Control: merge 707867 708064 -1 On Sat, 2013-05-18 at 01:37 -0700, Rob Leslie wrote: > Package: src:linux > Version: 3.2.41-2+deb7u2 > Severity: important > > This crash was soon followed by an unscheduled reboot: > > [33983.076838] BUG: unable to handle kernel NULL pointer dereference at > 000000d8 > [33983.080006] IP: [<c10dc57d>] inode_init_always+0x139/0x18a > [33983.080006] *pdpt = 00000000139ee001 *pde = 0000000000000000 > [33983.080006] Oops: 0000 [#1] SMP > [33983.080006] Modules linked in: iptable_filter ip_tables x_tables loop ext4 > crc16 jbd2 autofs4 sha1_generic hmac cts video ac power_supply binfmt_misc > fuse rpcsec_gss_krb5 nfsd nfs nfs_acl auth_rpcgss fscache lockd sunrpc > reiserfs sha256_generic cryptd aes_i586 aes_generic cbc dm_crypt raid1 > i82875p_edac edac_core md_mod snd_intel8x0 snd_ac97_codec snd_pcm_oss > snd_mixer_oss snd_pcm snd_page_alloc snd_seq_midi snd_seq_midi_event > snd_rawmidi snd_seq snd_seq_device snd_timer iTCO_wdt snd iTCO_vendor_support > pcspkr soundcore evdev ac97_bus i2c_i801 rng_core i2c_core parport_pc parport > shpchp button processor ext3 mbcache jbd btrfs crc32c libcrc32c zlib_deflate > dm_mod sg sr_mod cdrom sd_mod crc_t10dif usb_storage ata_generic floppy > sata_sil fan uhci_hcd firewire_ohci ata_piix thermal thermal_sys libata > firewire_core crc_itu_t ehci_hcd scsi_mod e1000 usbcore usb_common [last > unloaded: scsi_wait_scan] > [33983.109134] > [33983.109134] Pid: 17603, comm: sed Not tainted 3.2.0-4-686-pae #1 Debian > 3.2.41-2+deb7u2 /IC7/IC7-G(Intel i875P-ICH5) > [33983.109134] EIP: 0060:[<c10dc57d>] EFLAGS: 00010202 CPU: 1 > [33983.109134] EIP is at inode_init_always+0x139/0x18a > [33983.109134] EAX: 000000d0 EBX: c5ef8be8 ECX: c14f94e8 EDX: c5ef8c58 > [33983.109134] ESI: f442a000 EDI: c5ef8d18 EBP: f2f41db8 ESP: f2f41d80 > [33983.109134] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 > [33983.109134] Process sed (pid: 17603, ti=f2f40000 task=f1c4fb00 > task.ti=f2f40000) > [33983.109134] Stack: > [33983.109134] 00000000 00000001 00000000 c1412c80 f79e5394 c1024949 > c1029105 00002c2d > [33983.109134] 00002c2d f4bbe000 c1024949 c5ef8be8 f442a000 f2f41e00 > f792d234 c10dc5ff > [33983.109134] c102901b 00000000 f4425e00 00000246 000000d0 00000246 > c10c1a79 000000d0 > [33983.109134] Call Trace: > [33983.109134] [<c1024949>] ? arch_flush_lazy_mmu_mode+0x5/0x14 > [33983.109134] [<c1029105>] ? kmap_atomic_prot+0xcc/0xe0 > [33983.109134] [<c1024949>] ? arch_flush_lazy_mmu_mode+0x5/0x14 > [33983.109134] [<c10dc5ff>] ? alloc_inode+0x31/0x5b > [33983.109134] [<c102901b>] ? __kunmap_atomic+0x62/0x6f > [33983.109134] [<c10c1a79>] ? kmem_cache_alloc+0x39/0x89 > [33983.109134] [<c11027bf>] ? proc_alloc_inode+0x58/0x6f > [33983.292009] [<c10dc5ff>] ? alloc_inode+0x31/0x5b > [33983.292009] [<c10dce1c>] ? iget_locked+0x45/0xb4 > [33983.292009] [<c1102c11>] ? proc_get_inode+0xb/0xbb > [33983.292009] [<c1106c83>] ? proc_lookup_de+0x44/0x90 > [33983.292009] [<c1102dc2>] ? proc_root_lookup+0xe/0x26 > [33983.292009] [<c10d38d8>] ? d_alloc_and_lookup+0x2c/0x49 > [33983.292009] [<c10d42b9>] ? walk_component+0x1f2/0x384 > [33983.292009] [<c10d5cb7>] ? do_last+0xf3/0x513 > [33983.292009] [<c10d637e>] ? path_openat+0xa1/0x28b > [33983.292009] [<c10d6611>] ? do_filp_open+0x23/0x5c > [33983.292009] [<c102a119>] ? should_resched+0x5/0x1e > [33983.292009] [<c12c1631>] ? _cond_resched+0x5/0x18 > [33983.292009] [<c10cc068>] ? do_sys_open+0x54/0xcd > [33983.292009] [<c10cc0ff>] ? sys_open+0x1e/0x23 > [33983.292009] [<c12c6e1f>] ? sysenter_do_call+0x12/0x28 > [33983.292009] Code: 00 02 00 c7 83 24 01 00 00 00 00 00 00 c7 83 14 01 00 00 > c0 dc 3e c1 c7 83 08 01 00 00 00 00 00 00 8b 86 d0 00 00 00 85 c0 74 0f <8b> > 40 08 8b 40 20 8b 40 4c 89 83 14 01 00 00 8d 83 c8 00 00 00 > [33983.292009] EIP: [<c10dc57d>] inode_init_always+0x139/0x18a SS:ESP > 0068:f2f41d80 > [33983.292009] CR2: 00000000000000d8 > [33983.395919] ---[ end trace 06671fc6cb61b9cb ]--- > > See also bugs #707867 and #708064 for possibly related instability. [...]
I think these very likely have the same cause - some kind of memory
corruption, probably use-after-free - so I'm merging them.
I notice that you're using reiserfs, which is unmaintained and is likely
to regress as the kernel changes. I suspect this could be the source of
the bug, and I would strongly recommend migrating to another filesystem
(but boot back into Linux 2.6.32 before doing so!).
Ben.
--
Ben Hutchings
The generation of random numbers is too important to be left to chance.
- Robert Coveyou
signature.asc
Description: This is a digitally signed message part
