Bug#354277: kernel-image-2.6-686: kernel null pointer dereference
Package: kernel-image-2.6-686
Version: 1:2.6.15-4
Severity: important
Running Debian Testing:
Kernel: kernel-image-2.6-686 2.6.15-4
On startup, I get a kernel NULL pointer dereference error, and the same
error on shutdown (reboot). On shutdown however it is immediately
followed by a seg fault, and i have to ctrl-D to enter into root, then
my machine stops responding.
Ethernet works fine however, but it seems to cause some crash in the
kernel. Here is ksymoops output from kern.log
Feb 24 15:20:31 localhost kernel: lo: Disabled Privacy Extensions
Feb 24 16:37:44 localhost kernel: 8139cp: 10/100 PCI Ethernet driver
v1.2 (Mar 22, 2004)
Feb 24 16:37:44 localhost kernel: 8139cp: pci dev 0000:02:09.0 (id
10ec:8139 rev 10) is not an 8139C+ compatible chip
Feb 24 16:37:44 localhost kernel: 8139cp: Try the "8139too" driver
instead.
Feb 24 16:37:44 localhost kernel: 8139too Fast Ethernet driver 0.9.27
Feb 24 16:37:44 localhost kernel: Unable to handle kernel NULL pointer
dereference at virtual address 00000000
Feb 24 16:37:44 localhost kernel: c01791c3
Feb 24 16:37:44 localhost kernel: *pde = 00000000
Feb 24 16:37:44 localhost kernel: Oops: 0000 [#1]
Feb 24 16:37:44 localhost kernel: CPU: 0
Feb 24 16:37:44 localhost kernel: EIP: 0060:[sysfs_lookup+40/137]
Not tainted VLI
Feb 24 16:37:44 localhost kernel: EFLAGS: 00010246 (2.6.15-1-686)
Feb 24 16:37:44 localhost kernel: eax: 00000000 ebx: d792b2f4 ecx:
d7a468bc edx: d792b2f4
Feb 24 16:37:44 localhost kernel: esi: 00000000 edi: d68eb17c ebp:
d68eb118 esp: d6f33db4
Feb 24 16:37:44 localhost kernel: ds: 007b es: 007b ss: 0068
Feb 24 16:37:44 localhost kernel: Stack: d792b2f4 d792b31c fffffff4
d68eb118 d72b0a6c d6f33e40 c0151dfa d72b0a6c
Feb 24 16:37:44 localhost kernel: d68eb118 d6f33f48 d72b0adc
00000000 d6f33f48 d6f33e4c d7fb3220 c0152037
Feb 24 16:37:44 localhost kernel: d7a46888 d6f33e40 d6f33f48
1225ab52 d72b0a6c d735f01d d6f33f48 c015270b
Feb 24 16:37:44 localhost kernel: Call Trace:
Warning (Oops_read): Code line not seen, dumping what data is available
>>ebx; d792b2f4 <pg0+175e02f4/3fcb3400>
>>ecx; d7a468bc <pg0+176fb8bc/3fcb3400>
>>edx; d792b2f4 <pg0+175e02f4/3fcb3400>
>>edi; d68eb17c <pg0+165a017c/3fcb3400>
>>ebp; d68eb118 <pg0+165a0118/3fcb3400>
>>esp; d6f33db4 <pg0+16be8db4/3fcb3400>
Feb 24 16:37:44 localhost kernel: Code: 31 c0 c3 55 57 56 53 57 8b 6c 24
1c 8b 45 14 8b 40 50 89 04 24 8b 58 0c eb 53 f6 43 18 2c 74 4a 53 e8 4e
f2 ff ff 8b 7d 20 89 c6 <ac> ae 75 08 84 c0 75 f8 31 c0 eb 04 19 c0 0c
01 85 c0 5e 75 2a
Code; ffffffd5 <__kernel_rt_sigreturn+1b95/????>
00000000 <_EIP>:
Code; ffffffd5 <__kernel_rt_sigreturn+1b95/????>
0: 31 c0 xor %eax,%eax
Code; ffffffd7 <__kernel_rt_sigreturn+1b97/????>
2: c3 ret
Code; ffffffd8 <__kernel_rt_sigreturn+1b98/????>
3: 55 push %ebp
Code; ffffffd9 <__kernel_rt_sigreturn+1b99/????>
4: 57 push %edi
Code; ffffffda <__kernel_rt_sigreturn+1b9a/????>
5: 56 push %esi
Code; ffffffdb <__kernel_rt_sigreturn+1b9b/????>
6: 53 push %ebx
Code; ffffffdc <__kernel_rt_sigreturn+1b9c/????>
7: 57 push %edi
Code; ffffffdd <__kernel_rt_sigreturn+1b9d/????>
8: 8b 6c 24 1c mov 0x1c(%esp),%ebp
Code; ffffffe1 <__kernel_rt_sigreturn+1ba1/????>
c: 8b 45 14 mov 0x14(%ebp),%eax
Code; ffffffe4 <__kernel_rt_sigreturn+1ba4/????>
f: 8b 40 50 mov 0x50(%eax),%eax
Code; ffffffe7 <__kernel_rt_sigreturn+1ba7/????>
12: 89 04 24 mov %eax,(%esp)
Code; ffffffea <__kernel_rt_sigreturn+1baa/????>
15: 8b 58 0c mov 0xc(%eax),%ebx
Code; ffffffed <__kernel_rt_sigreturn+1bad/????>
18: eb 53 jmp 6d <_EIP+0x6d>
Code; ffffffef <__kernel_rt_sigreturn+1baf/????>
1a: f6 43 18 2c testb $0x2c,0x18(%ebx)
Code; fffffff3 <__kernel_rt_sigreturn+1bb3/????>
1e: 74 4a je 6a <_EIP+0x6a>
Code; fffffff5 <__kernel_rt_sigreturn+1bb5/????>
20: 53 push %ebx
Code; fffffff6 <__kernel_rt_sigreturn+1bb6/????>
21: e8 4e f2 ff ff call fffff274 <_EIP+0xfffff274>
Code; fffffffb <__kernel_rt_sigreturn+1bbb/????>
26: 8b 7d 20 mov 0x20(%ebp),%edi
Code; fffffffe <__kernel_rt_sigreturn+1bbe/????>
29: 89 c6 mov %eax,%esi
Code; 00000000 Before first symbol
2b: ac lods %ds:(%esi),%al
Code; 00000001 Before first symbol
2c: ae scas %es:(%edi),%al
Code; 00000002 Before first symbol
2d: 75 08 jne 37 <_EIP+0x37>
Code; 00000004 Before first symbol
2f: 84 c0 test %al,%al
Code; 00000006 Before first symbol
31: 75 f8 jne 2b <_EIP+0x2b>
Code; 00000008 Before first symbol
33: 31 c0 xor %eax,%eax
Code; 0000000a Before first symbol
35: eb 04 jmp 3b <_EIP+0x3b>
Code; 0000000c Before first symbol
37: 19 c0 sbb %eax,%eax
Code; 0000000e Before first symbol
39: 0c 01 or $0x1,%al
Code; 00000010 Before first symbol
3b: 85 c0 test %eax,%eax
Code; 00000012 Before first symbol
3d: 5e pop %esi
Code; 00000013 Before first symbol
3e: 75 2a jne 6a <_EIP+0x6a>
Feb 24 16:37:44 localhost kernel: lo: Disabled Privacy Extensions
6 warnings and 1 error issued. Results may not be reliable.
************************************************************
Here is output of lspci -vv
************************************************************
0000:00:00.0 Host bridge: Intel Corporation 82815 815 Chipset Host
Bridge and Memory Controller Hub (rev 02)
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop-
ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort-
<TAbort- <MAbort+ >SERR- <PERR-
Latency: 0
Region 0: Memory at f8000000 (32-bit, prefetchable) [size=64M]
Capabilities: <available only to root>
0000:00:01.0 PCI bridge: Intel Corporation 82815 815 Chipset AGP Bridge
(rev 02) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop-
ParErr- Stepping- SERR+ FastB2B-
Status: Cap- 66MHz+ UDF- FastB2B- ParErr- DEVSEL=fast >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 64
Bus: primary=00, secondary=01, subordinate=01, sec-latency=64
Memory behind bridge: fc900000-fe9fffff
Prefetchable memory behind bridge: f0600000-f46fffff
BridgeCtl: Parity- SERR- NoISA- VGA+ MAbort- >Reset- FastB2B-
0000:00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev 01)
(prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop-
ParErr- Stepping- SERR+ FastB2B-
Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 0
Bus: primary=00, secondary=02, subordinate=02, sec-latency=64
I/O behind bridge: 0000d000-0000dfff
Memory behind bridge: fea00000-feafffff
Prefetchable memory behind bridge: f4700000-f47fffff
BridgeCtl: Parity- SERR+ NoISA- VGA- MAbort- >Reset- FastB2B-
0000:00:1f.0 ISA bridge: Intel Corporation 82801BA ISA Bridge (LPC) (rev
01)
Control: I/O+ Mem+ BusMaster+ SpecCycle+ MemWINV- VGASnoop-
ParErr- Stepping- SERR+ FastB2B-
Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 0
0000:00:1f.1 IDE interface: Intel Corporation 82801BA IDE U100 (rev 01)
(prog-if 80 [Master])
Subsystem: Intel Corporation: Unknown device 4541
Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop-
ParErr- Stepping- SERR- FastB2B-
Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 0
Region 4: I/O ports at ffa0 [size=16]
0000:00:1f.2 USB Controller: Intel Corporation 82801BA/BAM USB (Hub #1)
(rev 01) (prog-if 00 [UHCI])
Subsystem: Intel Corporation: Unknown device 4541
Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop-
ParErr- Stepping- SERR- FastB2B-
Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 0
Interrupt: pin D routed to IRQ 10
Region 4: I/O ports at ef80 [size=32]
0000:00:1f.3 SMBus: Intel Corporation 82801BA/BAM SMBus (rev 01)
Subsystem: Intel Corporation: Unknown device 4541
Control: I/O+ Mem- BusMaster- SpecCycle- MemWINV- VGASnoop-
ParErr- Stepping- SERR- FastB2B-
Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Interrupt: pin B routed to IRQ 9
Region 4: I/O ports at efa0 [size=16]
0000:01:00.0 VGA compatible controller: nVidia Corporation NV5M64 [RIVA
TNT2 Model 64/Model 64 Pro] (rev 15) (prog-if 00 [VGA])
Subsystem: nVidia Corporation: Unknown device 0001
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop-
ParErr- Stepping- SERR- FastB2B-
Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 64 (1250ns min, 250ns max)
Interrupt: pin A routed to IRQ 11
Region 0: Memory at fd000000 (32-bit, non-prefetchable)
[size=16M]
Region 1: Memory at f2000000 (32-bit, prefetchable) [size=32M]
Expansion ROM at fe9f0000 [disabled] [size=64K]
Capabilities: <available only to root>
0000:02:0a.0 FireWire (IEEE 1394): Texas Instruments PCILynx/PCILynx2
IEEE 1394 Link Layer Controller (rev 02) (prog-if 00 [Generic])
Subsystem: Supermac Technology: Unknown device 6950
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop-
ParErr- Stepping- SERR+ FastB2B-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 64, Cache Line Size: 0x08 (32 bytes)
Interrupt: pin A routed to IRQ 3
Region 0: Memory at feafe000 (32-bit, non-prefetchable)
[size=4K]
Region 1: Memory at feae0000 (32-bit, non-prefetchable)
[size=64K]
Region 2: Memory at feab0000 (32-bit, non-prefetchable)
[size=64K]
Expansion ROM at f4720000 [disabled] [size=64K]
0000:02:0b.0 USB Controller: NEC Corporation USB (rev 43) (prog-if 10
[OHCI])
Subsystem: NEC Corporation USB
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop-
ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 64 (250ns min, 10500ns max), Cache Line Size: 0x08 (32
bytes)
Interrupt: pin A routed to IRQ 11
Region 0: Memory at feafc000 (32-bit, non-prefetchable)
[size=4K]
Capabilities: <available only to root>
0000:02:0b.1 USB Controller: NEC Corporation USB (rev 43) (prog-if 10
[OHCI])
Subsystem: NEC Corporation USB
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop-
ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 64 (250ns min, 10500ns max), Cache Line Size: 0x08 (32
bytes)
Interrupt: pin B routed to IRQ 9
Region 0: Memory at feafd000 (32-bit, non-prefetchable)
[size=4K]
Capabilities: <available only to root>
0000:02:0b.2 USB Controller: NEC Corporation USB 2.0 (rev 04) (prog-if
20 [EHCI])
Subsystem: Unknown device 0ee4:3383
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop-
ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 64 (4000ns min, 8500ns max), Cache Line Size: 0x08 (32
bytes)
Interrupt: pin C routed to IRQ 11
Region 0: Memory at feaff800 (32-bit, non-prefetchable)
[size=256]
Capabilities: <available only to root>
0000:02:0c.0 Multimedia audio controller: Creative Labs SB Live! EMU10k1
(rev 07)
Subsystem: Creative Labs CT4780 SBLive! Value
Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop-
ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 64 (500ns min, 5000ns max)
Interrupt: pin A routed to IRQ 9
Region 0: I/O ports at df80 [size=32]
Capabilities: <available only to root>
0000:02:0c.1 Input device controller: Creative Labs SB Live! MIDI/Game
Port (rev 07)
Subsystem: Creative Labs Gameport Joystick
Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop-
ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 64
Region 0: I/O ports at dff0 [size=8]
Capabilities: <available only to root>
0000:02:0d.0 Ethernet controller: Realtek Semiconductor Co., Ltd.
RTL-8139/8139C/8139C+ (rev 10)
Subsystem: Kingmax Technology Inc: Unknown device 0203
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop-
ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 64 (8000ns min, 16000ns max)
Interrupt: pin A routed to IRQ 11
Region 0: I/O ports at d800 [size=256]
Region 1: Memory at feaffc00 (32-bit, non-prefetchable)
[size=256]
Expansion ROM at f4700000 [disabled] [size=128K]
Capabilities: <available only to root>
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Versions of packages kernel-image-2.6-686 depends on:
ii linux-image-2.6-686 2.6.15-4 Linux kernel 2.6 image on PPro/Cel
kernel-image-2.6-686 recommends no packages.
-- no debconf information
Reply to: