Bug#646866: linux-image-2.6.32-5-686: NULL dereference (BUG) after 'find /sys'

To: bla <bladebian@thera.be>, 646866@bugs.debian.org
Subject: Bug#646866: linux-image-2.6.32-5-686: NULL dereference (BUG) after 'find /sys'
From: Ben Hutchings <ben@decadent.org.uk>
Date: Thu, 27 Oct 2011 23:25:57 +0100
Message-id: <[🔎] 1319754357.6759.6.camel@deadeye>
Reply-to: Ben Hutchings <ben@decadent.org.uk>, 646866@bugs.debian.org
In-reply-to: <[🔎] 20111027211500.4510.70124.reportbug@Opos.thera.be>
References: <[🔎] 20111027211500.4510.70124.reportbug@Opos.thera.be>

On Thu, 2011-10-27 at 23:15 +0200, bla wrote:
> Package: linux-2.6
> Version: 2.6.32-38
> Severity: important
> 
> [126931.063584] BUG: unable to handle kernel NULL pointer dereference at (null)
> [126931.063589] IP: [<c113b852>] strlen+0x8/0x11
> [126931.063596] *pde = 00000000 
> [126931.063598] Oops: 0000 [#1] SMP 
> [126931.063601] last sysfs file: /sys/devices/system/cpu/cpu1/cache/index2/shared_cpu_map
> [126931.063603] Modules linked in: usb_storage veth aufs(C) tun hid_logitech ff_memless rndis_wlan rndis_host cdc_ether usbnet mii ext4 jbd2 ip6table_filter ip6_tables ebtable_nat ebtables sco bridge stp bnep acpi_cpufreq parport_pc ppdev lp parport rfcomm l2cap crc16 cpufreq_stats cpufreq_powersave cpufreq_conservative cpufreq_userspace autofs4 vboxnetadp vboxnetflt vboxdrv binfmt_misc uinput fuse ipt_MASQUERADE iptable_nat nf_nat ipt_LOG xt_pkttype xt_limit xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack ipt_REJECT iptable_filter ip_tables x_tables ext2 loop firewire_sbp2 btusb bluetooth snd_hda_codec_intelhdmi snd_hda_codec_idt arc4 ecb snd_hda_intel iwlagn snd_hda_codec uvcvideo iwlcore snd_hwdep videodev joydev snd_pcm_oss snd_mixer_oss v4l1_compat snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device mac80211 wmi dell_laptop cfg80211 psmouse i915 snd drm_kms_helper serio_raw pcspkr evdev drm soundcore i2c_i801 rfkill i2c_a
>  lgo_bit video output dcdbas i2c_core snd_page_alloc button processor ac battery ext3 jbd mbcache sha256_generic aes_i586 aes_generic cbc dm_crypt dm_mod raid10 raid456 async_raid6_recov async_pq raid6_pq async_xor xor async_memcpy async_tx raid1 raid0 multipath linear md_mod sg usbhid sr_mod hid cdrom sd_mod crc_t10dif uhci_hcd sdhci_pci ahci sdhci firewire_ohci libata ehci_hcd ricoh_mmc mmc_core led_class firewire_core crc_itu_t scsi_mod thermal thermal_sys e1000e usbcore nls_base [last unloaded: scsi_wait_scan]
> [126931.063705] 
> [126931.063708] Pid: 1952, comm: find Tainted: G         C (2.6.32-5-686 #1) Latitude E4300                  
> [126931.063711] EIP: 0060:[<c113b852>] EFLAGS: 00010246 CPU: 0
> [126931.063714] EIP is at strlen+0x8/0x11
> [126931.063716] EAX: 00000000 EBX: 00002620 ECX: ffffffff EDX: 00000008
> [126931.063718] ESI: 00000000 EDI: 00000000 EBP: f6de23f0 ESP: dc373f4c
> [126931.063720]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
> [126931.063723] Process find (pid: 1952, ti=dc372000 task=f679ddc0 task.ti=dc372000)
> [126931.063725] Stack:
> [126931.063726]  f0bb2380 c10f3a2a c10be348 dc373f90 00000000 c1283664 f0bb2380 ed7a3c20
> [126931.063731] <0> ed7a3c98 c10be5db dc373f90 c10be348 fffffff7 f0bb2380 00000000 00008000
> [126931.063736] <0> c10be66b 08126248 08126228 00007f90 ffffffea 00000005 081261d8 b7700ff4
> [126931.063742] Call Trace:
> [126931.063746]  [<c10f3a2a>] ? sysfs_readdir+0xe0/0x13a
> [126931.063751]  [<c10be348>] ? filldir64+0x0/0xc5
> [126931.063754]  [<c10be5db>] ? vfs_readdir+0x62/0x8c
> [126931.063757]  [<c10be348>] ? filldir64+0x0/0xc5
> [126931.063760]  [<c10be66b>] ? sys_getdents64+0x66/0xa5
> [126931.063764]  [<c10030fb>] ? sysenter_do_call+0x12/0x28
> [126931.063765] Code: eb 04 19 c0 0c 01 5e 5f c3 56 89 c6 89 d0 88 c4 ac 38 e0 74 09 84 c0 75 f7 be 01 00 00 00 89 f0 48 5e c3 57 83 c9 ff 89 c7 31 c0 <f2> ae f7 d1 49 89 c8 5f c3 57 31 ff 85 c9 74 0e 89 c7 89 d0 f2 
> [126931.063793] EIP: [<c113b852>] strlen+0x8/0x11 SS:ESP 0068:dc373f4c
> [126931.063797] CR2: 0000000000000000
> [126931.063800] ---[ end trace 3cc3dd6f2ee885e8 ]---
>  
> 
> Happened after executing: find /sys -iname "*coale*"
> Previously I've incremented network MTU to 9000 bytes and sent some jumbo frames with D-ITG.
> 
> System became unstable afterwards, reportbug hanged on 'lspci', which was impossible to kill afterwards.
> Find was also invincible. Had to do manual sync + kill -9 -1, as reboot didn't do anything.
> X running in the background were dead too.
> 
> Included automatically kernel log was captured after restart.
[...]

Please test whether this happens without the VirtualBox modules loaded.

Ben.

-- 
Ben Hutchings
All the simple programs have been written, and all the good names taken.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- Bug#646866: linux-image-2.6.32-5-686: NULL dereference (BUG) after 'find /sys'
  - From: bla <bladebian@thera.be>

Prev by Date: Bug#646866: linux-image-2.6.32-5-686: NULL dereference (BUG) after 'find /sys'
Next by Date: Processed: tagging 646866
Previous by thread: Bug#646866: linux-image-2.6.32-5-686: NULL dereference (BUG) after 'find /sys'
Next by thread: Processed: tagging 646866
Index(es):
- Date
- Thread