026e80 ffff880070bcbf28 ffff880117a70a80
 0000000000000083 ffff880117a70aa0 ffff880070bcbf01 ffff88011577d000
Call Trace:
 [<ffffffff811668a7>] __blkdev_put+0x137/0x1c0
 [<ffffffff81166a01>] blkdev_put+0xd1/0x170
 [<ffffffff811354c9>] kill_block_super+0x49/0x80
 [<ffffffffa012198d>] fuse_kill_sb_blk+0x4d/0x60 [fuse]
 [<ffffffff81135825>] deactivate_locked_super+0x45/0x70
 [<ffffffff81136615>] deactivate_super+0x45/0x60
 [<ffffffff81150b8a>] mntput_no_expire+0x9a/0xe0
 [<ffffffff81151687>] sys_umount+0x67/0x390
 [<ffffffff8100bdd2>] system_call_fastpath+0x16/0x1b
Code: 41 00 83 05 c6 97 5f 00 01 48 89 05 6b 8a 41 00 48 89 42 08 48 89 93 88 00 00 00 48 c7 83 90 00 00 00 40 50 56 81 e9 4f fe ff ff <0f> 0b be 6e 05 00 00 48 c7 c7 9a 09 48 81 e8 cd b3 f0 ff 48 8b 
RIP  [<ffffffff8114c5f0>] iput+0x240/0x2a0
 RSP <ffff880070bcbda8>
dell-wmi: Received unknown WMI event (0x11)
[drm:ironlake_crtc_disable] *ERROR* failed to disable transcoder
---[ end trace d096156fa0643175 ]---
Comment 4 Rafael J. Wysocki 2011-02-19 13:45:27 UTC
Hmm.  That may be fixed in the current Linus' tree, by patches that went in
after -rc5.
Comment 5 Adam Kovari 2011-02-20 11:10:30 UTC
This does not happen with vfat drive. It is not fixed in -rc5.
Comment 6 Rafael J. Wysocki 2011-02-20 11:29:15 UTC
Well, clearly FUSE is involved then.  Reassigning.
Comment 7 Rafael J. Wysocki 2011-02-20 11:31:09 UTC
It still would be good to verify if -rc6 still has the problem, when it's out,
there have been a few fixes in the VFS area merged since -rc5.
Comment 8 Cristian Aravena Romero 2011-02-20 22:49:31 UTC
See: bug #29492 , It is not fixed in -rc5
Comment 9 Adam Kovari 2011-02-23 17:40:18 UTC
It is not fixed in -rc6.
Comment 10 Miklos Szeredi 2011-02-24 13:47:51 UTC
Created attachment 48872 [details]
Tested fix
Comment 11 Rafael J. Wysocki 2011-02-24 18:26:33 UTC
Handled-By : Miklos Szeredi <miklos@szeredi.hu>
Patch : https://bugzilla.kernel.org/attachment.cgi?id=48872
Comment 12 Alasdair G Kergon 2011-02-24 22:30:11 UTC
*** Bug 29792 has been marked as a duplicate of this bug. ***
Comment 13 Florian Mickler 2011-03-04 23:53:49 UTC
merged in .38-rc7: 
commit 3c522cedb572bb8d2e4867f358bdaa7d0c53d88c
Author: Miklos Szeredi <mszeredi@suse.cz>
Date:   Thu Feb 24 15:45:41 2011 +0100

    block: fix refcounting in BLKBSZSET
Comment 14 Cristian Aravena Romero 2011-06-11 15:05:20 UTC
*** Bug 29492 has been marked as a duplicate of this bug. ***