From: Shuah Khan <shuah.khan@hp.com>
To: LKML <linux-kernel@vger.kernel.org>
Subject: kernel NULL pointer dereference at rb_erase+0x1a3/0x370
Date: Tue, 02 Oct 2012 11:58:29 -0600 [thread overview]
Message-ID: <1349200709.3141.30.camel@lorien2> (raw)
I started seeing the following null pointer dereference on
a linux-next sept 21 git and still seeing it on linux-next
Sep 27th git.
Can be reproduced easily. I have been able to reproduce every
time I do a complete build of a kernel on fresh checkout or
touch a header file that forces full build.
Related to lib/rbtree.c commits that went into September 21 perhaps.
I didn't get a chance to investigate this yet, thought I would share
just in case others have seen it.
[ 346.676805] audit_printk_skb: 24 callbacks suppressed
[ 346.676814] type=1400 audit(1349010919.383:28): apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/cupsd" pid=905 comm="cupsd" pid=905 comm="cupsd" capability=36 capname="block_suspend"
[ 2219.660124] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 2219.660182] IP: [<ffffffff81323c93>] rb_erase+0x1a3/0x370
[ 2219.660209] PGD 73f2f067 PUD 67246067 PMD 0
[ 2219.660235] Oops: 0000 [#1] SMP
[ 2219.660257] Modules linked in: bnep arc4 iwldvm rfcomm bluetooth mac80211 coretemp radeon kvm_intel kvm snd_hda_codec_analog snd_hda_intel snd_hda_codec iwlwifi snd_hwdep snd_pcm snd_seq_midi snd_rawmidi ttm drm_kms_helper snd_seq_midi_event snd_seq drm pata_pcmcia cfg80211 psmouse snd_timer binfmt_misc pcmcia tpm_infineon hp_wmi snd_seq_device snd sparse_keymap joydev ppdev yenta_socket microcode hp_accel lis3lv02d soundcore wmi i2c_algo_bit parport_pc serio_raw pcmcia_rsrc pcmcia_core tpm_tis input_polldev snd_page_alloc lpc_ich mac_hid video lp parport firewire_ohci firewire_core crc_itu_t sdhci_pci sdhci e1000e
[ 2219.660632] CPU 0
[ 2219.660644] Pid: 1660, comm: recordmcount Not tainted 3.6.0-rc6-next-20120921+ #4 Hewlett-Packard HP EliteBook 6930p/30DC
[ 2219.660684] RIP: 0010:[<ffffffff81323c93>] [<ffffffff81323c93>] rb_erase+0x1a3/0x370
[ 2219.660714] RSP: 0018:ffff880073f318e8 EFLAGS: 00010246
[ 2219.662042] RAX: ffff88007911ea80 RBX: 000000000000003b RCX: 0000000000000000
[ 2219.663345] RDX: 0000000000000000 RSI: ffff88007a4e1c08 RDI: 0000000000000001
[ 2219.664007] RBP: ffff880073f318e8 R08: ffff88007911ea40 R09: 0000000000000000
[ 2219.664007] R10: ffff88007911ea00 R11: 0000000000000018 R12: ffff88007a4e19a0
[ 2219.664007] R13: 0000000000000001 R14: 0000000000000001 R15: 000000000000003c
[ 2219.664007] FS: 00002b380a82bb40(0000) GS:ffff88007fa00000(0000) knlGS:0000000000000000
[ 2219.664007] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2219.664007] CR2: 0000000000000000 CR3: 0000000079428000 CR4: 00000000000407f0
[ 2219.664007] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2219.664007] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 2219.664007] Process recordmcount (pid: 1660, threadinfo ffff880073f30000, task ffff88002fe9ada0)
[ 2219.664007] Stack:
[ 2219.664007] ffff880073f31948 ffffffff8125af6e ffff88007911eaa0 ffff88007911ea80
[ 2219.664007] ffff88002fe7c400 ffff88002fe7c400 0000000000000002 ffff88007a4e19a0
[ 2219.664007] ffff88007aa4e6e8 ffff88002fe7c400 0000000000000001 000000000000003b
[ 2219.664007] Call Trace:
[ 2219.664007] [<ffffffff8125af6e>] ext4_es_insert_extent+0x28e/0x2f0
[ 2219.664007] [<ffffffff81219e1d>] ext4_da_get_block_prep+0x11d/0x3b0
[ 2219.664007] [<ffffffff811afa63>] ? alloc_buffer_head+0x43/0x50
[ 2219.664007] [<ffffffff811afbde>] ? alloc_page_buffers+0x7e/0xf0
[ 2219.664007] [<ffffffff811b218e>] __block_write_begin+0x1ce/0x520
[ 2219.664007] [<ffffffff81219d00>] ? do_journal_get_write_access+0xb0/0xb0
[ 2219.664007] [<ffffffff81126b8f>] ? grab_cache_page_write_begin+0x8f/0xf0
[ 2219.664007] [<ffffffff8121d778>] ext4_da_write_begin+0xc8/0x210
[ 2219.664007] [<ffffffff81126082>] generic_file_buffered_write+0x112/0x290
[ 2219.664007] [<ffffffff81127826>] __generic_file_aio_write+0x1b6/0x3b0
[ 2219.664007] [<ffffffff81127a9f>] generic_file_aio_write+0x7f/0x100
[ 2219.664007] [<ffffffff81216640>] ext4_file_write+0xa0/0x460
[ 2219.664007] [<ffffffff8104a787>] ? pte_alloc_one+0x37/0x50
[ 2219.664007] [<ffffffff8167f3be>] ? _raw_spin_lock+0xe/0x20
[ 2219.664007] [<ffffffff8114c269>] ? __pte_alloc+0xa9/0x160
[ 2219.664007] [<ffffffff8117eed3>] do_sync_write+0xa3/0xe0
[ 2219.664007] [<ffffffff8117f563>] vfs_write+0xb3/0x180
[ 2219.664007] [<ffffffff8117f88a>] sys_write+0x4a/0x90
[ 2219.664007] [<ffffffff8168375e>] ? do_page_fault+0xe/0x10
[ 2219.664007] [<ffffffff81687da9>] system_call_fastpath+0x16/0x1b
[ 2219.664007] Code: 10 f6 c2 01 0f 84 4e 01 00 00 48 83 e2 fc 0f 84 10 ff ff ff 48 89 c1 48 89 d0 48 8b 50 08 48 39 ca 0f 85 71 ff ff ff 48 8b 50 10 <f6> 02 01 75 3a 48 8b 7a 08 48 89 c1 48 83 c9 01 48 89 78 10 48
[ 2219.664007] RIP [<ffffffff81323c93>] rb_erase+0x1a3/0x370
[ 2219.664007] RSP <ffff880073f318e8>
[ 2219.664007] CR2: 0000000000000000
[ 2219.724809] ---[ end trace dc0112a541a4c9dc ]---
next reply other threads:[~2012-10-02 17:58 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-02 17:58 Shuah Khan [this message]
2012-10-02 20:27 ` kernel NULL pointer dereference at rb_erase+0x1a3/0x370 Hugh Dickins
2012-10-02 21:10 ` Theodore Ts'o
2012-10-02 21:20 ` Shuah Khan
2012-10-02 21:33 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1349200709.3141.30.camel@lorien2 \
--to=shuah.khan@hp.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox