From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) by kanga.kvack.org (Postfix) with ESMTP id B65976B009E for ; Tue, 25 Feb 2014 14:32:56 -0500 (EST) Received: by mail-qc0-f172.google.com with SMTP id w7so9282224qcr.3 for ; Tue, 25 Feb 2014 11:32:56 -0800 (PST) Received: from aserp1040.oracle.com (aserp1040.oracle.com. [141.146.126.69]) by mx.google.com with ESMTPS id d2si716506qag.32.2014.02.25.11.32.55 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 25 Feb 2014 11:32:56 -0800 (PST) Message-ID: <530CEFE2.9090909@oracle.com> Date: Tue, 25 Feb 2014 14:32:50 -0500 From: Sasha Levin MIME-Version: 1.0 Subject: mm: NULL ptr deref in balance_dirty_pages_ratelimited Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-linux-mm@kvack.org List-ID: To: "linux-mm@kvack.org" Cc: Andrew Morton , LKML Hi all, While fuzzing with trinity inside a KVM tools running latest -next kernel I've stumbled on the following spew: [ 232.869443] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 [ 232.870230] IP: [] balance_dirty_pages_ratelimited+0x1e/0x150 [ 232.870230] PGD 586e1d067 PUD 586e1e067 PMD 0 [ 232.870230] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC [ 232.870230] Dumping ftrace buffer: [ 232.870230] (ftrace buffer empty) [ 232.870230] Modules linked in: [ 232.870230] CPU: 36 PID: 9707 Comm: trinity-c36 Tainted: G W 3.14.0-rc4-next-20140225-sasha-00010-ga117461 #42 [ 232.870230] task: ffff880586dfb000 ti: ffff880586e34000 task.ti: ffff880586e34000 [ 232.870230] RIP: 0010:[] [] balance_dirty_pages_ratelimited+0x1e/0x150 [ 232.870230] RSP: 0000:ffff880586e35c58 EFLAGS: 00010282 [ 232.870230] RAX: 0000000000000000 RBX: ffff880582831361 RCX: 0000000000000007 [ 232.870230] RDX: 0000000000000007 RSI: ffff880586dfbcc0 RDI: ffff880582831361 [ 232.870230] RBP: ffff880586e35c78 R08: 0000000000000000 R09: 0000000000000000 [ 232.870230] R10: 0000000000000001 R11: 0000000000000001 R12: 00007f58007ee000 [ 232.870230] R13: ffff880c8d6d4f70 R14: 0000000000000200 R15: ffff880c8dcce710 [ 232.870230] FS: 00007f58018bb700(0000) GS:ffff880c8e800000(0000) knlGS:0000000000000000 [ 232.870230] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 232.870230] CR2: 0000000000000020 CR3: 0000000586e1c000 CR4: 00000000000006e0 [ 232.870230] Stack: [ 232.870230] ffff880586e35c78 ffff880586e33400 00007f58007ee000 ffff880c8d6d4f70 [ 232.870230] ffff880586e35cd8 ffffffff8127d241 0000000000000001 0000000000000001 [ 232.870230] 0000000000000000 ffffea0032337080 0000000080000000 ffff880586e33400 [ 232.870230] Call Trace: [ 232.870230] [] do_shared_fault+0x1a1/0x1f0 [ 232.870230] [] handle_pte_fault+0xc8/0x230 [ 232.870230] [] ? delay_tsc+0xea/0x110 [ 232.870230] [] __handle_mm_fault+0x36e/0x3a0 [ 232.870230] [] ? rcu_read_unlock+0x5d/0x60 [ 232.870230] [] handle_mm_fault+0x10b/0x1b0 [ 232.870230] [] ? __do_page_fault+0x2e2/0x590 [ 232.870230] [] __do_page_fault+0x551/0x590 [ 232.870230] [] ? vtime_account_user+0x91/0xa0 [ 232.870230] [] ? context_tracking_user_exit+0xa8/0x1c0 [ 232.870230] [] ? _raw_spin_unlock+0x30/0x50 [ 232.870230] [] ? vtime_account_user+0x91/0xa0 [ 232.870230] [] ? context_tracking_user_exit+0xa8/0x1c0 [ 232.870230] [] do_page_fault+0x3d/0x70 [ 232.870230] [] do_async_page_fault+0x35/0x100 [ 232.870230] [] async_page_fault+0x28/0x30 [ 232.870230] Code: 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 48 83 ec 20 48 89 5d e8 4c 89 65 f0 4c 89 6d f8 48 89 fb 48 8b 87 50 01 00 00 40 20 01 0f 85 18 01 00 00 65 48 8b 14 25 40 da 00 00 44 8b [ 232.870230] RIP [] balance_dirty_pages_ratelimited+0x1e/0x150 [ 232.870230] RSP [ 232.870230] CR2: 0000000000000020 Thanks, Sasha -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org