Re: 2.6.23-rc8-mm2 NULL dereference in __mnt_is_readonly in ftruncate

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andrew Morton <akpm@linux-foundation.org>
To: Zan Lynx <zlynx@acm.org>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>,
	Dave Hansen <haveblue@us.ibm.com>
Subject: Re: 2.6.23-rc8-mm2 NULL dereference in __mnt_is_readonly in ftruncate
Date: Fri, 28 Sep 2007 01:30:24 -0700	[thread overview]
Message-ID: <20070928013024.c7522542.akpm@linux-foundation.org> (raw)
In-Reply-To: <1190930060.7667.5.camel@localhost>

On Thu, 27 Sep 2007 15:54:20 -0600 Zan Lynx <zlynx@acm.org> wrote:

> Kernel 2.6.23-rc8-mm2 on a AMD-64, filesystems mounted are reiserfs,
> reiser4 and tmpfs.
> netconsole dmesg output and .config are included below.

reiser3 has a known problem, but it oopses in a different place and a fix
is in the works.

> Near the end of my boot sequence, there is a kernel error.  I am not
> sure exactly what user-space is doing to make this happen, but I know
> that a simple shell and some filesystem operations do not cause it.
> 
> This error also occurred in 2.6.23-rc8-mm1 but I didn't have time to
> post it and hoped it would just go away.  I never tested 2.6.23-rc7-mm*,
> and the error did not happen in rc6-mm1.
> 
> console [netcon0] enabled
> netconsole: network logging started
> eth0: no IPv6 routers present
> Unable to handle kernel NULL pointer dereference at 0000000000000053 RIP: 
>  [<ffffffff802c96c0>] __mnt_is_readonly+0x0/0x20
> PGD 0 
> Oops: 0000 [1] SMP 
> last sysfs file: /block/sr0/size
> CPU 0 
> Modules linked in: netconsole configfs sg ipv6 evdev usbhid hid usb_storage libusual psmouse serio_raw ssb video output ehci_hcd ohci_hcd usbcore snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm snd_timer snd snd_page_alloc
> Pid: 7291, comm: smbd Not tainted 2.6.23-rc8-mm2 #1
> RIP: 0010:[<ffffffff802c96c0>]  [<ffffffff802c96c0>] __mnt_is_readonly+0x0/0x20
> RSP: 0018:ffff8100068b1b60  EFLAGS: 00010296
> RAX: ffff810007108000 RBX: ffff81000261d8c0 RCX: ffffffff8093aca0
> RDX: 0000000000000004 RSI: ffffffff8092e950 RDI: 0000000000000003
> RBP: 0000000000000003 R08: 0000000000000003 R09: ffffffff8061f7cd
> R10: 00000000b256aacb R11: 0000000000000000 R12: 00000000ffffffe2
> R13: ffff8100068b1bd8 R14: ffff8100068b1ee8 R15: ffff81000655a910
> FS:  00007f6f0930c6f0(0000) GS:ffffffff806ce000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: 0000000000000053 CR3: 0000000007cb2000 CR4: 00000000000006e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Process smbd (pid: 7291, threadinfo ffff8100068b0000, task ffff810007108000)
> last branch before last exception/interrupt
>  from  [<ffffffff802cc37a>] mnt_want_write+0x3a/0x90
>  to  [<ffffffff802c96c0>] __mnt_is_readonly+0x0/0x20
> Stack:  ffffffff802cc37f ffff8100078cd9a0 ffff8100068b1bd8 ffff8100078cd9a0
>  ffffffff802c82bc ffff8100078cd780 0000000000000000 ffff8100078cd9a0
>  ffff8100068b1bd8 ffff8100068b1ee8 0000000000003000 0000000000000000
> Call Trace:
>  [<ffffffff802cc37f>] mnt_want_write+0x3f/0x90
>  [<ffffffff802c82bc>] file_update_time+0x2c/0xe0
>  [<ffffffff803506a8>] truncate_file_body+0x148/0x3f0
>  [<ffffffff802647a3>] __lock_acquire+0x583/0x1180
>  [<ffffffff80537f17>] _spin_unlock+0x17/0x20
>  [<ffffffff80363822>] store_black_box+0x82/0x90
>  [<ffffffff8034a845>] safe_link_add+0x75/0xd0
>  [<ffffffff803521f7>] setattr_unix_file+0x207/0x220
>  [<ffffffff80538274>] _spin_unlock_irq+0x24/0x30
>  [<ffffffff805377f1>] __down_write_nested+0xa1/0xc0
>  [<ffffffff802c8857>] notify_change+0xf7/0x2c0
>  [<ffffffff802b051e>] do_truncate+0x5e/0x80
>  [<ffffffff802b0659>] sys_ftruncate+0x119/0x130
>  [<ffffffff8020c39e>] system_call+0x7e/0x83

But you oopsed in a different place, via resier4.  I don't know if Dave
considers that part of his mandate - he could reasonably ask the reiser4
guys to help fix things up.

next prev parent reply	other threads:[~2007-09-28  8:30 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-09-27 21:54 2.6.23-rc8-mm2 NULL dereference in __mnt_is_readonly in ftruncate Zan Lynx
2007-09-28  8:30 ` Andrew Morton [this message]
2007-09-28 16:21   ` Dave Hansen
2007-09-28 22:39     ` Edward Shishkin
2007-10-04 23:22       ` [patch] reiser4: do not allocate struct file on stack Edward Shishkin
2007-10-05 16:22         ` Zan Lynx

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070928013024.c7522542.akpm@linux-foundation.org \
    --to=akpm@linux-foundation.org \
    --cc=haveblue@us.ibm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=zlynx@acm.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.