From: Shuah Khan <shuah.khan@hp.com>
To: LKML <linux-kernel@vger.kernel.org>
Cc: shuahkhan@gmail.com
Subject: kernel null pointer dereference at kmem_cache_alloc+0x5b/0x140
Date: Tue, 02 Oct 2012 12:06:06 -0600 [thread overview]
Message-ID: <1349201166.3141.37.camel@lorien2> (raw)
I started seeing the following null pointer dereference on
a linux-next sept 21 git and still seeing it on linux-next
Sep 27th git.
Can be reproduced easily. I have been able to reproduce every
time I do a complete build of a kernel on fresh checkout or
touch a header file that forces full build.
I didn't get a chance to investigate this yet, thought I would
share just in case others have seen it.
[ 32.500078] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
[ 34.561841] tty_init_dev: 48 callbacks suppressed
[ 34.575258] init: plymouth-stop pre-start process (1436) terminated with status 1
[11478.881196] BUG: unable to handle kernel NULL pointer dereference at 0000000000000001
[11478.881245] IP: [<ffffffff811742bb>] kmem_cache_alloc+0x5b/0x140
[11478.881277] PGD 74386067 PUD 5dfab067 PMD 0
[11478.881302] Oops: 0000 [#2] SMP
[11478.881324] Modules linked in: bnep rfcomm bluetooth snd_hda_codec_analog arc4 iwldvm radeon snd_hda_intel snd_hda_codec snd_hwdep mac80211 snd_pcm coretemp snd_seq_midi snd_rawmidi kvm_intel kvm snd_seq_midi_event ttm snd_seq drm_kms_helper iwlwifi drm snd_timer cfg80211 snd_seq_device pata_pcmcia tpm_infineon snd psmouse pcmcia binfmt_misc joydev ppdev hp_wmi soundcore snd_page_alloc mac_hid hp_accel yenta_socket sparse_keymap lis3lv02d input_polldev serio_raw parport_pc tpm_tis video(+) i2c_algo_bit microcode lpc_ich pcmcia_rsrc pcmcia_core wmi lp parport firewire_ohci firewire_core sdhci_pci sdhci crc_itu_t e1000e
[11478.881705] CPU 0
[11478.881717] Pid: 6399, comm: ld Tainted: G D 3.6.0-rc7-next-20120927+ #1 Hewlett-Packard HP EliteBook 6930p/30DC
[11478.881762] RIP: 0010:[<ffffffff811742bb>] [<ffffffff811742bb>] kmem_cache_alloc+0x5b/0x140
[11478.881797] RSP: 0018:ffff88005dec1898 EFLAGS: 00010202
[11478.881819] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000007735
[11478.881844] RDX: 0000000000007734 RSI: 0000000000000050 RDI: 0000000000018270
[11478.881869] RBP: ffff88005dec18e8 R08: ffff88007fa18270 R09: 0000000000001000
[11478.881894] R10: 0000000000000001 R11: 0000000000000246 R12: ffff880030206200
[11478.881918] R13: 0000000000000001 R14: ffffffff8125dab1 R15: 0000000000000050
[11478.883284] FS: 00002af25774fd00(0000) GS:ffff88007fa00000(0000) knlGS:0000000000000000
[11478.884005] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[11478.884005] CR2: 0000000000000001 CR3: 000000005ded1000 CR4: 00000000000407f0
[11478.884005] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[11478.884005] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[11478.884005] Process ld (pid: 6399, threadinfo ffff88005dec0000, task ffff88007bf244a0)
[11478.884005] Stack:
[11478.884005] ffff88005dec18c8 ffffffff811dcb71 ffff88007fcbb6c0 ffff880078d30440
[11478.884005] ffff8800303df800 0000000000000000 ffff880078d30440 0000000000000001
[11478.884005] ffff88007598c150 0000000000000001 ffff88005dec1948 ffffffff8125dab1
[11478.884005] Call Trace:
[11478.884005] [<ffffffff811dcb71>] ? inode_add_rsv_space+0x41/0x60
[11478.884005] [<ffffffff8125dab1>] ext4_es_insert_extent+0x1e1/0x2f0
[11478.900635] [<ffffffff8121c9ad>] ext4_da_get_block_prep+0x11d/0x3b0
[11478.900635] [<ffffffff811b16c3>] ? alloc_buffer_head+0x43/0x50
[11478.900635] [<ffffffff811b183e>] ? alloc_page_buffers+0x7e/0xf0
[11478.900635] [<ffffffff811b3dee>] __block_write_begin+0x1ce/0x520
[11478.900635] [<ffffffff8121c890>] ? do_journal_get_write_access+0xb0/0xb0
[11478.900635] [<ffffffff81127039>] ? grab_cache_page_write_begin+0x69/0xf0
[11478.900635] [<ffffffff81220308>] ext4_da_write_begin+0xc8/0x210
[11478.900635] [<ffffffff81220f80>] ? noalloc_get_block_write+0x30/0x30
[11478.900635] [<ffffffff81126552>] generic_file_buffered_write+0x112/0x290
[11478.900635] [<ffffffff81127cf6>] __generic_file_aio_write+0x1b6/0x3b0
[11478.900635] [<ffffffff81127f6f>] generic_file_aio_write+0x7f/0x100
[11478.900635] [<ffffffff812192b0>] ext4_file_write+0xa0/0x460
[11478.900635] [<ffffffff81180103>] do_sync_write+0xa3/0xe0
[11478.900635] [<ffffffff811809d3>] vfs_write+0xb3/0x180
[11478.900635] [<ffffffff81180d12>] sys_write+0x52/0xa0
[11478.900635] [<ffffffff8168c139>] system_call_fastpath+0x16/0x1b
[11478.900635] Code: 00 4d 8b 04 24 65 4c 03 04 25 08 dc 00 00 49 8b 50 08 4d 8b 28 4d 85 ed 0f 84 d3 00 00 00 49 63 44 24 20 49 8b 3c 24 48 8d 4a 01 <49> 8b 5c 05 00 4c 89 e8 65 48 0f c7 0f 0f 94 c0 84 c0 74 c2 49
[11478.900635] RIP [<ffffffff811742bb>] kmem_cache_alloc+0x5b/0x140
[11478.900635] RSP <ffff88005dec1898>
[11478.900635] CR2: 0000000000000001
[11478.936473] ---[ end trace b104c041ce1ebd2e ]---
[11479.001819] BUG: unable to handle kernel NULL pointer dereference at 0000000000000001
[11479.003374] IP: [<ffffffff811742bb>] kmem_cache_alloc+0x5b/0x140
[11479.004947] PGD 771a4067 PUD 771a5067 PMD 0
[11479.005662] Oops: 0000 [#3] SMP
[11479.005662] Modules linked in: bnep rfcomm bluetooth snd_hda_codec_analog arc4 iwldvm radeon snd_hda_intel snd_hda_codec snd_hwdep mac80211 snd_pcm coretemp snd_seq_midi snd_rawmidi kvm_intel kvm snd_seq_midi_event ttm snd_seq drm_kms_helper iwlwifi drm snd_timer cfg80211 snd_seq_device pata_pcmcia tpm_infineon snd psmouse pcmcia binfmt_misc joydev ppdev hp_wmi soundcore snd_page_alloc mac_hid hp_accel yenta_socket sparse_keymap lis3lv02d input_polldev serio_raw parport_pc tpm_tis video(+) i2c_algo_bit microcode lpc_ich pcmcia_rsrc pcmcia_core wmi lp parport firewire_ohci firewire_core sdhci_pci sdhci crc_itu_t e1000e
[11479.005662] CPU 0
[11479.005662] Pid: 816, comm: rs:main Q:Reg Tainted: G D 3.6.0-rc7-next-20120927+ #1 Hewlett-Packard HP EliteBook 6930p/30DC
[11479.005662] RIP: 0010:[<ffffffff811742bb>] [<ffffffff811742bb>] kmem_cache_alloc+0x5b/0x140
[11479.005662] RSP: 0018:ffff8800737d3898 EFLAGS: 00010202
[11479.005662] RAX: 0000000000000000 RBX: 00000000000000cf RCX: 0000000000007735
[11479.005662] RDX: 0000000000007734 RSI: 0000000000000050 RDI: 0000000000018270
[11479.005662] RBP: ffff8800737d38e8 R08: ffff88007fa18270 R09: 0000000000001000
[11479.005662] R10: ffffffff8124c27f R11: 685f646e73206e6f R12: ffff880030206200
[11479.005662] R13: 0000000000000001 R14: ffffffff8125dab1 R15: 0000000000000050
[11479.005662] FS: 00007fccbb887700(0000) GS:ffff88007fa00000(0000) knlGS:0000000000000000
[11479.005662] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[11479.005662] CR2: 0000000000000001 CR3: 0000000077037000 CR4: 00000000000407f0
[11479.005662] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[11479.005662] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[11479.005662] Process rs:main Q:Reg (pid: 816, threadinfo ffff8800737d2000, task ffff88002fe616e0)
[11479.005662] Stack:
[11479.005662] ffff8800737d38c8 ffffffff811dcb71 ffff8800737d39f8 ffff88002ed2f290
[11479.005662] ffff8800303df800 00000000000000cf ffff88002ed2f290 0000000000000001
[11479.005662] ffff88002ed2f4f8 00000000000000d0 ffff8800737d3948 ffffffff8125dab1
[11479.005662] Call Trace:
[11479.005662] [<ffffffff811dcb71>] ? inode_add_rsv_space+0x41/0x60
[11479.005662] [<ffffffff8125dab1>] ext4_es_insert_extent+0x1e1/0x2f0
[11479.005662] [<ffffffff8121c9ad>] ext4_da_get_block_prep+0x11d/0x3b0
[11479.005662] [<ffffffff811b16c3>] ? alloc_buffer_head+0x43/0x50
[11479.005662] [<ffffffff811b183e>] ? alloc_page_buffers+0x7e/0xf0
[11479.005662] [<ffffffff811b3dee>] __block_write_begin+0x1ce/0x520
[11479.005662] [<ffffffff8121c890>] ? do_journal_get_write_access+0xb0/0xb0
[11479.005662] [<ffffffff8112705f>] ? grab_cache_page_write_begin+0x8f/0xf0
[11479.005662] [<ffffffff81220308>] ext4_da_write_begin+0xc8/0x210
[11479.005662] [<ffffffff81126552>] generic_file_buffered_write+0x112/0x290
[11479.005662] [<ffffffff81127cf6>] __generic_file_aio_write+0x1b6/0x3b0
[11479.005662] [<ffffffff81127f6f>] generic_file_aio_write+0x7f/0x100
[11479.005662] [<ffffffff812192b0>] ext4_file_write+0xa0/0x460
[11479.005662] [<ffffffff816836de>] ? _raw_spin_lock+0xe/0x20
[11479.005662] [<ffffffff810b0a63>] ? futex_wake+0x113/0x130
[11479.005662] [<ffffffff81180103>] do_sync_write+0xa3/0xe0
[11479.005662] [<ffffffff811809d3>] vfs_write+0xb3/0x180
[11479.005662] [<ffffffff81180d12>] sys_write+0x52/0xa0
[11479.005662] [<ffffffff8168c139>] system_call_fastpath+0x16/0x1b
[11479.005662] Code: 00 4d 8b 04 24 65 4c 03 04 25 08 dc 00 00 49 8b 50 08 4d 8b 28 4d 85 ed 0f 84 d3 00 00 00 49 63 44 24 20 49 8b 3c 24 48 8d 4a 01 <49> 8b 5c 05 00 4c 89 e8 65 48 0f c7 0f 0f 94 c0 84 c0 74 c2 49
[11479.005662] RIP [<ffffffff811742bb>] kmem_cache_alloc+0x5b/0x140
[11479.005662] RSP <ffff8800737d3898>
[11479.005662] CR2: 0000000000000001
[11479.082628] ---[ end trace b104c041ce1ebd2f ]---
next reply other threads:[~2012-10-02 18:06 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-02 18:06 Shuah Khan [this message]
2012-10-02 20:32 ` kernel null pointer dereference at kmem_cache_alloc+0x5b/0x140 Hugh Dickins
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1349201166.3141.37.camel@lorien2 \
--to=shuah.khan@hp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=shuahkhan@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.