Re: 2.6.25-rc6: BUG: unable to handle kernel NULL pointer dereference

From: Rafael J. Wysocki
Date: Wed Mar 26 2008 - 17:57:31 EST


On Wednesday, 26 of March 2008, Andrew Morton wrote:
> On Wed, 26 Mar 2008 00:08:48 +0100 (CET) Christian Kujau <lists@xxxxxxxxxxxxxxx> wrote:
>
> > Hi,
> >
> > 2.6.25-rc6 is a strong beast :)
> > Another[0] BUG is printed and the box is still alive:
> >
> > BUG: unable to handle kernel NULL pointer dereference at 00000000
> > IP: [<c0179114>] __d_lookup+0x94/0x150
> > *pde = 00000000
> > Oops: 0000 [#1]
> > Modules linked in: fuse sha256_generic xt_tcpudp ipt_MASQUERADE iptable_nat nf_conntrack_ipv4 nf_nat_ftp nf_nat nf_conntrack_ftp xt_conntrack nf_conntrack iptable_filter ip_tables ipt_ULOG x_tables nfsd lockd nfs_acl auth_rpcgss exportfs tun sunrpc twofish_i586 twofish_common eeprom w83l785ts asb100 hwmon_vid usb_storage zd1211rw firmware_class mac80211 snd_intel8x0 snd_ac97_codec i2c_nforce2 cfg80211 ac97_bus snd_pcm snd_timer snd soundcore snd_page_alloc i2c_core [last unloaded: fuse]
> > Pid: 15705, comm: imap Not tainted (2.6.25-rc6 #5)
> > EIP: 0060:[<c0179114>] EFLAGS: 00010286 CPU: 0
> > EIP is at __d_lookup+0x94/0x150
> > EAX: 00000000 EBX: 0006bc44 ECX: 00000001 EDX: d60634e8
> > ESI: c2020a00 EDI: c56ebf30 EBP: c478ad6c ESP: c56ebd7c
> > DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
> > Process imap (pid: 15705, ti=c56eb000 task=e153c000 task.ti=c56eb000)
> > Stack: 00000002 00000001 c0179080 f4826be0 00000246 c56ebe08 0000000b f66a800b
> > d60634e8 c56ebe08 0000002f c56ebf30 c56ebe08 c016f388 c56ebe14 f7faff80
> > c016ee97 01eb3b48 c56ebe08 0000002f c56ebe14 f66a8017 c0170a70 c56ebf30
> > Call Trace:
> > [<c0179080>] __d_lookup+0x0/0x150
> > [<c016f388>] do_lookup+0x28/0x1a0
> > [<c016ee97>] permission+0xb7/0x120
> > [<c0170a70>] __link_path_walk+0x140/0xcd0
> > [<c043f5e4>] _spin_unlock+0x14/0x20
> > [<c02c3e1a>] _atomic_dec_and_lock+0x2a/0x40
> > [<c0179855>] dput+0x65/0xf0
> > [<c017163a>] link_path_walk+0x3a/0xa0
> > [<c043f5e4>] _spin_unlock+0x14/0x20
> > [<c01662bb>] get_unused_fd_flags+0xab/0xd0
> > [<c017189e>] do_path_lookup+0x6e/0x180
> > [<c0169088>] get_empty_filp+0xa8/0x120
> > [<c01724b1>] __path_lookup_intent_open+0x51/0xa0
> > [<c0172590>] path_lookup_open+0x20/0x30
> > [<c0172686>] open_namei+0x66/0x5f0
> > [<c01665ae>] do_filp_open+0x2e/0x60
> > [<c043f5e4>] _spin_unlock+0x14/0x20
> > [<c01662bb>] get_unused_fd_flags+0xab/0xd0
> > [<c016662c>] do_sys_open+0x4c/0xe0
> > [<c01666fc>] sys_open+0x1c/0x20
> > [<c0102dee>] sysenter_past_esp+0x5f/0xa5
> > =======================
> > Code: 53 c0 e8 20 08 fc ff c1 e3 02 8b 14 33 89 54 24 20 8b 44 24 20 85 c0 75 10 eb 51 8b 12 89 54 24 20 8b 44 24 20 85 c0 74 43 8b 02 <0f> 18 00 90 8d 5a d8 39 6b 34 75 e4 8b 7c 24 0c 39 7b 30 75 db
> > EIP: [<c0179114>] __d_lookup+0x94/0x150 SS:ESP 0068:c56ebd7c
> > ---[ end trace 274145890e21aa9a ]---
> >
> >
> > I've put some more details (.config, dmesg, some sysrq printouts) on:
> > http://nerdbynature.de/bits/2.6.25-rc6/Oops_d_lookup/
> >
> > Please tell me not to worry :)
> > Christian.
> >
> > [0] http://lkml.org/lkml/2008/3/23/245
>
> Markus reported what looks to be the same thing here:
> http://lkml.org/lkml/2008/3/21/202 and it's already in the regresison list.
>
> I guess you've confirmed that this wasn't a mystery
> once-off-on-that-machine.
>
> I can't think what we did to cause this. Were you doing anything unusual
> on that machine? I see the fuse module was loaded - was it being used?
> Were any oddball (ie: non-ext3 ;)) filesystems being used? etc.

Well, we seem to get mm-related traces on x86-32 at random places.

http://www.ussg.iu.edu/hypermail/linux/kernel/0803.3/0782.html for example.

I'm starting to think there's some arch-related mm issue lurking in there.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/