Bug#432271: linux-image-2.6.18-4-686: BUG: unable to handle kernel NULL pointer dereference: Oops in appletalk driver
Package: linux-image-2.6.18-4-686
Version: 2.6.18.dfsg.1-12etch2
Severity: normal
The following oops occurred earlier today on a system running Netatalk.
(Another system, a Macintosh running Netatalk on 2.6.8-3-powerpc, had no
problems at the same time.) The system this oops is from is about 2/3
upgraded to Etch; the kernel, udev, et cetera are all from etch. The
current system uptime is 15 days; before that, it ran a custom 2.6.12
kernel for more than a year without problems. This oops has not happened
before.
No mesages from the netatalk daemons were recorded in the system logs
prior to this oops.
Jul 8 11:41:48 vulture kernel: BUG: unable to handle kernel NULL pointer dereference at virtual a
ddress 00000000
Jul 8 11:41:48 vulture kernel: printing eip:
Jul 8 11:41:48 vulture kernel: f8aaac2b
Jul 8 11:41:48 vulture kernel: *pde = 00000000
Jul 8 11:41:48 vulture kernel: Oops: 0000 [#1]
Jul 8 11:41:48 vulture kernel: SMP
Jul 8 11:41:48 vulture kernel: Modules linked in: w83627hf hwmon_vid i2c_isa i2c_dev appletalk nfsd exportfs lockd nfs_acl sunrpc ipv6 xfs md_mod evdev intel_agp agpgart i2c_i801 i82875p_edac edac_mc i2c_core psmouse intel_rng pcspkr rtc serio_raw shpchp pci_hotplug st ext3 jbd mbcache dm_mirror dm_snapshot dm_mod ide_generic ide_cd cdrom piix e100 mii uhci_hcd e1000 generic ehci_hcd sym53c8xx scsi_transport_spi ide_core usbcore sd_mod thermal processor fan 3w_9xxx scsi_mod
Jul 8 11:41:48 vulture kernel: CPU: 0
Jul 8 11:41:48 vulture kernel: EIP: 0060:[pg0+946994219/1070019584] Not tainted VLI
Jul 8 11:41:48 vulture kernel: EFLAGS: 00010286 (2.6.18-4-686 #1)
Jul 8 11:41:48 vulture kernel: EIP is at atalk_sendmsg+0x128/0x4c7 [appletalk]
Jul 8 11:41:48 vulture kernel: eax: 00000000 ebx: 0000001f ecx: 00000000 edx: 01cc3280
Jul 8 11:41:48 vulture kernel: esi: 00000000 edi: f2c85e00 ebp: f33c1f44 esp: f33c1d80
Jul 8 11:41:48 vulture kernel: ds: 007b es: 007b ss: 0068
Jul 8 11:41:48 vulture kernel: Process atalkd (pid: 3013, ti=f33c0000 task=f2c8a000 task.ti=f33c0000)
Jul 8 11:41:48 vulture kernel: Stack: 0000000c f33c1f44 ffffffa6 f33c1f60 f33c1ec4 ea0ccc80 00000000 00000002
Jul 8 11:41:48 vulture kernel: f2d59028 f33c1ec4 f8aa9d3b f33c1f44 f2c85e00 00000000 f33c1f44 f525ab00
Jul 8 11:41:48 vulture kernel: f33c1dec f33c1f44 f525ab00 f33c1df0 f33c1f44 f8aa9a74 0000000b f8aab560
Jul 8 11:41:48 vulture kernel: Call Trace:
Jul 8 11:41:48 vulture kernel: [pg0+946990395/1070019584] atalk_recvmsg+0xca/0xdb [appletalk]
Jul 8 11:41:48 vulture kernel: [pg0+946989684/1070019584] __lock_atalk_dgram_sendmsg+0x1d/0x2b [appletalk]
Jul 8 11:41:48 vulture kernel: [sock_sendmsg+206/232] sock_sendmsg+0xce/0xe8
Jul 8 11:41:48 vulture kernel: [autoremove_wake_function+0/45] autoremove_wake_function+0x0/0x2d
Jul 8 11:41:48 vulture kernel: [setup_sigcontext+263/398] setup_sigcontext+0x107/0x18e
Jul 8 11:41:48 vulture kernel: [__dequeue_signal+337/348] __dequeue_signal+0x151/0x15c
Jul 8 11:41:48 vulture kernel: [sys_sendto+278/320] sys_sendto+0x116/0x140
Jul 8 11:41:48 vulture kernel: [do_notify_resume+1252/1495] do_notify_resume+0x4e4/0x5d7
Jul 8 11:41:48 vulture kernel: [hrtimer_cancel+10/20] hrtimer_cancel+0xa/0x14
Jul 8 11:41:48 vulture kernel: [timer_interrupt+105/115] timer_interrupt+0x69/0x73
Jul 8 11:41:48 vulture kernel: [handle_IRQ_event+35/73] handle_IRQ_event+0x23/0x49
Jul 8 11:41:48 vulture kernel: [sys_socketcall+235/385] sys_socketcall+0xeb/0x181
Jul 8 11:41:48 vulture kernel: [sysenter_past_esp+86/121] sysenter_past_esp+0x56/0x79
Jul 8 11:41:48 vulture kernel: Code: 0f b7 40 0c 8d 5c 08 0c 8b 44 24 10 66 83 78 04 00 75 06 80 78 06 00 75 1c 8b 44 24 10 83 c0 04 e8 79 e6 ff ff 85 ff 89 44 24 18 <8b> 10 89 54 24 14 75 26 eb 42 c6 44 24 3e 00 0f b7 87 56 01 00
Jul 8 11:41:48 vulture kernel: EIP: [pg0+946994219/1070019584] atalk_sendmsg+0x128/0x4c7 [appletalk] SS:ESP 0068:f33c1d80
waoki@vulture:~$ dmesg | ksymoops
ksymoops 2.4.11 on i686 2.6.18-4-686. Options used
-V (default)
-k /proc/ksyms (default)
-l /proc/modules (default)
-o /lib/modules/2.6.18-4-686/ (default)
-m /boot/System.map-2.6.18-4-686 (default)
Warning: You did not tell me where to find symbol information. I will
assume that the log matches the kernel and modules that are running
right now and I'll use the default options above for symbol resolution.
If the current kernel and/or modules do not match the log, you can get
more accurate output by telling me the kernel version and where to find
map, modules, ksyms etc. ksymoops -h explains the options.
Error (regular_file): read_ksyms stat /proc/ksyms failed
ksymoops: No such file or directory
No modules in ksyms, skipping objects
No ksyms, skipping lsmod
1151MB HIGHMEM available.
ACPI: LAPIC_NMI (acpi_id[0x01] dfl dfl lint[0x1])
ACPI: LAPIC_NMI (acpi_id[0x02] dfl dfl lint[0x1])
e100: Intel(R) PRO/100 Network Driver, 3.5.10-k2-NAPI
e100: Copyright(c) 1999-2005 Intel Corporation
e1000: 0000:01:01.0: e1000_probe: (PCI:33MHz:32-bit) 00:04:23:b3:84:14
e1000: eth0: e1000_probe: Intel(R) PRO/1000 Network Connection
ehci_hcd 0000:00:1d.7: debug port 1
e100: eth1: e100_probe: addr 0xfe6fe000, irq 225, MAC addr 00:04:23:B3:84:15
EDAC MC: Ver: 2.0.1 May 9 2007
EDAC i82875p: i82875p init one
EDAC MC0: Giving out device to i82875p_edac i82875p: DEV 0000:00:00.0
SGI XFS with ACLs, security attributes, realtime, large block numbers, no debug enabled
e1000: eth0: e1000_watchdog: NIC Link is Up 1000 Mbps Full Duplex
lo: Disabled Privacy Extensions
BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
f8aaac2b
*pde = 00000000
Oops: 0000 [#1]
CPU: 0
EIP: 0060:[<f8aaac2b>] Not tainted VLI
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010286 (2.6.18-4-686 #1)
eax: 00000000 ebx: 0000001f ecx: 00000000 edx: 01cc3280
esi: 00000000 edi: f2c85e00 ebp: f33c1f44 esp: f33c1d80
ds: 007b es: 007b ss: 0068
Stack: 0000000c f33c1f44 ffffffa6 f33c1f60 f33c1ec4 ea0ccc80 00000000 00000002
f2d59028 f33c1ec4 f8aa9d3b f33c1f44 f2c85e00 00000000 f33c1f44 f525ab00
f33c1dec f33c1f44 f525ab00 f33c1df0 f33c1f44 f8aa9a74 0000000b f8aab560
Call Trace:
[<f8aa9d3b>] atalk_recvmsg+0xca/0xdb [appletalk]
[<f8aa9a74>] __lock_atalk_dgram_sendmsg+0x1d/0x2b [appletalk]
[<c021fed7>] sock_sendmsg+0xce/0xe8
[<c012d92d>] autoremove_wake_function+0x0/0x2d
[<c010205b>] setup_sigcontext+0x107/0x18e
[<c0126258>] __dequeue_signal+0x151/0x15c
[<c0220434>] sys_sendto+0x116/0x140
[<c0102819>] do_notify_resume+0x4e4/0x5d7
[<c012fdd9>] hrtimer_cancel+0xa/0x14
[<c0105f36>] timer_interrupt+0x69/0x73
[<c013fb57>] handle_IRQ_event+0x23/0x49
[<c02217b5>] sys_socketcall+0xeb/0x181
[<c0102c11>] sysenter_past_esp+0x56/0x79
Code: 0f b7 40 0c 8d 5c 08 0c 8b 44 24 10 66 83 78 04 00 75 06 80 78 06 00 75 1c 8b 44 24 10 83 c0 04 e8 79 e6 ff ff 85 ff 89 44 24 18 <8b> 10 89 54 24 14 75 26 eb 42 c6 44 24 3e 00 0f b7 87 56 01 00
>>EIP; f8aaac2b <pg0+3871fc2b/3fc73400> <=====
>>edx; 01cc3280 <phys_startup_32+1bc3280/c0000000>
>>edi; f2c85e00 <pg0+328fae00/3fc73400>
>>ebp; f33c1f44 <pg0+33036f44/3fc73400>
>>esp; f33c1d80 <pg0+33036d80/3fc73400>
Trace; f8aa9d3b <pg0+3871ed3b/3fc73400>
Trace; f8aa9a74 <pg0+3871ea74/3fc73400>
Trace; c021fed7 <sock_sendmsg+ce/e8>
Trace; c012d92d <autoremove_wake_function+0/2d>
Trace; c010205b <setup_sigcontext+107/18e>
Trace; c0126258 <__dequeue_signal+151/15c>
Trace; c0220434 <sys_sendto+116/140>
Trace; c0102819 <do_notify_resume+4e4/5d7>
Trace; c012fdd9 <hrtimer_cancel+a/14>
Trace; c0105f36 <timer_interrupt+69/73>
Trace; c013fb57 <handle_IRQ_event+23/49>
Trace; c02217b5 <sys_socketcall+eb/181>
Trace; c0102c11 <sysenter_past_esp+56/79>
This architecture has variable length instructions, decoding before eip
is unreliable, take these instructions with a pinch of salt.
Code; f8aaac00 <pg0+3871fc00/3fc73400>
00000000 <_EIP>:
Code; f8aaac00 <pg0+3871fc00/3fc73400>
0: 0f b7 40 0c movzwl 0xc(%eax),%eax
Code; f8aaac04 <pg0+3871fc04/3fc73400>
4: 8d 5c 08 0c lea 0xc(%eax,%ecx,1),%ebx
Code; f8aaac08 <pg0+3871fc08/3fc73400>
8: 8b 44 24 10 mov 0x10(%esp),%eax
Code; f8aaac0c <pg0+3871fc0c/3fc73400>
c: 66 83 78 04 00 cmpw $0x0,0x4(%eax)
Code; f8aaac11 <pg0+3871fc11/3fc73400>
11: 75 06 jne 19 <_EIP+0x19>
Code; f8aaac13 <pg0+3871fc13/3fc73400>
13: 80 78 06 00 cmpb $0x0,0x6(%eax)
Code; f8aaac17 <pg0+3871fc17/3fc73400>
17: 75 1c jne 35 <_EIP+0x35>
Code; f8aaac19 <pg0+3871fc19/3fc73400>
19: 8b 44 24 10 mov 0x10(%esp),%eax
Code; f8aaac1d <pg0+3871fc1d/3fc73400>
1d: 83 c0 04 add $0x4,%eax
Code; f8aaac20 <pg0+3871fc20/3fc73400>
20: e8 79 e6 ff ff call ffffe69e <_EIP+0xffffe69e>
Code; f8aaac25 <pg0+3871fc25/3fc73400>
25: 85 ff test %edi,%edi
Code; f8aaac27 <pg0+3871fc27/3fc73400>
