unionfs NULL pointer dereference in 2.6.22-11.32

Bug #138915 reported by Evan on 2007-09-11
72
Affects Status Importance Assigned to Milestone
linux-ubuntu-modules-2.6.22 (Ubuntu)
High
Unassigned
linux-ubuntu-modules-2.6.24 (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: linux-source-2.6.22

Unionfs seems to be broken on the most recent daily live CD images.
This may be a duplicate of bug #138866.

Evan (ev) wrote :
Evan (ev) wrote :
Mario Limonciello (superm1) wrote :

Likewise, i'm also experiencing this.

Mario Limonciello (superm1) wrote :
Brian Murray (brian-murray) wrote :

Mario - looking at your dmesg output the bug seems to be at "... inode.c:1146!" while Evan's is at ". . . fanout.h:128!" and the stack traces are a bit different. Could you please submit a separate bug report about your issue?

Changed in linux-source-2.6.22:
assignee: nobody → ubuntu-kernel-team
importance: Undecided → High
status: New → Triaged
TJ (tj) wrote :

Confirmed here with LiveCD daily build of Gutsy 32-bit 20070912.1 on Sony Vaio PCG-SRX51P.

[ 429.896000] BUG: unable to handle kernel NULL pointer dereference at virtual address 000000a0
[ 429.896000] printing eip:
[ 429.896000] c017ebbe
[ 429.896000] *pde = 00000000
[ 429.896000] Oops: 0000 [#1]
[ 429.896000] SMP
[ 429.896000] Modules linked in: rfcomm l2cap sony_laptop sonypi ipv6 ppdev parport_pc lp parport speedstep_ich speedstep_lib cpufreq_userspace cpufreq_stats cpufreq_powersave cpufreq_ondemand freq_table cpufreq_conservative video sbs container button dock battery ac snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event pcmcia snd_seq af_packet joydev snd_timer snd_seq_device hci_usb bluetooth yenta_socket snd rsrc_nonstatic pcmcia_core pcspkr psmouse serio_raw soundcore snd_page_alloc iTCO_wdt intel_agp agpgart i2c_i810 i2c_algo_bit shpchp iTCO_vendor_support i2c_core pci_hotplug evdev squashfs loop unionfs nls_cp437 isofs sr_mod cdrom ext3 jbd mbcache usb_storage ide_core sbp2 libusual sg sd_mod uhci_hcd usbcore ata_piix ata_generic libata scsi_mod e100 mii ohci1394 ieee1394 thermal processor fan fuse apparmor commoncap
[ 429.896000] CPU: 0
[ 429.896000] EIP: 0060:[__dentry_open+62/448] Not tainted VLI
[ 429.896000] EFLAGS: 00010246 (2.6.22-11-generic #1)
[ 429.896000] EIP is at __dentry_open+0x3e/0x1c0
[ 429.896000] eax: d50eff68 ebx: d166ddc0 ecx: 00000000 edx: 00000000
[ 429.896000] esi: 00000000 edi: d50eff68 ebp: 00000000 esp: c9361e7c
[ 429.896000] ds: 007b es: 007b fs: 00d8 gs: 0033 ss: 0068
[ 429.896000] Process apport-checkrep (pid: 9078, ti=c9360000 task=d7d54530 task.ti=c9360000)
[ 429.896000] Stack: 00000000 d50eff68 00000000 00008000 d50eff68 00000000 c017ed74 d166ddc0
[ 429.896000] 00000000 00000000 d08f56e0 00000001 d89e3e9b c9361f30 ffffffd8 c01891c5
[ 429.896000] d060b7b0 fffffff4 d50ef6e8 00000000 00000001 00008001 00000000 d50eff68
[ 429.896000] Call Trace:
[ 429.896000] [dentry_open+52/128] dentry_open+0x34/0x80
[ 429.896000] [<d89e3e9b>] unionfs_open+0x22b/0x5e0 [unionfs]
[ 429.896000] [may_open+101/624] may_open+0x65/0x270
[ 429.896000] [open_namei+109/1536] open_namei+0x6d/0x600
[ 429.896000] [<d89e3c70>] unionfs_open+0x0/0x5e0 [unionfs]
[ 429.896000] [__dentry_open+184/448] __dentry_open+0xb8/0x1c0
[ 429.896000] [nameidata_to_filp+53/64] nameidata_to_filp+0x35/0x40
[ 429.896000] [do_filp_open+80/96] do_filp_open+0x50/0x60
[ 429.896000] [do_sys_open+78/240] do_sys_open+0x4e/0xf0
[ 429.896000] [sys_open+28/32] sys_open+0x1c/0x20
[ 429.896000] [sysenter_past_esp+107/169] sysenter_past_esp+0x6b/0xa9
[ 429.896000] =======================
[ 429.896000] Code: 89 74 24 0c 89 7c 24 10 89 44 24 04 89 14 24 89 4b 18 83 c1 01 83 e1 03 83 c9 0c 66 89 4b 1c 83 e1 02 8b 70 0c 0f 85 52 01 00 00 <8b> 86 a0 00 00 00 89 83 8c 00 00 00 8b 44 24 04 89 43 0c 8b 04
[ 429.896000] EIP: [__dentry_open+62/448] __dentry_open+0x3e/0x1c0 SS:ESP 0068:c9361e7c

laga (laga) wrote :

How can I help to fix this? It makes the LiveCDs basically useless for me.

TJ (tj) wrote :

I asked Colin Watson about this today:

<IntuitiveNipple> Any ETA on fixing the unionfs BUG - I've not even been able to install Gutsy for testing on the Vaio notebooks as a result... time is pressing :)
<cjwatson> IntuitiveNipple: no ETA, sorry, only my word that it's the highest priority
<cjwatson> a kernel developer is working on it (AFAIK) full-time

FYI, there are some fixes committed to linux-ubuntu-modules for this. They
are supposed to be coming up in the near future:
http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-gutsy-lum.git;a=commit;h=435c10811fc81d371a1ac385d4a9be590f9a1861

On 9/19/07, TJ <email address hidden> wrote:
>
> I asked Colin Watson about this today:
>
> <IntuitiveNipple> Any ETA on fixing the unionfs BUG - I've not even been
> able to install Gutsy for testing on the Vaio notebooks as a result... time
> is pressing :)
> <cjwatson> IntuitiveNipple: no ETA, sorry, only my word that it's the
> highest priority
> <cjwatson> a kernel developer is working on it (AFAIK) full-time
>
> --
> unionfs NULL pointer dereference in 2.6.22-11.32
> https://bugs.launchpad.net/bugs/138915
> You received this bug notification because you are a direct subscriber
> of the bug.
>

--
Mario Limonciello
<email address hidden>

John Dong (jdong) wrote :

Latest 22.1 live build affected by this too, though I got a lot farther in boot. It only happened when trying to start Ubiquity:

attached dmesg.log

Steve Dodd (anarchetic) wrote :

John and Mario's oopses are at the same location as those reported in bug #144945

Maybe we can just mark bug #144945 as a duplicate of this one.

I forgot to mention that this bug prevents the use apt (and all the frontends) in the live-cd session.

Steve Langasek (vorlon) wrote :

can someone confirm the status of this issue? There were some unionfs-related fixes committed for the kernel shortly before gutsy beta, is this fix among them?

Mario Limonciello (superm1) wrote :

Steve,
I'm still encountering it in mythbuntu builds live disks.

SurJector (loic-grenie) wrote :

2007/10/2, Steve Langasek <email address hidden>:
> can someone confirm the status of this issue? There were some unionfs-
> related fixes committed for the kernel shortly before gutsy beta, is
> this fix among them?
>
> ** Changed in: linux-ubuntu-modules-2.6.22 (Ubuntu)
> Target: ubuntu-7.10-beta => ubuntu-7.10-rc
>
> --
> unionfs NULL pointer dereference in 2.6.22-11.32
> https://bugs.launchpad.net/bugs/138915

     Same here. I've attached some random info. Distrib is Kubuntu
  (Ubuntu is a pain because the window manager does not start).

        Loïc

This is becaming more and more critical!
As I mentioned in comment #13, this bug prevents the use apt and all the frontends such as synaptic,gnome-app-install and the language selector in the live session.
I just marked bug 150434 as a duplicate of this one.

Please devs, raise the importance to critical.

Steve Dodd (anarchetic) wrote :

Angelo, Ben Collins has fixed bug #144945:

https://bugs.launchpad.net/ubuntu/+source/linux-ubuntu-modules-2.6.22/+bug/144945/comments/8

Anyone know if the problem originally reported in *this* bug (BUG in fanout.h:128) has been fixed? Mario's comment ..

http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-gutsy-lum.git;a=commit;h=435c10811fc81d371a1ac385d4a9be590f9a1861

.. seems to imply it has.

Mario Limonciello (superm1) wrote :

Angelo,

As Steve said, this shouldn't be occurring anymore after the LUM upload
today. It reverts to unionfs 1.4 from before these issues were introduced
to unionfs

ok...so this was a duplicate of bug #144945!

I just saw the upload of a new version of the l-u-m package.
https://lists.ubuntu.com/archives/gutsy-changes/2007-October/009633.html

I haven't tested the patched live-cd created by Ben Collins but I'm confident it's fixed now.
I will try the rc as soon as it's released!

Thanks a lot, guys...you're great!

SurJector (loic-grenie) wrote :

I've tried gutsy daily build of October 8th, installed 90MB of KDE packages and it did not crash. That is certainly an improvement.

Mario,
I'm just downloading the daily iso: i will try it and let you know if it fixed.

Reverting to 1.4 fixed this.

Changed in linux-ubuntu-modules-2.6.22:
status: Triaged → Fix Released

Hi Bhavani,

It looks like you reopened this report against 2.6.24 although I did not see any sort of comment posted regarding the issue. Just curious if this really is an issue with the latest Hardy development kernel. If so, care to attach your dmesg output which captures the Oops you are seeing? Thanks.

Changed in linux-ubuntu-modules-2.6.24:
status: New → Incomplete
Ashton Batty (ashton) wrote :

I've seen it on shutdown in 2.6.24, but only once. If I see it again,
I'll post the output (or log if there is any).

On Feb 18, 2008 4:31 AM, Leann Ogasawara <email address hidden> wrote:
> Hi Bhavani,
>
> It looks like you reopened this report against 2.6.24 although I did not
> see any sort of comment posted regarding the issue. Just curious if
> this really is an issue with the latest Hardy development kernel. If
> so, care to attach your dmesg output which captures the Oops you are
> seeing? Thanks.
>
> ** Changed in: linux-ubuntu-modules-2.6.24 (Ubuntu)
> Status: New => Incomplete
>
>
> --
> unionfs NULL pointer dereference in 2.6.22-11.32
> https://bugs.launchpad.net/bugs/138915
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>

Per a decision made by the Ubuntu Kernel Team, bugs will longer be assigned to the ubuntu-kernel-team in Launchpad as part of the bug triage process. The ubuntu-kernel-team is being unassigned from this bug report. Refer to https://wiki.ubuntu.com/KernelTeamBugPolicies for more information. Thanks.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers