[Unionfs] NULL pointer dereference if copyup_dentry() failed?

Sun Sep 21 03:16:20 EDT 2008

Hello.

I tried 2.6.27-rc6 + unionfs 2.5 , but this problem is remaining.

Regards.

----- CentOS 5.2 ( gcc version 4.1.2 ) -----
TOMOYO-ERROR: sys_chmod() denied for /bin/touch
BUG: unable to handle kernel NULL pointer dereference at 00000072
IP: [<c048d5ac>] notify_change+0x1c/0x1d8
*pde = 00000000 
Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
Modules linked in: ipv6 sbs sbshc battery backlight lp floppy ide_cd_mod cdrom serio_raw ac parport_pc parport rtc_cmos rtc_core button rtc_lib pcnet32 mii pcspkr unionfs mptspi scsi_transport_spi mptscsih mptbase sd_mod scsi_mod ext3 jbd [last unloaded: microcode]

Pid: 2291, comm: touch Not tainted (2.6.27-rc6-unionfs #2)
EIP: 0060:[<c048d5ac>] EFLAGS: 00010246 CPU: 0
EIP is at notify_change+0x1c/0x1d8
EAX: 00000000 EBX: 00000070 ECX: 00000000 EDX: dec00f14
ESI: dec00f14 EDI: d4b20df4 EBP: dec00ea4 ESP: dec00e7c
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process touch (pid: 2291, ti=dec00000 task=db6a20e0 task.ti=dec00000)
Stack: d4bbee20 d4b20ec0 00000000 22222222 22222222 22222222 22222222 d4b20e88 
       dec00f14 d4b20df4 dec00ed8 e08b5af6 dec00f14 d4bbe2a0 d4bbee20 d4bc02a0 
       d4bcadf4 00000000 d4bcadb0 00000000 00000000 dec00f14 00000000 dec00f08 
Call Trace:
 [<e08b5af6>] ? unionfs_setattr+0x29c/0x3b4 [unionfs]
 [<c048d742>] ? notify_change+0x1b2/0x1d8
 [<c0497a10>] ? utimes_common+0x100/0x13a
 [<c0497aef>] ? do_utimes+0xa5/0xbf
 [<c0497b73>] ? sys_futimesat+0x6a/0x78
 [<c0453968>] ? audit_syscall_entry+0x101/0x12b
 [<c05ee02a>] ? do_page_fault+0x0/0x58d
 [<c0497b91>] ? sys_utimes+0x10/0x12
 [<c04038b1>] ? sysenter_do_call+0x12/0x31
 =======================
Code: e8 11 7f 00 00 31 c0 83 c4 14 5b 5e 5f 5d c3 55 89 e5 57 56 89 d6 53 83 ec 1c 8b 1e 89 45 d8 8b 40 28 f7 c3 07 00 01 00 89 45 e0 <66> 8b 50 72 66 89 55 e4 74 10 83 cf ff f6 80 f0 01 00 00 0c 0f 
EIP: [<c048d5ac>] notify_change+0x1c/0x1d8 SS:ESP 0068:dec00e7c
---[ end trace 403e02e983cf15ec ]---