27: 89 44 24 18 mov %eax,0x18(%esp)
This decode from eip onwards should be reliable
Code; f8aaac2b <pg0+3871fc2b/3fc73400>
00000000 <_EIP>:
Code; f8aaac2b <pg0+3871fc2b/3fc73400> <=====
0: 8b 10 mov (%eax),%edx <=====
Code; f8aaac2d <pg0+3871fc2d/3fc73400>
2: 89 54 24 14 mov %edx,0x14(%esp)
Code; f8aaac31 <pg0+3871fc31/3fc73400>
6: 75 26 jne 2e <_EIP+0x2e>
Code; f8aaac33 <pg0+3871fc33/3fc73400>
8: eb 42 jmp 4c <_EIP+0x4c>
Code; f8aaac35 <pg0+3871fc35/3fc73400>
a: c6 44 24 3e 00 movb $0x0,0x3e(%esp)
Code; f8aaac3a <pg0+3871fc3a/3fc73400>
f: 0f .byte 0xf
Code; f8aaac3b <pg0+3871fc3b/3fc73400>
10: b7 87 mov $0x87,%bh
Code; f8aaac3d <pg0+3871fc3d/3fc73400>
12: 56 push %esi
Code; f8aaac3e <pg0+3871fc3e/3fc73400>
13: 01 00 add %eax,(%eax)
EIP: [<f8aaac2b>] atalk_sendmsg+0x128/0x4c7 [appletalk] SS:ESP 0068:f33c1d80
Warning (Oops_read): Code line not seen, dumping what data is available
>>EIP; f8aaac2b <pg0+3871fc2b/3fc73400> <=====
2 warnings and 1 error issued. Results may not be reliable.
-- System Information:
Debian Release: 3.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-4-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages linux-image-2.6.18-4-686 depends on:
ii coreutils 5.97-5.3 The GNU core utilities
ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy
ii initramfs-tools [linux-initra 0.85g tools for generating an initramfs
ii module-init-tools 3.3-pre4-2 tools for managing Linux kernel mo
-- debconf information:
linux-image-2.6.18-4-686/preinst/failed-to-move-modules-2.6.18-4-686:
linux-image-2.6.18-4-686/preinst/lilo-initrd-2.6.18-4-686: true
linux-image-2.6.18-4-686/preinst/elilo-initrd-2.6.18-4-686: true
linux-image-2.6.18-4-686/preinst/overwriting-modules-2.6.18-4-686: true
linux-image-2.6.18-4-686/prerm/removing-running-kernel-2.6.18-4-686: true
linux-image-2.6.18-4-686/prerm/would-invalidate-boot-loader-2.6.18-4-686: true
linux-image-2.6.18-4-686/postinst/bootloader-test-error-2.6.18-4-686:
linux-image-2.6.18-4-686/preinst/abort-overwrite-2.6.18-4-686:
linux-image-2.6.18-4-686/postinst/old-system-map-link-2.6.18-4-686: true
linux-image-2.6.18-4-686/postinst/depmod-error-2.6.18-4-686: false
linux-image-2.6.18-4-686/preinst/abort-install-2.6.18-4-686:
linux-image-2.6.18-4-686/postinst/depmod-error-initrd-2.6.18-4-686: false
linux-image-2.6.18-4-686/postinst/old-initrd-link-2.6.18-4-686: true
linux-image-2.6.18-4-686/preinst/bootloader-initrd-2.6.18-4-686: true
linux-image-2.6.18-4-686/preinst/already-running-this-2.6.18-4-686:
linux-image-2.6.18-4-686/postinst/old-dir-initrd-link-2.6.18-4-686: true
linux-image-2.6.18-4-686/postinst/kimage-is-a-directory:
shared/kernel-image/really-run-bootloader: true
linux-image-2.6.18-4-686/preinst/lilo-has-ramdisk:
linux-image-2.6.18-4-686/postinst/bootloader-error-2.6.18-4-686:
linux-image-2.6.18-4-686/preinst/initrd-2.6.18-4-686:
linux-image-2.6.18-4-686/postinst/create-kimage-link-2.6.18-4-686: true
Reply to: