UBI leb_write_unlock NULL pointer Oops (continuation)

Ziegler, Emanuel (Lawo AG) Emanuel.Ziegler at lawo.com
Tue Feb 18 03:25:40 EST 2014 

Hello

I am a colleague of Thorsten. We tried to activate the CONFIG_PREEMPT_NONE and the error occured again.

Unable to handle kernel NULL pointer dereference at virtual address 0000000c
pgd = c7370000
[0000000c] *pgd=8717e831, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] ARM
Modules linked in: ravenna_portctrl(O) ravenna_sync(O) ravenna_core(O) dallis_metering(O) dallis_audiorouter(O) dallis_multidrop(O) dallis_gpio(O) ravenna_fpga_core(O) marvell_lawo(O) i2c_imx fec fec_imx25_init [last unloaded: ravenna_fpga_loader]
CPU: 0    Tainted: G           O  (3.6.11 #1)
PC is at __up_write+0x34/0x16c
LR is at leb_write_unlock+0x30/0xb8
pc : [<c0205a3c>]    lr : [<c02a6bf8>]    psr: a0000093
sp : c72ffe28  ip : c79b03bc  fp : c79b9800
r10: c72fff9c  r9 : 00000499  r8 : c720cc7c
r7 : c720cc78  r6 : 00000499  r5 : c79b9800  r4 : c720cc60
r3 : 00000000  r2 : 60000013  r1 : 00000000  r0 : c720cc78
Flags: NzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 0005317f  Table: 87370000  DAC: 00000015
Process sync (pid: 7976, stack limit = 0xc72fe270)
Stack: (0xc72ffe28 to 0xc7300000)
fe20:                   c7b2e000 60000013 00000800 c720cc60 c79b9800 00000499
fe40: c7b2e000 00000800 00000499 c72fff9c c79b9800 c02a6bf8 00014800 000007c8
fe60: 0000a800 c02a7268 00000800 c0044aa0 00000000 00000000 c72fe000 60000093
fe80: 00000031 00000020 000c54e7 00000001 00000000 00000000 c79faa00 00000499
fea0: c7b2e000 00000031 00000001 c00dc620 00000000 00000031 00000031 c006612c
fec0: c72fe000 00000000 c04f4c68 00000800 0000a800 00000499 c7b2e000 00000800
fee0: c72fe000 c72fff9c 00000000 c02a61e0 0000a800 00000800 c7b28000 c7b28000
ff00: c7b2e000 0000a800 00000499 c01b96e0 00000800 00000540 c7b28000 c72fe000
ff20: c7ab7490 c7b28000 00000800 00000540 c7b28000 c01ba2ac 00000800 c7402668
ff40: c781d000 00000090 00000002 c7ab74b4 c7ab7490 c01b4be8 c7abf000 c7abf040
ff60: c7abf400 c04f9710 c00dc620 c00dc648 60008400 c00b8fd4 00000001 00000000
ff80: 00000001 be870e24 00000024 c0012b88 00000000 c00dc6f4 00000000 00000001
ffa0: 000d632c c0012a00 000d632c 00000001 00000000 be870e24 000ce4f4 000a1a38
ffc0: 000d632c 00000001 be870e24 00000024 000007c6 00000000 b6f64000 00000000
ffe0: b6ece0e0 be870c7c 000a1a48 b6ece0ec 60000010 00000000 00000000 00000000
[<c0205a3c>] (__up_write+0x34/0x16c) from [<c02a6bf8>] (leb_write_unlock+0x30/0xb8)
[<c02a6bf8>] (leb_write_unlock+0x30/0xb8) from [<c02a7268>] (ubi_eba_write_leb+0xac/0x660)
[<c02a7268>] (ubi_eba_write_leb+0xac/0x660) from [<c02a61e0>] (ubi_leb_write+0xdc/0xf0)
[<c02a61e0>] (ubi_leb_write+0xdc/0xf0) from [<c01b96e0>] (ubifs_leb_write+0x6c/0x128)
[<c01b96e0>] (ubifs_leb_write+0x6c/0x128) from [<c01ba2ac>] (ubifs_wbuf_sync_nolock+0xf8/0x324)
[<c01ba2ac>] (ubifs_wbuf_sync_nolock+0xf8/0x324) from [<c01b4be8>] (ubifs_sync_fs+0x58/0x90)
[<c01b4be8>] (ubifs_sync_fs+0x58/0x90) from [<c00dc648>] (sync_fs_one_sb+0x28/0x2c)
[<c00dc648>] (sync_fs_one_sb+0x28/0x2c) from [<c00b8fd4>] (iterate_supers+0x98/0xb4)
[<c00b8fd4>] (iterate_supers+0x98/0xb4) from [<c00dc6f4>] (sys_sync+0x48/0x98)
[<c00dc6f4>] (sys_sync+0x48/0x98) from [<c0012a00>] (ret_fast_syscall+0x0/0x2c)
Code: e5903004 e58d2004 e1580003 0a00002a (e593200c) 
---[ end trace 9e9e220ab164ad69 ]---


We also were able to reproduce the error with the activated DEBUG_LOCK_ALLOC flag, with the following results.

UBIFS error (pid 7625): ubifs_readdir: cannot find next direntry, error -22
UBIFS assert failed in ubifs_tnc_next_ent at 2776 (pid 7625)
[<c001795c>] (unwind_backtrace+0x0/0xf0) from [<c01e0318>] (ubifs_tnc_next_ent+0x18c/0x19c)
[<c01e0318>] (ubifs_tnc_next_ent+0x18c/0x19c) from [<c01d22d4>] (ubifs_readdir+0x308/0x508)
[<c01d22d4>] (ubifs_readdir+0x308/0x508) from [<c00d5914>] (vfs_readdir+0x80/0xa4)
[<c00d5914>] (vfs_readdir+0x80/0xa4) from [<c00d5ad0>] (sys_getdents64+0x64/0xc8)
[<c00d5ad0>] (sys_getdents64+0x64/0xc8) from [<c0012a20>] (ret_fast_syscall+0x0/0x2c)
UBIFS error (pid 7625): ubifs_validate_entry: bad extended attribute entry node
[<c001795c>] (unwind_backtrace+0x0/0xf0) from [<c01dce80>] (lnc_add_directly+0x78/0xc4)
[<c01dce80>] (lnc_add_directly+0x78/0xc4) from [<c01dcf80>] (matches_name+0xb4/0xcc)
[<c01dcf80>] (matches_name+0xb4/0xcc) from [<c01dcfd4>] (resolve_collision+0x3c/0x2ec)
[<c01dcfd4>] (resolve_collision+0x3c/0x2ec) from [<c01e02cc>] (ubifs_tnc_next_ent+0x140/0x19c)
[<c01e02cc>] (ubifs_tnc_next_ent+0x140/0x19c) from [<c01d22d4>] (ubifs_readdir+0x308/0x508)
[<c01d22d4>] (ubifs_readdir+0x308/0x508) from [<c00d5914>] (vfs_readdir+0x80/0xa4)
[<c00d5914>] (vfs_readdir+0x80/0xa4) from [<c00d5ad0>] (sys_getdents64+0x64/0xc8)
[<c00d5ad0>] (sys_getdents64+0x64/0xc8) from [<c0012a20>] (ret_fast_syscall+0x0/0x2c)
        magic          0x6101831
        crc            0x8ae44db2
        node_type      0 (inode node)
        group_type     0 (no node group)
        sqnum          20716
        len            160
        key            (954, inode)
        creat_sqnum    20501
        size           288
        nlink          4
        atime          1392296839.0
        mtime          1392296832.0
        ctime          1392296839.0
        uid            0
        gid            0
        mode           16893
        flags          0x1
        xattr_cnt      0
        xattr_size     0
        xattr_names    0
        compr_type     0x1
        data len       0
UBIFS error (pid 7625): ubifs_readdir: cannot find next direntry, error -22
UBIFS assert failed in ubifs_tnc_next_ent at 2776 (pid 7625)
[<c001795c>] (unwind_backtrace+0x0/0xf0) from [<c01e0318>] (ubifs_tnc_next_ent+0x18c/0x19c)
[<c01e0318>] (ubifs_tnc_next_ent+0x18c/0x19c) from [<c01d22d4>] (ubifs_readdir+0x308/0x508)
[<c01d22d4>] (ubifs_readdir+0x308/0x508) from [<c00d5914>] (vfs_readdir+0x80/0xa4)
[<c00d5914>] (vfs_readdir+0x80/0xa4) from [<c00d5ad0>] (sys_getdents64+0x64/0xc8)
[<c00d5ad0>] (sys_getdents64+0x64/0xc8) from [<c0012a20>] (ret_fast_syscall+0x0/0x2c)
UBIFS error (pid 7625): ubifs_validate_entry: bad extended attribute entry node
[<c001795c>] (unwind_backtrace+0x0/0xf0) from [<c01dce80>] (lnc_add_directly+0x78/0xc4)
[<c01dce80>] (lnc_add_directly+0x78/0xc4) from [<c01dcf80>] (matches_name+0xb4/0xcc)
[<c01dcf80>] (matches_name+0xb4/0xcc) from [<c01dcfd4>] (resolve_collision+0x3c/0x2ec)
[<c01dcfd4>] (resolve_collision+0x3c/0x2ec) from [<c01e02cc>] (ubifs_tnc_next_ent+0x140/0x19c)
[<c01e02cc>] (ubifs_tnc_next_ent+0x140/0x19c) from [<c01d22d4>] (ubifs_readdir+0x308/0x508)
[<c01d22d4>] (ubifs_readdir+0x308/0x508) from [<c00d5914>] (vfs_readdir+0x80/0xa4)
[<c00d5914>] (vfs_readdir+0x80/0xa4) from [<c00d5ad0>] (sys_getdents64+0x64/0xc8)
[<c00d5ad0>] (sys_getdents64+0x64/0xc8) from [<c0012a20>] (ret_fast_syscall+0x0/0x2c)
        magic          0x6101831
        crc            0x8ae44db2
        node_type      0 (inode node)
        group_type     0 (no node group)
        sqnum          20716
        len            160
        key            (954, inode)
        creat_sqnum    20501
        size           288
        nlink          4
        atime          1392296839.0
        mtime          1392296832.0
        ctime          1392296839.0
        uid            0
        gid            0
        mode           16893
        flags          0x1
        xattr_cnt      0
        xattr_size     0
        xattr_names    0
        compr_type     0x1
        data len       0

After the error occured the first time it seems that every ubi file access triggers the error message.

Best Regards 
Emanuel

More information about the linux-mtd mailing list