Openoffice hang-up on crownbeach
Test with 2.6.24-9-menlow-default kernel.
Reproduce steps:
I install openoffice by "apt-get install openoffice.org" and then execute "openoffice".
The UI shows OpenOffice loading screen and then freeze and no progress.
I immediately found below meesages after execute openoffice. ( It can be 100% reproduce )
It looks like a bug in unionfs.
BUG: unable to handle kernel NULL pointer dereference at virtual address 0000009c
printing eip: c01ede8a *pde = 15d8f067 *pte = 00000000
Oops: 0000 [#1] SMP
Modules linked in: rfcomm l2cap g_file_storage af_packet psb drm agpgart i2c_algo_bit ipv6 bt8xxx uvcvideo hci_usb compat_ioctl32 videodev v4l1_compat bluetooth snd_hda_intel v4l2_common snd_pcm_oss snd_mixer_oss serio_raw snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi i2c_sch snd_seq_midi_event i2c_core snd_seq snd_timer snd_seq_device snd soundcore snd_page_alloc 8688_a2 firmware_class joydev
Pid: 3835, comm: gij-4.2 Not tainted (2.6.24-9-menlow-default #1)
EIP: 0060:[<c01ede8a>] EFLAGS: 00010206 CPU: 0
EIP is at unionfs_setattr+0x1f1/0x300
EAX: de7d2000 EBX: 00000000 ECX: 00000000 EDX: 00000000
ESI: 00001000 EDI: 00000000 EBP: c583e958 ESP: d5fcfec4
DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process gij-4.2 (pid: 3835, ti=d5fce000 task=df1022f0 task.ti=d5fce000)
Stack: c102f320 00000000 00000000 c0163f35 00000000 b5f21750 d5fcff3c cf3eb3a8
cf3ebcf0 00000000 d5fcff3c 00000000 d5fcff3c 00000000 00002068 c583e958
c0186c9b 00000200 000000c9 cf3eb3a8 00000008 de588180 c0165be0 de158b5c
Call Trace:
[<c0163f35>] __do_fault+0x2f2/0x333
[<c0186c9b>] notify_change+0x146/0x2cb
[<c0165be0>] handle_mm_fault+0x2c8/0x608
[<c0174c6c>] do_truncate+0x5e/0x75
[<c0174db6>] do_sys_ftruncate+0x133/0x14f
[<c0174663>] do_sys_open+0xc0/0xca
[<c0174e08>] sys_ftruncate+0x19/0x1b
[<c0104e66>] sysenter_past_esp+0x5f/0x89
=======================
Code: c2 75 e1 8b 44 24 18 8b 78 14 8b 70 10 39 df 7c 32 7f 0e 39 ce 72 2c 39 df 7c 3d 7f 04 39 ce 76 37 8b 54 24 24 8b 85 9c 00 00 00 <8b> 8a 9c 00 00 00 8b 50 18 8b 40 14 3b 51 18 77 1c 72 05 3b 41
EIP: [<c01ede8a>] unionfs_setattr+0x1f1/0x300 SS:ESP 0068:d5fcfec4
---[ end trace 6aafb8b2e32dac02 ]---
Code committed to Moblin kernel but currently I have no way to release it.
diff --git a/fs/unionfs/
new file mode 100644
-index 0000000..6dee4ac
+index 0000000..ea10d77
--- /dev/null
+++ b/fs/unionfs/
-@@ -0,0 +1,1097 @@
+@@ -0,0 +1,1101 @@
+/*
+ * Copyright (c) 2003-2007 Erez Zadok
+ * Copyright (c) 2003-2006 Charles P. Wright
@@ -5727,6 +5727,10 @@ index 0000000..6dee4ac
+
+ lower_inode = unionfs_
+
++ if (!lower_inode || !lower_dentry) {
++ err = -ENOENT;
++ goto out;
++ }
+ /*
+ * If shrinking, first truncate upper level to cancel writing dirty
+ * pages beyond the new eof; and also if its' maxbytes is more